Feeds

Of ICANN and the registrar zombies

Or, how I stopped worrying and learned to love our internet overlords

Top three mobile application threats

Vint Cerf, the "Father of the Internet" kept encouraging - this is not a joke - registrants to complain to the the equivalent of the Better Business Bureau in the country of origin of dodgy or uncooperative registrars, as if someone realistically would call the BBB halfway around the globe, to a country whose language they might not even speak, to lodge a complaint against a hometown enterprise. That's certainly a business-friendly solution, and one way to look at it, but Registerfly was an American company with mostly American customers who already understood well how worthless a complaint to such an organization is, which is why they wanted ICANN's nuts. Is that seriously a model for preventing a future Registerfly-style collapse?

In fact, in a somewhat self-serving factsheet published by ICANN on its website today, in which it tries to take credit for helping improve Registerfly's performance after an audit last summer without providing much explanation for ICANN's subsequent hands-off approach, ICANN clearly states that "ICANN's mission is to ensure the stable and secure operation of these unique identifier systems (such as domain names and numeric addresses), which are vital to the Internet's operation." Can't seem to find anything in there about the invisible hand of the market - in fact if anything it's the opposite, although that's not what Cerf's pals at the American Department of Commerce (DOC) want to hear.

ICANN's ongoing murky relationship with the DOC could well be at the root of this idealogical obstinance. However, to suggest that the invisible hand of the market will right the wrongs of Registerfly is laughable. Sure, the market has punished Registerfly - after all, the company is bankrupt - but markets are famously bad at dealing with externalities, in this case the registrants whose domains have vanished, and even ICANN is admitting that the current system is not working. Some form of regulation involving data escrow is clearly in order, and thankfully on the way.

ICANN CEO Paul Twomey was somewhat more nuanced than Cerf about the interplay between market forces and ICANN's role. Twomey also acknowledged that the real problem for ICANN is what happens in the period preceding the collapse of a registrar, when thin-margin companies teeter on the brink of collapse, and customers fall through the cracks. These so-called "zombie registrars" enter a vicious cycle in which customer service spirals downward and more customers flee, leaving mounting debts and a further erosion of service and the company's bottom line.

The use of market forces has admirably driven the cost of owning a domain name down from $50 per month to free, in some business models, and failure is as much a part of the market as success. The escrow system is an important part of the ICANN's role in maintaining its core responsibility, which is the stability of the net itself.

Property rights

The comments after the speeches and the panel revealed a continuing debate within the ICANN community about what a domain really is. The debate centered around whether or not it should be treated as a license or a property right, though from a legal perspective a license is simply a relatively narrowly drawn type of property right.

The registrars want it to be classed as a license to lessen their own potential liability - if you don't renew your license you lose it, simple as that. However, as the Security and Stability Advisory Committee (SSAC) Chair Dr. Stephen Crocker noted in the panel discussion, domain names perform a more critical role in certian business than a typical license. As he put it, it's not like having the electricity turned off. It truly is something more serious, and ICANN needs to acknowledge that.

In fact, in some ways a domain is more important to some businesses than any physical property right could ever be - although it performs some of the functionality of a physical address, for many domain holders, the domain is not just where to find them on the internet, it is very essence of their brand. Fundamentally, it is their business, in the same way that if the words "Coca Cola" somehow magically and impossibly vanished from the world's languages, and then reappeared in the hands of a rival, never to return, the original owners would be irreparably harmed.

The debate about what ICANN is for is a healthy one, but it is also one that as far as its responsibility towards registrars goes, needs to move quickly. As ICANN acknowledged publicly today, there are other sketchy registrars out there - out of over 850 registrars, 40 don't even have websites and another 27 don't maintain a Whois database for their registrants. Suggestions for a best practices statement and additional compliance tools are worthy, but ICANN needs clearly to do a better job enforcing the agreements it has now, although an overhaul of the Registrar Accreditation Agreement (RAA) needs to be done once ICANN installs the data escrow system.

The silver lining to the Registerfly fiasco is that this discussion is long overdue, and ICANN is listening. ®

Burke Hansen. attorney at large, heads a San Francisco law office

Combat fraud and increase customer satisfaction

More from The Register

next story
EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?
Wait 'til this one hits your pension fund where it hurts
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.