Joi Ito's Web

Joi Ito's conversation with the living web.

As people have reported widely, there has been a great deal of abuse of .Pro. .Pro was supposed to be a top level domain dedicated to creating a credentialed area for verified professionals and profession related domain names. People have been registering obviously unrelated domains and going as far as selling them on eBay. This clearly violates the spirit of the agreement, but it is still unclear whether anyone is technically violating the agreement. ICANN has been criticized for not policing .PRO especially in light of ICANN approving new sponsored top level domains. As Michael Palage pointed out in his comments during the board meeting, ICANN staff is currently investigating the issues and they will come back with the facts and the board will discuss any appropriate actions.


What train of thought did lead ICANN to believe, .pro would not become another .info or .name, which have restrictions as well and -- as of this date -- have been registered widely by non-compliant sites? Heck, I have, because my registrar decided to give it to me for free.

We lost the race for TLD purity, when .com no longer meant commercial, and companies started to register .org names. Want my take? Nuke the tld system, remove everything that is not a geographical/ISO tld, enforce the "one domain per legal entity" suggestion, and lean back. Man, this one would not only curb phishing and some venues for spam, it'd also make things rather easy.

Oh, I forgot -- there's money to be made. Stupid me, won't happen as long as that's the case.

The more up-to-date explanation of what's been happening at RegistryPro can be found here:

The .Pro TLD was set up as a "restricted" TLD for the exclusive use of professionals who had undergone rigorous scrutiny and verification.

Because this wasn't getting much business for the Registry, they appear to have accepted a device - which you correctly identify as a possible loophole - by which one of its Registrars (EnCirca) agreed to act as "proxy registrar" for a flood of new verifications.

Snapshot of a few examples (a mere fraction) here:

No verifications were required for all these people to obtain .pro domain names, but instead of each of these 100s or 1000s of customers each being checked and verified x1 time, EnCirca acted as "proxy registrar" and their verification was used x100s or x1000s of times. This was clearly *never* ICANN's intention because it undermines the whole purpose of the verification system.

In this way the Registry and Registrar hoped to adhere to the letter of the rules, while clearly abusing the well-recognised purpose and intention of the Registry Agreement to "restrict" use to an 'exclusive' category of credentialed professionals.

The technicality of verification was respected, but the far more important underlying purpose of the Registry Agreement was subverted and disrespected. ICANN, too, seems to have been disrespected, in that there appears to have been no consultation with ICANN about whether this "device" would safeguard ICANN's intentions for the TLD. The actions were just carried out as a fait accomplis.

In knowingly activating all these "proxy registrations" in the name of EnCirca over a period of weeks - when day after day hundreds of new registrations were pouring in - without consulting ICANN or trying to address the situation as a problem (RegistryPro has shown no signs of regarding it as a problem) the Registry appears to me and others to have administered this TLD in an irresponsible manner, and been party to the abuse of the clear underlying principles of this restricted TLD *as defined in the Registry Agreement*.

RegistryPro probably try to argue that they have adhered to the letter of the law on the verification issue (though in fact they know very well they have used a 'device' or 'loophole' to bypass the need for verification - in effect enabling the very thing that verification was meant to prevent)...

...but I would assert that they have breached their Registry Agreement by so blatantly (and unilaterally) abandoning their clear responsibility to protect the "restricted" TLD and their responsibility to use verification as a means for exluding unqualified customers, not letting them in (through the "proxy registrar" who publicly tells customers the domain is ineffect 'theirs' to use as a registrant can - selling it, renewing it, and every other registrant's privilege).

RegistryPro know perfectly well that this 'device' exists to let in people who are not qualified to obtain these domains.

I urge the ICANN Board to address this issue and suggest that the Registry Agreement should be amended in order to clarify RegistryPro's obligations and defend the TLD.

Suggested amendments to the Registry Agreement here:

There are also the implications of the same devaluation of future "restricted" TLDs like .travel, if "proxy registration" becomes a device for bypassing verification requirements.

If ICANN allows "restricted" TLDs to be invaded by domain speculators and unverified customers, then the whole project to develop "restricted" TLDs may be called into question.

I take the view that there is a genuine benefit to promoting a range of "restricted" TLDs and clearly I am not happy with the way this .Pro TLD has been administered (or the Registry's unilateral approach) in recent months.


Richard Henderson

Thanks for the additional input on .Pro Richard.

Jonas: The difference is, .info is not a restricted tld. It is just like .com. .pro is a gtld with contractual restrictions on what it should be used for and was approved for a specific purpose. The sponsored tlds like .travel are communities and are even more structured. Most stlds have non-profit organizations which are involved in running the tld and managing the communities. The agreements between these tlds and ICANN are very different.

There are many people who don't think ICANN should be approving new tlds. There are other people who are pressuring ICANN to approve new tlds. ICANN is currently working very hard, in particular, the GNSO to come up with a generic tld approval process. Until then ICANN is approving a limited number of sponsored tlds that serve particular community interests. Although there is a question about whether new tlds should be approved, ICANN was created to manage the creation of new tlds and provide competition. I think it's important to understand that ICANN is a consensus managment process, not a regulator that just decides things. There are stakeholders who have strong opinions in every direction on every issue. The role of ICANN is to listen to these stake holders and try to build consensus. It's not efficient and it's not always the best, but without this consensus, you would have a war that would end up with a winner and a loser and would most likely break the Internet. I think it's irresponsible to say "ICANN should xyz" without understanding that ICANN can't really shouldn't do anything that isn't a consensus of its supporting organizations. As for the money to be made... Many of the stld applications use this money to support the community that they represent. I don't think this is as "dirty" as you make it sound.

I didn't realize you deleted comments, Joi. I guess I know now.

Which comment foo? I just deleted Richard's first version of the same comment because it was a duplicate without the a href tags. Was there some other comment that was deleted?

I'm not in the least surprised at this turn of events. ICANN has always been both authoritarian and weak simultaneously. When Joi says 'I think it's important to understand that ICANN is a consensus managment process, not a regulator that just decides things.', it's a bit of a fib. ICANN does 'just decide things' when it wants to, always has done. I'm not sure what Joi is doing on the board of ICANN - I always thought that was a poisoned chalice, because there are drivers of ICANN that are outside the control of its public face.

Ivan, I plan to write about this more in the future, but I think you're talking about the core of an important issue. The consensus process should be the core of what ICANN stands for. Some decisions are made for operational reasons, but if these decisions are viewed by the community and the constituents as unilateral decisions, we are not doing the consensus process right. We need to constantly be striving for consensus while delegating certain operational decisions to staff. I don't think it is reasonable to go to the community for every operational issue.

I think that the notion that there are invisible drivers outside the control of the board or the public face is a bit overblown. There probably are things that I should know about that I don't yet know about, but I do think there is a sincerely effort to bring material issues to the attention of the board. One of the things that I am working on through the audit committee and the finance committee is to work with the other board members and staff to try to create processes which will make overview of operations easier. Clearly there is still a lot to do, but I believe that most of the problems that ICANN has with transparency and process have to do with the complexity and the number of things it has to be doing right now and not out of intentional malice. Having said that, I have been on the board less than 4 months and still have a lot to learn. But I'll keep you posted.

Life is too short to get trapped in what Borges called a "repetition of repetitions" - although after .info four years ago and now .pro that is what it feels like... a labyrinth of registration agreements and broken processes, where you meet yourself coming back from a previous repetition, or await a response from this CEO or the last one, with the prospect of hearing from neither.

Therefore this is my final post on .Pro (which I have sent to the ICANN Board and relevant ICANN staff).

I recognise that they are engaged in a step-by-step process with the .Pro issue.

I believe that enforcement should (if necessary) be applied in the case of RegistryPro on the grounds that (I believe) they have breached the ICANN-Registry Agreement.

Just to clarify: the issue I think should be investigated is not 'failure to undertake verifications'... it is 'failure to uphold the central and stated principles and purposes of the Agreement, and misuse of the verification processes to bypass the stated purposes of the Agreement.'

In short, the problem that concerns me is not lack of use of the verification processes, but misuse of them.

The Registry Agreement makes such clear statements of the intention of a "restricted" registry using verification for the purposes of 'keeping unchecked people out', and in practical terms RegistryPro appear to me to have broken their Agreement by ignoring the clear *intentions* of the Agreement and its Verification processes, by actually using verification (1000+ verifications of the same proxy Registrar) to give unchecked people access to domain names reserved for specific sets of professionals. These people, in the words of EnCirca, become the "owners" of these domains. They can use them, sell them, renew them, develop them. The Agreement, in my opinion, has been broken - breach of its clear purposes and intended outcomes, and misuse of its verification processes to bypass the basic intentions of the Agreement.

The Registry Agreement is so clear about its purposes, that misuse of the verification process in such a way as to 'let in' rather than 'keep out' unqualified and unchecked customers, may be regarded as a breach of the Agreement. RegistryPro are responsible for endorsing and activating these proxy registrations and the effects these have on the Registry Agreement.

I have suggested to Tina Dam in her investigation of EnCirca and RegistryPro, that she asks:

1. Did either party consult ICANN about the implications of this "Proxy" device?

2. Did EnCirca carry out any kind of check or verification about their customers? The answer is 'No' - you just had to pay $49 and click.

3. Did RegistryPro take any steps to curb the inflow of registrations on behalf of unqualified customers?

4. How many .Pro registrations were there, in total, up to the end of December 2004? How many .Pro registrations were there by the end of March 2005?

5. Was RegistryPro satisfied that this flood of new registrations was in keeping with the purposes and intentions of the Registry Agreement?

... and later in the process...

6. Will RegistryPro agree to stop this Proxy 'device' with immediate effect, until a consensus has been arrived at?

7. Will RegistryPro agree to amendments that ICANN might propose to their Agreement?

8. Will RegistryPro agree to stop all Proxy registrations through registrars, unless the actual customers have been verified?

9. Will RegistryPro agree to check and verify all actual customers (not the registrar proxy), at the latest, at the annual renewal when such checks would be due?

... and enforcement if necessary ...

If RegistryPro do not agree to negotiate a settlement with ICANN, to reclaim the clearly-stated purposes of this restricted sTLD, will ICANN intervene with measures on the grounds of breach of contract/agreement, and misuse of its verification processes to bypass the basic intentions of the Agreement.

* * * * * * * * * * * * *

I have urged the firmest action (rationally and step-by-step) because otherwise this restricted registry will be opened up more and more, and the precedent of "proxy registration" will have been established for any other restricted sTLD where a registrar or registry chooses, in the future, to circumvent the original purposes and intentions of their Registry Agreement.

Basically, the .Pro Registry Agreement was abundantly clear about the purpose and intentions of its verification processes. Those verification processes did not exist in isolation to be used any way people wanted. They existed *in the context of the Agreement's purposes* to uphold those clearly-expressed purposes of restricting access to the TLD to specific and exclusive sets of professionals.

The bottom line is: ICANN knows this. RegistryPro knows this. EnCirca knows this. What we have is a loophole through one element of the Registry Agreement. This loophole, consciously exploited for profit, does not nullify the greater expectations and requirements of the rest of the Agreement, of which the verification process was merely a subsidiary part.

Yours sincerely,

Richard Henderson

* * * * * * * * * * * * *

Postscript - "Compromises"

To be fair to the integrity of some people I have discussed this matter with, I will end with their counter-argument. If ICANN - beset by bigger battles and more pressing issues - seeks a compromise on this issue, because of pressure on staff and resources, then the best compromise proposed by people I have discussed this with (not my position, theirs) is that ICANN should allow time to pass so that the present commotion dies down, and then they agree with RegistryPro that domains at the 2nd Level will be opened up to help make the .Pro project financially viable, while certain 3rd Level combinations are reserved for a range of professions. This, they would argue, would respond to market demand and help to make .Pro more viable, not less viable. I don't agree with this line of argument, for all the reasons I have set out above and my concern for integrity of process and the future of sTLDs, but ICANN may decide to consider this 'compromise' along with the option of taking firmer action. My concern is that this will irreparably damage the exclusive purpose and identity of .pro. The proponents of this compromise say that it would strengthen .Pro, citing the small number of registrations, and the vulnerability of the project before EnCirca started its unilateral process.

Most of that nonsense about the allocation processes and supposed usage of TLDs, sponsored or otherwise, could be avoided if registrations were done at the root level.
We'd then finally get rid of the fairly useless and superannuated notion of a TLD, except for the ccTLDs, which have solid and useful semantics, unlike .com, .pro etc.

1 TrackBacks

Listed below are links to blogs that reference this entry: .Pro problems.

TrackBack URL for this entry:

VeriSign have responded angrily to recent complaints about a recent Telcordia report, which recommended the company to continue administrating the .net domain names. VeriSign have effectively been handed a continued administration of the .net domain n... Read More