A tiny island nation has put the rights to .tv up for grabs – but what’s this? Problematic contract clauses? Again?

Could this be Dot-co The Sequel?

Analysis One of the internet’s most lucrative and high-profile registry contracts is up for grabs – and once again the bidding process appears to be highly problematic.

The contract to run .tv has been held by dot-com operator Verisign for 20 years. This agreement expires this year, and Tuvalu, the small island state that owns the top-level domain, has decided to seek a rebid.

The Tuvalu government has chosen to run that process in secret, however: an unusual decision given its ministers have actively sought press coverage of .tv's future in the past few months, approaching mainstream US media outlets, including the Washington Post. The rise of Twitch.tv and other video streaming websites have made dot-tv a pretty well-known top-level domain.

For an island measuring just 10 square miles with just over 10,000 inhabitants, the $5m it gets a year from Verisign in exchange for the rights to sell .tv domains is a sizable part of Tuvalu’s income. In fact it is about seven per cent of its entire GDP, which explains why the simple matter of an internet registry rebid has seen its finance minister taking personal charge.

Despite the $5m annual fee, the registry is a cash-cow for Verisign, with the 500,000 .tv domains costing, on average, $50 a year. The cost of running the registry is thought to be approximately 75 cents per domain, meaning Verisign has been making roughly a $20m profit each year from its contract.

Tuvalu, unsurprisingly, wants a larger slice of that pie and has turned to the small but cutthroat internet registry market to realize some gains.

The Colombian example

A similar thing happened last year in Colombia where the country’s IT minister involved herself in the fate of the nation's .co top-level domain. A decade beforehand, Colombia had agreed to accept a flat fee in exchange for the rights to sell dot-co domains. The US registry giant Neustar ultimately obtained those rights and reaped huge profits selling trendy .co domains to startups and techies.

When Colombia sought a rebid for .co, it became clear something was amiss. For one thing, the Colombian government put together documents setting out the technical requirements bidders must meet to have any chance of winning the contract. Those requirements included wildly inaccurate .co domain ownership numbers: the figures, rather than reflecting reality and showing a slowdown in registrations, signaled accelerating growth.

Confused as to how officials could have made such a basic error, we dug into the contract files and found that Neustar’s main competitor, Afilias, had had a clear behind-the-scenes impact on the bidding process, to the extent that inexplicable references to another of Afilias’ registry operations, .org, appeared within the technical documents for the .co rebid produced by the Colombian government.

In other words, the Colombians used descriptions of Afilias' operations as the minimum technical requirements for its .co contract, tilting the process in that corporation's favor.

Various investigations and media reports later, Afilias pulled out of the bidding, the Colombian IT minister resigned saying she had done nothing wrong, and Neustar was re-awarded the contract but on better terms for the government.

At the center of the .co storm was a clause in the technical requirements that was oddly specific: it required, among other criteria, that whoever won the contract had to have previously handled the migration of one million domain names in one go.

While that may seem at first glance like a reasonable parameter to set, the truth is that there are not that many transitions of that size and nature in the domain world, and the requirement made little technical sense. What it did do, however, was exclude each of the main players in the market, who run hundreds of internet registries and billions of names, save one: Afilias.

Verisign, the operator of the world’s largest registry – dot-com – was not eligible. The world’s largest registry operator in terms of the number of registries under their purview, Donuts, was not eligible. The world’s largest migrator of top-level domains, responsible for taking over the technical back-end of over 50 registries, Centralnic, was not eligible. The company that actually ran the .co registry and had done for years, Neustar, was also ineligible. Just Afilias made the cut.

Here we go again

Now, a year later and in another big registry rebid, a similar clause has appeared in the contract for .tv – and it is equally unusual.

Requirement 2.15 of the .TV registry request for proposal (RFP) reads:

Transition. Describe your plan for the transition-in of services, including processes, resources, approach and timeline. Include experience transitioning at least 5 TLDs, and at least 5 ccTLDs, with at least 3 transitions of TLDs over 1 million domain names. (Upgrading or migrating from one platform to another inside a company does not count as a transition).

Again, the “over 1 million domain names” requirement is in there, which makes even less sense this time around. At least Colombia’s .co registry had over two million domains in it; Tuvalu’s registry has just half a million so the government is insisting on an over-spec’d requirement that didn’t make sense in the first place. The fact that the successful bidder is expected to have done it “at least” three times is bordering on absurd.

Similarly, the requirement that a company has transitioned “at least 5 ccTLDs” makes little or no technical sense. The result is a bidding process that likely only one particular applicant can hope to win, and all others are excluded.

Two questions flow from this. First: why would someone allow this to happen when last time around it caused a huge and public political row, and the loss of the contract? And second: how exactly did this unnecessary requirement find its way into the Tuvalu government’s official documentation?

Who stands to win?

So far we have been unable to find a smoking gun indicating the inspiration, shall we say, behind the bonkers requirements. From .co to .tv, the tactic of adding an exclusionary clause to the RFP has been repeated but with one additional element: the Tuvalu government was persuaded to keep the entire process secret. The bidding process, despite being widely publicized by the country’s own ministers in the press, has been invite-only. And the bidding documents including the RFP have not been published.

So, who is in the mix this time: who is bidding for .tv? Well, there has been a shake-up in the internet registry market recently. Neustar’s registry business has been bought by mega-corp GoDaddy and is now called GoDaddy Registry.

We asked GoDaddy Registry whether it was bidding for the .tv registry contract, and it confirmed it was although it added it “will not make any comments about our participation or on the requirements and selection process,” citing the fact that the bid is restricted by invitation only.

Another bidder will be Centralnic, it confirmed, although it is unlikely to be involved in any efforts to manipulate the process because the clause itself was probably added specifically to exclude it. Centralnic is known in the industry for offering to run existing registry contracts at a lower price than the current contract holder but at the same or a higher technical standard.

Then there is the incumbent Verisign, with whom the Tuvalu government has had a very public falling out. The government is unlikely to have agreed to add a clause to a rebid that requires it to stick with the same company it already has.

Dot eat dog

Which leaves Afilias and Donuts. Or it would have, except for the fact that Donuts bought Afilias in December 2020. So, Donuts then? No, because three months after it bought Afilias, a majority share in Donuts was bought by Ethos Capital.

And if that name seems familiar it’s because Ethos Capital was the same company involved in the secretive and ultimately failed effort to acquire the .org registry for $1.14bn.

That deal sparked revolt in the internet community, and caught the attention of US lawmakers and the California Attorney General. It was eventually rejected by DNS overseer ICANN after a massive campaign.

The fallout from that failed takeover has still yet to fully reverberate through those involved: the Internet Society, Public Internet Registry, and Ethos Capital, which have all tried their best to play it off as if it never happened. And thanks to a general lack of accountability in the internet world, no one has held their feet to the fire, either.

But what stands out most about that failed billion-dollar deal was how Ethos Capital and its co-CEO – charismatic former ICANN boss Fadi Chehade – somehow persuaded the institutions deciding .org's fate to bypass their normal processes and handle the deal largely in secret.

It appears Tuvalu may have caught the same bug. ®

Similar topics

Broader topics

Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021