IRP panel tells ICANN to stop being so secretive, again

ICANN’s dismal record of adverse Independent Review Process decisions continued last week, with a panel of arbitrators telling the Org to shape up its transparency and decision-making processes.

The panel has essentially ruled that ICANN did everything it could to be a secretive as possible when it decided to remove price controls from its .org and .info registry contracts in 2019.

This violated its bylaws commitments to transparency, the IRP panel found, at the end of a legal campaign by Namecheap commenced over three years ago.

Namecheap wanted the agreements with the two registries “annulled”, but the panel did not go that far, instead merely recommending that ICANN review its decision and possibly enter talks to put the price caps back.

But the decision contains some scathing criticisms of ICANN’s practice of operating without sufficient public scrutiny.

Namecheap had argued that ICANN broke its bylaws by not only not applying its policies in a non-discriminatory manner, but also by failing to adequately consult with the community and explain its decision-making.

The registrar failed on the first count, with the IRP panel ruling that ICANN had treated registry contract renegotiations consistently over the last 10 years — basically trying to push legacy gTLDs onto the 2012-round base Registry Agreement.

But Namecheap succeeded on the second count.

The panel ruled that ICANN overused attorney-client privilege to avoid scrutiny, failed to explain why it ignored thousands of negative public comments, and let the Org make the price cap decision to avoid the transparency obligations of a board vote.

Notably, the panel unanimously found that: “ICANN appears to be overusing the attorney-client privilege to shield its internal communications and deliberations.”

As one example, senior staffers would copy in the legal team on internal communications about the price cap decision in order to trigger privilege, meaning the messages could not be disclosed in future, the decision says.

ICANN created “numerous documents” about the thinking that went in to the price cap decision, but disclosed “almost none” of them to the IRP due to its “overly aggressive” assertion of privilege, the panel says.

As another example, staffers discussed cutting back ICANN’s explanation of price caps when it opened the subject to public comment, in order to not give too much attention to what they feared was a “hot” and “sensitive” topic.

ICANN’s failure to provide an open and transparent explanation of its reasons for rejecting public comments opposing the removal of price controls was exacerbated by ICANN’s assertion of attorney-client privilege with respect to most of the documents evidencing ICANN’s deliberations…

ICANN provided a fairly detailed summary of the key concerns about removing price caps, but then failed to explain why ICANN decided to remove price caps despite those concerns. Instead, ICANN essentially repeated the explanation it gave before receiving the public comments.

The panel, which found similar criticisms in the earlier IRP of Dot Registry v ICANN, nevertheless decided against instructing ICANN to check its privilege (to coin a phrase) in future, so the Org will presumably be free to carry on being as secretive as normal in future.

Namecheap also claimed that ICANN deliberately avoided scrutiny by allowing Org to remove the price caps without a formal board of directors resolution, and the panel agreed.

The Panel finds that of the removal of price controls for .ORG, .INFO, and .BIZ was not a routine matter of “day-to-day operations,” as ICANN has asserted. The Price Cap Decision was a policy matter that required Board action.

The panel notes that prior to the renewal of .org, .info and .biz in 2019, all other legacy gTLD contracts that had been renewed — including .pro, which also removed price caps — had been subject to a board vote.

“ICANN’s action transitioning a legacy gTLD, especially one of the three original gTLDs (.ORG), pursuant to staff action without a Board resolution was unprecedented,” the panel writes.

Quite why the board never made a formal resolution on the .org contract is a bit of a mystery, even to the IRP panel, which cites lots of evidence that ICANN Org was expecting the deal to go before the board as late as May 13, 2019, a month before the anticipated board vote.

The .org contract was ultimately signed June 30, without a formal board resolution.

(Probably just a coincidence, but Ethos Capital — which went on unsuccessfully to try to acquire .org registry Public Interest Registry from ISOC later that year — was formed May 14, 2019.)

The IRP panel notes that by avoiding a formal board vote, ICANN avoided the associated transparency requirements such as a published rationale and meeting minutes.

The panel in conclusion issued a series of “recommendations” to ICANN.

It says the ICANN board should “analyze and discuss what steps to take to remedy both the specific violations found by the Panel, and to improve its overall decisionmaking process to ensure that similar violations do not occur in the future”.

The board “should consider creating and implementing a process to conduct further analysis of whether including price caps in the Registry Agreements for .ORG and .INFO is in the global public interest”

Part of that process should involve an independent expert report into whether price caps are appropriate in .info and especially .org.

If it concludes that price controls are good, ICANN should try to amend the two registry agreements to restore the caps. If it does not conduct the study, it should ask the two registries if they want to voluntarily restore them.

Finally, the panel wrote:

the Panel recommends that the Board consider revisions to ICANN’s decision-making process to reduce the risk of similar procedural violations in the future. For example, the Board could adopt guidelines for determining what decisions involve policy matters for the Board to decide, or what are the issues on which public comments should be obtained.

ICANN is on the hook to pay the panel’s fees of $841,894.76.

ICANN said in a statement that it is “is in the process of reviewing and evaluating” the decision and that the board “will consider the final declaration as soon as feasible”.

GoCompare makes a big bet on a new gTLD

GoCompare, one of the most recognizable online brands in the UK, is rebranding to Go.Compare, with a corresponding switch to the new gTLD domain name go.compare.

The insurance price-comparison site announced the move, which is being backed up by a three-month prime-time TV advertising campaign, during the series premiere of talent show The Voice UK, which it now sponsors, on Saturday night.

The brand may be unfamiliar to readers outside of the UK, but here it’s pretty well-known due in no small part to its relentless TV ads, which feature a fictional Italian opera singer. There can’t be many Brits who don’t recognize the jingle, once described as the “most irritating” on TV.

And that jingle now has an extra syllable in it — the word “dot”. The company described the sponsorship like this:

As part of the sponsorship, Go.Compare’s operatic tenor Gio Compario and the actor who plays him, Wynne Evans, are both in the judging chairs, auditioning to find a new voice to help them sing the new brand jingle and play the ‘dot’ in the new website URL. The series will follow Gio and Wynne on their journey to find the best ‘dot.’

This is the first ad:

The company said the rebranding, in phrasing likely to irk many in the domain industry, “means that anyone now looking to use the comparison service will be able search on any device using ‘Go.Compare’, and they will be taken directly to the website.”

It’s inviting customers to direct-navigate, but calling it “search”.

Paul Rogers, director of brand and campaigns, said in a press release:

Behind this, the decision to bring the “dot” into the mix now means that our website is easier to find – regardless of browser or device, all you need to know now is Go.Compare and you’re there. It’s basically taking out the middleman and making it easier for people to find us directly

Go.Compare has been using gocompare.com since it launched in 2006, and that domain is still live, not redirecting, and showing up as the top search result for the company. The domain go.compare does not redirect to the .com, however.

The company’s social media handles now all use the new brand.

The .compare gTLD is a pretty obscure one, that truthfully even I had forgotten exists.

It started off owned by Australian insurance provider iSelect, originally intended as a dot-brand, but sold off alongside .select to Neustar, then its back-end provider, in 2019.

GoDaddy acquired Neustar’s registry business the following year and has since then sold just a few hundred .compare domains, very few of which actually appear to be in use.

I’m not suggesting .compare is suddenly going to explode, but the rebranding and accompanying high-profile marketing effort is surely useful to the new gTLD industry in general, raising awareness that not every web site has to end in .com or .uk.

Neustar now linked to scandal in the Catholic church

Neustar is having a bummer of a year for getting involved in major political scandals.

First, its execs were linked to allegations of an attempt to show Donald Trump was involved in “collusion” with Russia, and now it’s found itself in the middle of a corruption slash child sex abuse scandal in the Catholic Church.

There don’t appear to be any concrete allegations of wrongdoing by Neustar in the latest case, which involves a lot of mud-slinging between two elderly, bickering, controversy-wracked priests.

Rather, a senior church figure previously convicted and jailed and then cleared of child sex abuse is accusing an old rival currently standing trial on corruption charges of failing to explain money transfers that were said to be destined for Neustar.

George Pell is an Australian cardinal, the country’s most senior Catholic authority figure, who was very publicly convicted of child sex abuse offenses in 2018. His convictions were later overturned on appeal by the High Court of Australia.

Angelo Becciu is an Italian cardinal who, according to the religious press, served as the Pope’s de facto “chief of staff” until he was accused by the Vatican of embezzlement and corruption related to real estate investments last year.

Claims by Pell’s supporters have reportedly circulated in the Italian press for years that Becciu had sent church money to Australia in order to negatively influence Pell’s trial. The two men apparently don’t get on.

The reports even triggered a probe, which found nothing, by Australian regulators into a then-unnamed tech company.

But Becciu testified before a Vatican court last week that the AUD 2.3 million ($1.6 million) Pell has raised questions over was in fact used to pay Neustar Australia for operation of the .catholic gTLD in 2017 and 2018.

He said that Pell himself had authorized the payments, in a 2015 letter.

The Vatican had originally hired ARI/AusRegistry to be its registry partner for .catholic — which has never actually been used — but it had been acquired by Neustar by the time of the contested payments. Neustar’s registry is now owned by GoDaddy, which manages .catholic.

Following Becciu’s testimony, Pell issued a statement calling his story “incomplete” and saying:

My interest is focussed on four payments with a value of AUD 2.3 million made by the Secretariat of State in 2017 and 2018 to Neustar Australia, two of which with a value of AUD 1.236 million were authorised by Monsignor Becciu on 17/5/2017 and 6/6/2018. Obviously, these are different payments from those of 11/9/2015 which I allegedly authorised. What was the purpose? Where did the money go after Neustar?

The word “after” in that final sentence is certainly suggestive, but Pell did not elaborate.

GoDaddy says it turned around Neustar, and .biz numbers seem to confirm that

GoDaddy is pleased with how its new registry division is doing, with CEO Aman Bhutani claiming last night that it’s managed to turn around the fortunes of Neustar, which became part of GoDaddy Registry a year ago.

Reporting a strong third quarter of domains revenue growth, Bhutani highlighted the secondary market and the registry as drivers. In prepared remarks, he said:

On Registry, we are continuing to prove our ability to acquire, integrate, and accelerate. A great example is the cohort performance within GoDaddy Registry. When we acquired Neustar’s registry assets in Q3 last year, its new cohorts were shrinking, with new unit registrations down 4% year over year. We are now one year into the acquisition, and we’re pleased to report that within that first year, we have been able to accelerate new business significantly. We are now seeing new unit registrations increase nearly 20% year over year — all organically.

If you’re wondering what a “cohort” is, it appears to refer to GoDaddy’s way of, for analysis purposes, slicing up its customers, how much they spend and how profitable they are, into tranches according to the years in which they became customers.

So GoDaddy’s saying here that Neustar’s number of new customers was going down, and it was selling 4% fewer new domains, at the time of the acquisition last year, but that that trend has now been reversed, with new regs up 20%.

The numbers are not really possible to verify. Neustar’s main three TLDs for volume purposes were .us, .co and .biz, and of those only .biz is contractually obliged to publish its zone file and registry numbers.

But look at .biz!

That’s .biz’s daily zone file numbers for the last two years, with the August 2020 acquisition highlighted by a subtle arrow. It’s only added about 50,000 net names since the deal, but it’s reversing an otherwise negative trend.

Monthly transaction reports show .biz had been on a general downward, if spiky, line since its early 2014 peak of 2.7 million names. It’s now at about 1.4 million.

When asked how the company achieved such a feat, Bhutani credited “execution” and left it at that. Perhaps this means something to financial analysts.

When asked by an analyst whether GoDaddy was giving its own TLDs preferential treatment, promoting its owned strings on the registrar in order to better compete with .com at the registry, Bhutani denied such frowned-upon behavior:

We don’t do that. All TLDs work on our registrar side in terms of their merit. It’s about value to the customer — whatever works best irrespective of whether we own the registry side or not. That’s what we’ll sell in front of the customer.

The company reported domains revenue up 17% at $453.2 million for the third quarter, with overall revenue up 14% at $964 million compared to year-ago numbers. Net income was up to $97.7 million from $65.1 million a year ago.

GoDaddy expects domains revenue to grow in the low double digits percent-wise in the current quarter.

PIR poaches new CTO from Verisign

Public Interest Registry has announced the hiring of Rick Wilhelm as its new chief technology officer.

Wilhelm comes from Verisign, where he was VP of platform management. He’s also previously worked for Network Solutions and Neustar and sat on ICANN’s Security and Stability Advisory Committee.

He replaces Joe Abley, who quit for a job at Neustar in August.

Wilhelm started today, and reports to CEO Jon Nevett.

Neustar exec fingered in Trump’s Russian “collusion” probe

A senior former Neustar executive has been outed as a participant in 2016 research that sought to establish nefarious links between then US presidential candidate Donald Trump and the Russian government.

According to a US federal indictment last month, former Neustar senior VP and head of security Rodney Joffe and others used DNS query data collected by the company to help create a “narrative” that Trump’s people had been covertly communicating with Kremlin-connected Alfa Bank.

The indictment claims that they did so despite privately expressing skepticism that the data was conclusive in establishing such ties.

Joffe did this work while under the impression he would be offered a top cybersecurity job in Hilary Clinton’s administration, had she won the 2016 general election, the indictment claims.

Joffe has not been accused of any illegality or wrongdoing — he’s not even named in the indictment — and his lawyer has told the New York Times that the indictment gives an “incomplete and misleading” version of events.

The indictment was returned by a federal grand jury on September 16 against Washington DC lawyer Michael Sussmann, as a result of Special Counsel John Durham’s investigation into the origins of the Trump-Russia “collusion” probe, which ultimately found insufficient evidence of illegality by the former president.

Sussman is charged with lying to the FBI when, in September 2016, he showed up with a bunch of evidence suggesting a connection between Trump and Alfa Bank and claimed to not be working on behalf of any particular client.

In fact, the indictment alleges, he was working on behalf of the Clinton campaign and Joffe, both of whom had retained his services. Lying to the FBI is a crime in the US.

The indictment refers to Joffe as “Technology Executive 1”, but his identity has been confirmed by the NYT and others.

Sussman’s evidence in part comprised DNS data supplied by Joffe and analyzed by himself and other researchers, showing traffic between the domain mail1.trump-email.com and the Russian bank.

At the time, Neustar was a leading provider of domain registry services, but also a significant player in DNS resolution services, giving it access to huge amounts of data about domain queries.

“Tech Executive-1 [Joffe] used his access at multiple organizations to gather and mine public and non-public Internet data regarding Trump and his associates, with the goal of creating a ‘narrative’ regarding the candidate’s ties to Russia,” the indictment claims.

According to the indictment, Joffe had been offered a job in the Clinton administration. He allegedly wrote, shortly after the November 2016 election: “I was tentatively offered the top [cybersecurity] job by the Democrats when it looked like they’d win. I definitely would not take the job under Trump.”

The researchers — which also included employees of the Georgia Institute of Technology, ​Fusion GPS, and Zetalytics, according to the NYT — sought to create a case for a connection between Trump and the Russian government while privately expressing doubts that their conclusions would stand up to third-party scrutiny, the indictment claims.

The suspicions were briefed to the media by Sussman and the Clinton campaign, the indictment says, and widely reported prior to the election.

When the FBI investigated the alleged links, it concluded the suspicious traffic was benign and caused by the activities of a third-party marketing firm, according to reports.

As I said, it is not alleged that Joffe broke the law, and his people say the indictment is, as you might expect from an indictment, one-sided.

Still, it’s a very interesting, and possibly worrying, insight into how companies like Neustar and their employees are able to leverage DNS resolution data for their own private purposes.

The full indictment, which uses pseudonyms for most of the people said to be involved in the research, can be read here (pdf). The New York Times story, which reveals many of these identities, can be read here (paywall).

While Neustar’s registry business was acquired last year by GoDaddy, it appears that Joffe did not make the move and instead stayed with Neustar. His LinkedIn profile showed he “retired” at some point in the last few weeks, after 15 years with the company.

One year on, Namecheap still fighting aborted .org takeover and may target GoDaddy and Donuts next

Even though Ethos Capital’s proposed takeover of Public Interest Registry was rejected last May, registrar Namecheap is still doggedly pursuing legal action against ICANN’s handling of the deal, regardless.

The Independent Review Process complaint filed last February is still active, with Namecheap currently fighting a recent ICANN motion to dismiss the case.

The company is also demanding access to information about GoDaddy’s acquisition of Neustar and Donuts’ acquisition of Afilias, and is threatening to file separate actions related to both those deals.

Namecheap has essentially two beefs with ICANN. First, that it should not have lifted price caps in its .org, .biz and .info registry contracts. Second, that its review of Ethos’ bid for PIR lacked the required level of transparency.

ICANN’s trying to get the IRP complaint thrown out on two fairly simple grounds. First, that Namecheap lacks standing because it’s failed to show a lack of price caps have harmed it. Second, that it rejected the PIR acquisition, so Namecheap’s claims are moot.

In its motion to dismiss (pdf), its lawyers wrote:

Namecheap’s entire theory of harm, however, is predicated on the risk of speculative future harm. In fact, nearly every explanation of Namecheap’s purported harm includes the words “may” or “potential.” Namecheap has not identified a single actual, concrete harm it has suffered.

…

Namecheap’s claims related to the Change of Control Request should be dismissed because ICANN’s decision not to consent to the request renders these claims moot
and, separately, Namecheap cannot demonstrate any harm resulting from this decision.

In December, Namecheap had submitted as evidence two analyses of its business prospects in the event of registry price increases, one compiled by its own staff, the other prepared by a pair of outside expert economists.

While neither shows Namecheap has suffered any directly quantifiable harm, such as a loss of revenue or customers, Namecheap argues that that doesn’t matter and that the likelihood of future harm is in fact a current harm.

A mere expectation of an increase in registry prices is sufficient to show harm. This is because such expectation reduces Namecheap’s expected profits and its net present value.

It further argues that if Namecheap was found to not have standing, it would give ICANN the ability to evade future IRP accountability by simply adding a 12-month delay to the implementation of controversial decisions, pushing potential complainants outside the window in which they’re able to file for IRP.

On the PIR change of control requests, Namecheap says it’s irrelevant that ICANN ultimately blocked the Ethos acquisition. The real problem is that ICANN failed in its transparency requirements related to the deal, the company claims.

The fact that ICANN withheld its consent is no excuse for refusing to provide full transparency with respect to the actions surrounding the proposed acquisition and ICANN’s approval process. Namecheap’s claims relate to the non-transparent process; not the outcomes of such process. Irrespective of the outcome, lack of transparency increases the level of systemic risk in Namecheap’s business environment.

…

How did ICANN come to its decision? Was an imminent request for a change of control known to ICANN, when it took the decision to remove the price control provisions? What was discussed in over 30 hours of secret meetings between ICANN org and the Board? What discussions took place between ICANN, PIR and other entities involved? All these questions remain unanswered

Namecheap refers to two incidents last year in which ICANN hid its deliberations about industry acquisitions by conducting off-the-books board discussions.

The first related to the PIR deal. I called out ICANN for avoiding its obligation to provide board meeting minutes in a post last May.

The second relates to the board’s consideration of Donuts’ proposed (and ultimately approved) acquisition of Afilias last December. Again, ICANN’s board discussed the deal secretly prior to its official, minuted December 17 meeting, thereby avoiding its transparency requirements.

In my opinion, this kind of bullshit has to stop.

Namecheap is also now threatening to bring the Afilias deal and GoDaddy’s acquisition of Neustar’s registry business last April into the current IRP, or to file separate complaints related to them, writing in its response to ICANN’s motion (pdf):

Namecheap seeks leave to have ICANN’s actions and inactions regarding its consideration of the Neustar and Afilias changes of control reviewed by this IRP Panel. If, per impossibile such leave is not granted, Namecheap reserves all rights to initiate separate proceedings on these issues.

The deals are similar because both involve the change of control of legacy gTLD contractors with millions of domains under management that have recently had their price caps lifted — Afilias ran .info and Neustar ran .biz.

Verisign increases focus on .com after flogging public DNS to Neustar

Neustar has taken another nibble at former archrival Verisign, buying the company’s public DNS resolution service.

The companies announced yesterday that Neustar has acquired Verisign Public DNS, and will incorporate it into its existing UltraDNS Public service.

The deal means that several IP addresses used to provide the services will transition to Neustar, so end users don’t need to make any changes.

Recursive DNS services are often used by people or organizations that, for whatever reason, don’t trust their ISP to treat their browsing records confidentially.

Big players in the market include Google, Cloudflare, and Cisco’s OpenDNS.

Signing up for such services is usually free — users simply reconfigure their devices to point their DNS resolution to a provider’s IPs.

Providers get greater insight into network activity that they can use to boost their paid-for enterprise security services, and they sometimes monetize NXDOMAIN (non-existing domain) landing pages.

No monetary value was put on the deal.

“Verisign is committed to focusing on its core mission of providing critical internet infrastructure, including Root Zone management, operation of 2 of the 13 global internet root servers, operation of .gov and .edu, and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce,” Verisign senior VP Eb Keshavarz, said in a press release.

That quote buries the lede, of course — operating .com and .net is the only activity listed that makes Verisign any money, and now it’s pretty much the only thing Verisign does.

Neustar acquired Verisign’s security services business, including its fee-paying recursive DNS customers, two years ago.

Neustar is of course no longer competing with Verisign in the registry services market, having sold that business to GoDaddy earlier this year. It’s now GoDaddy Registry.

GoDaddy could lose control of .co this week

It looks like GoDaddy’s recently acquired .co registry could lose formal control of the ccTLD this week.

ICANN’s board of directors has “Transfer of the .CO (Colombia) top-level domain to the Ministry of Information and Communications Technologies” on its agenda for its meeting this Thursday.

Since 2009, IANA record for .co shows the Colombian company .CO Internet as the sponsor, admin contact and tech contact.

.CO Internet was acquired by Neustar for $109 million in 2014. Neustar’s registry business, including the .co contract, was acquired by GoDaddy earlier this year. Most of .CO Internet’s original staff are still with the company.

GoDaddy now has the contract to run .co for the next five years, but as a service provider rather than having full administrative control of the TLD.

A redelegation to the Colombian ministry will not affect that contract, and in fact seems to have been envisaged by it.

Back in April when the renewal was announced, MinTIC said it would in future “be in charge of its [.co’s] administration through a group dedicated to Internet governance with technical personnel with knowledge and ability to manage and administer the domain”.

The new deal also sees Colombia receive 81% of the profits from .co, compared to the 6-7% it received under the old deal.

Assuming the ICANN board gives the redelegation the nod this week, it usually only takes IANA a day or two to make the appropriate updates to its registry.

Three big registries will take down opioid domains for US govt

Verisign, Public Interest Registry and Neustar (now part of GoDaddy) will suspend domain names being used to illegally sell opioids under a pilot scheme with the US government.

The Food and Drug Administration announced this week that this new “trusted notifier” program will go into effect for 120 days.

When the FDA finds a site suspected of selling opioids illegally, it will notify the registry as well as the web site’s owner and hosting provider.

The registries will then be able to decide whether to suspend the domain or not. It’s voluntary.

The National Telecommunications and Information Administration will also take part in the project.

Verisign runs .com and .net, PIR runs .org and Neustar runs .us, .co and .biz.

Opioids are legal, pharmaceutical pain-killers derived from opium. They’re ridiculously addictive and account for as many drug overdose deaths in the US as heroin, but are over-prescribed by US doctors.

It’s not the first time registries have agreed to trusted notifier programs. Some new gTLD registries have deals with the movie and music industries to suspend domains involved in copyright infringement.

The announcement comes just a few weeks after ICANN rejected a deal that would have seen PIR create a community oversight body with responsibilities to monitor domain-suspension policies in .org.