We, the public, just won a battle. But the war for internet governance that actually represents the public interest is far from over. This could be a turning point or a minor blip that the entrenched interests laugh about years from now.
The big news today is that ICANN withheld consent for a change of control of the Public Interest Registry (PIR). This effectively kills the deal where Ethos Capital, a private equity firm being run by ICANN insiders, tried to buy the rights to run .ORG from The Internet Society (ISOC) for 1.135 billion dollars.
First, let's celebrate. The non profit community and the general public just had a small victory at ICANN. I am not sure the last time the public interest was actually well represented in a major ICANN decision where substantial amounts of money was at stake. This is a historic win for the public good and I couldn't be happier about that. With that said, it's time to look at what happened.
What reasons did ICANN cite for its rejection?
The decision to reject lists a multitude of reasons for why the deal shouldn't go through. It only delayed the decision after a letter from the Attorney General of California, Xavier Becerra which unequivocally stated "Given the concerns stated above, and based on the information provided, the .ORG registry and the global Internet community – of which innumerable Californians are a part – are better served if ICANN withholds approval of the proposed sale and transfer of PIR and the .ORG registry to the private equity firm Ethos Capital." (emphasis added)
The primary reasons ICANN gave consideration to according to their statement can be summarized as follows:
- For profit ownership vs non-profit ownership of PIR.
- PIR being converted from a non profit into a for profit entity.
- $360 million of debt being taken on that will need to be serviced
- Untested Stewardship Council / Why can't non profit PIR pursue new business interests
- ICANN being made responsible for handling disputes
The first three issues are directly addressed in the Becerra letter. I don't think it's a mistake that these are listed first. They are the most easy to understand and see the problem with.
The 4th and 5th issues are a bit trickier to understand. The stewardship council was Ethos Capital's way of trying to placate the non profit community by saying you will have a voice in our decision making. Believing that voice would outweigh the interests of the investors would be a mistake. Let's not mince words, Ethos are here to make money. Trusting a private equity firm to choose between the public good and profit is a trusting a fox to watch the hen house. A terrible mistake, no matter what the fox pleads.
The 5th issue is about dispute handling and public interest commitments. I am not an expert but you can read this very detailed piece by Kathy Kleinman about them. Kathy absolutely rips them apart in a way that only a lawyer, who also used to be the public policy director for PIR and has been involved in ICANN for decades can. Kathy's piece is a masterpiece of critical thinking and evidence showing us why these commitments shouldn't be taken seriously.
In conclusion, ICANN wrote "ICANN's actions are thereby in accordance with ICANN's Articles of Incorporation and Bylaws' public interest mandates, and are also aligned with how the CA-AGO explained his views of the public interest." The California AG saved .org.
What issues did ICANN not address in its rejection?
While it's important to see what the public reasoning for the rejection are, it's also important to take a moment and talk about what wasn't talked about.
The most glaring omission is the event which precipitated this whole saga. "Proposed Renewal of .org Registry Agreement" which sounds innocuous but contained this language, "In alignment with the base registry agreement, the price cap provisions in the current .org agreement, which limited the price of registrations and allowable price increases for registrations, are removed from the .org renewal agreement." That sentence is what got me involved with this entire issue after reading about it on Hacker News. This was one of the largest public comments ICANN ever received as far as I know (only later to be surpassed by the .com renewal public comment which tripled its opposition for the same issue on a different registry). What did the public tell ICANN? No. We are against this. I analyzed the comments and wrote about it in The Case for Regulatory Capture at ICANN. That article was ultimately cited in the Becerra letter because in over 3000 comments, I could only find six (6!) in favor. With many of them having ties to registry operators.
Some might argue that the events are unrelated. Specifically ISOC and Ethos Capital would make those arguments. Whether one could prove they were or were not is another matter, but the removal of price caps opened the door to the opportunity for higher levels of rent seeking. ICANN's latest mantra of 'we are not a price regulator' is inline with the legacy TLD registry operators' interests, which brings us to the second major problem and omission.
The other major issue is ICANN mentions 'supporting the multistakeholder model' but doesn't mention the complete absence of it during this whole process. The registry agreements for .org and now .com were pre-negotiated by ICANN staff, without discussion or input from the stakeholders. They were approved rapidly with no changes despite overwhelming opposition (98%+ in both cases). The .com agreement was passed within a day during a pandemic after being given a staff report which said "The comments about the proposed changes to
the maximum allowable wholesale price for .COM registry services were nearly unanimous in
voicing disagreement or concern though they provided a variety of reasons why they are
against the change." ICANN doesn't care about the multistakeholder model other than as a token way to try to appear like a responsible steward of the DNS. What kind of multistakeholder model can in good faith take nearly unanimous disagreement and go against it. Regulatory capture is still alive and well at ICANN and ICANN doesn't seem interested in addressing it.
What I've been seeing in the lead up to this decision is a public campaign by people affiliated with registries (VeriSign and PIR) and one message (1, 2, 3) they are trying to push is/was giving up control to California AG is dangerous for ICANN in the long run. Let's be clear why it's dangerous: it means real oversight and accountability to ICANN's public charter: "ICANN must operate in a manner consistent with these Bylaws for the benefit of the Internet community as a whole."
ICANN spent years trying to free itself from the US Government and argued it would be a responsible self-governing entity accountable to the multistakeholder process and represent the public interest for the benefit of everyone. It sounds nice, it was an aspirational goal. When you look at the names who lobbied for it in front of Congress - Steve Del Bianco and Jonathan Zuck, they were VeriSign lobbyists. Steve still is. Today, they are the the policy chair of the Commercial and Business Users' constituency and Vice Policy Chair of the At-Large Advisory Committee (ALAC) respectively. Let's pause for a moment and appreciate that two active/former lobbyists for the most profitable registry operator are policy chairs for groups including a group that is supposed to represent the individual internet user. Jonathan Zuck's organization did $363,202 in business with his former organization ACT which is funded by VeriSign in 2018 according to his latest 990 filing.
So let's focus on where this push is coming from and why. A lack of oversight lets corporate interests get pushed without being checked by the public interest. ICANN easily ignores the public interest as we've seen time and time again. It's become a near carte blanche for registry interests.
The California AG asserting authority over ICANN has been the first road block in years. Becerra just announced to the ICANN world that it crossed over a line that has finally brought scrutiny on them. Scrutiny could be very bad for a .com monopoly which is the only reason VeriSign exists and makes up the majority of their value. So expect to see an immense amount of lobbying coming from them. Maybe it looks like a think of the children argument? Maybe it looks like ICANN needs independence? Maybe it will look like something else. But it's coming. VeriSign has billions at stake and I am sure they will make every effort to protect their golden goose.
We're in uncharted territory at this point. The .ORG scandal was definitely the hill to die on for people who want to see a more accountable ICANN which represents the public interest. The cartoon villain plot of a former CEO advising a company into buying the non profit registry to exploit it for private investors at the expense of the world's do-gooders was perfect. It's a symptom of the capture at ICANN that they thought they could even get away with it.
My hope is that knowing that the California AG has oversight of ICANN will force some serious reconsideration of their behavior and decision making. My fear is that this was a one time egregious violation of the public good and that minor trespasses will go unchecked and we gradually build up to where we were yesterday before this decision.
I started this journey a year ago from reading a headline and I've connected with a lot of amazing folks who have helped pushed in the direction that led us to today. So as an acknowledgement to them, I wanted to say thank you.
My lawyers and friends who helped review things and advise me, you know who you are.
Kieran McCarthy and Timothy Lee at The Register and Ars Technica respectively for being the first journalists who listened and continued to cover the issue.
Richard Kirkendall, NameCheap's CEO, who has continually pushed these issues and brings attention to it to his large audience of customers.
Nat Cohen and Zak Muscovich at the ICA who have been involved on the issue and were often the first people dissenting in a thoughtful manner who tirelessly participate in the convoluted ICANN process.
George Kirikos who called the private equity play from the very beginning and was banned from the GNSO working groups and voluntarily left ALAC after calling out it's capture and continues to be a voice of reason and outrage in the ICANN community. (Edited: banned from GNSO and left ALAC)
Mitch Stoltz and the EFF for their active and continued effort to #SaveDotOrg.
Everyone else involved in the #SaveDotOrg campaign who helped make this a reality.
You all made a difference today and I couldn't be prouder to have been on the same team.
|Company||Deal Start Date||Deal End Date|
|A2 Hosting||Nov 26||Dec 3|
|Shared Hosting $1.98/month||Coupon Code|
|Cloudways||Nov 14||Dec 4|
|40% Off for 3 Months||Coupon Code|
|New customers only||BFCM40|
|DreamHost||Nov 25||Dec 3|
|Shared Unlimited - 1 year prepaid plan $5.95/mo or 3 years prepaid for $4.95/mo||Coupon Code|
|New customers only||N/A|
|FastComet||Nov 29||Nov 29|
|75% off Shared Hosting Plans||Coupon Code|
|New customers only||BFSALE75|
|GreenGeeks||Nov 25||Dec 2|
|75% off shared hosting plans||Coupon Code|
|New customers only||N/A|
|ICD Soft||Nov 20||Nov 30|
|90% off||Coupon Code|
|New customers only||N/A|
|KnownHost||Nov 22||Dec 2|
|Take an additional 20% off your invoice with any Shared or Reseller Hosting package||Coupon Code|
|New customers only||KHBLKFRI|
|KnownHost||Nov 22||Dec 2|
|Take 50% off your first invoice for any Managed VPS or Managed KVM Cloud package. Receive an additional 30% Discount for life.||Coupon Code|
|New customers only||KHBLKFRI5030|
|New customers only||N/A|
|NameCheap||Nov 29||Dec 2|
|Stellar shared hosting 1-yr plan - 69% off||Coupon Code|
|1 per household/business||HOSTBFCM|
|NameCheap||Nov 29||Dec 2|
|Stellar Plus shared hosting 1-year plan - 70% off||Coupon Code|
|1 per household/business||HOSTPLUSBFCM|
|NameCheap||Nov 29||Dec 2|
|EasyWP managed WordPress Hosting - 99% off the first month of all monthly plans (Starter, Turbo, Supersonic)||Coupon Code|
|1 per household/business||N/A|
|Nestify||Nov 29||Dec 2|
|30% off all products||Coupon Code|
|New customers only||NEST30OFF|
|Patahost||Nov 22||Nov 30|
|50% Off||Coupon Code|
|New customers only||#Black50|
|Plesk||Nov 27||Dec 6|
|50% off for the first 3 months in an annual Web Host Edition License, both VPS and Dedicated||Coupon Code|
|SiteGround||Nov 29||Dec 3|
|75% discount on all our shared hosting plans: StartUp, GrowBig, and GoGeek. The offer will be valid for new clients who sign up for a period of 1, 2, or 3 years. Here are the exact prices: StartUp - $2,98; GrowBig - $4.98; GoGeek - $8.68||Coupon Code|
|New customers only||N/A|
|Skystra||Nov 19||Dec 3|
|Free Month, Free Website Move||Coupon Code|
|New customers only. Offer not valid on Build and Build Pro.||SKYSTRA100|
|Squidix||Nov 20||Dec 3|
|50% off Super Squid Web Hosting (renews at 50%)||Coupon Code|
|New customers only. Annual contract only.||REVIEWSIGNAL2019|
|Wetopi||Nov 28||Dec 1|
|€40 to Run Up to 4 months of WordPress Managed Server||Coupon Code|
|WP Cycle||Nov 28||Nov 30|
|50% off monthly invoices for our Small Sprocket, Medium Sprocket, and Large Sprocket packages for the life of the account.||Coupon Code|
|New customers only||WPCRSBF2019|
|WP Oven||Nov 28||Dec 3|
|Upto 50% on all Annual plans||Coupon Code|
|New customers only. Limit 1 server.||N/A|
|WP Web Host||Nov 15||Dec 3|
|Up To 6 Months of Free Hosting||Coupon Code|
|WPX Hosting||Nov 25||Dec 4|
|99% Off First Month or 3 Months free with Annual Subscription||Coupon Code|
|New customers only||N/A|
In June, I was the opening speaker for the inaugural HostCamp in Berlin, which was a side event for the larger WordCamp Europe.
My topic presentation and topic was Ethics in WordPress Hosting. It was a topic the event organizer, Jonathan Wold, and I talked about at length. The goal was to start a discussion about ethical issues facing the industry, what sort of behavior and policies people have and how to address them.
The event was by invitation and I cannot discuss what others shared because that was in private. My goal was to convince web hosting company executives that ethics matter, not just for the sake of being ethical. I wanted to show how even perceived unethical behavior could financially harm companies today with social media. So please act properly, it's in your best financial interest. One of the case studies is Digital Ocean which I wrote about and inspired the talk.
I wrote The Case for Regulatory Capture at ICANN last week and published it because I worried ICANN would approve the proposed .ORG contract at their ICANN65 Meeting in Marrakesh which started the same day I published the article. It wasn't passed during the meeting, but last night ICANN announced it signed a new agreement on the .ORG contract.
ICANN, which oversees the domain name system, was in talks with Public Interest Registry (PIR), a non profit owned by The Internet Society (ISOC), about renewing PIR's contract to manage the .ORG domain name registry. The majority of non profit's use the .ORG space to represent themselves online and PIR was given this monopoly by ICANN. PIR doesn't even manage the registry themselves, but outsources (via bid) to Afilias, a registry services provider. PIR's profits all directly go to ISOC. It's a monopoly designed to tax non profits for the benefit of ISOC. ICANN's proposed contract wanted to remove the provision that allowed PIR to increase their prices 10% per year and make it unlimited or uncapped, giving PIR the freedom to charge as much as they want. Non profits, charities, internet users as a whole were nearly universally against this change.
Back to ICANN's Mission
"ICANN's scope is to coordinate the development and implementation of policies: That are developed through a bottom-up consensus-based multistakeholder process and designed to ensure the stable and secure operation of the Internet's unique names systems."
Except, that's not what happened. Here's a timeline of what actually happened.
March 18, 2019
ICANN and PIR negotiated a contract behind closed doors and called for comments on a proposed renewal contract.
The public submitted its comments.
June 3, 2019
ICANN staff created a report summarizing the comments and said "ICANN org will consider the public comments received and, in consultation with the ICANN Board of Directors, make a decision regarding the proposed registry agreement."
June 30, 2019
ICANN approves proposed contract with no changes. Only a date was added, Cyrus Namazi got a promotion and someone spelled Jonathon's name wrong (compare).
The 96 page contract is identical from when it was proposed to signed. The multi stakeholders and bottom up process that is supposed to govern ICANN policy? Ignored.
The public outcry was nearly universally against this change. They weren't listened to at all.
Did ICANN's board vote on the proposed contract after being briefed about the public outcry? As of writing, I couldn't find any evidence in ICANN's board activity page. No agenda, no minutes, no resolutions, no briefing material, no preliminary report. Did ICANN staff simply push through this contract without a board vote? Either outcome is deeply disturbing and potentially violates the ICANN bylaws/mission.
ICANN Needs Oversight
ICANN as an organization has failed to live up to its mission. Greg Thomas wrote a response to my original article and while we may differ on some beliefs, his conclusion was,
"By all appearances, it hasn't taken long, in the absence of U.S. Government oversight, for rot to set in at the root. If the community is going to acquiesce to its own dismissal — if corruption is to become normalized at ICANN and in DNS governance — then, perhaps it's time to start looking towards the heavens."
It's hard to say ICANN doesn't appear to be a captured organization. It's abdicated its responsibility to govern, "ICANN must operate in a manner consistent with these Bylaws for the benefit of the Internet community as a whole."
Yesterday, ICANN failed the internet community as a whole. It sold them out and the best reassurance is 'trust us' from the organization they just gave the freedom to tax non profits using .ORG domains as much as they desire.
The foxes are watching the hen house now and ICANN willfully ignored the internet community and made this happen.
I am speaking at HostCamp (side event to WordCamp Europe) in a couple weeks on the topic of Ethics in WordPress Hosting. I'm not really sure WordPress hosting has any specific differences from web hosting in general when talking about ethics. But ethical behavior in the web hosting space is something I talk about a lot. I also aggressively call out people/companies behaving unethically on this blog in the web hosting space.    
As I was writing a response to a short interview to introduce the topic, I tried to think about a relevant example of why ethics matter in web hosting. A very recent event jumped to mind, someone tweeting that Digital Ocean [Reviews] shut down their company.
This tweet was sent by @w3Nicolas.
The stats are staggering:
- 2,581 Reweets
- 4,574 Likes
- 1,333 Upvotes / 598 Comments on HackerNews
- 77 Upvotes / 78 Comments on Reddit r/webhosting
- 125 Upvotes / 93 Comments on Reddit r/webdev.
- Coverage on The Register.
That's only in the communities I participate in, I was sent the link by multiple people in other groups as well. I'm sure tens of thousands of people, if not more, read about this incident.
This is a view into what that tweet did to Digital Ocean's data here on Review Signal (I track Twitter data and sentiment about web hosting companies for the unfamiliar). I pulled the past 30 days of Digital Ocean information.
The tweet was sent on May 31, the 4th data point. We see an enormous jump in tweet volume. The preceding days had an average of 248 tweets per day. May 31 had 2000 and June 1 had 2489 tweets, nearly 10X the normal volume for two days. By June 4, we're down to 274 tweets, a normal volume. The internet outrage machine was out in force and spreading the word.
Digital Ocean responded on Twitter with Moisey Uretsky, a cofounder, intervening to escalate and resolve the issue. Digital Ocean also released a post-mortem on June 4 about what happened as promised (Nice to see a company keep their word and admit mistakes).
What does this have to do with Ethics?
Why did I even write this story and what does it have to do with ethics? The question I was trying to answer when I started thinking about this incident and digging into the data is "Why should hosting companies and those who do business with them care about ethics?"
A lot of developers and entrepreneurs read a story about a guy who was shutdown without warning, and then locked out seemingly permanently without being treated fairly. It strikes a chord with people when someone is being treated wrongly/badly with no explanation, especially when it's their livelihood that is impacted. It violates a fundamental moral code of fairness and trust.
The impact for a perceived ethical violation in this case was tens of thousands of people reading a negative story. It generated heated discussions and some very negative comments.
My data showed a tremendous increase in negative messages with the ratio dropping to 34% (Digital Ocean has historically over 70% positive messages).
They were quick to jump into some of the communities and address the issue. The post-mortem on Twitter received 225 Likes and 62 Retweets. That's 2.4% the amount of retweets and 4.9% the Likes. The impact of addressing the issue and trying to improve made a tiny fraction of the impact.
I will be clear here, I don't think Digital Ocean acted maliciously or unethically (intentionally). It sounds like a combination of automated system and a couple human mistakes lead to a very bad outcome for a customer that attracted a lot of attention. The way it was portrayed evoked feelings of an ethical violation of fairness and trust.
Digital Ocean's post-mortem's conclusion:
We wanted to share the specific details around this incident as accurately and quickly as possible to give the community insight into what happened and how we handled it. We recognize the impact this had on a customer, and how this represented a breach of trust for the community, and for that we are deeply sorry. We have a number of takeaways to improve the technical, process, and people missteps that led to this failure. The entire team at DigitalOcean values and remains committed to the global community of developers.
So when companies think about how they should behave, I want to use this example as an argument that people do care about companies behaving ethically and awareness of their behavior can quickly be amplified when a person's story resonates.
The benchmarks are available here
The benchmarks are available here.