Erik Huizer: ISOC and the sale of .ORG

As a pioneer member of ISOC, former ISOC board of trustees’ member, former board of trustees’ member of PIR, and concerned member of ISOC, I have been following the communications and discussions around the sale of .ORG closely. Time to gather my thoughts and write why I think it is a bad decision on many levels.

Why would you sell?

The first question is of course why would you sell .ORG? PIR has been giving ISOC a reasonably stable income of roughly $45M per year. Of course, the domain business is no longer booming and .ORG loses roughly 3% year over year of the registered .ORG domains. However, there is room for some moderate price increase and thus a fairly stable income over the foreseeable future of $45 M could have been managed.

By selling .ORG ISOC now gets $1,135,000,000 which is a lot of money and according to ISOC it will make sure ISOC has the same steady income for years. However, this brings a lot of problems. First and foremost, for me: The goals of ISOC are hard to combine with such an amount of money. ISOC, in my view, is a non-profit that has a clear goal of making sure the Internet is an open, accessible and trustworthy space for everyone in the world. That is hard to do with more than $1B in the bank.

First of all, there is the problem of the governance. When PIR was still around there were two boards of trustees to apply the checks and balances on the income for ISOC ($45 M) and to oversee that the money was not used in a fraudulent way. Both boards with distinctive governance goals. For $45 M per year that seems adequate. For managing over $1 B you need a lot more checks and balances. This requires not just an investment board or a separate executive director, but also additional checks and balances which in turn will consume almost all of the time of the ISOC BoT to manage and steer even if an additional BoT for the investment fund is installed. And thus, less focus for ISOC’s BoT on the goals.
Say there is a 0.1% error margin in budgets. With $45 M that means we are talking about $45,000, which is acceptable. With $1.135 B, 0.1% error means more than $1 M that can go awry. As I said, you need more checks and balances for that.

Second, how do you realize a similar ($45 M) annual return on $1,135 B? That means roughly 4% return per year. If you put the money in a savings account, that will not deliver you such a return. (At least not Europe and as far as google tells me, also not in the US). So it needs to be invested. However, given the goals of ISOC, it cannot be invested in polluting industry, weapons industry, Internet companies etc. So, the choice of portfolio needs to be managed carefully and from a relatively small set of possible investments. Probably one of the best investments would be to put the money in a VC like Ethos Capital which has found a solid Return on Investment by buying .ORG. Oh wait…..

Thirdly, how do you avoid the arrogance that comes with the Unicorn-like status of being an organization “that grew into a billion dollar”. Arrogance of that kind doesn’t become a non-profit that has societal (not economic) goals. But it will be hard to avoid. Some of it is already visible in the answers that ISOC gives to the questions from members.

Fourth, how will you remain attractive to organizational members. Will non-profit organizational members want to spend some of their precious money on membership of an organization that has over a billion in the bank?

And last, but not least, how is ISOC going to deal with all the legal challenges that such a huge sum of money will undoubtedly attract in the context of a US legal system that seems to encourage people to sue deep pockets.

As an aside: Some people have argued that ISOC controlling PIR/.ORG was a conflict of interest. I disagree. The ISOC BoT appointed the PIR board. That was exactly to create enough distance. The PIR board was responsible for the (selection of) the PIR CEO and the strategic and tactical decisions. The ISOC board could only fire and appoint the PIR board.
PIR under guidance of ISOC behaved as an exemplary registry. Not exemplary in the sense of making most money, but in the sense of operating in a responsible way. PIR set examples with early adoption of DNSsec, with the pioneer implementation of IDN’s, with using anycast for fast resolving, implementing DDOS countering techniques to guarantee the availability (despite many multiple 100Gb/s attacks). PIR implemented a restocking fee to dissuade “domain squatters”, which was a big issue and point of dissatisfaction among many registrants. Most of these were not driven by a business plan based on generating more profit. They were driven by a community wish or need which PIR, on ISOC’s behalf, implemented to show the domain name world that it can be done.
All investments that will certainly not be done by Ethos capital that, despite its name, is targeted towards generating RoI.

PIR also ventured into more social undertakings. With the bid for .NGO it tried to build a community around .NGO for those non-profits that needed a stronger “certification” than they could get being a .ORG user. Yes, it failed, but at least .NGO was safeguarded from commercialization. And no venture is without failings. (I note that at the same time many other new TLDs failed). PIR always knew it was bound to operate within the goals of ISOC, and it did.

Contrary to what the NYtimes reports there is a significant difference between .ORG and a .com. No, you don’t have to be a non-profit for a .ORG, but the TLD (thanks to PIR) has a good reputation and is well managed and therefore has way better scores in McAfee reports on malware/phishing in various TLDs. Non-profits value a .ORG TLD, it conveys something of their status.

So, in my view there was no need for ISOC to sell PIR/.ORG.

How would you sell?

But, let’s assume that I am wrong and there is some unknown compelling reason to sell .ORG. ISOC, with goals that include “open” and “transparent” should not have sold .ORG behind closed doors. While I respect and understand the need for keeping things closed, I see no reason why the sale could not have been done in an open and public way. Possibly many more parties would have made a bid.

Of course, when doing so you would have been confronted with complaints from the public before the sale. Yes, deal with it. People would have pointed out the removal of the price cap on .ORG. And you could have added a restriction to the sale conditions in answer. People would have pointed out that selling to organizations that have recent affiliations to PIR or ISOC officials should not happen. And you could have made that a condition.

Now we see all kinds of connections between ex-ICANN, ex-Donuts and current Ethos and PIR staff. This may all be coincidence, but it does not look good.

Ethos can now raise the price of a .ORG 10% year over year with no impact on operational costs. This will generate in the order of 100 M$/year after 10 years. A nice profit for all involved who will be able to buy nice houses with heated pools. The impact on the domain registrants, ISOC argues, is not that big as the price per domain would still be low (around $20) while at the same time domainers would be scared away by the higher price. Yes, the impact in money terms would be low, but the realization that my dollars will now finance someone’s private jet rather than ISOC makes a big dent in the trust relationship.

Oh, and I would include a re-sell clause in the contract, such that if Ethos re-sells within, say, three years a percentage would go to ISOC.

Communication?

Last but not least. For a membership organization the communication around this has been very bad. I cannot understand that no one in the BoT foresaw the backlash. All ISOC’s defense has been based on repeating that this was necessary and things will be more stable now for ISOC. I asked questions and was immediately answered multiple times with questions from BoT members if I did not trust the BoT of ISOC. Well frankly, I don’t. Trust needs to be earned, it cannot be coerced. For normal ISOC business I do trust the BoT. And the ‘assurance’ given that BoT members would be crazy to make themselves liable for legal actions. This is no assurance at all.

What now?

ISOC needs to regain a lot of trust. It has pushed away its own community and I am wondering if it will ever recover. At the next board elections there will be many candidates who will be there for the comfort of being on the BoT of a billion-dollar organization. They will come for the thought of being close to that much money rather than for the goals of ISOC.

I am hoping that the CEO and BoT will rethink the sale. And if that cannot be done because it is already committed than that adds to the rift with the community at large. In that case I think that all chapters and Organizational members need to rethink what they want. Do they want to be in the comfort zone of an organization with over $1B in the bank? And if so what checks and balances do they want? When something goes awry with .ORG in the upcoming years it will not be Ethos who will suffer the reputational damage, it will be ISOC. How will we protect ISOC from that?

How do we make sure that ISOC goes back to the values rather than value.

Erik Huizer is CEO of GEANT, Internet Hall of Fame inductee, a pioneer member of ISOC, former ISOC Board of Trustees member and former PIR Board of Trustees member.