Raising The Curtin

It’s worthwhile reminding ourselves that in the 2001/2002 period, the registry was in considerable disarray. Mike had departed, the company was in serious financial trouble, and because of the position of the people involved and the scale of the events, a gigantic question mark hung over almost everything the registry had done for the past few years. For example, Mike’s son had been a registrar; had he been able to take advantage of his relationship to register domains that should not have been registered? Would the registry, akin to the British spy agencies after Philby, waste endless time in second-guessing every decision?

Thankfully, cometh the hour, and cometh the man; David Curtin, a long-time associate of KPMG and Ron Bolger, then of the IEDR’s board, agreed to help out. David had worked with KPMG in Philadelphia, then spent 8 or 9 years with the Smurfit Group in Europe, the Far East, and Glasnevin, in Dublin.

So, Ron had said to me, “Listen, we’re in dire straits here. Would you come in and give me a hand for a couple of months to try and sort this out?” KPMG had finished their report and [everyone] was asking themselves now, “How do we fix this?”.

After Mike had been suspended on full pay in October, David came in in November 2002 and took stock of the situation. The management accounts were, to put it gentle terms: “embellished, to a huge degree” and various poignant reminders of Mike’s excess, including a TouchGlobe that had been flown from Australia, and a stainless steel kiosk containing a touch-screen PC – quite rare at the time – were still extant. It was absolutely undeniable that “in every area of the business, expenditure was just completely out of control”. Perhaps, as David says, presumably trying to be maximally fair to his precedessor:

[It] was true that during the dotcom era every IPO was predicated on burning through the cash and if you weren’t spending it, you were nearly fired because you weren’t trying to buy market share.This might seem like a superficial defence, but I would certainly not have liked to have been telling Jeff Bezos, “Do not spend billions on facilities. Go off and play with your friends now!” Spending billions seems to have been the correct play, in hindsight. But a lot about the Irish experience is maybe not as immediately relevant. So, in some ways you can excuse it – it was the done thing at the time. But what happens when you are spending a lot of money in a small economy is that there are hangers on, advising on all sorts of harebrained schemes to help you spend money and that was a big problem. All those hangers-on were getting lots and lots of money, and not delivering very much for it. So it was really a combination of those two things which meant that the financials were in dire straits.

Unfortunately, the registry was actually suffering from a “triple lock”; it wasn’t just expenses that were a problem – sales and taxes were as well. According to David, “VAT and PAYE/PRSI were not being paid regularly. There were schemes of arrangement with Revenue that couldn’t have been complied with because the overdraft had gotten so high.” The company was staring bankruptcy in the face, and announced a one-and-a-bit million loss in 2002.

Fully seized of the importance and urgence of the situation, David acted quickly. Modestly, he gives a substantial portion of the credit to the registrars:

I have to say the registrars, the resellers as they were then – they were good. They were very supportive. We had a huge creditor in Delphi Technologies who had just put in an accounting system […] So there was substantial debts in a lot of those relationships and we negotiated with all of those guys to wait. Obviously, we had a rescue plan in place so they were doing it with trust, but also with a little bit of confidence about what was there was going to work. We had a new scheme of arrangement with Revenue, which was very difficult, because at least two others had already been reneged upon at that stage. But I think they were satisfied that the reputation of the people involved was going to help. We had an arrangement with Bank of Ireland that they could support us, subject to the cash coming in.

However, the biggest element that turned around the fortunes of the company was something crazily simple: changing the way the registry invoiced:

It was a total and utter mess. Nothing would do but a complete reboot:

We switched from invoicing a portfolio for a quarter of the yearly fee, in arrears, to invoicing monthly. Invoicing at the end of the month, giving 30 days credit terms, and we introduced a non-renewal process. This was a formal way of saying, “Ok, that domain is gone, fine. We’ll take it off your bill but now you owe the rest. That bill was for 20 grand. We take off 50 bucks, say, so now can we have our 1950 please?” We took away all excuses for non-paying. That stabilised the immediate bleeding, and then […] those bills began to be paid on time, and at the time of the switch, we called them the catch-up invoices -– because when we switched from on basis in arrears to the other, it was a once-off hit -– and the bigger registrars that could afford it were actually very good about paying.The top ten were very very good about paying that quickly, making that transition quickly.

He made sure that the registry exercised some simple discipline about the cashflow which has famously eluded many Irish companies before:

We just tidied things up and took away all the excuses for non- payment and just chased people more vigorously. We took on credit controllers, who were on the phones, day in and day out. And controlled expenditure. A lot of the hangers-on had all been fired, contracts terminated and so on. We changed the auditors, immediately!

David turned it around by demonstrating small, but confidence-inspiring acts – meeting repayment plans and delivering on promises generally – which allowed larger and larger sets of customers to have the confidence to make adjustments to terms which in turn made it easier for the registry to actually dig itself out of the hole.

All in all, it was an impressive turn-around that delivered the key result – the registry getting out of danger – within six months.

Yes, within six months, all those payment plans had been complied with and the debts had been cleared down. Profitability didn’t return for quite some time because there was such a massive deficit. I’d have to check the exact year, but I think it was 2004 when we completely eliminated the deficit. Now,Early 2014. we’re at a point where we have about 4 million in reserves, so that’s our shared capital, if you like. Even in the boom days, the banks wouldn’t have lent to us because we had no collateral. So, you need that cushion. The guide-line with registries is about 18 months of costs. That’s what you ought to have, free and available cash, about 18 months of costs so if you hit a bump in the road where your registrars aren’t paying you, you can survive for that length of time with that cash.

Identity as managed registry

As far as David is concerned, although the emergence of the managed registry model might well have been accidental, this stance has been continually validated, not only by internal voices as you would expect, but also by the community at large:

Epolicycles

As previously discussed, how policy is formed has long been a contentious issue for the registry-watchers amongst us. The current state of play has some useful features, but is also hobbled in one key respect:

The context [for policy formation] is that there needs to be a forum [for the community] to participate in things that impact on them and impact on the Internet. So what we have in place is the ten-step policy development process and that allows anybody to raise an issue, run a consultation, take submissions from interested parties and then to have that sort of consensus building approach to deciding on whether or not a proposal can be accepted or not.

So far, so good. In fact it could be argued that it’s a considerable improvement to the previous position, where there was a consultation process with registrars (somehow acting as proxy for all the registrants), but for various reasons those discussions tended to be between pairs of registrars, or more commonly, the registry and a particular registrar. There wasn’t the benefit of debate in the open, which as every banking inquiry follower will tell you, is a very useful mechanism to avoiding certain kinds of bad decision-making.

It might even be particularly difficult in the case of the registry, because I think it’s fair to say that there is an inherent conflict between the fact that a relatively small set of people are highly interested in what’s going on – a specific example being the registrars – and the fact that the registry undeniably has some sort of national obligation. It makes for awkward structures. For example, suppose the registry were to remove the current board membership tomorrow, and replace them with resentatives from the top ten registrars. Those registrars have a big stake in the success in the registry, which is good – there is, to my mind, an overwhelming obligation to consult them on any moves of significance – but on the other hand, they also have an immediate financial reward if the registry were to (say) completely relinquish the managed registry model and declare a free-for-all to- morrow. This reward is probably less today than it would have been in the past, but it certainly still exists. Furthermore, although the top ten registrars presumably includes much of the interest group that really has a significant stake in the behaviour of the registry, it doesn’t include everybody, and such a board composition would clearly exclude some entities with relevant opinions – for example, the public sector and indeed the public itself. The tension between consulting with a small number of entities with a large stake and a large number of entities with a small stake has not been successfully resolved. However, there has been progress, of a kind. According to David, a big transition in the recent past has been:

[…] the board accepting that [policy development] is bottom-up, consensus driven and not top-down from the board. Before that, the initiatives probably came from the CEO, or registrars. […] But the board have accepted now that anyone can raise an issue and that’s why the ten-step policy development process is there. Any organisation, any company, any individual, can raise an issue and people can express their views on it.

Welcome as it is, the ten-step policy development process that David refers to was initiated in 2009, and as of the time of writing, has been exercised a grand total of no (zero) times. It is difficult to know whether this is because there is actually nothing worth requesting change for, or because it is perceived that there is no likelihood of actual change. There are other routes, also: ComReg have regular liaison meetings with the registry, and there is a conduit there for commentary and complaint if people talk to ComReg directly. But ultimately, it may well be as David says: “… it might be that [the process] has taken the sting out of [policy development] or it could just be that people have other things to think about.”

As we’ll see below, most of the practical problems are resolved; the machine ticks on, registering things. The hive mind of the Irish Internet may well – on average – have moved on elsewhere. Although it makes a change from how things here usually go, it is a little unsatisfying to have an Irish institution which works well in practice, but not in theory.

The comparison with how other countries do it is also interesting:

As part of all of that, what you see in other countries is that you have a Policy Advisory Board or Policy Advisory Committee. So a good few years ago, our board said, “Sure. We have no objection to that; we should have a committee that addresses the board on technical or other issues.” Actually, it was dealt with in the Comreg consultation in 2008. Then the problem with setting it up is that Comreg were to participate in it. We wanted them to have a role and verbally they said they would have a role but they wouldn’t [actually] commit to it. So when we drafted up the terms of reference for the PAC, we gave it to Comreg. They signed off on it. We had that in writing. And there was a consultation with the registrars as well. And initially there was no sign-off process for Comreg. Some registrars said that gave too much power to the IEDR – i.e., “What’s the point of having a PAC if it is just an extension of the board and you still have what some would call unfettered powers?”

If there’s nothing binding, of course, it’s a little difficult to make the argument that participation is worthwhile. Yet the registry needs executive function, needs to be actually able to do things, without being torn apart by external forces. (The internal ones would be bad enough, I imagine.) It seems that the approach was to try to get the regulator-to-be to have board representation:

So from that point of view, we built into the terms of reference that Comreg would have a role in appointing a chairman, in dismissing a chairman, in setting the rules and so on and so on. Comreg signed off on that but when it came time to appoint a chairman, they baulked. And they baulked because they said, “Look, we haven’t pulled the trigger on the statutory instruments yet, to give effect to us regulating you.” So that continued on for a long, long time. We were pressing, pressing, pressing. In the end, the board said, “Look, we just have to amend the terms of reference now and take Comreg out of the equation in terms of appointing a chairman.” So that was done last year.2013, I believe. So, one might target this year to kick off that Policy Advisory Committee,As of this point in 2016, the IEDR PAC exists, has policies going through it, and does indeed appear to be functional. set it up and just run it and then if Comreg participate they do, and if they don’t, you can’t encourage them anymore to come to the table.

But this difficulty with government, or regulation, apparently from the consuming side – imagine that, actually wanting more presence from your regulators – also turns out to have played a part in perhaps the largest fly still in the fundamental ointment of the registry. The question of the delegation. David almost winces as he talks about this, but he is at least man enough to admit the situation with the registry being operationally responsible for registering domains, but not formally responsible, is … unusual, to say the least. The ICANN delegated endpoint is still UCD:

Yes. So my understanding is as follows: that there was a Transfer of Undertaking document prepared, which spun out the physical registry out of UCD and that involved the transfer of all the assets, transfer of the employees, from the campus at UCD, to a new entity called Irish Domain Name Registry Limited and the company moved down to Sandycove. So that Transfer of Undertaking kicked that off and in practice that separated out all the physical stuff, but the primary name service stayed in UCD. All the other assets were physically moved to Sandycove. You are right that the delegation remained with UCD. The intention at the time was that it would be transferred fairly quickly from UCD over to the Registry. That was around July 2000 that all of that happened. I think what [happened] then was an element of bureaucracy in terms of getting the Department, the solicitors, ICANN, IEDR, to try and move that process along, in the context where you had a new company being set up and probably didn’t have the structures and processes and so on, that even [a younger] ICANN would have looked for. So it got delayed until 2002 and then unfortunately things took a turn for the worse. [All] that substantially delayed it. When that was resolved, which you could say was within six months, within twelve months certainly legally and all other issues had been dealt with, we returned to the Department to try and address the issue and then they talked about new legislation coming.

At that stage, the Department seems to have been minded to roll a whole bunch of changes together into a new Communications Bill, becaue the Eircom situation had to be handled, and Comreg wanted a new fining threshold to “encourage” Eircom to do things. At that time, they could only levy fines of a relatively small amount of money, and it needed to be a percentage of turnover instead. As it happens, that “didn’t become a bill until ’05. It became an act in ’07.”

All the time we were pressing government periodically – not continuously, but periodically – to address this anomaly because at this stage the Registry was running very successfully. Operationally there were no more issues. There were no more complaints. The Department weren’t hearing from registrars or anybody else. Neither was Comreg. We said “The evidence is that we’re running the Registry properly. Can you please deal with delegation?” The Department said they were waiting on the legislation. That passed the ball to Comreg. Comreg needed time to familiarise themselves. When they were familiar they said, “No. Let’s wait. We want to do a consultation.” Then they did that in ’08. They issued their report in ’09. Then we said, now, finally, the community has said ok on the registry model. We’ve got some issues but other than that, things are not running too badly, thank you very much. And then Comreg raised an issue that’s called the Data Escrow issue, where they wanted an escrow agreement. We worked with them for a while to see if we could. Then when we couldn’t, we set up one with HEAnet. Comreg weren’t happy with that. So at that point we thought we had done absolutely all we can so we went ahead and submitted a document to ICANN, asking them to deal with delegation, with letters of support from more than 50 per cent of the registrars and no objections from the remainder. Support from the IAA, not the ISPAI but IBEC: etcetera, etcetera. We had a whole bunch of support letters and then as the process requires, ICANN wrote to the government to say, “Can you give this your approval?” and government wrote back and said, “Actually, we’re looking at Internet Governance in Ireland so we’d like to wait.”

David paused.

And unfortunately, we have been waiting since then.

Dear reader, I am experienced with the speed of movement of highly consultative processes, such as one finds in government, but that’s really quite a long period of time indeed, if you count up the years.

We haven’t pressed them in the last year and a half, or thereabouts, but it still rankles that we are running the Registry very successfully, with all the best practice policies and procedures, disaster recovery plans, business continuity, top 1/3 of the premiership of CCTLDs and still they say “No, we’re still waiting.” Always waiting. Always looking to do something else, rather than make even an interim decision, because ICANN wrote to them. ICANN said in their correspondence, “Listen, this is not forever. You can agree to appoint these guys and then you can run a process or a tender and you can appoint somebody else in a year’s time or in two years time.” So from the delegation point of view, yes, UCD is still listed as the holder of the delegation. Operationally, we have continued with business as usual, because we have to. We have been running the servers for fourteen years and we think delegation should go through and it hasn’t. And in the meantime, UCD has had no operational involvement since, I’m going to say 2000, plus the period required to deal with the Fagan issue in ’02, because at the time, the Secretary in UCD, John Coleman, was very familiar with the background and setting up of the company and so on, so he was drawn into that. But other than that involvement, on that issue, UCD stepped right back from anything to do with policy, procedure, infrastructure, etcetera, etcetera. So the primary name server isn’t in UCD anymore. That’s in the data centre. So, there’s nothing for UCD except potential exposure if somebody decided to sue them for something that the Registry might have done.

It’s difficult to understand why the government’s (which I guess is really the regulator’s, but who knows) position is the way it is. I guess that there is nobody dying because of it, so no immediate action is required. But it’s certainly, at the very least, an inelegant configuration. Additionally, from UCD’s perspective, I can imagine that in the first instance they wish to limit their exposure to lawsuits or similar difficulties.

Perhaps that wish to prevent unpleasant exposure is behind the significant UCD-based representation on the board?

No, because at the time of the spin-out, UCD helped to set up the board and provided for the Department to have a seat at the board and then representatives from industry. But once that happened then, those directors were appointed. All their fiduciary duties are about the interests of the company and the namespace, so they have no link back to UCD.

Well, there still are a number of people with links to UCD on the board (as of the time of interviewing):

Yes: we have Prof. Scanlon. Obviously he is a Professor in UCD. Also, Dr. Pat Frain, who’s still retired from UCD. But the point is that even though there are ex-UCD people, appointed by UCD, there’s no link. There’s no direct connection. Other than that, you have Mark Dobby, who’s a retired partner from KPMG. You have Frances Buggy, who was involved in setting up the IIA, the Irish Internet Association in the early days. You have Canice Lambe, who I believe was the IBEC suggestion or candidate, suggested by IBEC at the time. We have Fergal O’Brien, who is former CEO of the Irish Internet Association until two and a half years ago. He is now CEO of Sonru. And we have Kevin McCarthy, who is ex-IDA. Who am I leaving out? That’s it. Ok. Seven board members and still one seat for the Department. We did ask them again a couple of years ago – like two years ago – if they wanted to nominate somebody. They said they’d think about it. Actually I asked Comreg as well and they said “No thank you.”

(At this point, Comreg are really coming across as waving goodbye to the benign neglect category, and accelerating fast into masterful inaction.)

So all those links with UCD have been broken and the only one that’s there is the one on paper and unfortunately, as such we’re the only Registry in Europe where the active registry operator is not the holder of the delegation. In every other country, even EURIDThe registry for .eu domain names, and therefore a non-national registry, which one might expect to have something funky going on with it. , which was set up under the EEC and has specific legislation, EURID is listed as the holder of the delegation. So, it’s just not something they particularly see as urgent.

Through the lens of “the evil that men do lives on after them”, in some ways you could see this as one of the most unfortunate consequences of the Fateful Fagan time, that at the crucial moment, it was more practical to say, “Hang on a moment, let’s wait”, and that has continued. Whereas, maybe if it had been running ok from the get-go, heads might have been cooler from the get-go.

Well, I think [the Fagan situation] was a factor, but there were others there as well. I think a big one is that the Department is very much focused on the ITU side of things, on the phone side of things. Internet was something that was … never a priority.Lots more evidence of this elsewhere on the site. And maybe it was a little bit too laissez faire and there were no structures and it was innovative and so on. My perception was that the Department liked the idea that there was this body called the ITU that would set standards that would last into perpetuity and would only need to be changed every twelve years! I think there was that view as well. And I think there was a view maybe that the Department might hold the delegation and then in the Comreg consultation – yeah I forgot. That’s an important issue. In their discussion, in their consultation document, the one, 0848, released in January ’09, Comreg said that the Department ought to hold the delegation and then have an arrangement with the IEDR as the registry operator. But the Department don’t want that. There’s even a disagreement internally to government at the moment, in that Comreg are saying we shouldn’t hold the delegation because that would be like them being the operator and the regulator, so you need that division of duties.

As I’ve said elsewhere, this stance, as traditional as it was in the fixed-line voice telecommunications world, was utterly and completely incompatible with how stuff in the Internet world was done. In many ways that battle has been fought and won, you would think, but it still goes on in various places:

And actually at the time, I know the French government had the same view: “Why should we allow this company in California to have a say over French national namespace and our issues?” Now, since then, everyone has matured. ICANN has formalised. It’s role is accepted. The French have signed letters of exchange. They don’t have this accountability framework but they have letters of exchange that say, “We acknowledge your roles and responsibilities ICANN.” And then ICANN can give them a letter that says, “We acknowledge that you are responsible for…” and basically subsidiarity, budgets, all the national issues, setting policy and so on and so on. So ICANN says we have this role in helping with the technical operation of the internet and governments say, “Well, we’re responsible for policy, pricing and internal competition and so on and so forth.” But, we can’t get to that point of exchanging letters because only the holder of the delegation can exchange letters with ICANN and that’s UCD, and not us.

This is clearly a position which upsets David:

So, we’re like the bold child in the corner of European domain registries at the moment. We’re the only one. Even the Vatican. So it’s all highly unsatisfactory. And from a personal point of view, once the registry was through its difficulties, and I’m saying after two years, we were looking for that acknowledgement from government that we were through it. Rather than address it they said, “No, let’s wait for the legislation. We’re going with Comreg.” And then it just kept on. So all highly unsatisfactory but thankfully it hasn’t stopped innovation and hasn’t stopped the usage of the internet.

I suspect that if you accept this view of the world, and indeed there’s a lot in it that rings true to me, the nicest thing we can possibly say is that it doesn’t seem to have been an operational impedance in any way. In fact, if it was - it would probably have been dealt with before now. There’s no incentive to fix it, because although it’s broken in structure and in name, it’s operationally okay enough that there’s more important things to look at.

At the moment people are saying, “If it’s not broken…”

It was not difficult to sense across the table from me, a man who would have liked to have done more.

One interesting thing about the Irish context in the domain name business is the extent to which the small and medium businesses in Ireland have essentially ignored domains, websites, and all that e-commerce lark. Obviously the registry sees itself in the business of educating and stimulating that market, but the numeric evidence we have to hand is not encouraging.

Take, for example, the Getting Irish Business Online program,According to Michele Neylon, who would not (shall we say) be David Curtin’s biggest fan, he recommended strongly that .ie not be included in this program. He also notes that Verisign have statistics asserting that if you have a website reachable with actual content within the first sixty days of registration, this improves the renewal rate considerably. in which the registry co-operated with (full disclosure) my employer, Google. This was, in essence, a massively subsidised effort to get SMEs online in order to bring them into the whole Internet ecosystem, with (you would hope) corresponding benefits to all:

That program was targeted at the need to get, not the neophytes, not the people who are already on the web, but those who are not on at all; to try and get them on for the first time, to the point of offering a free product. The domain name was free, the hosting was free, even the three page brochureware website – that was to be provided free as well. And the underlying domain name and the preference was .ie but it could have been .com, .info, .net. The objective was to provide all that for free, to take cost out of the equation. The target was about 20,000 at the launch date, [but] I think the actual outcome was about 5,000. Of which, 2 to 2 and a half thousand about, were .ie. So pretty clearly, as far as SME’s are concerned, there is still a long way to go. There are barriers to involvement there that are still not fully indentified. It’s not just cost. It’s not complexity. So it is some combination of factors that means that the uptake is still low enough.

This is such an interesting number, because it’s not clear to me you can describe what’s happening here as fundamental resistance to technology. I highly doubt there’s a business in the country without a smartphone; if there is, it probably sells things that aren’t required in a hurry. Indeed, whoever they are, they might not be able to order their own products online, but I can almost guarantee you they can order Amazon’s.

There is another explanation, however:

I think in recent years, a lot of them are probably using Facebook. You know, “Find us on Facebook”. They are seeing that as participation and that might be fine, so instead of using the Eircom Directory, 11811 or Golden Pages, they use Facebook. But that’s not e-commerce, that’s not what Google wants, that’s not what IEDR wants, that’s not what government wants, I’m sure. What we really want is people using fully featured websites that can compete with the international websites and instead of having 4 billion of sales, of which approximately 75% is from outside the country, the idea is to have that fulfilled internally. So there is still a long way to go there.

Indeed, from a statistical point of view, comparing Ireland to other CCTLDs, the number of domains per capita (denominated in the thousands) is 40 for Ireland, comparing favourably to France and Italy, but way behind Scandinavia generally (120-215 or so), Germany and the Netherlands (120ish), and the UK somewhat (~63). Apparently:

[…] in the Netherlands you see that. You have ordinary citizens that have ten or twenty names. They have their own names registered. They have their kids. They have their grandkids. With that desire to have that presence on the internet. They regard it as their identity online, whereas here and in the UK, we just haven’t really gotten to that point yet.

As I mentioned elsewhere, one of the effects of social media has been to undermine the notion of infrastructure-provided identity, and replace it with the notion of social graph-provided identity: that is, organisations are relatively happy to dilute a “brand” (with the semi-mystical connotations that has) in return for actually better tracking of what people are saying about you, and to you. I expect we will find out what the tradeoffs are eventually.

However, our journey here has begun to overlap somewhat with the difficult topic of governmental relations with the Internet, and how Internet institutions govern themselves, so let us turn to that next.

Raising the Curtin - December 1, 2015 - Niall Richard Murphy