Welcome to the Conversation

‘Profound’ Security Concerns for Internet

BUSINESSWIRE – Network Solutions, the leading provider of online solutions and domain name registration, today called on the National Security Telecommunications Advisory Committee (NSTAC) to review the proposed .com domain registry agreement between the Internet Corporation for Assigned Names and Numbers (ICANN) and VeriSign, Inc. Network Solutions asked NSTAC, which provides advice to the President on communications issues related to national security and emergency preparedness, to immediately assess the critical security concerns that the .com domain registry proposal poses for the Internet. (http://about-networksolutions.com/NSTAC_Letter.pdf )

The .com proposal is pending before the U.S. Department of Commerce for review. ICANN’s Board of Directors in February narrowly approved the agreement, which includes automatic renewal terms and up to $1.3 billion in cumulative, guaranteed price increases that would not have to be directed toward security improvements or otherwise justified. The proposal fails to provide a minimal level of ICANN oversight and security risk mitigation, omitting contractually enforceable requirements for security reporting, testing, monitoring and risk analysis.

In formally requesting the review, Network Solutions Chairman and CEO Champ Mitchell told NSTAC Chairman F. Duane Ackerman in a letter that the proposed .com agreement “will undermine critical security goals.” Network Solutions requested an NSTAC review of this domain registry proposal prior to a final decision by the Commerce Department. The letter noted that NSTAC, in its role of providing industry-based advice to the President, is compelled to review the .com proposal based on the vital domestic policy and national security concerns at issue. NSTAC consists of the CEOs of communications and network service providers and information technology, finance and aerospace companies.

“The proposed agreement essentially awards VeriSign an unregulated and perpetual monopoly over the operation of the .com Top Level Domain (TLD) registry, but is virtually silent on the issue of Internet security,” the letter said. “It does not include sufficient contractual requirements for addressing fundamental security requirements, provide for ICANN oversight of VeriSign’s security policies, or promote competition as a means of enhancing security.”

The letter states that the security oversights of the proposed agreement are in stark contrast to the U.S. government’s own contract terms for the operation of the .us country code Top Level Domain (TLD). The United States granted a contract to administer the .us TLD under competitive, rather than monopoly terms, avoiding automatic renewal provisions while stipulating monitoring and oversight provisions for security measures.

“The monopoly terms, unjustified price increases and lack of meaningful security requirements in the proposed .com agreement have real-world implications for the future security and stability of the Domain Name System,” Mr. Mitchell said. “Competition and enforceable contractual provisions are not just the best way, they are the only way to fix these security oversights. We look forward to cooperating with NSTAC in reviewing the Internet security and stability implications of this proposal.”

Network Solutions asked that NSTAC advise the Commerce Department and interested Members of Congress of its intent to handle this request, noting that “a number of members of Congress have expressed similar concerns with the proposed .com renewal agreement.”