ICA to NTIA: 1. Lower .com Prices; 2. Do Something About GDPR and Whois

Zak MuscovitchUncategorized

 

On July 17, 2018, the Internet Commerce Association (ICA) submitted its feedback to the United States’ Department of Commerce in connection with the National Telecommunications and Information Administration’s Notice of Inquiry on International Internet Policy Priorities.

The message was clear. Two major issues need immediate attention;

1.   Root Zone Management and ICANN’s Inherent Conflict of Interest with the Verisign monopoly on .com domain name registrations; and

2.   Failure of the ICANN Multistakeholder Model to Satisfactorily Address Whois Access and Accreditation in Light of the GDPR Fiasco.

 

Below is the ICA’s letter to Assistant Secretary for Communications and Information and Administrator, David J. Redl.

 

____________________________________________________________________________________________________________________________________

July 17, 2018

 

Honorable David J. Redl

Assistant Secretary for Communications and Information

and Administrator, National Telecommunications and Information Administration

U.S. Department of Commerce

Washington, DC 20230

 

Dear Mr. Redl:

RE: NTIA Notice of Inquiry (06/05/2018): International Internet Policy Priorities

I write to you on behalf of members of the Internet Commerce Association. Founded in 2006, the Internet Commerce Association (the “ICA”) is a non-profit trade organization representing domain name investors, website developers, domain name secondary marketplaces, escrow service companies, registries, and related service providers.

The ICA is comprised of responsible businesses and individuals who have joined together to improve public confidence in Internet commerce. Based in Washington D.C., the ICA’s mission is to assist with the development of domain name related policy and to advocate for fairness in government policy and regulation.

ICA members own and operate approximately 10 million .com domain names and provide crucial domain name-related services to many thousands of their respective customers. As such, our members play an integral role in the operation and use of the Internet, and an open and secure Internet is of utmost interest to our members.

As interested stakeholders on the NTIA’s international internet policy priorities, we are pleased to provide you with our comments and recommendations pursuant to your above-noted Notice of Inquiry dated, July 5, 2018, on “International Internet Policy Priorities” (the “Notice”). We hope that our comments and recommendation herein will assist you with identifying your policy priorities. We note that you invited comments on the full range of questions presented in this Notice, including on issues which were not specifically raised. Our comments herein are primarily in response to the “Multistakeholder Approach to internet Governance”. To the extent that any of our comments do not directly address the four specific questions raised, our comments are in connection with “other issues which were not specifically raised” but were nonetheless part of your invitation for comments.

Background –A Crucial Role for American Leadership

We applaud your remarks to the Federalist Society Executive Branch Review Conference on April 17, 2018, in Washington, D.C., wherein you stated that “NTIA and the Department of Commerce [are] thinking about the future of American leadership every day”. We also support your aforementioned remarks wherein you stated that the objective must be “to ensure that the Internet is open, secure, and providing maximum benefits to the American people”.

The NTIA has previously expressed its support for the “multistakeholder model” of ICANN governance, and the ICA also generally supports the multistakeholder model. ICANN is fortunate to have thousands of dedicated volunteers, experienced staff, and competent leadership who all work very hard contributing to the multistakeholder model and the ICA is proud of its long-term commitment and contributions to the multistakholder model.

Nevertheless, the NTIA can and must continue to play a role in providing crucial oversight and providing a bulwark against apparent failures of the multistakeholder model in order to protect the Internet and American interests in particular. The ICA sees a need to reform and possibly restructure the multistakholder model in order to enable stronger ICANN leadership so that crucial issues can be addressed in a timely and effective manner, while at the same time enable the multistakholder model to be less subject to capture by the industries which it in effect regulates, and more responsive to and accountable to the public interest.

NTIA has recognized the important role that the United States has to play in protecting and promoting an open Internet and in strengthening the global marketplace for American digital products and services,[1] and therefore can and should show American leadership in terms of improving the current multistakholder model which is central to an open and strong Internet. In particular, nowhere is the need for American leadership more apparent than with regards to;

  1. Root Zone Management and ICANN’s Inherent Conflict of Interest with the Verisign monopoly on .com domain name registrations; and
  2. Failure of the ICANN Multistakeholder Model to Satisfactorily Address Whois Access and Accreditation in Light of the GDPR Fiasco.

Multistakeholder Model and NTIA’s Oversight of Root Zone Management and the .com Registry

The multistakeholder model has unfortunately not been effective in preventing Verisign, Inc. (“Verisign”) from using its lucrative monopoly position to continually be rewarded with a ‘no-bid’ contract for the exclusive operation of the .com registry.  Notwithstanding the IANA transition, this is an area where NTIA retains de facto control of important Internet resources. NTIA’s objective in providing “a secure Internet” can be accomplished right alongside NTIA’s objective of “providing maximum benefits to the American people”. Unfortunately, that is not the case now with regards to the .com monopoly and American leadership is required to rectify the situation.

Verisign, Inc. (“Verisign”) has to-date, operated the .com registry in a manner linked to Verisign’s management of the root zone. These two crucial tasks however, need not be inextricably intertwined as the root zone management function is distinct from and can be fully separable from the contractual right to operate the .com registry. Nevertheless, whether root zone management is tied to the operation of the .com registry as it is now, or whether it is separate and distinct, the imperative remains that the NTIA should effectively exert crucial oversight over the .com registry to ensure the maximum benefit to the American people while protecting the management of the root zone.

The ICA recommends that the NTIA show American leadership by taking immediate steps to open the .com registry operation for a competitive procurement process in an effort to lower costs to American business and consumers, as well as millions of Internet users and businesses worldwide. Currently, Verisign is unjustifiably enjoying record and windfall profits as a result of its monopoly over the registration of .com domain names, and this contract need not and should not be tied to the operation of the root zone management functions. A secure root zone management can be achieved while also enabling a fair and competitive business environment that benefits the American people. Left without NTIA oversight and/or the exercise of NTIA influence, ICANN is likely to allow Verisign, to have free reign to set prices in a perpetual no-bid contract.

As NTIA is well aware, Reston, Virginia-based Verisign has been granted a monopoly to operate the .com registry.  There are approximately 133.9 million .com domain names registered. Verisign, a public company with a market capitalization of over $18 billion and net income in 2017 of US $457 million on revenue of $1.14 billion, enjoys a monopoly as the registry operator for all .com and all .net domain names pursuant to a contract with Internet Corporation for Assigned Names and Numbers (“ICANN”).

Verisign’s cost to operate the .com registry has been estimated at less than $3 per domain and possibly less yet it currently charges $7.85 per .com domain per year.  This imposes an unjustified cumulative multi-billion dollar “monopoly tax” on American Internet users.

Verisign’s 2006 contract with ICANN gave it the right to increase .com prices 7% in 4 out of the 6 years of its contract. It agreed to a similar deal with ICANN in 2012, only to have the U.S. Department of Justice step in and say that the new six-year contract shouldn’t have price increases.[2] That fixed the wholesale price of .com domain names at $7.85 per year. On September 15th, 2016, ICANN’s Board approved the extension of Verisign’s .com agreement and simultaneously approved an extension of the existing $7.85 ceiling on .com wholesale prices through 2024. The wholesale price is the price that Verisign charges registrars such as Arizona-based Godaddy, the world’s largest domain name registrar.

Any increase in the .com wholesale cost would be passed along to American consumers and businesses at the retail level. Notwithstanding that price cap extension, the wholesale pricing of .com domains could be revisited by ICANN and Verisign if NTIA does not extend a separate Cooperative Agreement currently in force through November 30, 2018, or alternatively, does extend it but with a different pricing control, or even allows ICANN and Verisign to renegotiate without NTIA oversight.

The massive scale of this problem cannot be understated. If Verisign were to be permitted to exploit its monopoly by raising prices by 10%, it would result in hundreds of millions of dollars in additional windfall profits from its monopoly, on the backs of American businesses and consumers. This in turn would cause tremendous economic harm to American consumers and businesses who have little choice but to continue to register their .com domain names in the absence of any recognized satisfactory alternative to the dominant .com gTLD.

The fact is that .com domains are considered the global standard for online branding.  The market value of .com domains reflects that .com domains are perceived differently from any other extension.  A .com domain will have a market value at least ten times higher than a corresponding domain in a different extension.  This demonstrates that the market perceives other domain extensions as qualitatively different from .com.  In effect, a .com domain is a different product from a domain in another extension, and it cannot be substituted without a substantial loss of utility.  The availability of other extensions does not therefore serve as a constraint on .com’s pricing power. The dominance of .com is demonstrated by 93% of the top 50 US websites operate from a .com domain.  The three top sites that aren’t listed under a .com domain (wikipedia.org, craigslist.org and att.net) still have the corresponding .com domain out of necessity.

The power of .com is recognized in the start-up community.  According to venture capitalist Paul Graham, “The problem with not having the .com of your name is that it signals weakness… a marginal domain suggests you’re a marginal company.” Despite any so-called competition from new gTLD extensions, the growth in registrations of .com domains far outpaced that of the new extensions.  The arrival of hundreds of new gTLD’s has had little discernable impact on the market dominance of .com domain names.

According to Verisign’s own 2018 Domain Name Industry Brief, the .com domain name base totalled approximately 133.9 million domain name registrations, and combined with the 14.4 million .net domain names which Verisign also operates as a monopoly, Verisign experienced an increase of 4.6 million total domain name registrations, or 3.3% year over year. Compare this with new gTLD domain name registrations which were a mere 20.3 million and experienced a net decrease of 400,000 domain name registrations or 2%. Clearly, market conditions remain extraordinarily favourable to Verisign, with new gTLDs having no appreciable impact on .com registration rates and posing no significant competition whatsoever.

Furthermore, even if there were any factors which negatively affected Verisign’s market conditions, a decrease in the .com price would be expected in order to increase demand.  Yet in the absence of market constraints on .com prices, any attempt to raise prices would constitute an entirely unjustified monopoly tax on those Americans using .com domains, and who are unfortunately a captive market of a large and powerful monopoly.

Verisign’s cost to operate the .com registry has been estimated at less than $3 per domain and possibly less, yet it currently charges $7.85 per .com domain per year. What is even more outrageous, is that in 2017, Verisign’s operating margin was 60.7%. It made $447 million in net profits on revenue of $1.17 billion. Verisign’s stock price has tripled in the last five years, with investors no doubt happily counting on Verisign to continue reaping outrageous profits from Internet consumers and businesses under and entirely unjustified monopoly.

The NTIA should therefore show American leadership and stand up for American consumers and American business – as well as the millions of foreign Internet users and businesses – who are being preyed upon by Verisign’s monopoly. The operation of the .com registry can and should be operated by an operator who is eager to take on the contract but is willing to offer substantially lower .com pricing. Given the tremendous windfall profits that Verisign has to-date enjoyed, this is easily achievable for an operator in a competitive environment. The operation of the .com registry should be put out for tender, separate and apart from the operation of the root zone management functions. American companies such as Google, Amazon, and Neustar, are all likely able to provide competitive bids for the same or better operation of the .com registry at the same or lower cost, thereby ensuring that the crucial .com registry remains operated in America.

It may be that as a result of competitive bids, Verisign is forced to lower its prices but is able to be the successful bidder, and that would also be a success for the NTIA and American consumers and business. There is no doubt that Verisign or another qualified operator can continue to offer stable and secure .com registrations while charging reasonable prices instead of exorbitant and outrageous price gouging. Moreover, NTIA should follow the example of .us, which was subject to a competitive procurement process[3], as well as the examples of .au and .fr.[4]

With the potential expiry of the Cooperative Agreement and its potential extension on November 30, 2018, the time is now for the NTIA to step in and ensure fair pricing for .com domain names, which form the bedrock of the Internet.

Left without crucial American leadership and oversight on the contractual right to operate the .com registry, ICANN is susceptible to catastrophic conflict of interest to the detriment of American Internet users and businesses. ICANN receives an estimated $34 million a year from Verisign after having “renegotiated” with Verisign in 2012 for an extension of the .com Registry Agreement. Without NTIA oversight over this crucial contract which has to-date been a “no bid” contract, ICANN – which is facing serious financial challenges as a result of expanding its mandate and financial mismanagement – would be permitted to once again strike a deal with Verisign wherein Verisign would self-servingly pay ICANN more than the current $0.25 per .com domain name registered in a “quid pro quo” for being able to unjustifiably jack up the price of .com domain names to the public. That would assist ICANN with its self-created financial issues and would more than satisfy Verisign who would have a free hand to reap untold profits through its monopoly. But crucially, there would be no one looking out for Internet users and businesses.

The Internet community must look to the NTIA for relief and to stand up for an open, secure, and fair Internet that encourages Internet business and which does not allow one company to reap outrageous and disproportionate financial gains behind closed doors with a no-bid contract under the apparent auspices of ICANN’s multistakeholder model, with little accountability and ICANN’s natural and apparent financial self-interests. If the NTIA wants to demonstrate American leadership for the benefit of Americans and for the world Internet community at large, there is no better place than with .com pricing.

Failure of the ICANN Multi-stakeholder Model to Avoid the GDPR Crisis

As you correctly pointed out in your testimony to the Senate Commerce, Science and Transportation Committee on June 13, 2018, the NTIA is justifiably “concerned that the security and stability of the Internet is being inadvertently compromised by pressure to comply with the European Union’s General Data Protection Regulation (GDPR)”. As you pointed out in your testimony, Whois information is critical for law enforcement, cybersecurity, intellectual property enforcement, and consumers looking to ensure the legitimacy of websites.

But access to Whois information is also critical for the domain name investment industry, which is a multimillion dollar industry as evidenced by the massive secondary domain name markets operated by Sedo and Afternic, and also by established domain name escrow services providers such as Escrow.com. The companies which conduct hundreds of millions of dollars of domain name purchase and sale transactions, rely upon access to Whois records for consumer protection by verifying registrant details and ensuring that transactions are bona fide.

In addition, numerous professionals including but not limited to established domain name brokerages such as Media Options, auctioneers such as Heritage Auctions, law firms such as Dentons, IP consultants such as Marksmen and BrandIT, and investigators such as Kroll, all rely on Whois records for a multitude of crucial tasks in the public interest on a daily basis. These crucial tasks include but are not limited to validating website and domain name ownership to ensure transparency and accountability for commercial activity and transactions, conducting forensic portfolio audits and domain name portfolio appraisals, broker and legal due diligence including chain of title examination via historical Whois records, investigating and reporting on fraudulent use of domain names and online abuse, asset investigation and recovery, and identifying parties to prospective civil proceedings. Journalists and researchers also rely on Whois to protect against corruption, inform the public, and for academic analysis. Accordingly, such entities have a legitimate interest in access to the Whois and such access is crucial for American Internet users and businesses.

Despite the crucial public interest in maintain open access to the Whois database, ICANN failed to provide any one of several possible solutions which would have avoided GDPR effectively destroying Whois as we know it, such as the following potential solutions;

a) preemptively lobbing for a GDPR that expressly recognizes that the Whois a crucial public database that should be accessible in the public interest;

b) requiring the consent of registrants in registration agreements, to processing and publication of their Whois data;

c) standing up for an interpretation of the GDPR which would provide continued and unimpeded access to the Whois, like EU countries did for their own corporate and trademark databases; or

d) create an accreditation and access model available immediately upon the implementation of GDPR on May 25, 2018.

Instead, and despite years of notice, ICANN’s multistakeholder model somehow failed to protect American Internet users and businesses who rely upon the Whois. Even after failing to stop GDPR from being drafted in a manner which outrageously fails to take into account the important public interest in Whois, it was still within ICANN’s mandate and ability to at least fight for a restrictive interpretation that inter alia; a) did not purport to apply GDPR to legal persons as opposed to natural persons; b) which did not purport to consider email addresses as personal data; and c) and which did not put pressure on registrars to treat all non-European data personal data as ‘European personal data’ out of fear of inadvertently including European personal data in the Whois.

Now, ICANN has unfortunately been left scrambling to create a temporary Whois data model for its accredited registrars, but which fails to provide for any immediate accreditation and access model. In fact, the ICANN Business and Intellectual Property Constituencies, recognizing the urgency of the matter, presented a proposed model to ICANN for accreditation and access which recognized and addressed the requirement that these kind of entities amongst others, receive access, but ICANN failed to adopt or implement it, and instead embarked on a long but “expedited” policy development process to ostensibly create a long-term Whois model for all registrars, but this will likely at least take a year, and in the meantime legitimate users of the Whois are left without the tools that they rely on. This is a regrettable failure of the multistakeholder model, and this failure demonstrates the need for NTIA to show American leadership in improving it for the benefit of everyone, including American Internet users and businesses.

Although we applaud the NTIA’s efforts to continue pushing for the preservation of the features that make the WHOIS service valuable to Internet stakeholders, including through its role in the GAC, stronger measures are likely required to be taken to ensure immediate access to Whois by Americans with legitimate interests. If ICANN’s multistakeholder model is ill-equipped to exert pressure and influence on the EU, or if ICANN’s multistakeholder model is unable to take effective and immediate action to create a Whois accreditation and access model as appears to be the case, the NTIA must step up and protect American interests and the interests of all those worldwide that have fallen under the heavy and ill-advised hand of the EU’s GDPR. American Internet users and businesses who have enjoyed and relied upon access to Whois in the public interest, should not be subjected to foreign laws under penalty of heavy fines and prosecution by foreign nation states, and NTIA should push for measures that enable American registrars to continue to collect, process, and make available complete Whois records, in the public interest.

We would be pleased to discuss our comments with you at your convenience.

 

Yours truly,

INTERNET COMMERCE ASSOCIATION

per: Zak Muscovitch

General Counsel, ICA

 

[1] See; Assistant Secretary Redl’s testimony to the Senate Commerce, Science and Transportation Committee on June 13, 2018, at Page 6.

[2] See, “Verisign CEO discusses 2018 .com contract renewal and price increases”, Domain Name Wire, December 2, 2015.

[3] See; https://www.ntia.doc.gov/other-publication/2014/contract-operate-us-country-code-top-level-domain-awarded-neustar

[4] See https://www.auda.org.au/news/afilias-chosen-to-supply-au-registry-services/, and also see; https://www.afnic.fr/en/about-afnic/news/general-news/2782/show/afnic-awarded-fr-management-after-competitive-tender.html