As a pioneer member of ISOC, former ISOC board of trustees’ member, former board of trustees’ member of PIR, and concerned member of ISOC, I have been following the communications and discussions around the sale of .ORG closely. Time to gather my thoughts and write why I think it is a bad decision on many levels.

Why would you sell?

The
first question is of course why would you sell .ORG? PIR has been
giving ISOC a reasonably stable income of roughly $45M per year. Of
course, the domain business is no longer booming and .ORG loses
roughly 3% year over year of the registered .ORG domains. However,
there is room for some moderate price increase and thus a fairly
stable income over the foreseeable future of $45 M could have been
managed.

By
selling .ORG ISOC now gets $1,135,000,000 which is a lot of money and
according to ISOC it will make sure ISOC has the same steady income
for years. However, this brings a lot of problems. First and
foremost, for me: The goals of ISOC are hard to combine with such an
amount of money. ISOC, in my view, is a non-profit that has a clear
goal of making sure the Internet is an open, accessible and
trustworthy space for everyone in the world. That is hard to do with
more than $1B in the bank.

First of all, there is the problem of the governance. When PIR was still around there were two boards of trustees to apply the checks and balances on the income for ISOC ($45 M) and to oversee that the money was not used in a fraudulent way. Both boards with distinctive governance goals. For $45 M per year that seems adequate. For managing over $1 B you need a lot more checks and balances. This requires not just an investment board or a separate executive director, but also additional checks and balances which in turn will consume almost all of the time of the ISOC BoT to manage and steer even if an additional BoT for the investment fund is installed. And thus, less focus for ISOC’s BoT on the goals.
Say there is a 0.1% error margin in budgets. With $45 M that means we are talking about $45,000, which is acceptable. With $1.135 B, 0.1% error means more than $1 M that can go awry. As I said, you need more checks and balances for that.

Second,
how do you realize a similar ($45 M) annual return on $1,135 B? That
means roughly 4% return per year. If you put the money in a savings
account, that will not deliver you such a return. (At least not
Europe and as far as google tells me, also not in the US). So it
needs to be invested. However, given the goals of ISOC, it cannot be
invested in polluting industry, weapons industry, Internet companies
etc. So, the choice of portfolio needs to be managed carefully and
from a relatively small set of possible investments. Probably one of
the best investments would be to put the money in a VC like Ethos
Capital which has found a solid Return on Investment by buying .ORG.
Oh wait…..

Thirdly,
how do you avoid the arrogance that comes with the Unicorn-like
status of being an organization “that grew into a billion dollar”.
Arrogance of that kind doesn’t become a non-profit that has
societal (not economic) goals. But it will be hard to avoid. Some of
it is already visible in the answers that ISOC gives to the questions
from members.

Fourth,
how will you remain attractive to organizational members. Will
non-profit organizational members want to spend some of their
precious money on membership of an organization that has over a
billion in the bank?

And
last, but not least, how is ISOC going to deal with all the legal
challenges that such a huge sum of money will undoubtedly attract in
the context of a US legal system that seems to encourage people to
sue deep pockets.

As an aside: Some people have argued that ISOC controlling PIR/.ORG was a conflict of interest. I disagree. The ISOC BoT appointed the PIR board. That was exactly to create enough distance. The PIR board was responsible for the (selection of) the PIR CEO and the strategic and tactical decisions. The ISOC board could only fire and appoint the PIR board.
PIR under guidance of ISOC behaved as an exemplary registry. Not exemplary in the sense of making most money, but in the sense of operating in a responsible way. PIR set examples with early adoption of DNSsec, with the pioneer implementation of IDN’s, with using anycast for fast resolving, implementing DDOS countering techniques to guarantee the availability (despite many multiple 100Gb/s attacks). PIR implemented a restocking fee to dissuade “domain squatters”, which was a big issue and point of dissatisfaction among many registrants. Most of these were not driven by a business plan based on generating more profit. They were driven by a community wish or need which PIR, on ISOC’s behalf, implemented to show the domain name world that it can be done.
All investments that will certainly not be done by Ethos capital that, despite its name, is targeted towards generating RoI.

PIR
also ventured into more social undertakings. With the bid for .NGO it
tried to build a community around .NGO for those non-profits that
needed a stronger “certification” than they could get being a
.ORG user. Yes, it failed, but at least .NGO was safeguarded from
commercialization. And no venture is without failings. (I note that
at the same time many other new TLDs failed). PIR always knew it was
bound to operate within the goals of ISOC, and it did.

Contrary to what the NYtimes reports there is a significant difference between .ORG and a .com. No, you don’t have to be a non-profit for a .ORG, but the TLD (thanks to PIR) has a good reputation and is well managed and therefore has way better scores in McAfee reports on malware/phishing in various TLDs. Non-profits value a .ORG TLD, it conveys something of their status.

So,
in my view there was no need for ISOC to sell PIR/.ORG.

How would you sell?

But,
let’s assume that I am wrong and there is some unknown compelling
reason to sell .ORG. ISOC, with goals that include “open” and
“transparent” should
not have sold .ORG behind closed doors. While I respect and
understand the need for keeping things closed, I see no reason why
the sale could not have been done in an open and public way. Possibly
many more parties would have made a bid.

Of
course, when doing so you would have been confronted with complaints
from the public before the sale. Yes, deal with it. People would have
pointed out the removal of the price cap on .ORG. And you could have
added a restriction to the sale conditions in answer. People would
have pointed out that selling to organizations that have recent
affiliations to PIR or ISOC officials should not happen. And you
could have made that a condition.

Now
we see all kinds of connections between ex-ICANN, ex-Donuts and
current Ethos and PIR staff. This may all be coincidence, but it does
not look good.

Ethos
can now raise the price of a .ORG 10% year over year with no impact
on operational costs. This will generate in the order of 100 M$/year
after 10 years. A nice profit for all involved who will be able to
buy nice houses with heated pools. The impact on the domain
registrants, ISOC argues, is not that big as the price per domain
would still be low (around $20) while at the same time domainers
would be scared away by the higher price. Yes, the impact in money
terms would be low, but the realization that my dollars will now
finance someone’s private jet rather than ISOC makes a big dent in
the trust relationship.

Oh,
and I would include a re-sell clause in the contract, such that if
Ethos re-sells within, say, three years a percentage would go to
ISOC.

Communication?

Last
but not least. For a membership organization the communication around
this has been very bad. I cannot understand that no one in the BoT
foresaw the backlash. All ISOC’s defense has been based on
repeating that this was necessary and things will be more stable now
for ISOC. I asked questions and was immediately answered multiple
times with questions from BoT members if I did not trust the BoT of
ISOC. Well frankly, I don’t. Trust needs to be earned, it cannot be
coerced. For normal ISOC business I do trust the BoT. And the
‘assurance’ given that BoT members would be crazy to make
themselves liable for legal actions. This is no assurance at all.

What now?

ISOC
needs to regain a lot of trust. It has pushed away its own community
and I am wondering if it will ever recover. At the next board
elections there will be many candidates who will be there for the
comfort of being on the BoT of a billion-dollar organization. They
will come for the thought of being close to that much money rather
than for the goals of ISOC.

I
am hoping that the CEO and BoT will rethink the sale. And if that
cannot be done because it is already committed than that adds to the
rift with the community at large. In that case I think that all
chapters and Organizational members need to rethink what they want.
Do they want to be in the comfort zone of an organization with
over $1B in the bank? And if so what checks and
balances do they want? When something goes awry with .ORG in the
upcoming years it will not be Ethos who will suffer the reputational
damage, it will be ISOC. How will we protect ISOC from that?

How do we make sure that ISOC goes back to the values rather than value.