Palage’s epic rant as he asks ICANN to cancel Verisign’s .net contract
ICANN is devolving into a trade association hiding under a thinning veneer of multistakeholderism and the domain industry is becoming a cartel.
Those are two of the conclusions reached by consultant Michael Palage, who’s been involved with ICANN since pretty much the start, in an epic Request for Reconsideration in which he asks the Org to unsign Verisign’s recently renewed .net registry contract.
ICANN’s equally intriguing response — denying, of course, Palage’s request — also raises worrying questions about how much power ICANN’s lawyers have over its board of directors.
The RfR paints a picture of a relationship where Verisign receives special privileges — such as exemptions from certain fees and obligations — in exchange for paying higher fees — contributing $55 million of ICANN’s budget — some of which is accounted for quite opaquely.
Palage claims the domain industry of being “on the precipice of becoming a cartel” due to recent consolidation, and says that is being enabled by ICANN’s failure to conduct an economic study of the market.
Verisign’s .net and .com contracts are the only registry agreements that do not oblige the registry to participate in economic studies, Palage says, reducing ICANN’s ability, per its bylaws, “to promote and sustain a competitive environment in the DNS market.”
Palage writes:
The failure of ICANN to have the contractual authority to undertake a full economic study to ensure a “competitive environment in the DNS market” undermines one of its core values. This failure is resulting in a growing consolidation within the industry which is on the precipice of becoming a cartel. ne needs to look no further than four US-based companies, Verisign, PIR, GoDaddy, and Identity Digital which currently control almost the entirety of the gTLD registry market based on domain names under management. This unchecked consolidation within the industry directly and materially impacts the ability of individual consultants to make a livelihood unless working for one of the dominant market players.
While Palage says he and other registrants are being harmed by increasing .net prices, and that an economic study would help lower them, he also asks ICANN to get Verisign to migrate to the Base Registry Agreement, which would enable Verisign to raise prices at will, without the current 10%-a-year cap.
He’s also concerned that ICANN’s volunteer community is shrinking as the domain industry becomes an increasingly dominant percentage of public meeting attendance.
Figures published by ICANN show that, at the last count, 39% of attendees were from the domain industry. ICANN stopped breaking down attendee allegiance in 2020 during the pandemic and did not resume publication of this data afterwards.
“ICANN has started down the slippery slope of becoming a trade association,” Palage writes.
While his RfR was going through the process of being considered by ICANN and its Board Accountability Mechanisms Committee, Palage separately wrote to ICANN general counsel John Jeffrey to express concerns that ICANN policy-making might be risking falling foul of antitrust law.
It seems a recent meeting of the working group discussing updates to ICANN’s Transfers Policy debated whether to cap the amount registries are allowed to charge registrars for bulk transfers. Dollar amounts were discussed.
Palage suggested ICANN might want to develop a formal antitrust policy statement that could be referred to whenever ICANN policy-makers meet, in much the same way as its Expected Standards of Behavior are deployed.
If the RfR as published by ICANN lacks some coherence, it may be because ICANN’s lawyers have redacted huge chunks of text as “privileged and confidential”. That’s something that hardly ever happens in RfRs.
It seems Palage knows some things about the .net contract and Verisign’s relationship with ICANN from his term on the ICANN board, which ran from April 2003 to April 2006, a time when Verisign and ICANN were basically at war.
Because the information Palage is privy to is still considered privileged by ICANN, it was redacted not only from the published version of the RfR but also it seems from the version supplied to the BAMC for consideration.
ICANN cited this part of its bylaws to justify the redactions:
The Board Accountability Mechanisms Committee shall act on a Reconsideration Request on the basis of the public written record, including information submitted by the Requestor, by the ICANN Staff, and by any third party.
Reading between the lines, it seems most of the redactions likely refer to the Verisign v ICANN lawsuit of 2004-2005.
Fellow greybeards will recall that Verisign sued ICANN for blocking its Site Finder service, which put a wildcard in the .com zone and essentially parked and monetized all unregistered domains while destabilizing software that relied on NXDOMAIN replies.
The October 2005 settlement (pdf) forced Verisign to acknowledge ICANN as king of the internet. In exchange, it got to keep .com forever. The deal gave Verisign financial security and ICANN legitimacy and was probably the most important of ICANN’s foundational documents before the IANA transition.
So what did the board of 2005 know that’s apparently too sensitive for the board of 2023? Dunno. I asked Palage if he’d be willing to share and he politely declined.
In any event, his RfR (pdf), which among other things asked for ICANN to reopen .net contract negotiations, was dismissed summarily (pdf) by BAMC last week on the grounds that he had not sufficiently shown how he was injured by ICANN’s actions.
ICANN actually CHANGES Verisign’s .net contract after public comments
ICANN has decided to make a change to the upcoming new version of Verisign’s .net registry agreement in response to public comments, but it’s not the change most commenters wanted.
In the near-unprecedented nod to the public comment process, the Org says it’s agreed with Verisign to change two instances of upper-case “S” in the term “Security and Stability” to lower case.
That’s it.
Some commenters had wrung their hands over the fact that the .net contract includes upper-case “Security and Stability” as defined terms, in contrast to the lower-case “security and stability” found in other gTLD contracts.
Based on a strict reading, this could in some circumstances give Verisign an excuse to avoid implementing ICANN Consensus Policies, commenters including the Business Constituency and Intellectual Property Constituency noted,
It appears that this was an oversight by ICANN and Verisign rather that some kind of nefarious plot. In its public comments analysis and summary (pdf), ICANN writes:
We acknowledge however that the capitalization of the “s” could in theory potentially lead to different interpretations of the applicability of certain future Consensus Policies under Section 3.1(b)(iv)(1) for the .NET RA.
Because in this instance it was not the intent of ICANN org nor Verisign to limit in this manner the applicability of Consensus Policy topics for which uniform or coordinated resolution is reasonably necessary to facilitate the interoperability, security and/or stability of the Internet or DNS, ICANN org and Verisign have mutually agreed to update Section 3.1(b)(iv)(1) of the .NET RA to the lower case “s.”
So there we have it: a rare instance of a public comment period accomplishing something and a confirmed victory for accountability and transparency!
Most of the comments had focused on Verisign’s ability to raise prices and a clause that some domainers thought would allow censorial government regimes to seize domains, but ICANN said that’s all fine.
Everyone hates Verisign’s new .net deal
The public has commented: Verisign’s .net registry contract should not be renewed in its currently proposed form.
ICANN’s public comment period for the renewal closed yesterday and attracted 57 submissions, most of which either complained about Verisign being allowed to raise its prices or expressed fears about domains being seized by governments.
The proposed contract retains the current pricing structure, in which Verisign is allowed to raise the price of a .net domain by 10% a year. They currently cost $9.92, meaning they could reach $17.57 by the time the contract ends.
The Internet Commerce Association, some of its supporters, Namecheap, the Registrars Stakeholder Group, the Cross-Community Working Party on ICANN and Human Rights (CCWP-HR), and TurnCommerce all oppose the price increases.
The RrSG said the price provisions “are without sufficient justification or an analysis of its potentially substantial impact on the DNS”.
These commenters and others who did not directly oppose the increases, including the At-Large Advisory Committee and consultant Michael Palage, called for ICANN to conduct an economic analysis of the domain name market.
The Business Constituency was the only commenter to openly support the increases, though its comment noted that it is opposed in principle to ICANN capping prices at all.
The Intellectual Property Constituency did not express a view on pricing, but called for greater transparency into the side-deal that sees ICANN get an extra $4 million a year for unspecified security-related work. ICANN has never revealed publicly how this money is spent.
In terms of the number of submissions, the biggest concern people seem to have is that the proposed contract contains language obliging Verisign to take down domains to comply with “applicable law, government rules or regulations, or pursuant to any legal order or subpoena of any government, administrative or governmental authority, or court of competent jurisdiction”.
This language is already in the .com contract, but before ICANN clarified this on April 26 several concerned registrants had made comments opposing its inclusion.
Notably, the founder of the controversial troll forum kiwifarms.net, which has been kicked out of registrars after being linked to suicides, submitted his own “ICANN should be destroyed” comment.
Several commenters also noted that the definition of “security and stability” in the .net contract differs to the Base Registry Agreement that almost all other registries have signed in such a way that it is feared that Verisign would not have to abide by future ICANN Consensus Policies under certain circumstances.
As several commenters note, the usual protocol following an ICANN public comment period is for ICANN to issue a summary report, pay lip service to having “considered” the input, and then make absolutely no changes at all.
This time, some commenters held out some hope that ICANN’s new, surprisingly sprightly and accommodating leadership may have a different approach.
The comments can be read here.
Verisign narrows domain growth guidance
Verisign cast a slightly more optimistic light on the potential for .com and .net growth last week, as it reported a modest improvement in first-quarter sales.
Management told analysts that it’s now expecting domain growth of between 0.5% and 2.25% for the year — a boost to the low-end but a lowering of the high-end.
In February, it had predicted growth of between 0% and 2.5%.
For Q1, the company reported domain growth of just 0.1% There were 174.8 million .com and .net domains at the end of the quarter, up by a million from the start of the year.
Verisign reported net income of $179 million, up from $158 million a year ago, on revenue that increased 5.1% at $364 million.
Worried about governments seizing .com domains? Too late
Language proposed for Verisign’s .net registry contract that some say would give governments the ability to arbitrarily seize domains is already present in the company’s .com contract.
As I reported earlier this month, the .net Registry Agreement is up for renewal and ICANN has opened up some largely uncontroversial proposed changes for public comment.
ICANN has received two comments so far, both of which refer to what one commenter called the “outrageous and dangerous” proposed changes to Verisign’s .net Registry-Registrar Agreement.
The RRA is the contract all accredited registrars must agree to when they sign up to sell domains in a given TLD. For ICANN, it’s a way to vicariously enforce policy on registrants via registrars via registries.
Unsimply put, the RA instructs Verisign to have an RRA with its registrars that tells them what rules their registrants have to agree to when they buy a domain name.
The new language causing the consternation is:
Verisign reserves the right to deny, cancel, redirect or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, as it deems necessary, in its unlimited and sole discretion:
…
to ensure compliance with applicable law, government rules or regulations, or pursuant to any legal order or subpoena of any government, administrative or governmental authority, or court of competent jurisdiction
One commenter states “this proposed agreement would allow any government in the world to cancel, redirect or transfer to their control applicable domain names”, adding “presumably ICANN staff and Verisign would want to also apply it to other extensions like .COM as those contracts come up for renewal”.
In fact, it’s the other way around. The exact same language has been present in Verisign’s .com contract for over three years, a change to Appendix 8a (pdf) that went largely unnoticed when thousands of commenters were instead complaining about the removal of price caps and fretting about the rise of Covid-19 around the world.
For those worried about the new .net language making it into the .com contract one day — worry not! It’s already there.
Verisign’s .net contract up for public comment
ICANN intends to renew Verisign’s contract to run the .net gTLD and has opened the revised deal for public comment.
At first glance, there doesn’t appear to be anything massively controversial about the proposed changes, so we probably shouldn’t expect the same kind of outrage similar contract renewals have solicited in the past.
A great deal of the changes relate to the sunsetting of the Whois protocol and its replacement with the functionally similar RDAP, something set to become part of all gTLD contracts, legacy and new, soon.
The only money-related change of note is the agreement that Verisign will pay pro-rated portions of the $0.75 annual ICANN transaction fee when it sells its Consolidate service, which allows registrants to synchronize their expiry dates for convenience.
That provision is already in the .com contract, and Verisign has agreed to back-date the payments to May 1, 2020, around about the same time the .com contract was signed.
The controversial side-deal under which Verisign agreed to pay ICANN $4 million a year for five years is also being amended, but the duration and amount of money do not appear to be changing.
The new Registry Agreement also includes Public Interest Commitments for the first time. Verisign has agreed to two PICs common to all new gTLD RAs governing prohibitions on abusive behaviors.
The deal would extend Verisign’s oversight for six years, to June 30, 2029. It’s open for public comment until May 25.
.com shrinks again, but prices to go up again
Verisign plans to increase .com prices again this year, as its latest quarterly results show its top line and margins swelling despite renewals and overall domains under management shrinking.
The company ended 2022 with 173.8 million .com and .net regs in the domain name base, only up 0.2% from the start of the year. Only a quarter ago, it had predicted growth of between 0.25% and 1%.
A year ago, it had predicted that metric to grow between 2.5% and 4.5%, but it reduced its outlook every quarter and eventually missed even its barrel-bottom estimate. The two TLDs shrank by about 400,000 names in Q4.
For 2023, the company expects domain growth of between no growth at all and 2.5%.
The poor performance in volume terms came about as result of post-pandemic effects and China volatility, CEO Jim Bidzos told analysts. He did not blame the last few years of price increases for the dip.
The preliminary renewal rate for Q4 was 73.2% compared to 74.8% in the same quarter of 2021, but new regs were down across the two TLDs also — 9.7 million compared to 10.6 million over the same periods.
But of course domains under management alone is a poor way to measure Verisign’s cash-printing machine.
The company reported 2022 net income of $674 million which was down from $785 million a year earlier when it had benefited from a one off tax-related boost of $165.5 million.
Annual revenue was up 7.3% at $1.42 billion, a touch ahead of the 7% .com price increase it imposed during the year. Operating margin for 2022 was 66.2%, up from 65.3%.
For the quarter, net income was $179 million compared to $330 million (with the aforementioned tax benefit) on revenue that was up 8.5% at $369 million. Margin was 66.5% compared to 65.3% for Q4 2021.
The company said .com prices will go up again in September 1, from $8.97 to $9.59 per year.
Verisign growth slows with post-Covid blues
Verisign sold fewer .com and .net domains than it did a year ago in the third quarter and has once again slashed its outlook for the year.
It had 174.2 million names across the two TLDs at the end of September, an increase of 1.2% over the year but down by around 100,000 names (rounded) on the quarter.
There were 9.9 million new domains sold. That compares to 10.1 million in the second quarter and 10.7 million in Q3 last year.
It now expects its total domains under management to increase by between 0.25% and 1% for the full year. That compares to the between 0.5% and 1.5% it predicted at the end of Q2, the 1.75% and 3.5% predicted in April, and the between 2.5% and 4.5% it predicted in February.
That equates to 2022 revenue of $1.418 billion to $1.426 billion, CFO George Kilguss told analysts. Verisign’s always jaw-dropping operating margin is expected to be between 65.75% and 66.25%.
CEO Jim Bidzos told analysts the slower growth can the attributed to the general macroeconomic malaise, Verisign coming off the lockdown bump experienced in 2020 and 2021, and the perennial issue of Chinese lumpiness.
Renewal rates for Q3 are expected to be 73.8%, the same as Q2 but down from 75% a year-ago.
But the company continues to make money hand over fist. Revenue was up 6.8% compared to Q3 last year at $357 million and net income was up to $169 million compared to $157 million a year ago.
.com and .net are the drag factor on domain industry growth
Verisign’s own gTLDs .com and .net slowed overall domain industry volume growth in the second quarter, according to its latest Domain Name Industry Brief.
June ended with 351.5 million registrations across all TLDs, up 1 million sequentially and 10.4 million year-over-year.
Growth would have been slightly better without the drag factor of .com and .net, which were down 200,000 domains each sequentially, as Verisign previously reported in its Q2 financial results. There were 161.1 million names in .com and 13.2 million in .net.
The ccTLD world grew by 700,000 names sequentially and 2.6 million compared to a year earlier, the DNIB states.
New gTLD names were up by the same amount sequentially and 4.1 million year over year, ending the quarter at 27 million.
Verisign to crack down on Chinese domains
Verisign has asked for permission to implement a more stringent regime for denying or suspending .com and .net domain names registered in China, to comply with the country’s strict licensing rules.
The changes appear to mean that customers of Chinese registrars who have not verified their identities, which Verisign says is a “very small percentage”, will be prevented from registering new domains and may lose their existing domains.
The company has filed a Registry Services Evaluation Process request with ICANN, proposing to tweak the registrant verification system it has had in place for the last five years in a few significant ways.
China has a system called Real Name Verification, whereby Chinese citizens have to provide government-issued ID when they register domains. Local, third-party Verification Service Providers such as ZDNS typically carry out the verification function for Verisign and other foreign registries.
The big change is that Verisign will no longer allow names to be registered without a valid code.
The RSEP says that attempts by China-based registrars to register domains without the required government verification code will result in the EPP create command failing, meaning the domain will not be registered.
Under the current system, outlined in a 2016 RSEP (pdf), the name is registered and Verisign presumably takes the money, but the domain is placed on serverHold status, meaning it is not published in the zone and will not resolve.
The new system will also allow Verisign to retroactively demand codes for already-registered names, when they come up for renewal or transfer, with the option to suspend or delete the names if the codes are not provided. The RSEP (pdf) states:
With regard existing domain names without the required verification codes, which currently comprise a very small percentage of domain name registrations from registrars licensed to operate in the People’s Republic of China, Verisign intends to address compliance issues with these domain names directly with registrars. Verisign reserves the right to deny, cancel, redirect or transfer any domain name registration or transaction, or place any domain name(s) on registry lock, hold or similar status
It’s not clear what a “very small percentage” means in hard numbers. A small slice of a big pie is still a mouthful.
Verisign has substantial exposure to the Chinese market. On the odd occasion when .com shrinks, it’s largely due to speculative registrations from China not being renewed, such as in the second quarter this year.
The RSEP names the service the Domain Name Registration Validation Per Applicable Law service. While it’s in theory applicable to any jurisdiction’s laws, in practice it’s all about addressing the demands of the Chinese government.
Recent Comments