Centre for Internet and Society

Do you agree with our fee hike? Press 1 to answer Yes; or 2 for Yes

praskrishna — 2015-10-01T15:28:37Z

It has long been a concern that domain-name overseer ICANN is largely funded by companies reliant on the organization to make money.

The article by Kieren McCarthy was published in the Register on September 29, 2015.

Every biz that wishes to sell domain names – called a registrar – has to pay the organization $4,000 a year, plus 18 cents on every domain they sell.

In addition, they have to pay a variable fee that comprises the money ICANN says it spends on registrar-related activities divided by the number of companies that are accredited. This year that cost was $3.8m and with roughly 1,150 companies, that's $3,300 a head.

The pricing structure provides California-based ICANN with just under $40m a year, more than a third of its total budget. But in order to make sure the non-profit organization doesn't abuse its market control to hike up its fees, each year the registrars have to formally approve the fee structure that the ICANN Board has adopted. And they do that through an online vote.

This year, some registrars are wondering whether the $3.8m spent by ICANN is a good deal for them.

"What do your ICANN fees get you?" ICANN asks itself in an email sent to all registrars. "In addition to helping cover the expenses associated with ICANN meetings and ICANN's day-to-day operations, your fees have allowed us to conduct regular outreach with registrars through 'roadshow' type training seminars, webinars, in-person events, and site visits."

Don't ask, don't tell

It's not clear how that money is spent nor on what, since ICANN continues to provide only the vaguest details over its budget, providing annual sums for "travel" and for "meetings" across the entire organization.

ICANN is also actively refusing to hand that information over, telling one outfit that formally asked for additional financial data that for it to do so would be "extremely time consuming and overly burdensome." That organization – the Centre for Internet and Society – is appealing that decision [PDF] to ICANN's Board with a decision made two days ago but still unpublished.

ICANN expenditure is increasing: in 2014 alone, its "travel" costs jumped by 85 per cent to $17m; its meetings budget nearly doubled from an average of $3.2m per public meeting in 2013 to $6m in 2014. But there is almost no information on where this money has been spent, and so far no explanation for why it spent $113m in 2014 with an income of just $84m.

What else is ICANN spending registrars' fees on? "We've recruited Registrar Services staff dedicated to serving Europe, the Middle East/Africa, and Asia and have already begun a series of (low-cost) micro-regional events in China, Japan, Singapore, and South Korea, with plans taking shape for events in Europe, Africa, the Middle East, and the Americas in the near future," we're told.

But existing registrars are wondering whether all these new staff and events are needed. Are there hundreds of new registrars entering the market? Are they in Asia?

Unfortunately, ICANN has stopped providing that kind of information. In 2009, under pressure to be more open about what was going on, the organization made big play of the fact it was going to produce statistics showing how many registrars there were, how big they were, and where they were based in a new "dashboard."

But those stats stopped being produced two years ago and the most recent data provided is from 2012.

Software and security

Where else do the millions of dollars from the companies that support ICANN go? "We're building up the 'GDD Portal'," says a note from ICANN's staff, "which will become a one-stop destination for all registrar resources at ICANN, and transitioning our customer relationship management software from RADAR to salesforce.com."

This is the same GDD Portal that ICANN had to shut down earlier this year because of a security breach. It had misconfigured out-the-box software and exposed every user's information, including financial projections, launch plans, and confidential exchanges, to every other user. Having at first claimed there was "no indication" that confidential information was exposed, it later admitted that it had in fact happened 330 times.

As for RADAR, it was specifically named in a report by Verisign as a security risk; this is one of the things on a "growing list of examples where ICANN's operational track record leaves much to be desired."

We're listening...

Finally, in explaining why the registrar fees are a good deal for the companies, ICANN's staff note: "Most importantly, we're doing our best to listen to you to ensure that our work is of real value to you."

Unfortunately that listening does not extend to hearing any complaints about the fees, or what they are spent on.

All registrars receive an email during the annual approval of the fees levied against them with a link to an online survey. Incredibly enough, however, they are only allowed to agree to the fees – there is no option to disagree. Or in fact do anything other than sign up for another year.

And what is ICANN's explanation for why the companies that provide it with over a third of its budget are not allowed to express anything but approval of the fees ICANN sets? Problems with the voting software:

The system is only able to accept affirmative expressions of approval. (A technical limitation in the voting software prevents us from knowing when we've reached the level of approval required if we offer both a 'yes, I approve,' and a 'no, I don't approve' option.) But if you have reservations about approving the budget or concerns you'd like addressed first, please let me know and I'll be happy to try to address those directly with you.

So despite charging the companies $3,500 each a year to run the systems that they use, ICANN has been unable to find voting software that is capable of accepting more than one answer. Money well spent.

For more details visit https://cis-india.org/internet-governance/news/the-register-september-29-2015-kieren-mccurthy-do-you-agree-with-our-fee-hike

DIDP Request #30 - Employee remuneration structure at ICANN

Paul Kurian and Akriti Bopanna — 2018-08-24T06:57:39Z

We have requested ICANN to disclose the employee pay structure at ICANN with specific enquiries about the payment across the institutional hierarchy, gender, and region.

We have requested ICANN to disclose information pertaining to the income of each employee based on the following grounds. We had hoped this information will increase ICANN's transparency regarding their remuneration policies however ths was not the case, they either referred to their earlier documents who do not have concrete information or stated that the relevant documents were not in their possession. Their response to the respective questions were:

Average salary across designations

ICANN responded by referring to their FY18 Remuneration Practices document which states, “ICANN uses a global compensation expert consulting firm to provide comprehensive benchmarking market data (currently Willis Towers Watson, Mercer and Radford). The market study is conducted before the salary review process. Estimates of potential compensation adjustments typically are made during the budgeting process based on current market data. The budget is then approved as part of ICANN’s overall budget planning process.”

Average salary for female and male employees

ICANN responded by saying “ICANN org’s remuneration philosophy and practice is not based upon gender” which is why they said that they have “no documentary information in ICANN org’s possession, custody or control that is responsive to this request.” However, the exact average salaries of female and male employees was not provided nor any information that could that could give us an idea as to whether the remuneration of their employees was in accordance with the above claim.

Bonuses - frequency at which it is given and upon what basis

ICANN responded by referring to “Discretionary At-Risk Component” section in their FY18 Remuneration Practices document which states,”The amount of at-risk pay an individual can earn is based on a combination of both the achievement of goals as well as the behaviors exhibited in achieving those goals… The Board has approved a framework whereby those with ICANN Org are eligible to earn an at-risk payment of up to 20 percent of base compensation as at-risk payment based on role and level in the organization, with certain senior executives eligible for up to 30 percent.” The duration over which the employees are eligible to receive an “at-risk” payment was given to be “twice a year".

Average salary across regions for the same region

ICANN responded by saying,”compensation may vary across the regions based on currency differences, the availability of positions in a given region, market conditions, as well as the type of positions that are available in a given region. “ They also added that they have no documentary information in their possession, custody or control that is responsive to this request.

The request filed by Paul Kurian may be found here. ICANN's response can be read here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-30-enquiry-about-the-employee-pay-structure-at-icann

DIDP Request #29 - Revenue breakdown by source for FY 2017

akriti — 2018-04-26T11:06:16Z

We requested ICANN for financial information they have not yet provided for the period ending June 2017.

ICANN publication of its financial records for 2017 were missing a crucial document which lists down their revenue as per the all the legal entities as sources who contributed to it including Regional Internet Registries, various registrars and their source of origin among other details. We have requested them for this document in order to get a better idea of the how these entities contribute to ICANN.

In response to our DIDP, ICANN notified us that they are in the process of compiling this report for the year ending June 2017 and will publish the same by 31st of May, 2018. Further they remarked that this procedure of making public their revenue by source was developed as part of ICANN’s enhancements to transparency in response to CIS’s earlier DIDP which was submitted in 2015.

The said report will be published on their Financial page within the time frame mentioned.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-29-revenue-breakdown-by-source-for-fy-2017

DIDP Request #28 - ICANN renews Verisign’s RZM Contract?

asvatha — 2016-07-30T08:10:17Z

Our request to ICANN was related to our (mistaken) assumption that Verisign and ICANN had signed an agreement for Root Zone Maintenance and had recently renewed it. In that context we had asked for information such as documents reflecting the decision making process, copy of the current RZM agreement, public comments and an audit report of Verisign’s RZM functions.

The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN clarified that it has never been party to the RZM agreement which was made between NTIA and Verisign. According to an ICANN-Verisign joint document, the Root Zone Management Systems allows “ICANN as the IANA Functions Operator (IFO), Verisign, as the Root Zone Maintainer (RZM), and the National Telecommunications and Information Administration (NTIA) at the U.S. Department of Commerce (DoC), as the Root Zone Administrator (RZA).” The only agreement related to this is the one of cooperation between Verisign and the NTIA.

Accordingly, as the role of NTIA is transitioned to the multi-stakeholder community, Verisign and ICANN are working out terms and conditions of their own agreement to facilitate this transition together. In response to NTIA’s request for a proposal for this transition, Verisign and ICANN submitted this document. Besides these, ICANN states that it does not have any documents responsive to our requests.

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-28-icann-renews-verisign2019s-rzm-contract

DIDP Request #27 - On ICANN’s support to new gTLD Applicants

asvatha — 2016-07-30T08:03:18Z

In order to promote access to the New gTLD Program in developing regions, ICANN set up the New gTLD Applicant Support Program (Program) which seeks to facilitate cooperation between gTLD applicants from developing countries and those willing and able to support them financially (and in kind).

Click for Applicant Support Directory

We requested ICANN for information about this program. Specifically, we asked them for information on:

The number of applicants to the program and the amount received by them;
The basis on which these applicants were selected;
The amount that has been utilized thus far for this program;
Contributions by donors;
What “in kind” support means and includes.

The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN answered all our questions in a satisfactory manner. There were three applicants to the program. Two of these: Nameshop, and Ummah Digital Ltd, did not meet the eligibility criteria listed in the handbook and therefore only one other applicant, DotKids, received the financial support. Of the USD 2,000,000 set aside, USD 135,000 was awarded to them.

The eligibility criteria is listed in the New gTLD Financial Assistance Handbook and candidates are evaluated by the Support Applicant Review Panel (SARP), “which was comprised of five volunteer members from the community with experience in the domain name industry, in managing small businesses, awarding grants, and assisting others on financial matters in developing countries.”

The USD 2,000,000 allotted to this program was set aside by ICANN’s board and as it is not exhausted, no external contributions were sought by ICANN (in cash or in kind). However, ICANN failed to explain what “in kind” contributions would be.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-27-on-icann2019s-support-to-new-gtld-applicants

DIDP Request #25 - Curbing Sexual Harassment at ICANN

asvatha — 2016-07-30T06:14:29Z

Markus Kummer at Public Forum 2 mentioned that ICANN has standards of behavior regarding sexual harassment that are applicable for its staff.

Marrakech Public Forum 2

In light of that statement, CIS requested ICANN to publish the following information:

Information about the individual or organization conducting ICANN’s sexual harassment training
Materials used during this training
ICANN’s internal sexual harassment policy

The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN’s response answered our questions adequately. The organization conducting their sexual harassment training is NAVEX Global. It is an interactive online training and as such, all materials are within that platform. Besides, ICANN could not publish these materials as it would be an infringement of NAVEX Global’s intellectual property right. ICANN also attached with the response, their internal sexual harassment policy.

ICANN's response to our DIDP request (and the attached policy document) may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-25-curbing-sexual-harassment-at-icann

DIDP Request #23 - ICANN does not Know how Diverse its Comment Section Is

asvatha — 2016-07-30T05:55:15Z

While researching ICANN and the IANA Stewardship Transition Coordination Group (ICG), we came across a diversity analysis report of a public comment section.

See ICG report here.

We requested ICANN for similar reports on the ICANN public comment section. The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN stated that they do not conduct diversity analysis on their comment sections. This is a shame, given that the one from ICG was so informative, clear and concise. Instead they provided us with links to reports and analyses of the different topics that were up for comments and an annual report on public comments.

ICANN’s public comments section is one of the important ways in which different stakeholders and community members get involved with the organization. A diversity analysis of this section for different topics could help in informing the public about which parts of the world actually get involved in ICANN through this mechanism We suggest that ICANN make it a regular part of their report.

ICANN's response to our DIDP request may be found here.

https://www.ianacg.org/icg-files/documents/Public-Comment-Summary-final.pdf

For more details visit https://cis-india.org/internet-governance/blog/didp-request-23-icann-does-not-know-how-diverse-its-comment-section-is

DIDP Request #22 - Reconsideration Requests from Parties affected by ICANN Action

asvatha — 2016-07-30T03:52:01Z

According to ICANN by-laws, ICANN has the responsibility to answer to reconsideration requests filed by those directly affected by its actions.

See ICANN bye-laws here

The board governance committee must submit an annual report to the board containing the following information (paraphrased):

Number and nature of Reconsideration Requests received including an identification of whether they were dismissed, acted upon or are pending.
If pending, the length of time and explanation if they have been pending for more than 90 days.
Explanation of other mechanisms ICANN has made available to ensure its accountability to those directly affected by its actions.

CIS requested copies of documents containing all this information. The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN surmised that all the information we sought can be found in their annual reports. ICANN linked us to those: https://www.icann.org/resources/pages/annual-reports-2012-02-25-en

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-22-reconsideration-requests-from-parties-affected-by-icann-action

DIDP Request #21 - ICANN’s Relationship with the RIRs

asvatha — 2016-07-30T03:42:36Z

At CIS, we wanted a clearer understanding of ICANN’s relationship with the 5 internet registries. The large amount contributed by the RIRs to ICANN’s funding lead us to question the nature of this relationship as well as the payment. We wrote to ICANN asking them for these details.

The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN’s response linked us to the Memorandum of Understanding signed by ICANN and the Number Resource Organization (NRO) which represents the 5 RIRs. The MoU replaces the ones signed by ICANN and the individual RIRs. The response also links us to a series of letters written by the NRO to ICANN reaffirming their commitment to the MoU. Interestingly, the MoU does not mention anything about payments or monetary contributions.

In response to the second part of our request focusing on their financial relationship, ICANN gave us the same information as they did earlier. However, as pointed out in this post, that information is either incomplete or inaccurate. Further, they reject the idea that providing anything more than the audited financial reports is necessary for public benefit. According to them, “the burden of compiling the requested documentary information from 2000 to the present would require ICANN to expend a tremendous amount of time and resources.” Therefore, they classified our request as falling under this condition for non-disclosure:

“Information requests: (i) which are not reasonable; (ii) which are excessive or overly burdensome; (iii) complying with which is not feasible; or (iv) are made with an abusive or vexatious purpose or by a vexatious or querulous individual.”

We fail to see how an organization like ICANN does not already have its receipts and documentation in order. If they do, it would not be burdensome to publish them and if they don’t, well, that’s worrying for a lot of different reasons.

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-21-icann2019s-relationship-with-the-rirs

DIDP Request #20 - Is Presumptive Renewal of Verisign’s Contracts a Good Thing?

asvatha — 2016-07-30T02:01:59Z

ICANN’s contract agreements with different registries contain a presumptive renewal clause. Unless they voluntarily give up their rights or there is a material breach by the registry operator, their contract with ICANN will be automatically renewed.

See the base registry agreement here.

In light of this, we filed a request asking ICANN for documents that discuss the rationale behind including the presumptive renewal clause. We also asked them for documents specific to the renewal of Verisign (.com and .net domains) and PIR (.org) contracts. The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN provided a surprisingly comprehensive response to our request. They provided documents in response to our request and stated the rationale that has been given for including a presumptive renewal clause. According to the response,

“Absent countervailing reasons, there is little public benefit, and some significant potential for disruption, in regular changes of a registry operator. In addition, a significant chance of losing the right to operate the registry after a short period creates adverse incentives to favor short term gain over long term investment.”

ICANN explains that the contracts have been drawn such that they balance the concerns above with the ability to replace a registry that doesn’t serve the community as it is obliged to do. The response also offers links to various documents substantiating this rationale.

We were provided an effective answer to our second question as well. ICANN’s response links us to various documents for the 2001, 2006 and 2012 renewals of Verisign’s contract for the .com domain. This includes a summary of the 2012 renewal, public comments for all three renewals and the proposed agreements.

For the .net domain, a presumptive renewal clause was not included in the 2001 Verisign contract which opened up the process to select an operator in 2005. ICANN chose to continue its relationship with Verisign and included the clause. The documents relevant to the 2011 renewal of the contracts have been provided.

After Verisign relinquished its rights over the .org domain in 2001, ICANN chose the Public Internet Society (PIR) to operate the domain. While there was no presumptive renewal clause in 2002, documents relevant to the 2006 and 2013 renewals have been provided.

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-20-is-presumptive-renewal-of-verisign2019s-contracts-a-good-thing

DIDP Request #19 - ICANN’s role in the Postponement of the IANA Transition

asvatha — 2016-07-29T16:37:04Z

In March 2014, the National Telecommunications and Information Agency (NTIA) of the United States government announced plans to shift the Internet Assigned Names and Numbers (IANA) functions from ICANN to the global multistakeholder community. The initial deadline set for this was September 2015.

See NTIA announcement here.

In August 2015, NTIA announced that it would not be technically possible to meet this deadline and extended it by a year. NTIA stated,

“Accordingly, in May we asked the groups developing the transition documents how long it would take to finish and implement their proposals. After factoring in time for public comment, U.S. Government evaluation and implementation of the proposals, the community estimated it could take until at least September 2016 to complete this process.”

In our DIDP request, we asked ICANN for all documents that it had submitted to NTIA that were relevant to the IANA transition and its postponement from the date of the initial announcement— March 14, 2015 to the date of the announcement of extension — August 17, 2015. We specifically requested the documents requested by NTIA in May 2015 as referenced by this blogpost.

The request filed by Padmini Baruah can be found here.

What ICANN said

ICANN’s response terms our request as “broadly worded” and assumes that our request is only related to documents about the extension of the deadline. It was not.

After NTIA’s announcement in 2014, ICANN launched a multi-stakeholder process and discussion at ICANN 49 in Singapore to facilitate the transition. The organizational structure of this process has been mapped out according to the different IANA functions that are being transitioned. Accordingly, we have the:

IANA Stewardship Transition Coordination Group (ICG)
Cross Community Working Group (CWG-Stewardship)
Consolidated RIR IANA Stewardship Proposal Team (CRISP TEAM)
IANAPLAN Working Group (IANAPLAN WG)
Cross-Community Working
Group (CCWG-Accountability)

In addressing our request, ICANN references this multi-stakeholder community overseeing the transition. According to the response document, the ICG, CWG-Stewardship, CRISP Team, IANAPLAN WG and the CCWG-Accountability submitted responses directly to the NTIA leaving the ICANN with no documents responsive to our request.

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-19-icann2019s-role-in-the-postponement-of-the-iana-transition

DIDP Request #18 - ICANN’s Internal Website will Stay Internal

asvatha — 2016-07-29T14:53:50Z

ICANN maintains an internal website accessible to staff and employees. We requested ICANN to provide us with a document with the contents of that website in the interest of transparency and accountability.

The request filed by Padmini Baruah can be found here. To no one’s surprise, not only did ICANN not have this document in “ICANN's possession, custody, or control,” even if it did it would be subject to DIDP conditions for non-disclosure.

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-18-icann2019s-internal-website-will-stay-internal

DIDP Request #17 - How ICANN Chooses their Contractual Compliance Auditors

asvatha — 2016-07-29T02:20:59Z

At a congressional hearing on internet governance and progress, then President of ICANN Fadi Chehadi indicated that the number of people working on compliance audits grew substantially—from 6 to 24 (we misquoted it as 25)— in the span of a few years.

It is clear to us at CIS that the people in charge of these compliance audits perform an important function at ICANN. To that effect, we requested information on the 24 individuals mentioned by Mr Chehadi as well as the third party auditors who perform this powerful watchdog function. More specifically, we requested documents calling for appointments of the auditors and copies of their contracts with ICANN.

The request filed by Padmini Baruah can be found here.

What ICANN said

In their response to the first part of our question, ICANN linked us to a webpage containing the names and titles of all employees working on contractual compliance. This page contains 26 names including the Contractual Compliance Risk and Audit Manager: https://www.icann.org/resources/pages/about-2014-10-10-en

ICANN also described the process of selecting KPMG as their third party auditor in detail. A pre-selection process shortlists 5 companies that fit the following criteria: knowledge of ICANN, global presence, size, expertise and reputation. Then, ICANN issues a targeted Request For Proposal (RFP) to these companies asking them for their audit proposals. After a question and answer session, a proposal analysis and rating the scorecards, a “cross-functional steering committee” decided to go with KPMG. While the process has been discussed transparently, our questions remain unanswered.

The RFP would qualify as the document requested by us in the second part of the question (i.e.) a “document that calls for appointments to the post of the contractual compliance auditor.” Unfortunately, ICANN has not published the RFP citing the DIDP Conditions for Non-disclosure. However, the timeline for the RFP and other details have been posted here after our DIDP request. In addition, the contract between KPMG and ICANN has also not been published.

ICANN's response to our DIDP request may be found here.

For more details visit https://cis-india.org/internet-governance/blog/didp-request-17-how-icann-chooses-their-contractual-compliance-auditors

DIDP Request #16 - ICANN has no Documentation on Registrars’ “Abuse Contacts”

asvatha — 2016-07-29T02:11:52Z

Registrars on contract with ICANN are required to maintain an “abuse contact” - a 24/7 dedicated phone line and e-mail address to receive reports of abuse regarding the registered names sponsored by the registrar.

We wrote to ICANN requesting information on these abuse complaints received by registrars over the last year. We specifically wanted reports of illegal activity on the internet submitted to these abuse contacts as well as details on actions taken by registrars in response to these complaints.

The request filed by Padmini Baruah can be found here.

What ICANN said

Our request to ICANN very specifically dealt with reported illegal activities. However, in their response, ICANN first broadened it to abuse complaints and then failed to give a narrowed down list of even those complaints.

In their response, ICANN indicated that they do not store records of complaints made to the abuse contact. This is stored by the registrars and is available to ICANN only upon request. However, since ICANN is only obliged to publish documents it already has in its possession, we did not receive an answer to our first question.

As for the second item, ICANN gave a familiarly vague answer, linking us to the Contractual Compliance Complaints page with a list of all the breach notices that have been issued by ICANN to registrars. A breach notice is relevant to our request only if it is in response to an abuse complaint, and the abuse complaint specifically deals with illegal activity. Even discounting that, this is not a comprehensive list when you take into account that a breach notice is published only “if a formal contractual compliance enforcement process has been initiated relating to an abuse complaint and resulted in a breach.”[1] What about the rest of the complaints received by the registrar?

In addition, ICANN refused to publish any communication or documentation of ICANN requesting reports of illegal activity under the DIDP non-disclosure conditions.

ICANN's response to our DIDP request may be found here.

[1] See ICANN response here (Pg 4): https://www.icann.org/en/system/files/files/didp-response-20150901-4-cis-abuse-complaints-01oct15-en.pdf

For more details visit https://cis-india.org/internet-governance/blog/didp-request-16-icann-has-no-documentation-on-registrars2019-201cabuse-contacts201d

DIDP Request #15: What is going on between Verisign and ICANN?

asvatha — 2016-07-29T02:01:06Z

During a hearing of the House Committee on Energy and Commerce on “Internet Governance Progress After ICANN 53,” President and CEO of ICANN - Mr Fadi Chehade indicated that ICANN follows up with registries and registrars on receipt of any complaint against them about violations of their contract with ICANN.

At CIS, we believe that any exchange of dialogue or any outcome from ICANN acting on these complaints needs to be in the public domain. Thus, our 15th DIDP request to ICANN were for documents pertinent to Verisign’s contractual compliance and actions taken by ICANN stemming from any discrepancies of Verisign’s compliance with its ICANN contract.

The DIDP request filed by Padmini Baruah can be found here.

What ICANN said

After sorting through a response designed to obfuscate information, it was clear that ICANN was not going to provide any of the details we requested. As mentioned in their previous responses, individual audit reports and the names of the registries associated with discrepancies are confidential under the DIDP Defined Conditions of Nondisclosure. Nevertheless, some details from the response are worth mentioning.

According to the response, “As identified in Appendix B of the 2012 Contractual Compliance Year One Audit Program Report, the following TLDs were selected for auditing: DotAsia Organisation Limited (.ASIA), Telnic Limited (.TEL), Public Interest Registry (.ORG), Verisign (.NET), Afilias (.INFO), and Employ Media LLC (.JOBS).” The response goes on to state that out of these 6 registries that were selected, only 5 chose to participate in the audit, the identies of which are once again confidential.

However, on further examination, it can be seen that Verisign (.NET) was chosen to participate in the audit the year after as well. Therefore, it’s clear that 2013 was the year Verisign was audited. Unfortunately, that was pretty much all that was relevant to our request in ICANN’s response.

Once again, ICANN was able to use the DIDP Defined Conditions of Nondisclosure, especially the following conditions to allow itself the ability not to answer the public:

Information exchanged, prepared for, or derived from the deliberative and decision-making process between ICANN, its constituents, and/or other entities with which ICANN cooperates that, if disclosed, would or would be likely to compromise the integrity of the deliberative and decision-making process between and among ICANN, its constituents, and/or other entities with which ICANN cooperates by inhibiting the candid exchange of ideas and communications.
Information provided to ICANN by a party that, if disclosed, would or would be likely to materially prejudice the commercial interests, financial interests, and/or competitive position of such party or was provided to ICANN pursuant to a nondisclosure agreement or nondisclosure provision within an agreement.
Confidential business information and/or internal policies and procedures.[1]

ICANN’s response to our request can be found here.

[1] See DIDP https://www.icann.org/resources/pages/didp-2012-02-25-en

For more details visit https://cis-india.org/internet-governance/blog/didp-request-15-what-is-going-on-between-verisign-and-icann