A tiny island nation has put the rights to .tv up for grabs – but what’s this? Problematic contract clauses? Again?

Could this be Dot-co The Sequel?


Analysis One of the internet’s most lucrative and high-profile registry contracts is up for grabs – and once again the bidding process appears to be highly problematic.

The contract to run .tv has been held by dot-com operator Verisign for 20 years. This agreement expires this year, and Tuvalu, the small island state that owns the top-level domain, has decided to seek a rebid.

The Tuvalu government has chosen to run that process in secret, however: an unusual decision given its ministers have actively sought press coverage of .tv's future in the past few months, approaching mainstream US media outlets, including the Washington Post. The rise of Twitch.tv and other video streaming websites have made dot-tv a pretty well-known top-level domain.

For an island measuring just 10 square miles with just over 10,000 inhabitants, the $5m it gets a year from Verisign in exchange for the rights to sell .tv domains is a sizable part of Tuvalu’s income. In fact it is about seven per cent of its entire GDP, which explains why the simple matter of an internet registry rebid has seen its finance minister taking personal charge.

Despite the $5m annual fee, the registry is a cash-cow for Verisign, with the 500,000 .tv domains costing, on average, $50 a year. The cost of running the registry is thought to be approximately 75 cents per domain, meaning Verisign has been making roughly a $20m profit each year from its contract.

Tuvalu, unsurprisingly, wants a larger slice of that pie and has turned to the small but cutthroat internet registry market to realize some gains.

The Colombian example

A similar thing happened last year in Colombia where the country’s IT minister involved herself in the fate of the nation's .co top-level domain. A decade beforehand, Colombia had agreed to accept a flat fee in exchange for the rights to sell dot-co domains. The US registry giant Neustar ultimately obtained those rights and reaped huge profits selling trendy .co domains to startups and techies.

When Colombia sought a rebid for .co, it became clear something was amiss. For one thing, the Colombian government put together documents setting out the technical requirements bidders must meet to have any chance of winning the contract. Those requirements included wildly inaccurate .co domain ownership numbers: the figures, rather than reflecting reality and showing a slowdown in registrations, signaled accelerating growth.

Confused as to how officials could have made such a basic error, we dug into the contract files and found that Neustar’s main competitor, Afilias, had had a clear behind-the-scenes impact on the bidding process, to the extent that inexplicable references to another of Afilias’ registry operations, .org, appeared within the technical documents for the .co rebid produced by the Colombian government.

In other words, the Colombians used descriptions of Afilias' operations as the minimum technical requirements for its .co contract, tilting the process in that corporation's favor.

Various investigations and media reports later, Afilias pulled out of the bidding, the Colombian IT minister resigned saying she had done nothing wrong, and Neustar was re-awarded the contract but on better terms for the government.

At the center of the .co storm was a clause in the technical requirements that was oddly specific: it required, among other criteria, that whoever won the contract had to have previously handled the migration of one million domain names in one go.

While that may seem at first glance like a reasonable parameter to set, the truth is that there are not that many transitions of that size and nature in the domain world, and the requirement made little technical sense. What it did do, however, was exclude each of the main players in the market, who run hundreds of internet registries and billions of names, save one: Afilias.

Verisign, the operator of the world’s largest registry – dot-com – was not eligible. The world’s largest registry operator in terms of the number of registries under their purview, Donuts, was not eligible. The world’s largest migrator of top-level domains, responsible for taking over the technical back-end of over 50 registries, Centralnic, was not eligible. The company that actually ran the .co registry and had done for years, Neustar, was also ineligible. Just Afilias made the cut.

Here we go again

Now, a year later and in another big registry rebid, a similar clause has appeared in the contract for .tv – and it is equally unusual.

Requirement 2.15 of the .TV registry request for proposal (RFP) reads:

Transition. Describe your plan for the transition-in of services, including processes, resources, approach and timeline. Include experience transitioning at least 5 TLDs, and at least 5 ccTLDs, with at least 3 transitions of TLDs over 1 million domain names. (Upgrading or migrating from one platform to another inside a company does not count as a transition).

Again, the “over 1 million domain names” requirement is in there, which makes even less sense this time around. At least Colombia’s .co registry had over two million domains in it; Tuvalu’s registry has just half a million so the government is insisting on an over-spec’d requirement that didn’t make sense in the first place. The fact that the successful bidder is expected to have done it “at least” three times is bordering on absurd.

Similarly, the requirement that a company has transitioned “at least 5 ccTLDs” makes little or no technical sense. The result is a bidding process that likely only one particular applicant can hope to win, and all others are excluded.

Two questions flow from this. First: why would someone allow this to happen when last time around it caused a huge and public political row, and the loss of the contract? And second: how exactly did this unnecessary requirement find its way into the Tuvalu government’s official documentation?

Who stands to win?

So far we have been unable to find a smoking gun indicating the inspiration, shall we say, behind the bonkers requirements. From .co to .tv, the tactic of adding an exclusionary clause to the RFP has been repeated but with one additional element: the Tuvalu government was persuaded to keep the entire process secret. The bidding process, despite being widely publicized by the country’s own ministers in the press, has been invite-only. And the bidding documents including the RFP have not been published.

So, who is in the mix this time: who is bidding for .tv? Well, there has been a shake-up in the internet registry market recently. Neustar’s registry business has been bought by mega-corp GoDaddy and is now called GoDaddy Registry.

We asked GoDaddy Registry whether it was bidding for the .tv registry contract, and it confirmed it was although it added it “will not make any comments about our participation or on the requirements and selection process,” citing the fact that the bid is restricted by invitation only.

Another bidder will be Centralnic, it confirmed, although it is unlikely to be involved in any efforts to manipulate the process because the clause itself was probably added specifically to exclude it. Centralnic is known in the industry for offering to run existing registry contracts at a lower price than the current contract holder but at the same or a higher technical standard.

Then there is the incumbent Verisign, with whom the Tuvalu government has had a very public falling out. The government is unlikely to have agreed to add a clause to a rebid that requires it to stick with the same company it already has.

Dot eat dog

Which leaves Afilias and Donuts. Or it would have, except for the fact that Donuts bought Afilias in December 2020. So, Donuts then? No, because three months after it bought Afilias, a majority share in Donuts was bought by Ethos Capital.

And if that name seems familiar it’s because Ethos Capital was the same company involved in the secretive and ultimately failed effort to acquire the .org registry for $1.14bn.

That deal sparked revolt in the internet community, and caught the attention of US lawmakers and the California Attorney General. It was eventually rejected by DNS overseer ICANN after a massive campaign.

The fallout from that failed takeover has still yet to fully reverberate through those involved: the Internet Society, Public Internet Registry, and Ethos Capital, which have all tried their best to play it off as if it never happened. And thanks to a general lack of accountability in the internet world, no one has held their feet to the fire, either.

But what stands out most about that failed billion-dollar deal was how Ethos Capital and its co-CEO – charismatic former ICANN boss Fadi Chehade – somehow persuaded the institutions deciding .org's fate to bypass their normal processes and handle the deal largely in secret.

It appears Tuvalu may have caught the same bug. ®

Similar topics

Broader topics


Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading
  • FTC signals crackdown on ed-tech harvesting kid's data
    Trade watchdog, and President, reminds that COPPA can ban ya

    The US Federal Trade Commission on Thursday said it intends to take action against educational technology companies that unlawfully collect data from children using online educational services.

    In a policy statement, the agency said, "Children should not have to needlessly hand over their data and forfeit their privacy in order to do their schoolwork or participate in remote learning, especially given the wide and increasing adoption of ed tech tools."

    The agency says it will scrutinize educational service providers to ensure that they are meeting their legal obligations under COPPA, the Children's Online Privacy Protection Act.

    Continue reading
  • Mysterious firm seeks to buy majority stake in Arm China
    Chinese joint venture's ousted CEO tries to hang on - who will get control?

    The saga surrounding Arm's joint venture in China just took another intriguing turn: a mysterious firm named Lotcap Group claims it has signed a letter of intent to buy a 51 percent stake in Arm China from existing investors in the country.

    In a Chinese-language press release posted Wednesday, Lotcap said it has formed a subsidiary, Lotcap Fund, to buy a majority stake in the joint venture. However, reporting by one newspaper suggested that the investment firm still needs the approval of one significant investor to gain 51 percent control of Arm China.

    The development comes a couple of weeks after Arm China said that its former CEO, Allen Wu, was refusing once again to step down from his position, despite the company's board voting in late April to replace Wu with two co-chief executives. SoftBank Group, which owns 49 percent of the Chinese venture, has been trying to unentangle Arm China from Wu as the Japanese tech investment giant plans for an initial public offering of the British parent company.

    Continue reading
  • SmartNICs power the cloud, are enterprise datacenters next?
    High pricing, lack of software make smartNICs a tough sell, despite offload potential

    SmartNICs have the potential to accelerate enterprise workloads, but don't expect to see them bring hyperscale-class efficiency to most datacenters anytime soon, ZK Research's Zeus Kerravala told The Register.

    SmartNICs are widely deployed in cloud and hyperscale datacenters as a means to offload input/output (I/O) intensive network, security, and storage operations from the CPU, freeing it up to run revenue generating tenant workloads. Some more advanced chips even offload the hypervisor to further separate the infrastructure management layer from the rest of the server.

    Despite relative success in the cloud and a flurry of innovation from the still-limited vendor SmartNIC ecosystem, including Mellanox (Nvidia), Intel, Marvell, and Xilinx (AMD), Kerravala argues that the use cases for enterprise datacenters are unlikely to resemble those of the major hyperscalers, at least in the near term.

    Continue reading

Biting the hand that feeds IT © 1998–2022