ICANN approves dotcom contract

9-6 in favour. All hell about to break loose


ICANN has approved a controversial dotcom contract that will see VeriSign handed control of the internet's most famous product forever.

The Board of the Internet overseeing organisation held a special meeting last night where the contract received nine votes in favour, five against and one abstention.

The contract still has to be approved by the United States government, which should be a formality, although at least one congressman has written to the head of the Department of Commerce recommending the deal be shot down.

The controversy reigns over several elements in the new contract. For one, it provides VeriSign with a "presumptive right of renewal" over the dotcom registry - effectively handing one company complete control of all dotcom domains forever.

Twinned with this, the contract enables VeriSign to raise its prices by seven percent a year for the next six years (although it will have to justify rises in two of those years). VeriSign will also be given control of all expiring domain names - now the biggest market on the internet.

In return for the contract, VeriSign will drop its ruinous lawsuits against ICANN and also recognise ICANN as the internet's de facto authority, ending an historic split at the top of the internet.

However, while ICANN says that the settlement "will clear the way for a new and productive relationship between ICANN and VeriSign facilitating ICANN's stewardship and technical coordination of the Internet's domain name system", an increasing chorus of people are beginning to question whether board approval of the deal, against widespread opposition, is a signature on its own death warrant.

A fortnight ago, eight of the world's biggest registrars, representing 60 per cent of all the domain names bought and sold in the world, wrote a strongly worded letter to ICANN asking it to reject the contract.

It wasn't right, they argued, that VeriSign was being given permanent control of the dotcom registry, nor that it was allowed to raise prices at a time when everyone else is lowering prices.

The same fears were expressed right across ICANN's membership, and the contract itself sparked the creation of a new organisation called the Coalition for ICANN Transparency (CFIT).

CFIT is suing ICANN in the United States claiming a damaging lack of visibility over its decision-making processes. By signing off the existing dotcom contract ICANN risks "undermining its role in internet governance and its ability to deliver on its promise to end-users", CFIT has stated. It also risks "the long-term security and stability of the global communications platform and public confidence in it," the organisation argues.

In response to the approval last night, CFIT spokesman John Berard warned that it was only the beginning, rather than the end, of the process. "Voting in favor of a bad deal doesn't change the deal's dynamics, it just confirms ICANN's refusal to listen to legitimate criticism coming from every corner of the internet community. There will not be less litigation. There will likely be more litigation."

One respected ICANN observer, lawyer Bret Fausett, has already pondered publicly whether an exit plan is needed for ICANN. "It's probably not too late for ICANN to save itself," he argues, "but if it can't, a safety net is being quietly tied beneath it."

Testimony before the US Senate in 2002 by Karl Auerbach, a former ICANN Board member who sued the company to force it to allow him to review vital company records, has also become required reading by many following ICANN's progress. In, he pondered: What would happen to the internet if ICANN were to vanish?

Meanwhile, ICANN is holding a press conference later today and has promised to put up statements by board members about the deal in the next two days. That delay may portend critical words about ICANN's behaviour by its own board.

The board has held no less than four special meetings since the start of the year, two in the past week alone. The VeriSign deal has been the main or sole topic of conversation each time. The scheduling of so many meetings has been in response to pointed questions by board members combined with the organisation's determination to pass the contract before the next public meeting of ICANN in New Zealand this month.

That ICANN as an organisation has so much to gain from reaching agreement with VeriSign has compromised its intregrity, critics claim, and the approval of the dotcom registry against the wishes of its constituencies highlight the fatal flaws in its make-up. ®

How the board voted

In favour: Vint Cerf (Chairman), Alejandro Pisanty (Vice-Chairman), Mouhamet Diop, Demi Getschko, Hagen Hultzsch, Veni Markovski, Vanda Scartezini, Paul Twomey (President and CEO), and Hualin Qian.
Against: Raimundo Beca, Susan Crawford, Joichi Ito, Njeri Rionge, and Peter Dengate Thrush.
Abstention: Michael Palage.

Related links

ICANN statement on contract approval
Brett Fausett: ICANN exit plan
Karl Auerbach: What would happen to the internet if ICANN were to vanish?


Other stories you might like

  • Carnival Cruises torpedoed by US states, agrees to pay $6m after waves of cyberattacks
    Now those are some phishing boats

    Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyberattacks.

    A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based biz revealed intruders had not only encrypted some of its data but also downloaded a collection of names and addresses; Social Security info, driver's license, and passport numbers; and health and payment information of thousands of people in almost every American state.

    It all started to go wrong more than a year prior, as the cruise line became aware of suspicious activity in May 2019. This apparently wasn't disclosed until 10 months later, in March 2020.

    Continue reading
  • India extends deadline for compliance with infosec logging rules by 90 days
    Helpfully announced extension on deadline day

    India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday.

    The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations.

    The Directions were roundly criticized by tech lobby groups that pointed out requirements such as compelling clouds to store logs of customers' activities was futile, since clouds don't log what goes on inside resources rented by their customers. VPN providers quit India and moved their servers offshore, citing the impossibility of storing user logs when their entire business model rests on not logging user activities. VPN operators going offshore means India's government is therefore less able to influence such outfits.

    Continue reading
  • Hangouts hangs up: Google chat app shuts this year
    How many messaging services does this web giant need? It's gotta be over 9,000

    Google is winding down its messaging app Hangouts before it officially shuts in November, the web giant announced on Monday.

    Users of the mobile app will see a pop-up asking them to move their conversations onto Google Chat, which is yet another one of its online services. It can be accessed via Gmail as well as its own standalone application. Next month, conversations in the web version of Hangouts will be ported over to Chat in Gmail. 

    Continue reading

Biting the hand that feeds IT © 1998–2022