Feeds

Verisign and .net: a winner all the way

Deeply flawed

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Analysis ICANN skewed the process to select a new owner for the .net registry in favour of incumbent owner VeriSign. Our in-depth investigation into the process, which has proved highly controversial since a final report gave the six-year contract to VeriSign, has revealed that ICANN:

  • Unilaterally added judging criteria requested by VeriSign yet rejected during the official public process
  • Unilaterally altered and downplayed explicit criteria, as repeatedly requested by VeriSign yet rejected during the official public process
  • Did not add judging criteria detrimental to VeriSign despite clear, explicit and legitimate requests for them to do so
  • Selected and publicly announced a known close associate to VeriSign to act as the process's evaluator without consulting the other bidders and despite their subsequent complaints
  • Effectively ignored extensive complaints about competence and bias in the final report from all four losing bidders and two of its own constituencies

A redrafted version of the evaluation report, carried out and produced by US company Telcordia was due two weeks ago. It has failed to appear and will now be released mere hours before a special meeting of the ICANN Board later today. That meeting's first topic of conversation is ".Net discussion". This gives the absolute minimum amount of time for review of the report either by the Board or the public.

Last week ICANN publicly announced it has already "reached agreement in principle on all substantive terms" with VeriSign over running the .net registry. It also informed us that even if the other bidders have further complaints about the report, it will not consider them.

Last year, ICANN stated in its own budget report that the lawsuits held against it - the vast majority of which stem from VeriSign - had cost so much that it had been forced to held its staff numbers down by a third and that that had materially affected its ability to do its job.

VeriSign publicly threatened to bring another lawsuit against ICANN over the .net selection process, which it claimed infringed its existing contract with ICANN, unless changes were made to the process.

Those changes, all of which appeared in ICANN's final report, combined with the selection of a candidate with known links to VeriSign, resulted in VeriSign winning the registry's ownership to the dismay of everyone else involved in the process.

Among the complaints made publicly regarding the process and the report have been (in alphabetical order):

  • Afilias: Bidder and operator of .info and .org, as well as .ag, .gl, .hn, .in, .la, .sc and .vc. The report was inconsistent, did not reflect the real facts, contained issues "serious enough" to have affected the whole report and needed to be "reconsidered".
  • ALAC: The At-Large Advisory Committee, one of ICANN constituent parts. The report was "unreasonably evaluated" and should be redone.
  • Core++: Bidder and operator of .aero and .museum. The report was "seriously flawed". The same criteria were counted several times and there was "disproportionate weight" given to VeriSign. The evalution process needed to be investigated.
  • Denic: Bidder and operator of the world's second largest registry, .de. It was "surprised and bewildered" by the report. It was unclear, sloppy, contained "serious factual errors" and gave a false picture of the real situation.
  • Brett Fausett: Respected ICANN observer and member of ALAC. "Puzzled" that important comments raised numerous times in the public response to the draft report were not included.
  • Steven Metalitz: Lawyer for Coalition for Online Accountability. Report contained an "obvious discrepancy" and questioned its credibility.
  • Sentan: Bidder and collective operators of .biz, .cn, .jp, .tw and .us. There were "several fundamental flaws" in the report and a "thorough and immediate review" was required.
  • Phillip Sheppard: Chairman of the sub-committee set up to decide the selection process. He was "concerned that there is a serious flaw in the methodology of the Telcordia report", that it used a biased scoring system and "directly contradicts" the official report he was asked to produce.

All of these complaints were placed on ICANN's designated public forum for discussion of the .net report. They were subsequently held by ICANN's lawyer to be illegitimate as concerns the official decision-making process. Parties were instead asked to resend by post a letter containing their points.

These letters were then passed to the company that carried out the report, Telcordia, which was the subject of the vast majority of the criticisms. Telcordia was asked to produce a redrafted report but is aware that whatever form that redrafted report takes, it will be accepted and put forward for approval by the ICANN Board and not subject to further review.

Telcordia was owned from 1997 until earlier this year by the same company, SAIC, that owned VeriSign (formerly Network Solutions) from 1995 until 2003. Telcordia and VeriSign started and ran a joint partnership called Enum World from 2000 to 2001 where executives from both companies made presentations to governments and companies across the globe.

Telcordia and ICANN have both refused to provide the list of Telcordia staff that were on the evalution committee.

Comment:

The bias for VeriSign written into the .net process by ICANN is remarkable. VeriSign and ICANN have been at loggerheads ever since ICANN's formation in 1998. VeriSign has consistently stymied ICANN attempts to open up the Internet market, and through a range of lawsuits has tied the organisation up fighting legal battles.

We have always suspected that VeriSign's lawsuits would be used as a bargaining chip further down the line and maybe with the .net reallocation, that moment has come. Continued ownership of .net for six years means VeriSign can be certain to maintain its grip and enormous influence over the Internet. At the same time, if ICANN was freed of the legal burden VeriSign has placed on it, it would have far greater funds and resources in its fight to be recognised at the Internet's de facto authority.

A deal between the two would make a lot of sense. So if the .net issue goes through with VeriSign in the driving seat, don't be surprised to find those lawsuits quietly disappearing in due course.

Beginner's guide to SSL certificates

Next page: ICANN's response

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
DVLA website GOES TITSUP on day paper car tax discs retire
Welcome to GOV.UK - digital by de ... FAULT
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.