Feeds

Verisign and .net: a winner all the way

Deeply flawed

  • alert
  • submit to reddit

Protecting users from Firesheep and other Sidejacking attacks with SSL

Analysis ICANN skewed the process to select a new owner for the .net registry in favour of incumbent owner VeriSign. Our in-depth investigation into the process, which has proved highly controversial since a final report gave the six-year contract to VeriSign, has revealed that ICANN:

  • Unilaterally added judging criteria requested by VeriSign yet rejected during the official public process
  • Unilaterally altered and downplayed explicit criteria, as repeatedly requested by VeriSign yet rejected during the official public process
  • Did not add judging criteria detrimental to VeriSign despite clear, explicit and legitimate requests for them to do so
  • Selected and publicly announced a known close associate to VeriSign to act as the process's evaluator without consulting the other bidders and despite their subsequent complaints
  • Effectively ignored extensive complaints about competence and bias in the final report from all four losing bidders and two of its own constituencies

A redrafted version of the evaluation report, carried out and produced by US company Telcordia was due two weeks ago. It has failed to appear and will now be released mere hours before a special meeting of the ICANN Board later today. That meeting's first topic of conversation is ".Net discussion". This gives the absolute minimum amount of time for review of the report either by the Board or the public.

Last week ICANN publicly announced it has already "reached agreement in principle on all substantive terms" with VeriSign over running the .net registry. It also informed us that even if the other bidders have further complaints about the report, it will not consider them.

Last year, ICANN stated in its own budget report that the lawsuits held against it - the vast majority of which stem from VeriSign - had cost so much that it had been forced to held its staff numbers down by a third and that that had materially affected its ability to do its job.

VeriSign publicly threatened to bring another lawsuit against ICANN over the .net selection process, which it claimed infringed its existing contract with ICANN, unless changes were made to the process.

Those changes, all of which appeared in ICANN's final report, combined with the selection of a candidate with known links to VeriSign, resulted in VeriSign winning the registry's ownership to the dismay of everyone else involved in the process.

Among the complaints made publicly regarding the process and the report have been (in alphabetical order):

  • Afilias: Bidder and operator of .info and .org, as well as .ag, .gl, .hn, .in, .la, .sc and .vc. The report was inconsistent, did not reflect the real facts, contained issues "serious enough" to have affected the whole report and needed to be "reconsidered".
  • ALAC: The At-Large Advisory Committee, one of ICANN constituent parts. The report was "unreasonably evaluated" and should be redone.
  • Core++: Bidder and operator of .aero and .museum. The report was "seriously flawed". The same criteria were counted several times and there was "disproportionate weight" given to VeriSign. The evalution process needed to be investigated.
  • Denic: Bidder and operator of the world's second largest registry, .de. It was "surprised and bewildered" by the report. It was unclear, sloppy, contained "serious factual errors" and gave a false picture of the real situation.
  • Brett Fausett: Respected ICANN observer and member of ALAC. "Puzzled" that important comments raised numerous times in the public response to the draft report were not included.
  • Steven Metalitz: Lawyer for Coalition for Online Accountability. Report contained an "obvious discrepancy" and questioned its credibility.
  • Sentan: Bidder and collective operators of .biz, .cn, .jp, .tw and .us. There were "several fundamental flaws" in the report and a "thorough and immediate review" was required.
  • Phillip Sheppard: Chairman of the sub-committee set up to decide the selection process. He was "concerned that there is a serious flaw in the methodology of the Telcordia report", that it used a biased scoring system and "directly contradicts" the official report he was asked to produce.

All of these complaints were placed on ICANN's designated public forum for discussion of the .net report. They were subsequently held by ICANN's lawyer to be illegitimate as concerns the official decision-making process. Parties were instead asked to resend by post a letter containing their points.

These letters were then passed to the company that carried out the report, Telcordia, which was the subject of the vast majority of the criticisms. Telcordia was asked to produce a redrafted report but is aware that whatever form that redrafted report takes, it will be accepted and put forward for approval by the ICANN Board and not subject to further review.

Telcordia was owned from 1997 until earlier this year by the same company, SAIC, that owned VeriSign (formerly Network Solutions) from 1995 until 2003. Telcordia and VeriSign started and ran a joint partnership called Enum World from 2000 to 2001 where executives from both companies made presentations to governments and companies across the globe.

Telcordia and ICANN have both refused to provide the list of Telcordia staff that were on the evalution committee.

Comment:

The bias for VeriSign written into the .net process by ICANN is remarkable. VeriSign and ICANN have been at loggerheads ever since ICANN's formation in 1998. VeriSign has consistently stymied ICANN attempts to open up the Internet market, and through a range of lawsuits has tied the organisation up fighting legal battles.

We have always suspected that VeriSign's lawsuits would be used as a bargaining chip further down the line and maybe with the .net reallocation, that moment has come. Continued ownership of .net for six years means VeriSign can be certain to maintain its grip and enormous influence over the Internet. At the same time, if ICANN was freed of the legal burden VeriSign has placed on it, it would have far greater funds and resources in its fight to be recognised at the Internet's de facto authority.

A deal between the two would make a lot of sense. So if the .net issue goes through with VeriSign in the driving seat, don't be surprised to find those lawsuits quietly disappearing in due course.

Choosing a cloud hosting partner with confidence

Next page: ICANN's response

More from The Register

next story
Hey, Scots. Microsoft's Bing thinks you'll vote NO to independence
World's top Google-finding website calls it for the UK
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.