Feeds

Verisign and .net: a winner all the way

Deeply flawed

  • alert
  • submit to reddit

Top three mobile application threats

Both ICANN and VeriSign were informed of the relevant aspects of this story and their responses are given below with additional comments by ourselves.

ICANN's response

"As part of an open and transparent process the GNSO received comments regarding the RFP criteria - the GNSO then Adopted the RFP criteria and presented it to the ICANN Board - and as an additional part of the open and transparent process ICANN took comments on the draft RFP - that was based on the GNSO criteria - and then the ICANN Board (at its open, public Board meeting in Cape Town) approved the GNSO Criteria and the RFP based upon the GNSO criteria and public comments. This all took place in December - in plenty of time to have people voice concern of the process to date - so what you're therefore contending is factually inaccurate."

Our response: Our story refers explicitly to changes made during the period betwen the GNSO's final approved report on 5 August 2004, and ICANN's first draft of the RFP, released on 12 November 2004. In that time, an enormous number of extra criteria, requested by VeriSign were added, without any additional outside consultation. In addition, an entire new section "Security and Stability", requested by VeriSign, was added.

Also, the explicitly stated fact that "competition" should be the primary relative criteria ("1. Relative criteria related to promotion of competition") used to decide the winner in the GNSO report - which came complete with three categories and three sub-categories - was reduced in ICANN's RFP to relative criteria point "7. Additional Relative Criteria" and comprised just three sub-categories.

VeriSign and the GNSO had numerous public arguments over the competition criteria, during which VeriSign made it very clear it felt competition should come far below other relative criteria such as stability and security.

The result of these changes was to name VeriSign as the winner of the contest. If those changes had not been adopted, VeriSign would not have won the contest.

"ICANN didn't go forward with the evaluation process until all the bidders were satisfied that Telcordia could render an unbiased evaluation."

Our response: What happened was ICANN publicly announced it had chosen Telcordia without consulting or informing the bidders. At the same time as the announcement, ICANN published a disclosure statement from Telcordia, which was preceeded with a statement by ICANN's General Counsel stating that in his opinon that was no legitimate reason why Telcordia should not be chosen as the evaluator.

One bidder, Sentan, immediately complained about Telcordia's suitability. ICANN then called each bidder individually and outlined Sentan's concerns. Bidders were not given the option of veto over Telcordia and had no choice but to accept Telcordia is they wished to continue bidding for .net.

"Pursuant to the adopted RFP process, it is the ICANN Board (not ICANN Staff) that will make any decision and who will consider the following at its upcoming meeting:

A. the Telcordia report; B. the Applicants' written comments on the Telcordia report; C. any response from Telcordia to the Applicants' written comments; D. any and all public or Internet Community comments received by ICANN on its website; and E. the proposed .NET Registry Agreement negotiated between ICANN and VeriSign."

Our response: It is our contention that the process was unfairly skewed (by ICANN staff)in favour of VeriSign before Telcordia had even been chosen. As such, the Board will only have the opportunity to decide on the results of what was already a flawed process.

"I don't think ICANN will have the names of the Telcordia team until the process of commenting on the evaluation by all parties is concluded."

In the previous mentioned disclosure statement from Telcordia, approved by ICANN's General Counsel, it stated: "Neither Telcordia Technologies, Inc. nor individual member of the evaluation team has any financial interest in or similar dealings with any of the applicants". How can ICANN agree with that statement if it does not know the identities of the individual members of the evaluation team? ICANN also informed us over two weeks ago that it had requested the names of the evaluation team from Telcordia. Does ICANN have those names, or has Telcordia withheld them? What are the reasons for not making the names public?

VeriSign's response

"VeriSign did not offer any comments to ICANN outside of the approved comment channels for all bidders and all public comment. Nothing was shown to VeriSign prior to it being publicly available or available to all bidders. "VeriSign offered comments, as I believe all bidders did on the RFP and GNSO report. ICANN posted many of the comments. VeriSign did not make any threat of a lawsuit. VeriSign did - in its comments - note how certain aspects of the RFP and GNSO report were contrary to our contract." Our response: On 24 June 2004, VeriSign informed ICANN: "VeriSign objects to the Draft Procedure for designating a subsequent .net Registry Operator... on the grounds that it does not comply with the procedural or substantive requirements of the existing .net Registry Agreement, the Memorandum of Understanding between ICANN and the Department of Commerce, or the Bylaws of ICANN...

"...VeriSign believes that anything less than the true 'adoption of an open and transparent procedure for designating a successor Registry Operator' is a material violation of applicable requirements on ICANN, including as set forth in the current .net Registry Agreement."

ICANN and the GNSO took this threat seriously enough to seek legal advice from its General Counsel. A vote on final approval of the GNSO report was delayed while this legal situation was reviewed.

If VeriSign didn't explicitly state it would launch a lawsuit, it was certainly assumed by ICANN that this was what VeriSign's statement implied. We believe the threat of a further lawsuit was used to add pressure to VeriSign's demands for changes in the report and its criteria. ®

Related stories

VeriSign responds to .net report criticisms
VeriSign wins back .net registry
VeriSign enters MMS market with Lightsurf buy

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Ex–Apple CEO John Sculley: Ousting Steve Jobs 'was a mistake'
Twenty-nine years later, post-Pepsi exec has flat-forehead moment
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.