Five times ICANN deleted a ccTLD, and what it means for .io
With the future of .io coming into question this week, with the news that the UK will return sovereignty of the British Indian Ocean Territory to Mauritius, I thought it would be a good time to see how ICANN has treated disappearing countries and territories in the past.
As far as I can tell, ccTLDs have been removed from the DNS root on only five occasions since ICANN came into existence in 1998.
While the circumstances differ, in all but one case the trigger for the deletion was a change to the International Standards Organization’s ISO 3166-1 alpha-2 list, which ICANN uses to decide who gets a ccTLD and what ccTLD they get.
.yu — Yugoslavia
The Socialist Federal Republic of Yugoslavia broke up in 1992 due to a bloody civil war, but it wasn’t until 2010 that ICANN finally removed .yu from the root.
Splinter nations Slovenia, Croatia, North Macedonia, and Bosnia and Herzegovina were all assigned their own new country codes — .si, .hr, .mk and .ba — in the 1990s, but the now independent and separate states of Serbia and Montenegro, initially known as the Federal Republic of Yugoslavia, carried on using .yu.
When the country renamed itself the State Union of Serbia and Montenegro in 2003, the ISO list was updated to assign it the new code .cs, but the corresponding ccTLD was never actually delegated before the country broke up again in 2006, getting the ccTLDs .rs and .me the following year.
RNIDS, the .rs registry, carried on running .yu for a few years while it transitioned registrants to the new ccTLD. The process was not entirely painless, and ICANN had to keep .yu live longer than planned, before eventually deleting it April 1, 2010.
.tp — Portuguese Timor
The country we now know as East Timor or Timor Leste started the 21st century as Portuguese Timor, under Indonesian occupation. Its ccTLD was .tp.
After the country gained its independence in 2002, it renamed itself Timor Leste and the ISO assigned it the new code TL, deleting TP from its list.
IANA delegated .tl to the local government in 2005 and encouraged .tp registrants to migrate, but it took a full decade before it followed through and removed .tp from the root, in February 2015.
.zr — Zaire
The first ccTLD to get deleted by IANA under ICANN’s watch was .zr, which was no longer needed after Zaire changed its name to Democratic Republic of the Congo, receiving the code CD from ISO, in 1997.
The pre-ICANN IANA delegated .cd to the newly named country in 1997 and the registry operator set about moving .zr names to .cd. By 2001, that process was completed and .zr was deleted from the root.
.an — Netherlands Antilles
The Netherlands Antilles was a collection of former Dutch colonies in the Caribbean, until the territory split, with its component islands receiving new statuses under Dutch law, in 2010. The ccTLD was .an.
Curaçao got .cw, Sint Maarten (Dutch part) got the sexy-sounding .sx, and Bonaire, Saint Eustatius and Saba got to share .bq. ISO removed AN from its list.
The transition was a bit more complicated than usual, as .an registrants had to transfer to a new ccTLD based on what island they were on, but the local authorities managed it and within five years .an went poof.
.um — United States Minor Outlying Islands
This one’s unique in that it was deleted apparently simply because the registry operator couldn’t be bothered with it any more.
The United States Minor Outlying Islands are pretty much unpopulated, but strategically well-located, islands belonging to the US. There’s eight in the Pacific and one in the Caribbean.
Its ccTLD was operated by the University of Southern California until 2006, when somebody at ICANN noticed it appeared to be broken. When it approached USC for an explanation, it was told “they were no longer interested in managing the .UM domain”.
It had no registered domains, so there was no need for a transition plan and IANA deleted it from the root the following year.
The islands and their code are still on the ISO list and are still eligible for their ccTLD. Presumably it’s only the fact that the US government has asserted its authority over .um that has prevented an opportunist Just Some Guy registry from snapping it up to market .um domains as the leading destination for indecisive people or something.
What does this mean for .io?
ICANN’s policy on ccTLDs is pretty straightforward — your territory has to be on the ISO 3166 list and the ccTLD has to match the code ISO gives you. If your code drops off the list, you have five years, extensible to 10, to conduct an orderly transition before the TLD is retired.
Much like Portuguese Timor changing its name to Timor Leste to shuck off its enforced colonial branding, it seems inconceivable that the Chagos Archipelago will continue to be known as the British Indian Ocean Territory.
The key questions for .io registrants are: will the renamed BIOT keep the IO assignment on the ISO list, and will the archipelago continue to qualify as a distinct territory eligible for ccTLD status?
If BIOT simply becomes part of Mauritius, no longer recognized by the UN as a distinct territory, .io gains an existential threat. It would drop off ISO’s list and ICANN could issue it a retirement notice.
If BIOT remains a distinct territory and remains eligible for a ccTLD, the possibilities become a whole lot more interesting.
If Mauritius decides to change the territory’s name, there’s no problem. But if it asks ISO for a corresponding change of two-letter code to better reflect its new name, .io’s future is in doubt.
If the name is changed to something like “Chagos” and Mauritius wants a “C” code, only CB, CE and CJ are still available.
Theoretically, the government of Mauritius could unilaterally force an undesirable string change on Identity Digital, the American company that runs the .io registry, forcing a years-long migration to the newly chosen ccTLD.
I can’t imagine many of .io’s hundreds of thousands of registrants, particularly those using .io as a domain hack or to hitch themselves to a cool tech-startup bandwagon, being happy with a forced migration to, say, .cj.
The power to decoolify an entire TLD would be a compelling weapon in a redelegation fight. I’m deep into speculative territory here, but I can’t help but feel that Identity Digital is going to have to give Mauritius some money at some point.
Another possibility is that the registry, one of ICANN’s biggest funders, could lobby ICANN to change its policies and somehow grandfather .io in as a stateless ccTLD.
The fact that ICANN hasn’t acted to remove .su from the root, thirty years after the Soviet Union collapsed, could be seen as precedent.
The answers to .io’s future might be found in the proposed UK-Mauritius treaty, but that has yet to be published. As it has to be ratified by the UK Parliament we can expect it to enter the public domain before long.
Reporter gains first access to .io island for decades
A BBC journalist is believed to have become the first reporter to visit Diego Garcia, the main island of the contested British Indian Ocean Territory that owns the .io domain, in decades.
Alice Cuddy was given access to the island after a court battle as part of the Beeb’s coverage of litigation against the UK government, which administers BIOT, and spent five days there.
Her coverage does not mention the contested .io ccTLD at all, but it does provide a fascinating account of her time on the island, the largest of the Chagos Archipelago, which is used almost exclusively as a US military base.
The article describes what sounds like a tropical island paradise populated almost exclusively by squaddies and giant crabs, but administered by Kim Jong Un.
Cuddy was escorted everywhere she went, had reporting restrictions imposed, and wasn’t allowed to visit certain places (including places as innocuous-sounding as a bowling alley).
The report delves into the history of the island, from the forcible deportation of its native population in the 1970s to its strategic use supporting US/UK military misadventures in the Middle East.
There’s also a fair bit of local color, with Cuddy noting that, despite the name, BIOT is in equal parts very much American. She notes the electrical outlets and currency are American, she dined on “tater tots”, and everybody drives on the wrong side of the road.
It’s well worth the read if you have a passing interest in the place .io technically represents.
As I reported earlier today, .io’s registry, part of Identity Digital, sold almost $40 million of domains last year.
.io sells $40 million of domains after massive uptick
.io is now a $40-million-a-year domain, after a few years of impressive growth, judging by the registry’s latest financial reports.
UK-based Internet Computer Bureau, a subsidiary of Identity Digital, recently reported turnover of £29.6 million ($39.6 million) for 2023, up 13.9% on the £26.1 million it reported in 2022.
While that’s respectable growth, it pales compared to 2022 (which I don’t think was reported at the time), when turnover was up a whopping 59%.
Identity Digital does not reveal .io’s registration numbers, but with turnover of over $39 million and retail renewal prices bottoming out at around $39 a year, it seems quite possible that the TLD’s domains under management has reached seven digits.
When Afilias paid $70 million for ICB in 2017, it had turnover of $7 million and domains were reported at 270,000.
ICB’s gross margins are terrible — one can only assume its registry services deal with Identity Digital is rather generous to its parent — at 4.4%, with £28 million being paid out as cost of sales.
With another £3 million of unelaborated “administrative expenses”, ICB reported a 2023 net loss of £404,000 compared to a 2022 profit of £1.7 million. It paid £17,660 in UK tax, down from £277,703. It had just $69,000 cash on hand at the end of the year.
While ICB also runs .ac (Ascension Island) and .sh (Saint Helena, Ascension and Tristan da Cunha), it’s only .io that has seen broad uptake among the global domain-registering public. Tech firms like it because I/O means “input/output”.
.io is the ccTLD for the contested British Indian Ocean Territory, also known as the Chagos Archipelago, which is administered from the UK and used almost exclusively to house a strategically important US military base.
Group to seek .io TLD takeover after OECD human rights ruling
A group composed of displaced Chagossians will ask ICANN to redelegate the increasingly popular .io top-level domain, according to the group’s lawyer.
The move, still in its very early stages, follows a recent ruling under the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, which mildly chastised the current registry, Identity Digital.
“The next move is domain reassignment,” lawyer Jonathan Levy, who brought the OECD complaint on behalf of the Chagos Refugees Group UK, told us. The proposed beneficiary would be “a group composed of Chagossians” he said.
.io is the ccTLD for the archipelago currently known as the British Indian Ocean Territory. It’s one of those Postel-era “Just Some Guy” developing-world delegations that pre-date ICANN.
But BIOT is a controversial territory. Originally the Chagos Archipelago, the few thousand original inhabitants were forced out by the UK government in the 1970s so the US military could build a base on Diego Garcia, the largest island.
Most of the surviving Chagossians and their descendants live in Mauritius, but have been fighting for their right to return for decades. In 2019, the UN ruled the UK’s current administration of BIOT is unlawful.
In recent years, since .io became popular, the ccTLD has become part of the fight.
The original and technically still-current registry for .io is a UK company called Internet Computer Bureau. ICB was acquired by Afilias in 2017 for $70 million. Afilias was subsequently acquired by Donuts, which is now called Identity Digital.
Corporate accounts filed by ICB name its ultimate owner as Beignet DTLD Holdings of Delaware, which appears to be a part of $2.21 billion private equity firm Ethos Capital, Identity Digital’s owner, which is co-managed by former ICANN CEO Fadi Chehadé.
None of these companies have a connection to BIOT beyond paying a local company called Sure (Diego Garcia) Limited for a mail-forwarding service. The only people believed to reside in the territory at all are US and UK military and contractors.
Levy, on behalf of the Chagossian refugees and a group of victims of cryptocurrency scams operated from .io domains, filed a complaint with the Ireland National Contact Point for the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct — basically a mediation service operated by the Irish government — seeking a share of the money from .io sales and/or redelegation.
According to its most-recent public accounts, ICB had turnover of £16.4 million ($19.8 million) in 2021, up from £12.8 million ($15.5 million) in 2020, but also had absolutely horrible gross margins for a registry with only one employee.
The company had cost of sales of £15.8 million and a gross margin of 3.58%. It pays no ICANN fees and the UK government receives no cut beyond the regular corporate tax ICB pays (about £26,000 in 2021).
The OECD’s Guidelines are voluntary guidelines that countries sign up to that are meant to guide how multinational companies behave with regards human rights and so on. Enforcement seems to be relatively toothless, with national NCPs only having the power to “recommend” actions.
In fact, Afilias declined to participate in mediation and appears to have received only a mild finger-wagging in the Irish NCP’s decision (pdf), which was published in September. One of its recommendations reads:
The NCP recommends that in cases in which a product, including a digital asset, is associated with long-running disputes regarding human rights, multinational enterprises should be able to demonstrate that they have carried out human rights due diligence
Levy thinks the NCP’s decision is a big deal, saying it means the OECD has validated the Chagossians’ concerns. Coupled with the UN sanction on the UK related to BIOT, he reckons it could play in their favor in a future redelegation request.
.io domain owners shouldn’t be too worried right now, however. Redelegation takes a very long time even when the losing party agrees, and it doesn’t tend to happen without the consent of the incumbent.
“Crimes against humanity” claims against Afilias
Donuts subsidiary Afilias has been accused of participating in “crimes against humanity” and imperialist “apartheid”, due to its management of the contested .io ccTLD.
A London-based lawyer has filed a complaint with the Organization for Economic Cooperation and Development, seeking either the redelegation of .io or a big chunk of its profits.
The complaint was filed on behalf of Crypto Currency Resolution Trust (CCRT), representing people allegedly ripped off by cryptocurrency scams on .io domains, and the Chagos Refugees Group UK (CRG UK).
The latter group represents some of the people forcibly deported from the Chagos Islands in the 1970s, when the British government evicted the entire native population to make way for a US military base on Diego Garcia, the largest island.
The islands were renamed the British Indian Ocean Territory and, in the early days of the DNS, became eligible for the ccTLD .io
The TLD was delegated by IANA to Paul Kane’s London-based outfit Internet Computer Bureau in 1997, in the pre-ICANN days when such decisions were made without very much oversight.
ICB was quietly bought by Afilias for $70 million in 2017, as I broke the following year.
In 2019, the International Court of Justice ruled that the UK’s continued administration of BIOT is unlawful, and that the territory should be returned to the Chagossians, but the current Conservative UK government has shown no indication that it plans to abide by that ruling.
The lawyer for the Chagossians, Jonathan Levy, now claims in his OECD complaint that for Afilias to continue to run .io — which he reckons brings in over €10 million a year — amounts to a human rights abuse in violation of OECD guidelines.
The complaint states:
The British military occupation of the Chagos Archipelago has been severe and resulted in the Chagossians wandering the globe as a displaced people deported from their homeland in a forcible exile reminiscent of British tactics also used on Irish home rule advocates in the 19th Century. It is just simply an outrage that an Irish multinational company is deliberately complicit in crimes against humanity and apartheid on behalf of one of last vestiges of British imperialism and apartheid.
While Levy recognizes on his blog that Afilias has been acquired by US-based Donuts, only Afilias and its subsidiaries in the UK and Ireland are named as respondents.
In a second prong of the attack, Levy claims that Afilias is somehow complicit in cryptocurrency frauds carried out using .io domains.
Blaming a registry for the actions of its registrants is pretty tenuous. Imagine if Verisign got blamed for every nefarious action carried out with a .com domain — there would not be enough lawyers in the world to handle that workload.
But Levy reckons .io is a special case because BIOT lacks law enforcement and because Afilias promotes .io as the best TLD for tech companies “knowing full well” it is often used for crypto fraud. The complaint reads:
Complaina[n]ts submit that while other general purpose domains like GLTD .com may have as much or even more crypto fraud, ccTLD .io is an exception because it represents a political entity with no permanent population and no companies law and no law enforcement. Consequently, unlike ccTLD .com or .net where US authorities may seize websites; .io criminals have little to fear as BIOT has no civil police force nor financial intelligence unit. ICB has promoted ccTLD .io to the tech community knowing full well it will be misused by a significant criminal element specializing in crypto assets.
This still feels pretty tenuous to me. You cannot evade the long arm of the law simply by registering on offshore domain.
Still, Levy’s asking for restitution in the form of a percentage of the ICB acquisition price, ongoing and backdated royalties from the sale of .io domains and, failing that, redelegation of the ccTLD to the Chagossian people.
While I think the notion of Donuts/Afilias actively abusing human rights is pretty weak, there’s no denying it’s the beneficiary of an historical wrong. Imagine how many credibility points it could earn by voluntarily negotiating a profit-share with the displaced Chagossians.
Recent Comments