A fishbowl with a limo tint

I have referred to the criticism and comments that the registry has attracted, more or less continually since it came to prominence as a public service.

In the early days, the primary vehicle for this was a mailing list called “IEDR Forum”, which in some ill-defined way at that point was also short-hand for the “Internet community” in Ireland – whoever felt they had a stake in the registry. That group, as poorly defined as it was, also had irregular physical meetings, and in the standard, wonderfully inclusive way that things used to be done at the time, was open to essentially anyone to subscribe and post, or turn up at meetings and speak. This started in 1996 and it lasted until 2002, when it was shut down by registry management of the time. I kept my copy of it, so although it has technically been removed, I was able to review it for this book. It is a fascinating historical archive.

As I said earlier, the rules was a constant topic of discussion then, and indeed even today, so as you might expect, discussion about the rules was rampant. Again, hardly surprising to anyone who’s dealt with the Internet for more than .02 of a picosecond, supposition and speculation was the order of the day on the list. The nice thing was that the speculation could sometimes thankfully be refuted by the author of the rules themselves, or otherwise people with direct knowledge of the matter. One example is Dr. O’ Reilly responding to speculation about the famous “one domain per holder”See previous article. rule, in this email, when he responds to Ross Chandler’s speculation about the reason:

“This dates from when the ie TLD was run by volunteers and provided the service for free. The rule presumably helped to keep the work load to manageable proportions for a longer period than otherwise would have been the case […]”

with the simple and typically communally-minded:

“Well, that’s an original idea! When the rules were framed, this one was based on a certain tradition of good net-citizenship and on the idea that such a restriction would reduce contention for names.” It may have reduced contention for names on some axes, but it created much more of it in others, as discussed previously.

When the ODPH rule was removed, the response on the mailing list was swift and, perhaps not unexpectedly, commercially focused. Here is Nigel Phillips, a domain salesperson in Ireland On-Line on the repeal of ODPH:

“Brilliant, and long over due. Sales departments have a way of using up available allocations though. How about 25-50. More money to be made for everyone that way.” See this email.

(Well, at least you knew where you stood.)

Whatever about the straitjacket of ODPH, at least at the registry was operating honestly enough to be suffering from the inconvenience of those rules itself. For example, under the ODPH rule, the registry itself would have liked to have a domain, but because it was part of UCD did not qualify for an additional one. Although I would in no way choose to represent the forum as being a stakeholder communications mechanism that anyone should choose to emulate, at least at this time, issues such as this could be and were aired regularly, and there was some back and forth about the rationale for the existing situation. From time to time, things even changed – how’s that for service.

Dialog in this forum was not, however, limited to conversation about the rules. Re-reading it today, it is remarkable to what extent the registry communicates – and is held accountable for – the most minute of actions. One would in truth expect periodic or even regular complaints about poor serviceSee e.g. Alex French’s complaints in this email. just as one sees the same in forum complaints about, say, mobile operators today; any large customer-facing organisation probably expects the same.With, it must be said, the very occasional counterbalancing compliment: see e.g. this email. But the registry felt it incumbent on them not only to announce things like individual staff members getting sick – my cold virus preserved for all time! – but also e.g. detailed statements about the proposed invoicing process and schedule, all hallmarks of a substantially smaller audience yet much wider brief than other organisations. Fred Crowe of the Sunday Business Post opined – correctly, in my view – that:

Since joining this list I have been amazed at the number of posts on what I believe are IEDR internal matters. The IEDR has a job to do and should be left to get on with it without having to cope with and reply to continuous emails from numerous people who should have better things to be doing with their time and not bothering the IEDR so they can get on with setting up domains

But you have to remember, dear reader, that at this stage, the audience was really small and they (we?) all knew each other: see, for example, Mike Norris selling plane tickets to Amsterdam for a conference he clearly expected other folks to be interested in attending. This probably contributed to the overall assumption that there was a group of experts, roughly peers of each other, that felt it was appropriate to comment on the inner details of the registry as they might comment on the execution flow within a new kernel function.

However, the potent combination of (initially) familiar, relatively closed audience presented with a notionally national brief produced odder behaviour than would probably have happened otherwise. For example, when Nick Hilliard attempted to draw attention to alleged vulnerable versions of software running on Club Internet machines, Alex French responded with legal threats:

“Nick, I suggest that in future you don’t make libelous allegations about security flaws in rival companies without checking with IOL’s legal council, especially when they’re completely false.”See this email.

Perhaps the first public example of threatened legal action somehow concerning the registry, it was absolutely not the last.

The Forum also aired member reactions against the registry doing things, as well as excoriating them for doing things. Here is David Mee, then Managing Director of EUnet Ireland, making it clear exactly how contentious even the simplest steps were in those early days:

On the second issue highlighted below […], EUnet would be opposed to the release of [the list of] all domains which have been registered every month. This essentially distributes each ISP’s new customer list to everyone else which I do not believe is in the interest of any ISP. At some stage one has to believe that if guidelines are laid down, understood and accepted by ISPs, that they will be equitably applied to all ISPs.

Indeed, even registry staff, like Pat Kane – at that time, my quondam co-hostmaster – took to the forum to express their own view of the rules. In this case, Pat described the procedures of that time (which involved manual checking of registered business names) as “The Registry [working] on the basis of trust” and abhorred the outcome of being unable to operate on this basis of trust:

“If the Registry finds that it cannot accept the word of one of it’s customers then it may have to query the companies office on a constant basis.”

Which is in fact exactly what it ended up doing, and does today: good job of prediction there, Pat.

Like most governance arrangements which work well, no matter what the actual logistics are because the audience is small and knows each other, the forum was arguably functional in the 1995 - 1998ish timeframe, but with the transition to a larger interest group, larger audience, with the change in leadership, and with more money at stake, the previous model became difficult to sustain. On 4 April, 2002, the list was closed down by the IEDR. The reasons given by Mike were that the forum had become “not sufficiently representative or widespread in its membership”, and that “the tone, nature and content of some postings in the recent past demonstrate a lack of netiquette”. He additionally pointed out the IEwatch group and the IEDR’s “e-zine”, inside.ie, as more appropriate places for the direction of feedback.

Ultimately, the management of the registry – although perhaps the decision was not as corporate as that phrase suggests – was probably correct in its decision to shut the forum down in its then form, although the decision to effectively replace it with nothing was not the right decision. The criticisms were made anyway, but instead of being made in the tent, were sprayed randomly outside, broadening the audience, and that criticism often became more trenchant, precisely because of a lack of engagement.

I am also in great sympathy with the view that, given the .ie domain is in some way a national asset, it requires closer public engagement and oversight than a purely private entity. However, the trenchant criticism in public and the pointed criticism in private (witness the large number of complaints that reached the government about the IEDR in the aftermath of the spinout)See the FOI documents from the IEDR. simply lent weight to the internal arguments supporting less public engagement with the outside. If people were going to complain anyway, the registry might as well go ahead and do whatever it was going to do anyway.

However, the larger question of how oversight was to be provided, if indeed it were not to be “community” provided, has continued to dog the registry. It may well be that the answers are simple and reasonable, or simple and unreasonable but a fair accompli – yet the registry has sometimes struggled to get such members of the community as care deeply about these things to understand. Its most trenchant critics have never been convinced by more or less anything the registry has said, wherever it is on the spectrum between innocuous and incompetent.

Some Witty Thing

And, on the subject of trenchant critics, we turn to Michele Neylon, founder of Blacknight hosting company,Full disclosure: the current hoster of this site. So, I’d better be nice to him, right? one of Ireland’s better-known Internet entrepreneurs, and one of the most consistent critics of the registry.

Returning to the subject of delegation, Michele’s position on the fact that the delegation, the authority (by some definition), is not actually with the IEDR and still remains with UCD is a kind of irritated bewilderment. Despite being perhaps the foremost exponent of FOI-as-investigatory-tool when it comes to the registry’s move from UCD to Dun Laoghaire, there is much about that transition which remains under-documented, according to him:

There is no clear document outlining how or why that… that [the IEDR] came into being. In what is the actual relationship between UCD and this entity. Is this entity operating under a subcontract with UCD? Is this entity part of UCD? Is this entity, I mean, I dunno, kind of invented over coffee? Because there’s no actual legal basis for it. There’s nothing saying right, this, .ie under ICANN is delegated to UCD, it is not delegated to IEDR, never has been and oh, by the way, it will never, it will never be delegated to them.

This is not because ICANN wouldn’t necessarily do it, but because his company would not allow it:

The reality [is that] under the RFC, if you want to be a CCTLD redelegated, you have consult with significantly interested parties. In our case, we are the single largest registrar of .ie domain names on the planet. Ye ain’t gonna re-delegate a CCTLD unless you get me to sign off on it.

With the strong implication, to be clear, that Michele would not in fact sign off.

For the record, the objections are pretty simple:

I don’t… I just don’t trust them. There’s serious issues with respect to transparency, and when I’ve raised this in the past they’ve tried to sue me for defamation. I’m constantly embroiled in legal battles with them. I’m involved in three separate legal battles with them at the moment, which have all been rolled into one. In particular, with respect to transparency… they argue that because they publish an annual report covering their finances, that they’re being transparent. That’s not the transparency I’m talking about. I’m talking about transparency with respect to… to policy decisions or the lack of them, and to other operational things. I mean, for example, just to give you an idea of how messed up they are, they sent us an email about two weeks ago which was relating to policies [one where people register a domain which has the suffix .ie as part of the name]. So let’s say for example you wanted to register funky – that is, funk dot i e – the response we got back was, oh the IEDR has a policy which does not allow for this.

Michele was confused, because a number of domains of just this pattern had apparently been successfully registered previously. He received an email to the effect that IEDR management had “reviewed an internal interpretation” and was no longer supporting such registrations. Similarly, according to Michele, the IEDR apparently reversed their position on “ltd” being allowed in a domain name, and declared that it couldn’t be “ltd”, it had to be “limited”. While some of us might well shrug our shoulders and say that this was part of the price for dealing with a managed registry with complicated, at least partially non-objective rules, for which not every staff member would make a consistent decision. Michele, however, is not consitutionally inclined towards gracefully accepting this kind of situation.

Indeed, the questions of oversight and changing the rules (again, from Michele’s point-of-view, quite arbitrarily) are at the heart of what he, and others, complain most about the registry. You can see this in the responses to the Comreg consultation on domain name regulation where, in response to question 5 (“Do you agree that [the registry] should adopt a formal consultative process”), 10 respondents said different varieties of yes. Admittedly, this is a paper from 2009, but nonetheless, my intuition suggests that it is representative.

All A-Board

Another area where the IEDR has been criticised is the situation of the board. I turned to an ex-board member, Dr. Mark Keane, head of Computer Science in UCD, to clarify my thinking.

One of the things that happened, when I came into UCD as Head was that all of a sudden, I was put in tons and tons of things. I was in every Faculty because Computer Science was teaching at every Faculty. I was involved with the internal Computer board, and of course it got to the point where they needed to spin the IEDR out. So myself and a professor in Engineering called Sean Scanlon, and a few others were identified to manage that process. It was really rocky. It was one of those times where the governmental interaction didn’t help. It was a very strange entity because essentially what we wanted to do was to create a charity from day one. We wanted it to be non-profit.See the INEX model for comparison. We wanted it to be independent. It couldn’t be in the institution anymore. And yet, it was a national resource so it had to have some say-so from the government as well. We negotiated all of that and we had a board and obviously the government had, I don’t know if it was technically the case but it was implicitly the case that they could shut us down any day or take over the whole thing. Our understanding was, this could be taken off us at any point. Which was fine, as long as it was going to be done well. And of course there were positions on the Board for Marine and Communications as well, which they never took.

As David Curtin says, this difficulty with the registry really looking for guidance and the government being unable to provide it was an additional difficulty the registry didn’t really need. After all, in that department, it was really rather spoiled for choice:

[At spinoff], was where the politicking sort of started. They were really worried that we weren’t doing it right, because from the Industry side and there were continual complaints from various Internet associations and things. But these were people with huge vested interests, the registrars. They obviously wanted it to be run for their benefit or for them to run it themselves. So every week they were complaining about this and writing letters and saying, criticising us for doing all sorts of stuff. And in between, we were just trying to keep the focus, get the thing done and the big issue internally was around how it had been really restrictive, in the sense that there very few names handed out. It was a highly controlled registry, which turned out to be positive in the long run but at the time was viewed as being overly-constrained. One of the things that I was certainly conscious of and some of the other people in the spin-out phase was that the spin-out was potentially [commercially] huge. Absolutely huge. But also, a national asset. And therefore should not be owned by any individual. It had to be an independent organisational charity, with oversight by the government. If necessary owned by the government, if they wanted to do that. But they wanted to keep it at arms length because they just viewed it as toxic. There were some rocky years but I think the view now is that it is a successful registry. One of the key things is that we eventually got a really good guy in as CEO to do it.David Curtin. But the early days were really rocky, partly around poor management and partly around not handling the scale-up very well. Then there was a necessary culture change from a bunch of these guys who were overtly-restrictive to one that was much more market-orientated. But what it does regularly of course is that it takes its profit and ploughs it back into reducing the fees on things and that had started before I had left, too.Also a model in common with the INEX. But there were certainly several entities who wanted to own it, and I think we successfully navigated it so that didn’t happen. Again, that’s where the experience with the government, I thought, was very poor. Again, I felt they didn’t have the expertise. They were playing politics with us, in a sense. We were getting letters complaining to us, telling us to do things and yet they were not taking the representation up on the Board which they had, where they could have been directing that policy, which was just classically playing both sides. It was just like, “Forget it!” The first time I saw that, I couldn’t believe the extent to which it was being done. Very, very poor. Whereas they should have just said, “This is our policy.” They should have looked into it, investigated it, saw what international standards were and then either taken it over and done it themselves, or whatever. For me, again, it’s one of those things where I’m pleased I was involved in and that it is there and that it succeeded. But it was a very bruising and negative experience at the time.

I can well believe that. For the doubters, Mark does at least assert that the board tried to get the government to do the right thing:

We were asking and never got a reply. You’d get a complaint and you’d then say, “Come and engage with us” and they wouldn’t do that. But then they’d take these face-to-face meetings where they’d say all sorts of stuff but there would be no record of it! I blame the Department there. It would be useful if there was a super-ordinate authority that’s actually changing that board and having a view on it. It’s probably conservative still, relatively speaking, I’d say. This reminds me of my board experience on HEAnet; the government would give HEAnet all these jobs because they have deep technical expertise in running networks and stuff like that. You’re probably not aware of the stuff that they do. They did all of the satellite broadband for the schools. They did this sort of brokered software buying for all of the third-level sector. They did all of the specing and tendering for the super-computers around SFI. I have a lot of time for them, I think they’ve done really [well]. But it’s interesting to look at the model. What happens all the time is that it is different departments. It sits under HEA. They are responsible to HEA. It gets its money from there. But it’s under DETE and I was DETE’s nominee on the board for a while, after I came back here. But government comes up with something, something happens, “Oh broadband? We have to do broadband but we don’t know anything about it.” And the only body that is moderately close to them, that they have any link to, is HEAnet so they give it to them and they go and do it. That maybe is a model, that you have these arms-length organisations with expertise.

The IEDR does not seem to have been treated by the government in this way, but I believe Mark that this might be a useful future direction. I also regard it as a success that the IEDR was turned around, but there is, as they say, still some room for improvement.However, in this context, an insightful remark here goes as follows: “I’m quite surprised at how IEDR in its own submission to ComReg still opposes the role of ComReg, despite the legislation […] even arguing that it is ’ironic’ that ComReg “is seeking to regulate” its activities while not regulating .com and .net.” The review in which ComReg cleared the IEDR is a little open to question since neither the methodology or the diligence examination is available. For example…

The unpleasantness at the domain verification club

From an operational point of view, of course, the IEDR’s job is one which is entirely unnoticeable when it’s being done well. If nothing fails, the queries flow, and are successfully answered. In this, it is very like a number of other infrastructural support jobs – the only way people ever really notice you is when it doesn’t work.

It’s probably no surprise, then, that one of the most serious operational incidents the IEDR was ever involved with was also one which attracted yet more negative commentary. In October 2012, sitting at my desk at Google, I was surprised to be unable to complete a search. (As fast as Google websearch is on the outside, on the inside, it’s really fast.) Shortly it became clear that something more significant had happened: the DNS servers for google.ie had been changed to somewhere in Indonesia, if I recall correctly. Unsurprisingly, the story was reported in a number of places, and the IEDR itself followed up with a number of statements. Security breaches happen to almost every organisation, and if you think they haven’t happened to you, that’s probably because it has happened and you’re just not aware of it, but it was a little disappointing that the IEDR initally chose to blame registrars, when it turned out to be SQL injection on their Joomla instance. A large programme of security hardening work was undertaken in response, and no further incidents have taken place… at least, none I’ve heard of.

Thesis, Antithesis, Synthesis

The registry has had a complicated history. It’s difficult to summarise precisely what’s happened, or draw meaningful lessons from the distant past.

Nevertheless a few things do seem worthwhile highlighting.

It seems clear from the evidence to hand that being head of the registry in the late 90s was something that a number of entities wanted quite strongly, a supply of ready cash with some degree of public visibility being explicably attractive to some. It happened that Mike won that contest: others could have won. The recent unpleasantness at Windsor Terrace happened to intensify some arguments about oversight, governance models and so on, but those arguments would probably have happened anyway. Contrariwise, it is possible that the perceived necessity for taking more direct control was a reaction against both the difficulties caused by Mike, and the perceived unfriendliness of the rest of the world’s attitude to the registry.

David Curtin restored the IEDR to financial health and as reasonable a reputation as it’s ever likely to have. No-one that I’m aware of has ever questioned his personal integrity in this matter. I am personally completely convinced. Nonetheless, in discussions with him, it is somewhat readable between the lines that the inflexibility of his existing situation chafes somewhat, and that in some parallel world, he is somehow spreading his wings (or the wings of the registry) a little further. Quite what that might mean I’m not sure, but it also might not matter that much; the IEDR is definitely considerably more customer-focused than it was in the further past, so the commercial community is definitely being served, albeit (according to some of them) inconsistently.

Another reason, and a larger reason why all of this may be seen in time as irrelevant, is that the larger question of the relevance of even having a domain name is now beginning to edge into view. When multiple services – web, email, FTP, etc – used the domain name as an access key, the argument for possessing one was strong. But these days, everything is web; and there are a large number of companies or organisations who have demonstrated willingness to hand their web existence entirely off to social media companies (and one of them in particular), with apparently nary a care for branding. Just look in the Dublin coffee shop windows you go past over the next while; how many of them say www.facebook.com/OurCoolShop rather than www.OurCoolShop.ie? They have traded firmer branding for the customer tracking logistics that come with being part of the wider social graph, together with the greater engagement that clear social network presence brings. I expect this is where a large number of the smaller domain name holders will end up going.

It’s probably worth checking in with the current CEO to find out more about what’s happened with the registry in more detail.

Fishbowl with a limo tint - December 1, 2015 - Niall Richard Murphy