Is Technical Performance The Only Benchmark for Legacy DNS Registry Concessions?
Safeguarding the public interest should also include contributing to online safety and rights protections.
Late last year, the National Telecommunications and Information Administration (NTIA) announced that it had renewed a long-standing Cooperative Agreement which, although a shadow of its former self, still governs the wholesale pricing that can be charged by VeriSign for .COM domain names.
Along with this announcement, NTIA published Amendment 35 which extends the Cooperative Agreement for six years while also clarifying some of the provisions related to its regulatory authority, including its unilateral right to review and amend the .COM Registry Agreement between ICANN and Verisign.
This may have seemed to be a demonstration of NTIA’s confidence, based upon past performance, for the registry operator’s continuing responsibility for part of the Internet infrastructure that is considered vital to national security, global commerce, and human expression. With more than two decades of 100 percent operational accuracy and stability for .COM, the technical track record seems to be clear — but should confidence in technical redundancy be interpreted as approval for all aspects of VeriSign’s operation of this Internet infrastructure on behalf of the public interest?
Can the integrity of the infrastructure that underpins the global Internet be assessed solely by the amount of provisioning capacity available to withstand Distributed Denial of Service (DDoS) attacks and other such technical measures? Mustn’t it also equally account for a robust ecosystem of infrastructure operators, platform providers, and others who are ready, willing, and able to promote online safety and facilitate the protection of individual rights — such as intellectual property — in the digital realm?
Examined through this lens, VeriSign’s track record is less clear — and much more troubling. This record — also developed consistently over more than two decades — reveals a U.S. company that blatantly disrespects the rights and dignity of others. This includes those who seek nothing more than to defend their intellectual property rights and organizations on the front lines of combatting criminal activity that is occurring online.
VeriSign’s record of apathy and stubborn unwillingness to be distracted from its singular focus on profits for Wall Street is not the subject of conjecture — it is as undeniable as Verisign’s technical record and confirmed by empirical studies that detail the disproportionate and outsized volume of illicit activity occurring in Verisign-run domain name registries. Further, what appears to be a “see no evil, hear no evil” approach to illegal activity is compounded by a “closed-door” policy for addressing requests for assistance or cooperation. That this behavior by the dominant monopolist in the Domain Name System (DNS) isn’t a novelty is highlighted by the sustained chorus of complaints coming from organizations on the front lines of combatting online criminal activity involving intellectual property theft, dangerous counterfeit pharmaceutical sales and the distribution of content depicting the sexual abuse of children.
For example, in October of last year, a coalition of organizations seeking to eliminate online child abuse materials pointedly wrote in a letter to NTIA:
Verisign is uniquely unforthcoming. We have regularly worked and had conversations with just about every Internet company you can think of and quite a few you are unlikely to know. Only Verisign has been so utterly uncommunicative. This is a very poor show and runs completely contrary to the spirit of multi-stakeholderism.
The letter continues in strong and unequivocal language:
To put the matter plainly, it is immoral for a business to attempt to deflect responsibility by arguing these matters are the sole provenance of law enforcement and courts. As the dominant Registry in the global system, Verisign should be taking a leadership position, adopting voluntary procedures to combat online child sexual abuse.
However, the unfortunate truth is that top-level domains administered by VeriSign account for a disproportionately large percentage of many types of illegal and abusive online activities. In its 2017 annual report, the Internet Watch Foundation revealed that 79% of all child sexual abuse webpages are found on .COM and .NET. Yet, this can’t be explained away as merely the unfortunate byproduct of being the dominant market player.
The overall market share commanded by .COM and .NET is only slightly more than half of the entire DNS, yet nearly eighty percent of child sexual abuse websites operate there. This suggests that .COM and .NET are functioning somewhat like digital “sanctuary cities” — places where illegal activity thrives because those in a position to do something about it — those who should know better — choose to do nothing.
Websites trafficking in illegal pharmaceuticals are also disproportionately represented in VeriSign-run registries. According to LegitScript, 56% of all rogue pharmacies operate on the .COM gTLD and another 9% utilize .NET. How can VeriSign — a U.S. company that is staffed and mostly led by Americans — reconcile the fact that it enables 65% of all illegal Internet pharmacies to transact business at the same time that the U.S. government is fighting a national opioid crisis?
Trafficking in child abuse imagery, copyright piracy, the sale of dangerous counterfeit products, including pharmaceuticals, and other illegal activities are thriving in registries operated by VeriSign.
Currently, VeriSign will suspend domain names only after being presented with a court order — a slow and relatively costly process for addressing criminal and exploitative activity that is occurring at Internet speed. Why does VeriSign choose to be indifferent about the abusive and illegal activity disproportionately occurring in its registries?
When considering this and other questions, it might be reasonable not to lose sight that the vast resources enjoyed by VeriSign and it’s investors have been amassed by operating an automated toll booth concession that was granted and guaranteed by the United States Government for the benefit of the public interest.
It was disappointing that NTIA failed to use the Cooperative Agreement’s renewal and Amendment 35 as an opportunity to be prescriptive in addressing how the Internet’s dominant registry operator will stop behaving as if it were a disinterested party and start being part of the solution that addresses illegal and abusive activities on the Internet. This is especially true considering the monopolist’s approach to business — which might be termed “strict constructionist” — whereby it does what is contractually and legally required of it — nothing more and nothing less.
One of the most significant consequences of Amendment 35 is the removal of a wholesale pricing restriction that was implemented in 2012 in response to competition concerns shared by NTIA and the Antitrust Division of the U.S. Department of Justice. Yet, in another example of DNS deal-making gone awry, the Amendment does not include any commensurate commitments from VeriSign to implement policies and best practices that would further enhance the security, stability, and resiliency of the Internet. This is in contrast with the recent renewal of the .ORG registry agreement, which removed pricing restrictions in exchange for public interest concessions from the registry operator, Public Interest Registry. Yet, the dominant DNS player continues to be given sweetheart deals — why? And how does this serve the public interest?
As some may recall, in August of 2016, U.S. Senators, led by Senator Ted Cruz, sent a letter to the Department of Justice requesting that a competition review be completed prior to NTIA deciding whether to approve an extension of the .COM registry agreement that was included as part of the transition of the Internet Assigned Names and Numbers Authority (IANA). Although not acted upon at the time, Amendment 35 did maintain oversight of VeriSign by the U.S. Government for purposes of regulating competition in the domain name market while reaffirming that the Cooperative Agreement does not confer federal antitrust immunity.
Additionally, the process for future renewals of the Cooperative Agreement was amended so that NTIA now is required to act affirmatively to cause it to expire. This would seem to have the practical effect of creating a presumptive renewal for the Cooperative Agreement that de-emphasizes the six-year cycle that has existed to this point and opens the door for future Amendments to be executed when appropriate and necessary.
It is difficult to conclude other than that this most recent renewal was a missed opportunity and that Amendment 35 — negotiated without public comment or substantive Congressional input — has left an unsatisfactory number of unresolved issues and unanswered questions. This is especially true when considered in light of the sheer magnitude of illicit activity occurring in VeriSign-run registries and the callous indifference and disregard that seems indicative of the dominant registry operator’s sentiments regarding the abusive and illegal activity enabled by its operation of Internet infrastructure.
Perhaps, then the billion-dollar question ought to be: is this really what is meant by “in the public interest?”