[ISN] Security Concerns Boosted VeriSign's Dot-Net Bid
isn at c4i.org
Tue Apr 19 09:14:04 EDT 2005
By David McGuire
washingtonpost.com Staff Writer
April 18, 2005
When the nonprofit organization that oversees the Internet's domain
name system announced last month that the world's fourth largest
domain would remain in the hands of VeriSign Inc., technology workers
and Internet policy wonks around the world were incredulous, wondering
aloud how the company had managed to navigate a process that was, in
many ways, designed to reduce its hold on key pieces of Internet real
Online message boards lit up with rants and conspiracy theories about
how VeriSign had managed to keep dot-net -- a vital piece of the
Internet's infrastructure, particularly in the United States where
major Internet service providers like Verizon and Comcast have
assigned millions of dot-net e-mail accounts to their customers.
"I would give the job to Microsoft before I'd willingly let VeriSign
have another crack at it, and that's not something I'd say lightly. If
they built cars, people would have died in the VerisSgn Pinto," one
angry poster wrote on Slashdot.org, a message board and news site that
caters to the technology audience.
Other message boards swelled with accusations that VeriSign had
inappropriate connections with the technical team that evaluated the
company's proposal to continue managing dot-net, or that VeriSign had
somehow bullied Internet authorities into compliance.
But experts who closely follow VeriSign and the Internet domain market
say the Mountain View, Calif.-based company owes its latest coup to a
savvy lobbying effort in which VeriSign worked through the press and
with its industry allies to play up already heightened concerns about
the stability and security of the Internet.
"Competition isn't the only parameter of concern. Security and
stability are also issues of concern," said Vinton Cerf, chairman of
the Internet Corporation for Assigned Names and Numbers (ICANN), the
Marina Del Rey, Calif.-based group that was commissioned by the U.S.
government in 1998 to oversee the domain name system. "It's not clear
to me anymore that competition comes from binding a top-level domain
to a particular operator," Cerf told reporters at an ICANN meeting
earlier this month, a few days after the dot-net decision was
Cerf's comments were surprising to some observers, as he heads a group
that was created with the express mission of breaking up the near
monopoly on domain name management maintained at that time by Network
Solutions, a company VeriSign bought in 2000.
"It's shocking because ICANN and VeriSign basically hate each other
and have hated each other since [ICANN's] inception," said Milton
Mueller, an information studies professor at Syracuse University and
author of a book about Internet governance. "VeriSign basically had to
be bludgeoned into accepting ICANN as the administrator of the domain
name system, and ICANN has always been run by people fundamentally
hostile to VeriSign."
ICANN and VeriSign have locked horns in courtrooms, at negotiating
tables and even before Congress, as the company has sought to protect
its valuable domain name business. The bad blood between the two sides
boiled over last year when VeriSign sued ICANN after ICANN officials
forced the company to jettison a controversial search service called
Site Finder. That suit is still pending in California.
But in the post-Sept. 11 world, VeriSign found itself in a strong
position to play on ICANN's realigned focus on protecting the
stability of the global Internet infrastructure. When ICANN put out
its request for dot-net bids last December, the group made security
and technical competence two of its top requirements for the next
dot-net operator. Telcordia, the company chosen by ICANN to review the
dot-net bids, ranked the criteria it used to judge bidders by
importance -- high, medium or low. The ability to run a secure and
stable registry was ranked "high," while promoting greater competition
Prior to the January deadline for submitting dot-net bids, VeriSign
began pleading its case to reporters, touting the importance of the
domain and warning of the disruptions that could occur if the domain
were ever to go down for any substantial length of time -- something
that hasn't occurred under VeriSign's stewardship.
"During the period we've been operating dot-net, we've run it at the
highest level," Mark McLaughlin, the general manager of naming and
directory services for VeriSign said in January. "By definition,
changing [the] operator would create the possibility for adding a
great deal of instability to the system."
"We believed this was a big decision on ICANN's part, and we certainly
wanted people to focus on that decision. We wanted people to
scrutinize our bid. We wanted people to scrutinize other bids, and we
wanted people to scrutinize the process that ICANN used," said Tom
Galvin, who was VeriSign's vice president of government relations when
the bids were submitted and now works as an outside consultant for the
VeriSign also garnered support from some of the nation's largest
high-tech companies, including Microsoft, Sun Microsystems and MCI,
each of which sent letters to ICANN backing VeriSign's track record on
security. Galvin said ICANN didn't do any formal briefings with those
companies, but rather had informal conversations about the issue. In
some cases, Galvin said the companies offered to write letters
support, and in others VeriSign asked for them.
"For the .net registry operator to be less than dependable would harm
business growth and could endanger the commerce that runs across the
Internet Infrastructure," Microsoft Chief Technical Officer Craig
Mundie wrote in a letter to ICANN last July. "We endorse VeriSign's
performance to date and we hope they will continue to operate the .net
The four other groups that submitted bids for dot-net responded that
VeriSign was fear mongering. "There's no question that dot-net helps
underpin the Internet. The one [assertion] that strikes me as
incongruous is that if you touch dot-net, everything will fall apart,"
Ram Mohan, chief technical officer of Afilias, said last October.
Based in Dublin, Afilias finished third in the five-way dot-net race.
A Valuable Line of Business
The domain name market is lucrative for the largest Internet
registries and registrars, the companies that sell and catalog
Internet addresses. Starting in 1999 when ICANN began the process of
breaking up Network Solutions's monopoly, it focused on the retail
side of the business. At the time Network Solutions was sole
wholesaler (registry) and the sole retailer (registrar) for Internet
addresses ending in dot-com, dot-net and dot-org.
In order to give consumers more choices and spur price competition for
Internet addresses, ICANN created several new registrars, requiring
Network Solutions to offer the new companies a fixed wholesale rate of
$6 per domain per year. The move opened the domain name market to
hundreds of companies (ICANN has now accredited more than 400
registrars), helping drive the annual price of an Internet address
down from a fixed $35 to less than $10 in many cases. VeriSign left
the retail business altogether in 2003 when it spun off its Network
VeriSign's share price climbed $1.40 to close at $27.40 the day after
ICANN announced that dot-net would remain where it is, reflecting the
importance some investors placed on the company maintaining a leading
role the domain name market. "It's meaningful in terms of the bragging
rights. It's not meaningful in terms of stand-alone revenue, but
losing it would puncture a hole in VeriSign's story about how unique
they are," Merrill Lynch analyst Ed Maguire said.
The dot-net operation generates about $30 million in revenue a year
for VeriSign -- not a vast sum compared with the nearly $1.2 billion
in revenues and $186 million in profits the company reported in 2004.
Scott Sutherland, an analyst at Wedbush Morgan, said losing the domain
could have panicked some investors, who may have taken it as a sign
that VeriSign would eventually lose dot-com as well. That's unlikely,
since VeriSign's contract to run dot-com presumes that the company
will retain control of the domain indefinitely unless it does
something to warrant having it taken away, but Sutherland said winning
the dot-net contract is likely to quell investors' concerns on that
front. The dot-com registry generates more than $150 million a year
Also, while dot-net may not contribute a large revenue stream, Maguire
and Sutherland noted it is an extremely profitable line of business
because the technology required to run the registry is already in
place. The two analysts don't own stock in VeriSign and their firms
don't provide investment-banking services for the company.
While it was stressing security in its dot-net bid, VeriSign also
argued that competition at the consumer level wouldn't necessarily be
served by moving the domain to another operator -- saying that from a
consumer standpoint it's more important to bolster competition at the
"I don't think this was a choice between security and competition,
security and stability are important, but Telcordia gave VeriSign its
highest score for competition," McLaughlin said.
But even the choice of Telcordia as the evaluator has raised some
hackles among VeriSign and ICANN critics.
Telcordia is owned by Science Applications International Corporation,
a company that once owned a piece of Network Solutions. Although
Telcordia fully disclosed its historic ties before the dot-net
evaluation began, the company couldn't help but view VeriSign in a
favorable light, said Paul Vixie, president of the Redwood City,
Calif.-based Internet Systems Consortium, a company that publishes a
key piece of Internet software.
"Telcordia shares a lot of corporate DNA with VeriSign. They're the
same type of people, and they do things in the same general way, and
these evaluations are really smell tests. ... [ICANN] picked someone
who would recognize VeriSign as someone who was like themselves,"
ICANN spokesman Kieran Baker said ICANN didn't go forward with the
evaluation process until all the bidders were satisfied that Telcordia
could render an unbiased evaluation.
But in the wake of the decision in VeriSign's favor, at least three of
the four losing bidders have filed formal complaints about some
portion of the evaluation process, and all five bidders told ICANN
that they'd be submitting written comments on the evaluation process.
DeNic, the company that operates Germany's sovereign dot-de, the
world's second-largest Internet domain behind dot-com, has been vocal
about its unhappiness with the process.
"We will comment on these issues, but I'm not sure we'll do further
complaints, because we don't think it will change the results. But
we're disappointed that ICANN and Telcordia did not take the
opportunity to run this process more properly," DeNic director Sabine
Dolderer said. DeNic complained that Telcordia misstated information
about DeNic's in-house technology in the first draft of the report.
Telcordia issued an amended report that did not change DeNic's
ranking, which was fourth out of five.
Sentan, the joint venture between Sterling Va.-based NeuStar and Japan
Registry Services, which runs Japan's sovereign dot-jp domain, placed
second in the dot-net bidding process. Sentan wrote a letter to ICANN
voicing concerns about the selection process, but other than that has
remained fairly silent.
VeriSign's current contract to run dot-net expires June 30, and ICANN
expects to complete negotiations in the next couple weeks. The ICANN
board of directors must approve the final deal, and the U.S.
Department of Commerce will then have the final say, but in recent
years, the department has gone along with every major decision by the
ICANN board. The agency declined to comment on the dot-net issue.
More information about the ISN