ICANN | Letter from Stuart Lynn to Karen Rose Regarding Proposed Revisions to VeriSign Agreements | 16 April 2001

  ICANN Logo

Letter from Stuart Lynn to Karen Rose Regarding Proposed Revisions to VeriSign Agreements
16 April 2001

April 16, 2001

Ms. Karen A. Rose
Office of International Affairs
International Telecommunications
and Information Administration
U.S. Department of Commerce
14th & Constitution Avenue,. N.W.
Room 4712
Washington, D.C. 20230

Dear Ms. Rose:

Enclosed are a series of agreements between the Internet Corporation for Assigned Names and Numbers ("ICANN") and VeriSign, Inc. ("VeriSign") that reform the contractual arrangements between ICANN and VeriSign first created in November of 1999. These agreements are submitted to the Department of Commerce pursuant to Section 2 of Amendment 1 of the Memorandum of Understanding Between the Department of Commerce and the Internet Corporation for Assigned Names and Numbers, dated November 10, 1999.

These new agreements were the subject of considerable community input and review, and were approved in concept by the ICANN Board of Directors on April 2, 2001. Your prompt approval of these agreements is respectfully requested. As you know, the special conditions of the 1999 agreements create a May 10, 2001 deadline for VeriSign to take certain actions in order to extend the existing agreement, and thus an early decision is essential.

We believe these new agreements provide substantial benefits over the existing agreement to the Internet community and the public at large. Among other benefits, they will:

  • largely normalize the relationship between ICANN and VeriSign, operator of the most important name registries in the Domain Name System;
  • eliminate most of the vestiges of special treatment of VeriSign resulting from its legacy activities;
  • commit VeriSign to participate equitably and without special limitations in the financial support of ICANN's activities; and
  • separate the single legacy registry agreement covering the three registries now operated by VeriSign into three separate registry agreements, thus allowing the Internet community, through the ICANN process, to decide on the registry operator for each individually and not collectively, as required under the 1999 agreement.

Attached is a briefing document that reviews: (1) the background leading up to the new agreements; (2) the new agreements in comparison with the existing agreement, highlighting the benefits of the new agreement; and (3) the process used to come to the final agreements.

I suggest the Department should take great comfort in the fact that ICANN's Board of Directors, a very diverse group selected by the three Supporting Organizations and the Internet community as a whole, was strongly supportive of the new agreements, voting to accept them by a 12-3 vote, with one abstention. The 12 votes in favor included two of the three Directors selected by the Domain Name Supporting Organization, two of the three Directors selected by the Protocol Supporting Organization, and the only Director voting of the three selected by the Address Supporting Organization. The 12 votes in favor of the new agreements included three of the five At Large Directors selected by the online vote of 75,000 Internet users last year. So, it would be fair to say that the proposed new agreements received majority support from every constituent element of the ICANN community, as represented by the Directors selected by those parts of the community.

The 1999 agreement was an important accomplishment in the context of that time, but in Internet (and ICANN) time that was another era. The DNS world, ICANN and VeriSign (the successor company to NSI) are all very different today than was the case in 1999. It is in the interests of all Internet users—commercial and private, businesses and individuals—that ICANN continue to develop and mature as a vehicle for consensus policy development. These new agreements, by eliminating much of the unique legacy treatment of VeriSign/NSI, will be a major step in that direction. They will help to maintain the continuing stability of the DNS as an important and effective part of the Internet, and will improve the ability of ICANN to serve as an effective administrator of this important resource.

I stand ready to provide any further information you might require. Thank you for your prompt attention to this important step in carrying out ICANN's primary responsibility—ensuring the continued stable operation of the Domain Name System.

With regards,


M. Stuart Lynn
President and Chief Executive Officer


cc: Alden Abbott, Esquire
Kathy D. Smith, Esquire


1. Background

The existing ICANN/NSI Registry Agreement ("1999 Agreement") was signed on November 10, 1999, after extensive and contentious negotiations. ICANN was just one year old, and still in the early days of establishing its credibility and legitimacy for the role it was being asked to serve—the body responsible for developing consensus on various technical, administrative and related policy issues concerning the Internet's Domain Name System ("DNS"). NSI was understandably not certain that submitting to the authority of ICANN for important matters related to its economic future was desirable or appropriate, and ICANN certainly did not have the ability to clearly foresee the future, especially since it was still in a very early stage of its development.

The result was perhaps predictable given two uncertain parties in a very uncertain environment: an agreement where many issues were not resolved but instead left ambiguous, and where both ICANN and NSI recognized that they were leaving many things to be worked out without a lot of contractual guidance. In addition, there was at the time considerable community sentiment that NSI, which had been the first private sector participant in the DNS infrastructure of any significance, and was certainly at that time still by far the most powerful, needed to be constrained in its ability to impede or disrupt the movement toward a more competitive environment that ICANN had already begun but that in late 1999 was still nascent. While the US Department of Commerce ("DOC") played an important role in encouraging the parties to find common ground, it could not eliminate the uncertainties about the future and these legacy issues that in the end produced an important but imperfect agreement.

As a result, the 1999 Agreement (covering the .com, .net, and .org registries) leaves much to be desired from ICANN's and the general Internet community's perspectives. It contains a variety of unique limitations on the obligations of NSI (now VeriSign) to comply with consensus policies produced through the ICANN process; sets hard caps on VeriSign's obligation to accept its fair share of ICANN's expenses, as allocated through the ICANN budget process; and provides VeriSign with procedural and legal protections and options not available to any other participant in ICANN. These unique features have in fact already been problematic; ICANN and NSI/VeriSign have had a number of disputes, only some of which have reached the level of public disagreement, about the interpretation of various provisions—disputes that are the inevitable product of ambiguous language. The fact that VeriSign, alone among ICANN participants, was able to enjoy these unique features was also a continual source of concern among the other entities with which ICANN sought contractual relationships. ICANN's experience with implementation of the 1999 Agreement, and with its preparation for introduction of additional top level domain name registries, convinced ICANN management that there were strong reasons for fixing these contractual problems as soon as that opportunity presented itself.

That opportunity in fact arose earlier this year, ironically because of one of the unique features of the original agreement. The 1999 Agreement provided for only a four-year term for NSI (now VeriSign) to operate the three registries (until November 10, 2003), at which time the registry contract would be put up for a competitive award by ICANN, pursuant to criteria set forth in the Agreement. But the 1999 Agreement also provided (in Section 23) that the Agreement would be extended for an additional four-year period if NSI separated the legal ownership of its Registry Services business from its registrar business within 18 months of the signing of the agreement, or by May 10, 2001. If that separation occurs within the meaning of Section 23, the term of the 1999 Agreement is automatically extended until November 10, 2007.

The original purpose of this provision was to create an incentive for the separation of ownership of NSI's registry and registrar businesses, because that was thought likely to be helpful in introducing and encouraging registrar competition. ICANN and the DOC, working cooperatively, had already taken a number of steps to encourage competition, including causing NSI to (1) create a Shared Registration System ("SRS") that made it technologically possible for multiple registrar entities to offer name registration services to the public, and (2) open that system to all ICANN-accredited registrars. In addition, to ensure that the NSI registrar business did not have any competitive advantage because of its affiliation with the registry operator, NSI was required in Section 21 of the 1999 Agreement to (3) provide all accredited registrars with equal access to the SRS, and (4) create an operational firewall between its registry business and its registrar business that prevented any information flow from its registry business to its registrar business that was not equally available to all competitive registrars.

Section 23's incentive for ownership separation was included as an additional protection, in recognition of the possibility that the Section 21 protections might not be fully effective in opening the registrar (retail) market to full and fair competition. The automatic extension was seen as an attractive incentive to NSI/VeriSign to complete an ownership separation of its registrar business from its registry business.

In fact, the introduction of competition in the registrar business was much more successful, and more rapidly successful, than anyone anticipated. By all indications, VeriSign has honored its obligations under Section 21. Certainly, it is a fact that ICANN has received no substantial complaints about discriminatory access to the registries operated by VeriSign, and there has been no indication or evidence that VeriSign has not fully and effectively erected a complete firewall that prevents any discriminatory information flow to its registrar business. In addition, ICANN has now accredited approximately 180 competitive registrars, of which about 90 are already operating under the SRS. ICANN estimates that the average price of a one-year domain name registration offered by the competing registrars in the .com, .net, and .org registries operated by VeriSign has fallen to under $15; prior to the introduction of competition, the only price at which a domain name registration was available was $70 for a two-year registration. The range of service alternatives is enormous, from a simple unadorned name registration to a large array of different packages of services.

Perhaps most relevant, VeriSign's once-dominant position in the registrar market has been severely eroded. VeriSign's share of total registrations has fallen to about 50%, its share of new registrations to under 40%, and its share of net new registrations (taking into account non-renewals and transfers) to an even lower level. This trend appears to be continuing in 2001. As a result, the value to the community of legal separation of VeriSign's registrar business from its registry business, perceived in 1999 as potentially very useful and important to creating a competitive registrar market, now appears in 2001 to not be very important—and certainly not of sufficient importance to the Internet community to alone justify an extension of VeriSign's registry contract for all three registries for another four years.

Under these circumstances, early this year ICANN management began to explore with VeriSign contractual alternatives that it felt would better serve the Internet community, and that VeriSign might also find attractive. VeriSign had obviously made the decision that divesting its registrar business was an acceptable price for obtaining an automatic four-year extension of its registry contract, but there were also a variety of reasons why retaining that business was desirable. A sale of its registrar business would likely lead to significant restructuring of that business and to some extent VeriSign's remaining businesses. In addition, complying with the 1999 Agreement in a way that would receive the required concurrence of both ICANN and the DOC that VeriSign had done what was required to obtain that extension might well have required steps that VeriSign would not view as desirable. If either ICANN or the DOC had not concurred, that four-year extension would, at a minimum, have been uncertain, and that uncertainty, for as long as it lasted, would have adverse economic and other consequences for VeriSign. Thus, the ingredients were there for a possible renegotiation of the 1999 Agreement that both sides would see as an improvement over the status quo. Those discussions did take place, and they eventually produced the agreements that have now been approved by the Boards of both ICANN and VeriSign.

2. Comparing the 1999 Agreement with the New Agreements

The proposed amendments can be summarized as follows:

1. The existing Registry Agreement covering .com, .net and .org would be split into three separate Agreements, one for each registry. This is highly desirable, allowing renewal decisions about each registry to be made individually.

2. The .org Registry Agreement would adopt the form of the registry agreements that will be entered into by the new global TLD registry operators. These agreements have been negotiated to reduce as much as possible the kind of ambiguities and uncertainties found in the 1999 Agreement. The present term of the .org Registry Agreement would be shortened by almost one year to December 31, 2002, at which time VeriSign would permanently relinquish its right to operate the .org registry, and an appropriate non-commercial sponsoring organization would be sought (through some ICANN procedure yet to be determined) to assume responsibility for the operation of the registry. In addition, VeriSign would establish an endowment of $5 million for the purpose of funding the reasonable operating expenses of the .org registry by a non-profit entity to be selected through the ICANN process.

3. The .net Registry Agreement would also adopt the form of the registry agreements that will be entered into by the new global TLD registry operators. The term of the .net Registry Agreement would be extended only to January 1, 2006, or twenty-two months shorter than the automatic extension in Section 23 of the 1999 Agreement would produce. At that time, the .net TLD registry would be opened to competitive proposals, under a standard adapted from the existing agreement, but with VeriSign having only the option of rapid arbitration rather than litigation (as in the 1999 Agreement) to review an ICANN decision to select someone else to operate the registry, should that occur. The standard in the new agreement also modifies one existing requirement on selection of an operator beginning in 2006, making it somewhat easier for entrants other than VeriSign to compete.

4. The 1999 Agreement would be amended (1) to provide that it applies only to the .com registry; (2) to conform it in most respects to the template of the registry agreements that will be entered into by the new global TLD registry operators; (3) to extend its term to 2007 (identical with the automatic four year extension provided by Section 23 of the 1999 Agreement); and (4) to provide for renewal of VeriSign's operation of the .com registry in 2007 (but only pursuant to a Registry Agreement that conforms to the standards of other registry agreements in existence at the time), provided VeriSign meets clearly defined standards set forth in the amended Agreement. In addition, VeriSign will commit to invest no less than $200 million in research and development activities, and resulting improvements, in order to increase the efficiency and stability of the .com registry, a portion of which would be devoted to the goal of developing and deploying a truly universal WHOIS service covering all Top Level Domains, not just .com/.net/.org. The net effect of these changes is to grant the four-year extension already contemplated by Section 23 for .com only, to encourage investments aimed at improving the operational functionality and stability of the .com registry and developing a more useful WHOIS service, to create clear standards by which VeriSign can "earn" a renewal after 2007, and (by 2007) otherwise to fully conform the .com Registry Agreement to the standard of all other global registry agreements.

5. Separation of legal ownership of the VeriSign registry and registrar businesses would not be required, but VeriSign would agree to continue the structural separation described above for the term of these new Agreements. In addition, the present structural separation would be reinforced by the additional requirement that VeriSign's registrar operations be placed in a separate subsidiary company. A relevant fact in this regard is that the registry agreement that has been developed for other global TLDs requires only the same structural, not ownership, separation of registrar functions from registry functions. This reflects ICANN's belief that there is little if any additional competitive value under today's and likely future market circumstances in forbidding the registry operator from also being a registrar, so long as it is done in such a way so as to protect against discrimination by the registry in favor of its affiliated registrar.

6. In all three of these new registry agreements, the existing limits on VeriSign's responsibility to share in the cost recovery efforts of ICANN would be amended to conform to the relevant provisions of the registry agreements that have been negotiated with the new global TLD registry operators. This would have the practical effect of eliminating the special treatment of VeriSign in the cost recovery process, and placing it on the same footing as all other registry operators with respect to the obligation to provide financial support to ICANN.

ICANN's management and Board believe these new agreements offer many significant benefits to the community—not the least of which is that they would lead to regularizing the contractual and financial relationship between VeriSign and ICANN so that they are in most respects the same as that of any other registry operator or registrar. The elimination of special rules or provisions dealing with VeriSign is an important step forward in the maturation of the ICANN process, and toward ensuring ICANN's ability to effectively serve the consensus development role with respect to the DNS for which it was created. It will also contribute meaningfully to ICANN's ability to effectively carry out its primary mission—to protect and promote the stability of the Domain Name System.

In addition, the separation of the .org registry and the ability to cause it to be operated by an independent registry operator, especially with a financial structure that ensures its cost-effective operation, and the separation of the renewal arrangements for .net from those for .com by opening up .net to competitive proposals two years before that would happen under the existing agreement, are also significant benefits to the community. Finally, VeriSign's commitment to make significant investments in the more efficient and effective performance of these registries, and to invest in the development of a universal WHOIS, are clearly important community benefits, since the stability and performance of those registries and the availability of a truly universal WHOIS are of great importance to the effective functioning of the DNS.

In return for these various commitments, VeriSign would be allowed to continue to act as a registrar on the same terms as all other registry operators, and have the ability to earn the right to continue as the .com registry operator after the current agreement expires. On the first point, in today's market conditions there is no significant benefit to the community in prohibiting VeriSign from doing what every other generic TLD registry operator will be permitted to do—operate as a registrar so long as that business operation remains appropriately separate from the registry business, and there is non-discriminatory treatment by the registry of all accredited registrars.

With respect to the mechanism for determining its right to continue to operate the .com registry, this also seems appropriate under the circumstances. Absent countervailing reasons, there is little public benefit, and some significant potential for disruption, in regular changes of a registry operator. In addition, a significant chance of losing the right to operate the registry after a short period, possibly for presently unarticulated reasons, creates adverse incentives to favor short-term gain over the long-term investment that is so important to operation of such a vital registry as .com. On the other hand, the community, acting through ICANN, must have the ability to replace a registry operator that is not adequately serving the community in the operation of a registry.

These objectives are not new—indeed, the terms of the existing agreement strongly favor renewal of VeriSign as the continuing operator not only of .com, but of .net and .org as well. Unfortunately, the terms of the current agreement also place a high barrier for any other applicant to overcome and make it difficult for ICANN to contest VeriSign's favored position. What is new about the new .com agreement is that it is much clearer in articulating the conditions that VeriSign must meet to obtain a renewal of this important registry.

The registry agreements for the new TLDs try to balance these objectives in a slightly different way, by creating a fixed term with an open renewal period, but allowing a right of first offer to the existing operator. In addition, they require compensation from any successor operator for the future revenue streams properly traceable to investments by the former operator. With respect to the .com registry, its size makes a change in the registry operator more significant than for smaller registries, and potentially more disruptive. Therefore, more clearly stated conditions for renewal for this registry, assuming that the stated criteria of service to the community have been met and can reasonably be predicted to be met during the renewal period, are appropriate. This leaves the ICANN Board the ability to change the operator if necessary, but only if it can demonstrate that such a change would better serve the community. This seems an appropriate balance in these particular circumstances.

3. The ICANN Process

Most of the public discussion about these new agreements has focused not on their substantive merits but on the process by which they were generated and under which the ICANN Board made its ultimate decision to approve them. Thus, I want to describe in detail the process by which these new agreements came about, and how the Board went about gathering input and suggestions from the global Internet community.

The discussions about a possible change in the basic ICANN/VeriSign agreement grew out of discussions, going back to late last summer, about VeriSign's plans to divest its registrar business in order to obtain the automatic four-year extension of its registry contract set forth in the 1999 Agreement. Since VeriSign needed ICANN's approval of the steps it took to make that divestiture, it provided ICANN with regular updates on its progress, and ICANN in turn reacted to what it was being told by making its views clear on what would be required in order to comply with the 1999 Agreement. While there were very desultory discussions of possible alternatives to sale of the registrar, there were no discussions of anything that ICANN management viewed as serious possible options for a new agreement until roughly the beginning of February of 2001. Once those negotiations began, they were moved forward as quickly as possible, and were finally concluded with a set of proposed new agreements that ICANN management was prepared to recommend to the ICANN Board and the community on February 28. They were posted on the ICANN website for public review and comment the next day, March 1, 2001.

The next ICANN quarterly public meeting was scheduled for Melbourne, Australia beginning on March 10, culminating with the ICANN Board Public Forum on March 12 and the open ICANN Board meeting on March 13. ICANN management, after consultation with ICANN's Board Chairman Vint Cerf, concluded that it was not appropriate to schedule a Board decision on accepting the new agreements for the March 13 meeting, since that would provide only about two weeks of public review and comment before the vote; where feasible, ICANN's practice has been to provide a minimum of 30 days for public review and comment about important issues prior to a Board decision. Thus, the matter was placed on the agenda for both the Public Forum and the Board meeting, but for discussion only, not for decision.

Still, a decision was required fairly promptly. Under the 1999 Agreement, VeriSign was required to have completed its divestiture, and the acquiring entity to have entered an agreement with both ICANN and the DOC agreeing to accept the contractual responsibilities of NSI/VeriSign under the 1999 Agreement, prior to May 10, 2001 in order for VeriSign to obtain the automatic four-year extension of its registry contract. VeriSign not unreasonably took the position that, in order to preserve its practical option to complete those requirements in time to qualify under the 1999 Agreement, it was necessary for both ICANN and the DOC to come to a decision on the proposed new agreements enough prior to May 10 so that, if for some reason they were not accepted, VeriSign would still be able to comply with the requirements of the 1999 Agreement and obtain the desired extension. As a result, and because it was consistent with its general past practice, ICANN determined to schedule a Board vote on the proposed new agreements on April 2, slightly over 30 days from the original posting. In the meantime, both before and after the Melbourne meeting, ICANN management posted numerous analyses and answers to frequently asked questions (FAQs) relating to the new agreements, participated in numerous meetings of various ICANN and other bodies to answer questions about the new agreements, and established an electronic public comment forum that generated approximately 700 comments prior to the April 2 Board decision.

Notwithstanding these efforts to provide information and seek input, some in the ICANN community continued to express their dissatisfaction with the deficiencies, as they saw them, with the process for generating and dealing with the new agreements. These concerns can be broadly grouped into two separate categories: (1) unhappiness with the short period available, especially before the Melbourne meeting, to review the proposed new agreements; and (2) a concern that the relevant ICANN constituent entities, especially the DNSO constituencies and the DNSO Names Council, had not been appropriately involved in what some saw as important "policy" decisions. Let me treat each of these in turn.

Shortness of time. In fact, some 32 days passed between the public posting of these new agreements and the ICANN Board's final decision to accept them. As a general proposition, this is consistent with both the historical practice of ICANN and a practical compromise between time for the community to review and comment on proposed actions by the ICANN Board and the reality that any time limit must balance a variety of interests, including the interests to be served by the proposed Board action. Having said that, in this particular case it would have been desirable to have had more time for the community to review and comment on the new agreements. The fact that the Melbourne meeting took place during this 32-day period, given the travel and other logistics involved in attending that meeting, meant that for many some portion of those 32 days was not practically available for this purpose. In addition, these contracts are necessarily complex legal documents; especially for those non-native English speakers in the ICANN community, the substance of these agreements was not easily accessible. While the various explanations by ICANN management and staff undoubtedly were useful, they probably did not produce as much understanding as would have more time to study the documents.

Unfortunately, for the reasons outlined above, there was no more time available. VeriSign had made it clear that it would not agree to any extension of the May 10 deadline, explaining that, as a public company, it could not absorb continued uncertainty about its future structure. Its position was that, if the new agreements could not be implemented prior to May 10, it wanted to proceed under the original 1999 Agreement. While it is never possible to be certain, ICANN management were persuaded that it was likely that VeriSign would adhere to that position. Since approval of the new agreements required both ICANN Board and DOC action, and since it would obviously require some time to proceed under the 1999 Agreement if either did not accept the proposed new agreements, a decision by the ICANN Board by around the beginning of April—about a month before the deadline—was as late as these practical considerations would allow. Thus, the Board set April 2 as the date on which it would take action, concluding that the 32-day period for public review and comment that schedule produced was not optimal but was sufficient to enable community input to the Board.

Sometimes real world practical considerations interfere with what would otherwise be desirable goals and practices, and this certainly was the case here. It would have been desirable to have seen the negotiations between ICANN and VeriSign come to a conclusion sooner, but they did not. It would have been desirable to have been able to provide more time for review and comment; still, that time did include the intensive period of the Melbourne meeting, and thus there was without question much more direct interaction between various elements of the community and ICANN management and staff than would have been possible in the absence of a previously scheduled meeting. Given all the circumstances, the Board did receive the benefit of informed community input, and that input obviously had an impact, as can be seen by the additional commitments that ICANN management was able to obtain from VeriSign as a direct result of the input.

These additional commitments, agreed to following the public comment period and directly responsive to comments received, include the following:

1. VeriSign agreed that a goal of its commitment to $200 million in research & development and infrastructure spending would be the development of a truly universal WHOIS service that would function effectively across all Top Level Domains, not just the .com/.net/.org registries operated by VeriSign. This was a particular focus of comments from the business and intellectual property communities.

2. VeriSign agreed to the addition of a system of monetary sanctions for violations of the various structural separation requirements relating to its registrar business. This was designed to respond to the continuing concerns expressed about the common ownership of both registry and registrar businesses.

3. VeriSign agreed to several operational changes responsive to concerns raised in particular by competitive registrars. These include:

  • greater advance notice of new or significantly changed registry services;
  • elimination of the risk that VeriSign would create a volume discount schedule that favored its own registrar business, which is the largest registrar;
  • elimination of the fee charged to newly accredited registrars for initial access to the VeriSign registry's Shared Registration System software; and
  • agreement to make changes in the registry database required by the failure of a registrar business and the transfer of those names to another registrar when ICANN certifies that such action would promote stability; such changes would be at no charge unless the number of names affected exceeded 50,000, and at a one-time modest fee for changes exceeding that number.

All of these additional commitments were directly responsive to community input during the 30 days preceding a final decision by the ICANN Board. They are the best evidence that, notwithstanding the need for continuing process improvements, the ICANN process works to provide a platform for broad Internet community participation in important decisions relating to the DNS.

The "policy" issue. The more conceptual issue of the precise role of the various constituent entities of ICANN in decisions such as the acceptance of the new VeriSign agreements is a complex one, resting ultimately on interpretations of ICANN bylaw provisions, and the proper distinction between what is "policy" and what is just interesting and/or important. But more broadly, it reflects an important continuing debate within ICANN about what "bottom-up" policy development really means, and about the best way to generate community consensus. It therefore deserves some attention in this communication, because how this debate is resolved has important implications for ICANN's future effectiveness.

It has been a basic tenet of ICANN since even before its creation that it should, to the maximum extent possible, develop the policies under which it provides technical management services for the Internet in a bottom-up fashion—generating Internet community consensus through debate and discussion of all affected stakeholders that finally produces a consensus solution that can be ratified or recognized by the Board. To facilitate this, ICANN has developed as a collection of constituent units: three Supporting Organizations, each one made up of multiple member organizations or constituencies; the Government Advisory Committee, consisting of interested representatives of the world's governments (who are by ICANN's bylaws prohibited from holding positions on ICANN's Board itself); the Root Server Security Advisory Committee, consisting of all the root server operators in the world and related technical experts, which advises ICANN on the technical operation of the root server system; and a variety of other advisory groups. Its Board is selected through a very open and participatory process, with each of the Supporting Organizations selecting three Directors and nine At Large Directors (five of which were selected last year by an online vote of a self-selected ICANN "membership" and four of which remain from the original ICANN founding Directors). An At Large Study Committee headed by the former Prime Minister of Sweden, Carl Bildt, is currently attempting to forge what has so far proven to be an elusive consensus in the community on how to provide appropriate input by the general Internet user population, which may not be aware of the details of the ICANN mission but which is certainly affected by its decisions and therefore should have a vehicle for appropriate input.

In an effort to institutionalize this bottom-up consensus development approach, the ICANN bylaws provide that the Supporting Organizations "shall serve as advisory bodies to the Board, with the primary responsibility for developing and recommending substantive policies regarding those matters falling within their specific responsibilities …." The Supporting Organization most relevant to the VeriSign agreement issues is the Domain Name Supporting Organization, which under the ICANN bylaws "shall advise the Board with respect to policy issues relating to the Domain Name System." Pursuant to the bylaws, the ICANN Board refers policy issues to the appropriate Supporting Organization for it to manage a consensus development process related to those issues, and any consensus policy properly developed by a Supporting Organization and recommended to the ICANN Board is adopted by the Board unless the Board finds that some other action is "necessary or appropriate to further the purposes of the Corporation." Thus, the default position for policy matters in ICANN is for the primary responsibility for developing consensus to come from the Supporting Organization up to the Board, or if from the Board, to be referred to the relevant Supporting Organization for its appropriate action.

Development and adoption of policies, of course, is only a part of ICANN's role. ICANN is also responsible for the technical tasks that are necessary to provide for stable operation of the Internet—allocation of unique parameter values and operational coordination of the authoritative root-server system—and the various other operational tasks inherent in managing any organization. These other responsibilities are intended to be carried out in conformity with the policies that are developed by the ICANN consensus process, but that does not mean that all of ICANN's operational tasks can or should be undertaken through the same bottom-up way that consensus policies are developed. Carrying out the operations of ICANN in conformity with the policies that have been adopted—whether by entering contracts or by assigning unique values to particular companies or by operating the necessary computer systems—is the responsibility of ICANN's Board, and for this purpose it has hired management and staff to perform day-to-day operations.

This is perfectly consistent with the basic principle of bottom-up consensus policy development; not everything is a policy that requires or is amenable to consensus decision making—an office space lease, for example—and after all, the ICANN Board is itself the product of a bottom-up selection process from the entirety of the Internet community. Still, given ICANN's mission and approach, it has been the practice of ICANN management and the ICANN Board to seek to provide public notice of any meaningful action it was planning to take, and to allow for public comment and reaction to that notice to the extent practicable. Thus, while "policy" matters have a clear path that formally involves the relevant ICANN constituent units such as the Supporting Organizations, all matters of general public interest are, as a matter of practice, undertaken with the maximum practicable amount of public notice and input. ICANN is, both under its bylaws and as its core philosophy, an "open and transparent" organization. It was for this reason that ICANN specifically invited each of its Supporting Organizations to offer any comments on the VeriSign agreements on March 1—the day they were posted on ICANN's website.

I apologize for this long and arcane recitation of bylaws and procedures, but it sets the context for what was one of the most contentious issues relating to the VeriSign contract amendments: whether they amounted to the kind of "policy" matters that should, in the first instance, be referred to the Domain Names Supporting Organization. The DNSO's Names Council, the coordinating body for the DNSO, adopted a resolution to this effect at its meeting in Melbourne, and at least some on the Names Council apparently felt strongly that ICANN management had somehow inappropriately cut the Names Council out of the negotiation of these new agreements. At least part of this was a reaction to what some on the Names Council viewed as one particular and important change in "policy" resulting from the agreements—allowing VeriSign to continue to operate both a registry and a registrar business.

At its meeting in Melbourne, the ICANN Board responded to these concerns by specifically inviting substantive comments from entire Internet community, and asking again for comments from the Names Council or the individual constituencies that make up the DNSO. Each of the constituencies in fact produced a response, and the Names Council itself then adopted three separate substantive resolutions, only one of which had the requisite two-thirds support of the Names Council to even arguably be considered a consensus recommendation. The first resolution, adopted by a 15-1 vote, expressed concern about "the lack of earlier consultation" and identified several areas of particular concern, including whether the current competitive climate was likely to continue in the future, the speed of the separation of .org and .net, the provision of WHOIS services, and "structural safeguards to prevent potential abuse of dominant market power." The second resolution, that received plurality support of less than half the Names Council members, stated that if forced to choose between the existing 1999 Agreement and the proposed new agreements as then written, the NC "reluctantly" chose the former. The third resolution gained a bare majority of the Names Council members, and proposed several specific changes in the new agreements that, if adopted, would create a "win-win position for ICANN and the Internet community;" these included earmarking a specified portion of VeriSign's research & development commitment to the development of a centralized WHOIS for .com/.net/.org, earlier separation of .net, and "enforceable safeguards, with an ultimate sanction of divestment of the dot com registry and registrar, regarding the potential for abuse of dominant position." Finally, the Names Council voted 16-0 to forward on to the ICANN Board the individual positions of its member constituencies.

As this recitation indicates, the ultimate Names Council recommendations to ICANN are, in general, not focused on "policy" issues, but rather are suggestions about how the proposed new agreements could be modified, by changing contractual dates and the like, to make them better agreements in the view of those supporting the resolutions. These expressions are certainly important, but they can hardly be described as representing the kinds of policy issues that are, pursuant to ICANN's bylaws, the initial responsibility of the DNSO within the ICANN structure. The only issue that has been prominently mentioned in this discussion that could even arguably be termed a "policy" matter is the issue of common ownership of registry and registrar businesses. Thus, it is useful to focus on that point to illustrate why the ICANN Board and management concluded that the proposed new agreements were operational, not policy, matters.

ICANN has never adopted any policy relating to the operation or ownership of a registry and registrar by the same entity. Currently, the contract between VeriSign/NSI and ICANN that designates VeriSign as the registry operator for com/net/org until November 2003 permits VeriSign to continue to simultaneously operate as a registrar for those domains, so long as it complies with a rigorous policy of internal separation designed to minimize the risk that its registrar business would receive favorable treatment from the registries it operates. Assuming VeriSign chose to retain the status quo, the 1999 Agreement would permit it to operate as both registry operator and registrar until at least November 2003, at which time the registries would come up for renewal.

Nothing in the 1999 Agreement says anything about VeriSign not being eligible to seek renewal if it continues to operate its registrar business; in fact, the silence on this point would generally be thought to mean that VeriSign would be fully eligible to seek renewal while continuing to operate its registrar business. In short, the 1999 Agreement does not explicitly state any policy prohibiting or discouraging the operation of a registrar business by a registry operator, and it could be argued that it implicitly accepts such a combination, since it does not disqualify VeriSign or anyone else that operates a registrar business from seeking to be the registry operator when the contract comes up for renewal in November 2003. An ICANN consensus policy, by contrast, is something that has been generated through the ICANN consensus policy development process, produced a documentary record of the consensus position and any significant opposition, and has been determined by the ICANN Board to be consistent with the mission and objectives of ICANN. An ICANN consensus policy requiring separate ownership of registries and registrars would clearly be a change from the historic status quo; no such requirement has existed in the history of the Internet. Obviously, the ICANN/NSI contract, even if read to require registry-registrar separation, would not even remotely qualify as an ICANN consensus policy.

What seems to have confused some people is the provision in the 1999 Agreement that extends the term of the registry operator (whether VeriSign or anyone else) by an additional four years if the registry and registrar businesses are legally separated. This was included as an inducement for separation, since at the time (November 1999) it was not clear how registrar competition would develop. Thus, the thought was that it might be useful (and perhaps even necessary) to the generation of registrar competition to have total legal separation of the registrar and registry businesses, as opposed to the internal separation that the contract requires. But this is not a requirement; it is an option, totally up to VeriSign to choose or not as it sees fit; since VeriSign has the option to continue without legal separation (and without an automatic extension), it can hardly be said that the contract compels legal separation. Nor can it reasonably be argued that the option offered to VeriSign amounts to a policy decision by ICANN that separation is essential or even desirable. It was included solely as an additional incentive to encourage registrar competition, and nothing more. There was no Board decision adopting legal separation as a policy; if there had been, this contract would not have complied with that policy. Thus, it cannot be said that this contract amounted to a policy decision by ICANN on this issue, since it clearly contemplated both possibilities.

In addition, there is nothing in the U.S. Government's White Paper that led up to the creation of ICANN, or the Memorandum of Understanding between ICANN and the Department of Commerce, or in ICANN's bylaws that sets forth any preference, much less any policy, against common ownership of registry and registrar. The only reference that can be found in any of the original documents is in the U.S. Government's Green Paper, the predecessor to the White Paper, which states that "If a registry wishes to act as both registry and registrar for the same TLD, it must do so through separate subsidiaries." Thus, none of ICANN's founding documents reflect any policy requiring separate ownership of registrar and registry, and to the extent there is any reference at all, it contemplates that common ownership could occur under appropriate circumstances. In fact, the proposed new VeriSign agreements, as is the case with all the agreements with the operators of the new TLDs recently designated by ICANN, require that any registry operator that also chooses to operate a registrar business must do so through a separate subsidiary, and in addition follow very strict non-discrimination criteria set out in the agreements and their appendices.

Thus, there is no ICANN policy on this issue in existence today; there is simply a contract that allows for separate or common ownership as alternatives. Nor would the new agreements (or for that matter the new TLD agreements, which have similar provisions) amount to policy decisions. In the absence of an ICANN policy, no contract can establish policy; ICANN policies are established through the ICANN consensus development process.

As this demonstrates, the issue of whether, as a matter of ICANN policy, registry operators should not be allowed to also be registrars is an open one. It was not decided by the initial ICANN/NSI agreement, and it will not be decided by either the proposed VeriSign amendments or the contracts for the new TLDs. It will remain an open issue until and if the ICANN Board adopts a specific policy on this issue, and that process could be initiated at any time by the DNSO making an appropriate demonstration that there is a community consensus on this issue. The DNSO has never even started the consensus-development process that would lead up to such a recommendation and thus it is simply incorrect to assert that these contractual agreements amount to policy decisions. They are contractual agreements; by their terms they must comply with ICANN policies, but they do not set ICANN policies.

Of course, as a practical matter, referring the negotiation of these agreements to the DNSO for a full consensus development process would have been impossible. The DNSO is not equipped for or capable of negotiating contracts with registry operators; that is the job of ICANN management and its legal counsel. The notion that somehow the DNSO or other constituent parts of ICANN should or could be involved in early-stage contract negotiations with a public company, with the requisite confidentiality, securities law obligations, and complexities of significant commercial negotiations, ignores the need for ICANN to carry out its operational tasks in a timely and effective way. On the other hand, the DNSO, the Names Council and all other members of the ICANN community of course should have the right to be informed as soon as practical about such developments, and to offer their input on the merits of the proposed agreements before the Board takes any final decision. That in fact was done and did happen, and the final agreements included additional commitments by VeriSign that were responsive to that input.


Comments concerning the layout, construction and functionality of this site
should be sent to webmaster@icann.org.

Page Updated 16-April-2001
(c) 2001 The Internet Corporation for Assigned Names and Numbers All rights reserved.