Leaked memo alleges lavish travel spending at auDA

A report into .au registry auDA’s historical travel expenses has leaked to the Australian media, the latest apparent salvo in the organization’s increasingly personal civil war.
The Sydney Morning Herald this evening reports on “allegations of lavish spending and misuse of expense accounts by some former directors and employees”.
The primary individual targeted (for want of a better word) by the story is Paul Szyndler, former head of public affairs at auDA and one of the three people behind the Grumpier.com.au campaign to ouster auDA’s current CEO and chair.
It seems the Herald has managed to scoop a leaked copy of an audit compiled by PPB Advisory, which has been looking into spending practices at auDA under its previous management.
The existence of this report has been known for some time, but little about its contents had made it into the public domain beyond a slide deck (pdf) alluding to slack controls on travel expenditure.
The newspaper reports that PPB claims Szyndler racked up several thousand dollars of expenses on a family trip to Disneyland to coincide with ICANN 51 in Los Angeles in 2014.
Shortly before the Herald published (overnight in Australia), Szyndler took to an Aussie domainer forum to admit the truth of the allegation, but explain that it was fully compliant with auDA’s expenses policy at the time.
“auDA had a very clear and well understood policy at the time, whereby staff — after receiving best-available business class airfare and accommodation quotes, could spend up to, but NOT MORE THAN that figure on personal arrangements,” Szyndler wrote.
“My family joined me on a number of international trips. None cost any more than it would have cost to send me alone,” he said.
In other words, if he’d left his family at home and skipped Disneyland, he would have spent the exact same amount on a business-class flight for himself.
The Herald also says that PPB identified thousands of dollars being spent on family member travel to exotic locations, credit card cash withdrawals, expensive restaurants and even a “butler service”.
It does not say which specific staffers or directors are alleged to have spent auDA money on those things.
Indeed, Szyndler is the only person connected to specific spending in the Herald’s report.
There’s no mention of any allegations against former CEO and current ICANN vice-chair Chris Disspain — under whose watch these expenses will have been incurred — though the piece does include his blanket denial of wrongdoing.
auDA’s new chair Chris Leptos — who also sits on the PPB board — revealed last week that “several” former directors have been referred to state police over “a number of practices” upon which he did not elaborate.
Szyndler and his other Grumpier auDA members have managed to rack up enough signatures on their petition to force auDA into a special members meeting, date to be determined, that will vote on whether to get rid of Leptos, CEO Cameron Boardman and two other independent directors.
The Australian government has also been probing the organization’s antics since October, and the Herald reports that its findings could be published as soon as tomorrow (today in Australia).
Could auDA be about to get Nominetted?

auDA refers former directors to police

Imploding Australian ccTLD registry auDA has ratted out “several” of its former directors to the local cops, it was revealed this week.
In a message to its community to mark Chris Leptos’ 150th day as chair of the organization, he wrote:

I am disappointed to advise you that in my first week as Independent Chair I was briefed on a number of practices of several former auDA directors. Your Board concluded that those practices warranted referral to the Victoria Police. As you would appreciate, it is not appropriate at this stage to provide further details regarding this matter.

I’m told there are 48 former auDA directors, and auDA has not said which of them have been referred to the police.
Josh Rowe, a former director who’s orchestrating a campaign to oust Leptos, auDA CEO Cameron Boardman, and two other directors, called the move a “heinous act of bullying against all 48 ex auDA directors”.
Another former director, the Aussie domain industry blogger David Goldstein, has suggested that the timing of the revelation was designed to “silence” critics including Rowe.
The Grumpier.com.au petition organized by Rowe and others has forced auDA to hold a members meeting at which the four directors’ future employment will be voted on.
auDA lawyers contacted Grumpier earlier this week to warn that any defamatory or confidential information posted on the site could lead to litigation.
But Leptos has now seemingly confirmed that the special members meeting will in fact go ahead.
Goldstein also suggested that the police referrals are related to insinuations contained within a pair of Freedom of Information Act requests filed late last year by domain consultant Ron Andruff.
In one of Andruff’s FOIA requests, he suggests that auDA may have paid legal fees of up to AUD 120,000 incurred by Rowe when he was sued almost a decade ago by a alleged domain slammer he had regularly criticized.
Rowe has called these inferences “grossly inaccurate” and “defamatory”.
In the other, which we have reported on previously, Andruff has asked for records of expenses incurred by former auDA CEO Chris Disspain, current vice-chair of ICANN.
Both FOIA requests have been denied by the Aussie government and subsequently appealed by Andruff.
Andruff is known to have beef with Disspain after he was passed over for a prominent ICANN volunteer role.
I should note for the record that, for all of the allegations swirling around, I have not seen any evidence directly connecting any individual to any wrongdoing.

Grumpier Aussies call for more blood on the auDA boardroom floor

A group of pissed-off members of the Australian domain name industry are calling for the heads of auDA’s CEO, its new chair, and two other members of its board.
A triumvirate of long-time participants in the auDA community say they have secured enough signatures on a petition to force the organization to call the meeting under Aussie law.
They want a vote of no confidence in the CEO, Cameron Boardman, and the firing of all three “independent” directors: Chris Leptos (also chair), Sandra Hook and Suzanne Ewart.
Their list of beefs is long, but high on it is auDA’s plan to open up .au to direct, second-level registrations for the first time, enabling folk to register example.au instead of example.com.au.
If this all sounds worryingly familiar, it’s because it’s the second year in a row members have called a special meeting in order to oust its top brass.
A campaign orchestrated at Grumpy.com.au last year resulted in chair Stuart Benjamin quitting ahead of a member vote to fire him.
This year’s campaign is being coordinated, with a nod and a wink but none of Grumpy’s original leaders, at Grumpier.com.au.
Entrepreneur Josh Rowe appears to have held the pen on the petition, backed up by former head of auDA public affairs Paul Szyndler and businessman Jim Stewart.
As well as the direct registration issue, which the three men think is merely a cash-grab with no benefits for registrants, the petitioners have some harsh things to say about auDA’s governance and transparency.
The organization has promised to be more open in the wake of last year’s carnage, but Grumpier thinks “things have only got worse”.
The petition also alludes to rumors of “whispering campaigns” against former staff and “possible financial irregularities”.
Rowe recently complained on his blog about a freedom of information request related to his own conduct, filed by the same person pursing form auDA CEO (and current ICANN vice chair) Chris Disspain with FOIA requests.
They also unhappy that auDA is switching .au’s registry service provider from Neustar to Afilias, gaining a rumored 60% discount of which only 10% will be passed on to registrars.
It’s all getting rather nasty, and I’ve not even mentioned some of the rumors of shenanigans that I seem to find in my inbox on an almost daily basis.
To force a special member meeting under Australian law, Grumpier says it had to secure signatures of 5% of the members, which it says it has done.
That’s not much of a threshold, given that auDA only has about 320 members at the moment.
Assuming auDA agrees that it has to hold a meeting, it has a couple of months to do so.

auDA role “could have killed me” says resigning domainer

Domainer and activist blogger Ned O’Meara has resigned from the auDA board of directors, about four months after being elected.
He said in an apologetic blog post that the “negative stress” caused by being on the .au registry’s board had sent his blood pressure up, making him worry about having a third heart attack.
“[I]f I continued slugging it out at auDA, I believe it could have killed me,” he wrote.
He went on to say that he expected to be sidelined on key votes such as auDA’s decision to sell domains directly at the second level, due to perceived “conflicts of interest”, which he disputed.
O’Meara was elected in November as a “demand-class” member of the board, after using his blog to spearhead a campaign for greater transparency at the organization.
It sounds to me like he’s made the correct decision in stepping aside. No matter how important you believe a domain policy to be, it’s not worth your health. I wish him well.
auDA said it is now looking for two demand-class directors, to fill O’Meara’s vacant seat and another seat that is opening up due to the end of another director’s term.

auDA probably won’t pass on full Afilias savings to registrants

Switching .au’s back-end to Afilias will cut auDA’s per-domain costs by more than half, but registrants are not likely to benefit from the full impact of the savings.
auDA’s Bruce Tonkin, who led the committee that selected Afilias to replace incumbent Neustar, told DI this week that the organization is likely to take a bigger cut of .au registration fees in future, in order to invest in marketing.
That would include marketing the ability of Aussies to register .au domains at the second level for the first time — a controversial, yet-to-roll-out proposal.
Tonkin confirmed that the back-end fee auDA will be paying Afilias is less than half of what it is currently paying Neustar — the unconfirmed rumor is that it’s 40% of the current rate — but said that Afilias was not the cheapest of the nine bidders.
While .au names are sold for a minimum of two years, the current wholesale price charged to registrars works out to AUD 8.75 ($6.85) per year, of which Neustar gets AUD 6.33; auDA receives the other AUD 2.42.
A back-end fee of roughly $5 (US) per domain per year is well above market rates, so it’s pretty clear why auDA chose to open the contract to competition.
Tonkin explained the process by which Afilias was selected:

We first considered scoring without price, and Afilias received the highest score for non-financial criteria.
We then considered pricing information to form an assessment of value for money. The average pricing across the 9 [Request For Tender] responses was less than half of the present registry back-end fee ($6.33). Afilias was close to the average pricing, and while it was not the cheapest price — it was considered best value for money when taking into account the highest score in non-financial criteria.

I asked Afilias for comment on rumors that its price was 60% down on the current rate and received this statement:

Afilias believes auDA chose us based on the best overall value for the Australian internet community. The evaluation heavily weighted expertise, quality and breadth of service over price. While we don’t know what others bid, Afilias works to be competitive in today’s market. Attempts to price significantly higher than market without a value proposition are unrealistic and could even be considered price gouging.

It’s not known what price Neustar bid for the continuation of the contract, but I expect it will have also offered a deep discount to its current rate.
By switching, auDA is basically going to be saving itself over AUD 3 per domain per year, which works out to a total of AUD 9 million ($7 million) per year at least.
But the organization has yet to decide how much of that money, if any, to pass on to its registrars and ultimately registrants.
The auDA board of directors will meet in March to discuss this, Tonkin (who is in charge of the registry transition project but not on the board) said.
“We don’t want to set expectations that the wholesale price is going to change massively,” he said.
“I don’t expect it’s going to be any higher than the current wholesale price,” he said.
But he said he expects auDA to increase its slice of the pie in order to raise more money for marketing. The organization does “basically no marketing” now, he said.
“There’s certainly strong interest in doing more to market and grow the namespace,” he said. “One option is that more money is put into marketing the namespace and growing awareness of .au… That AUD 2.42, I expect that to change.”
This would include marketing direct second-level registrations, an incoming change to how .au names are sold that has domain investors worried about confusion and market dilution.
Outrage over the 2LD proposal — it appears to be a done deal, even if the details and timeline have yet to be finalized — has started attracting the attention of business media in Australia recently.
But auDA’s own research shows that opposition is not that substantial outside of these “special interests”.
A survey last year showed that 40% of .com.au registrants “support” or “strongly support” the direct registration proposal, with 18% “opposed” or “strongly opposed” Another 42% were completely unaware of the changes.
Support among .org.au registrants was lower, and it was higher among .net.au registrants.
But 36% of “special interests” — which appears to mean people who discovered the survey due to their close involvement in the domain industry — were opposed to the plan.
There’s no current timeline for the introduction of direct registrations, but the back-end handover from Neustar to Afilias is set to happen July 1 this year.
Neustar acquired AusRegistry, which has been running .au since 2002, for $87 million a couple of years ago.

Hundreds of words and acronyms banned from .au, domains frozen

auDA has added hundreds of words, phrases and acronyms to its list of strings that are banned in .au and locked domains containing those strings.
There were only about 40 strings on the old banned list; now it’s closer to 300.
auDA has added to the list the names of brands protected by direct legislation, such as “Australian Motorcycle Grand Prix” and “Australian Defence Force Reserves”.
Also, phrases such as “What a Great Place for the Great Race” and “Commonwealth games Bronze”.
But what will be most concerning for non-cybersquatter .au registrants will be the acronyms and dictionary words that have been added.
These include the word “university” and acronyms such as “ran”, “adi” and “ara”, which could quite easily appear as substrings of legitimate words such as “grandma”, “radio” and “karate”.
Registrants of domains that exactly match the newly banned strings will find themselves unable to renew those domains, according to an auDA FAQ:

All words, phrases or acronyms on the list at Schedule A have been blocked from registration at the Registry. If you believe that you should be able to renew the domain name, you will need to demonstrate to your Registrar and auDA that you have Ministerial consent to use the domain name or your use of the domain name does not attract the restriction.

If there’s only a partial, substring match, registrants won’t be able to transfer the domain to a different registrant, according to the FAQ:

auDA has placed a lock on domain names that contain words, phrases or acronyms which appear on the list in Schedule A to prevent the transfer of these names to third parties. auDA will remove the lock where registrants can provide the requisite consent, or demonstrate that the use of the domain name does not attract the restriction.

The list was expanded following an auDA policy review that looked at what words are protected under Australian legislation.
The review itself acknowledged that the banned list is a bit of a blunt instrument, as in many cases it’s not the string that is banned but rather the use of the string.
Presumably, if you own “karate.com.au” it will be fairly straightforward to show you’re not infringing the rights of the Australian Regular Army.
The registry’s advice to registrants who believe their names are affected is to lawyer up:

Registrants are encouraged to check whether their domain name/s contain any words, abbreviations, acronyms or phrases appearing on the Schedule. If a name appears on the Schedule, registrants should seek independent legal advice on appropriate action. auDA cannot provide legal advice.

The new list of banned words can be found here. I’ve taken a screen capture of the old list from Google’s cache of January 20, here.

Shocker! After 15 years, Afilias kicks Neustar out of Australia

Afilias has been awarded the contract to run .au, Australia’s ccTLD, kicking out incumbent Neustar after 15 years.
It’s currently a 3.1 million-domain contract, meaning it’s going to be the largest back-end transition in the history of the DNS.
It’s also very likely going to see the price of a .au domain come down.
Neustar, via its 2015 acquisition of AusRegistry, has been the back-end provider for .au since 2002. That deal is now set to end July 1, 2018.
auDA, the ccTLD manager, said today that Afilias was selected from a shortlist of three bidders, themselves whittled down from the initial pool of nine.
It’s not been disclosed by auDA who the other shortlisted bidders were, and Afilias execs said they do not know either. I suspect Neustar would have been one of them.
The contract was put up for bidding in May, after auDA and Neustar failed to come to terms on a renewal.
At 3.1 million domains under management, .au is currently bigger than .org was when Afilias took over the back-end from Verisign in 2003.
Back then, .org was at 2.7 million names. It’s now at over 10 million.
“It’s the biggest transition ever, but not by much,” Afilias chief marketing officer Roland LaPlante said.
CTO Ram Mohan said that it should actually be easily than the .org transition, which had the added wrinkle of switching registrars from Verisign’s legacy RPP protocol to the now-standard EPP.
auDA said that Afilias will start reaching out to the 40-odd current .au registrars about the transition “as early as this week”.
About half of registrars are already on Afilias’ back-end and about half are ICANN-accredited, LaPlante said.
“We don’t expect to have many changes for registrars, but we have plenty of time to prepare them for what is needed,” Mohan said. “It ought to be a fairly easy glide path.”
There will be a live test environment for registrars to integrate with prior to the formal handover, he said.
There are several local presence requirements to the contract, so Afilias will open up a 20-person office in Melbourne headed by current VP of corporate services John Kane, who will shortly move there.
The company will also have to open a data center there, as the contract requires all data to be stored in-country.
Mohan, LaPlante and Kane said they’re all jumping on planes to Melbourne tonight to begin transition talks with local interested parties.
Financial terms of the deal are not being disclosed right now, but LaPlante said that .au registrars should see prices come down. This could lead to lower prices for registrants.
They currently pay AUD 17.50 ($13.44) per domain for a two-year registration, and I believe Neustar’s cut is currently around the $5 (USD) per year mark.
Afilias is not known for being a budget-end back-end provider, but it seems its slice of the pie will be smaller than Neustar’s.
LaPlante said that fees charged to registrars will be set by auDA, but that it now has flexibility to reduce prices that it did not have under the incumbent.
“Some savings should flow down to registrars as part of this,” he said.
The term of the contract is “four or five years” with options to renew for additional years, he said.
The loss of .au has no doubt come as a blow to Neustar, which paid $87 million for AusRegistry parent Bombrra just two years ago.
While Bombora also had dozens of new gTLD clients, many dot-brands, .au was undoubtedly its key customer.

Domain blogger O’Meara elected to auDA board

Domainer-blogger Ned O’Meara, one of the fiercest critics of auDA, has been elected to the organization’s board of directors.
He was one of four directors elected at the Australian ccTLD registry’s Annual General Meeting today.
auDA splits its board into “demand” and “supply” classes. The former are registrants, the latter registrars and resellers.
O’Meara, a domain investor who blogs at Domainer.com.au, was elected as a demand class director, along with Nicole Murdoch, a trademark lawyer who O’Meara backed when he was prevaricating about his own run.
On the supply side, members elected Canadian-born chair of the Australian Web Industry Association and founder of 1300 Web Pro, James Deck, and Grant Wiltshire.
Wiltshire, who works for the government of the Australian state of Victoria, has been a demand-class director for the last two years. There’s no indication in his candidate statement where in the domain industry he has worked.
The election came a week after auDA named its new chair and a new independent director.
Chris Leptos is the new chair. He replaces Stuart Benjamin, who was forced out earlier this year after a “Grumpy” campaign led by O’Meara.
Leptos is deputy chair of financial advisory firm Flagstaff Partners and sits on the board of PPB Advisory. That’s the company that conducted an audit of auDA following the departure of its former CEO last year.
O’Meara landing on the board means he will of course become privy to all the information he’e been campaigning for auDA to be more transparent about recently. How this will affect his blogging remains to be seen, he has yet to write a post about his election.

Aussie gov refuses to spill the beans on ICANN vice chair’s firing

The Australian government has refused to release documents concerning alleged “financial irregularities” at local ccTLD manager auDA that have been linked to the firing of former CEO Chris Disspain.
A request under the Freedom of Information Act sought documents detailing Disspain’s March 2016 termination, as well as high levels of travel expenses and apparent under-reporting of “fringe benefit tax” under his watch.
The request was filed in September by by industry consultant Ron Andruff, who is known to have beef with Disspain after having been passed over for an important ICANN leadership role.
One of the specific documents sought by Andruff was an unpublished audit by PPB Advisory known to have uncovered slack historical expenses management practices and high levels of travel expenditure.
While rumors have circulated, there have been no substantiated allegations of wrongdoing by Disspain.
The Australian Department of Communications and the Arts told Andruff this weekend that 13 relevant documents had been identified and reviewed, but that all were exempt from disclosure under the FOI Act.
Reasons given include the right to privacy of the individual concerned and the fact that the information could fuel “unsubstantiated allegations of misconduct”.
The Department also thought that disclosing the documents could make it harder to it to obtain information from auDA in future, particularly relevant given that it recently kicked off a review of the organization.
While acknowledging there were some public interest reasons to publish the documents, on balance it said that the public interest reasons not to publish were more numerous.
auDA has been plagued by problems such as high turnover of staff and board, unpopular policies, and the member-instigated ouster of its chair, since Disspain left.
Separately, Disspain became ICANN’s vice chair earlier this month, having sat on the board for the last seven years as a representative of the ccTLD community.
He’s one of four community-nominated ICANN directors who have agreed to undergo the same background checks as their Nominating Committee-appointed counterparts, in part due to pressure applied by Andruff.
The FOI response can be viewed here (pdf).

ICANN beefs up background checks on directors amid concerns about vice-chair

ICANN is to beef up background screening procedures for its own board of directors after concerns were raised about financial integrity.
Directors in four seats that were not previously subject to screening have voluntarily agreed to checks “immediately” and ICANN has urged two of its supporting organizations to bring in such checks as standard.
Chris Disspain and Mike Silber, selected by the Country Code Names Supporting Organization, and Generic Names Supporting Organization selectees Becky Burr and Matthew Shears are these volunteers.
Neither the GNSO nor ccNSO currently screen their director picks to the same standard as other supporting organizations and the Nominating Committee.
ICANN said that they will be checked for “negative indicators such as discrepancies on a resume (including licenses, educational history and employment history), or publicly reported issues of financial mismanagement, fraud, harassment and mishandling of confidential information”.
The board passed a resolution last Thursday calling for the two SOs to bring in “the same or similar” screening procedures for future directors.
The resolution was passed minutes before the formal handover of power from outgoing chair Steve Crocker to new chair Cherine Chalaby. Disspain is the new vice-chair, replacing Chalaby.
ICANN had been put under pressure to widen its director due diligence earlier in the week by consultant and long-time ICANN community member Ron Andruff, who is known to have concerns about Disspain’s financial integrity.
Andruff spoke at an open-mic session with the board last Monday to recommend that the four anomalous directors face screening before the board was re-seated just a few days later.
“We’re talking about risk,” he said. “We’re talking about making sure that we do not put our institution that we’ve worked so hard to put into ICANN 2.0 in a place where we have four people that might have something, or not. And quite frankly, I don’t expect we’re going to find anything. I just want to make sure that we’ve checked that box,” Andruff said.
“We have the resources to do four background screenings between now and Thursday. No one expects any issues to surface. But this simple act will ensure that the institution is properly protected,” Andruff said.
Then-chair Crocker responded that it would not be possible to do the checks so quickly, but agreed in principle with the need for screening and said the board had had “substantial discussions” on the matter.
Andruff is former chair-elect of the Nominating Committee, which chooses eight directors and subjects all of its appointees to background screening.
He recently made a Freedom of Information Act request in Australia related to the circumstances leading to Disspain getting fired as CEO of local ccTLD administrator auDA in March 2016.
Disspain was let go after his relationship with the auDA board became “increasingly strained over issues of process, transparency and accountability”, according to an external review published by auDA in October last year.
auDA’s practices had “not kept pace with auDA’s growth in scale and importance to the Australian community, nor with evolving good practice in governance and accountability”, this review found.
The review did not directly allege any wrongdoing by Disspain.
A separate and currently unpublished review around the same time by PPB Advisory found that auDA had been “under-reporting” so-called “fringe benefit tax” to the Aussie tax authorities, according to auDA board meeting minutes.
FBT is tax companies must pay on employee benefits such as a company car or payment of private expenses.
There’s no clear indication in the public record that this under-reporting was directly related to benefits Disspain received, though the under-reporting very likely happened at least partially during his 15 years as CEO.
A slide deck discussing the PPB review published by auDA identified “a lack of formal policies and procedures governing how travel and expenses were managed”.
It added: “There were high levels of expenditure on international travel and reimbursement arrangements with international bodies that lacked transparency, which should have warranted a more robust process”.
All expenses incurred by ICANN’s directors and reimbursed in relation to their duties are a matter of public record.
Disspain receives not only a $45,000 annual salary but also tens of thousands of dollars in reimbursements each year, much of which is related to directors’ extensive travel obligations, these records show.
In its last reported tax year, to June 30, 2016, he received $68,437 in reimbursements, according to a published document (pdf). ICANN directly paid another $32,951 on his behalf.
A number of allegations have been made to DI (and, I believe, to other bloggers) over the last few months about alleged wrongdoing by Disspain in connection to these nuggets of information, but they’ve come from sources who refuse to identify themselves or provide corroborating evidence.
Despite efforts, I’ve been unable to independently verify these anonymous claims, which come amid turbulent times for auDA and its members, so I’ve chosen not to repeat them.
Andruff, meanwhile, has used FOI law to ask the Australian government, which has oversight of auDA, for the full PPB report, as well as documents related to the FBT issue, Disspain’s termination and his travel expenses.
Andruff and Disspain are known to have a history of friction.
Two years ago, Andruff expressed his anger after having been passed over for the job of chair of the NomCom, a role that be believes should have gone to him as chair-elect.
He lost the opportunity after the ICANN board, exercising its bylaws-permitted discretion, accepted the recommendation of its Board Governance Committee — at the time chaired by Disspain — that it be given to Stephane Van Gelder instead.
The original deadline for the Australian government response to Andruff’s FOI request was October 16, but this has been extended twice, now to November 19, due to the complexity of the request.
The eventual response will no doubt be read with interest.