Overview
We are a global provider of domain name registry services and internet infrastructure, enabling internet navigation for many of the world’s most recognized domain names (“Registry Services”). Our Registry Services enable the security, stability, and resiliency of key internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .
com
and .
net
top-level domains (“TLDs”), which support the majority of global e-commerce. On December 5, 2018, we completed the sale of our rights, economic benefits, and obligations, in all customer contracts related to our Security Services business, which primarily consisted of Distributed Denial of Service (“DDoS”) Protection Services and Managed Domain Name System (“DNS”) Services, to NeuStar, Inc. (“Neustar”). As part of the transaction, we will continue to support the Security Services customers during the transition to Neustar over the course of 2019.
We have operations inside as well as outside the United States (“U.S.”). For certain additional information about our business, including a geographic breakdown of revenues and changes in revenues, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Item 7 and Note 7, “Revenue Recognition” of our Notes to Consolidated Financial Statements in Item 15 of this Form 10-K.
We were incorporated in Delaware on April 12, 1995. Our principal executive offices are located at 12061 Bluemont Way, Reston, Virginia 20190. Our telephone number at that address is (703) 948-3200. Our common stock is traded on the Nasdaq Global Select Market under the ticker symbol VRSN. VERISIGN, the VERISIGN logo, and certain other product or service names are registered or unregistered trademarks in the U.S. and other countries. Other names used in this Form 10-K may be trademarks of their respective owners. Our primary website is
https://www.Verisign.com
. The information available on, or accessible through, this website is not incorporated in this Form 10-K by reference.
Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), are available, free of charge, on the Investor Relations section of our website as soon as is reasonably practicable after filing such reports with the Securities and Exchange Commission (the “SEC”). The SEC maintains an internet site that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC at
https://www.sec.gov
.
Pursuant to our agreements with the Internet Corporation for Assigned Names and Numbers (“ICANN”), we make available on our website (at
https://www.Verisign.com/zone
) files containing all active domain names registered in the .
com
and .
net
registries. At the same website address, we make available a summary of the active zone count registered in the .
com
and .
net
registries and the number of
.com
and
.net
domain names in the domain name base. The domain name base is the active zone plus the number of domain names that are registered but not configured for use in the respective top-level domain zone file plus the number of domain names that are in a client or server hold status. The domain name base may also reflect compensated or uncompensated judicial or administrative actions to add or remove from the active zone an immaterial number of domain names. These files and the related summary data are updated at least once per day. The update times may vary each day. The number of domain names provided in this Form 10-K are as of midnight of the date reported.
We announce material financial information to our investors using our investor relations website
https://investor.Verisign.com
, SEC filings, investor events, news and earnings releases, public conference calls and webcasts. We use these channels as well as social media to communicate with our investors and the public about our company, our products and services, and other issues. It is possible that the information we post on social media could be deemed to be material information. Therefore, we encourage investors, the media, and others interested in our Company to review the information we post on the social media channels listed below. This list may be updated from time to time on our investor relations website.
https://www.Facebook.com/Verisign
https://www.Twitter.com/Verisign
https://www.LinkedIn.com/company/Verisign
https://www.YouTube.com/user/Verisign
https://www.Verisign.com
https://blog.Verisign.com
The contents of these websites are not intended to be incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file.
Registry Services
Registry Services operates the authoritative directory of and/or the back-end systems for all
.com, .net, .cc, .tv, .gov, .jobs,
.edu
and
.name
domain names, among others. Registry Services allows individuals and organizations to establish their online identities, while providing the secure, always-on access they need to communicate and transact reliably with large-scale online audiences.
We are the exclusive registry of domain names within the
.com, .net,
and
.name
generic top-level domains (“gTLDs”), among others, under agreements with ICANN and also, with respect to the
.com
agreement, the U.S. Department of Commerce (“DOC”). We are also the exclusive registry of domain names within certain transliterations of
.com
and
.net
in a number of different native languages and scripts (“IDN gTLDs”). As a registry, we maintain the master directory of all second-level domain names (e.g., johndoe.com and janedoe.net) in these gTLDs and IDN gTLDs. Our global constellation of DNS servers provides internet protocol (“IP”) address information in response to queries, enabling the use of browsers, email systems, and other systems on the internet. In addition, we own and maintain the shared registration system that allows ICANN-accredited registrars to enter new second-level domain names into central directories and to submit modifications, transfers, re-registrations, and deletions for existing second-level domain names (“Shared Registration System”).
In addition to our registry agreements with ICANN, we have agreements to operate the registry for the
.tv
and
.cc
country code top-level domains (“ccTLDs”) for Tuvalu and Cocos (Keeling) Islands, respectively, and to operate the back-end registry systems for the
.gov
,
.jobs,
and
.edu
sponsored TLDs, among others. These TLDs are also supported by our global constellation of DNS servers and Shared Registration System.
We also provide internationalized domain name (“IDN”) services that enable internet users to access websites in characters representing their local language. Our gTLDs and ccTLDs can support standards-compliant registrations in over 100 different native languages and scripts.
We also perform the root zone maintainer function under an agreement with ICANN for the core of the internet’s DNS and operate two of the 13 root zone servers that contain authoritative data for the very top of the DNS hierarchy.
Domain names can be registered for between one and 10 years. The fees charged for
.com
,
.net
and
.name
may only be increased according to adjustments prescribed in our agreements with ICANN over the applicable term. Revenues for
.cc
and
.tv
domain names and our IDN gTLDs are based on a similar fee system and registration system, although the fees charged are not subject to the same pricing restrictions as those imposed by the DOC on
.com
, or ICANN with respect to
.net
and
.name
. The fees received from operating the .
gov
registry are based on the terms of Verisign’s agreement with the U.S. General Services Administration. The fees received from operating the
.jobs
registry infrastructure, and that of others for which Verisign provides such services, are based on the terms of Verisign’s agreements with those respective registry operators
.
Historically, we have experienced a higher volume of domain name transactions in the first quarter of the year compared to other quarters. Our quarterly revenue does not reflect these seasonal patterns because the preponderance of our revenue for each quarterly period is provided by the ratable recognition of our deferred revenue balance. The effect of this seasonality has historically resulted in the largest amount of growth in our deferred revenue balance occurring during the first quarter of the year compared to the other quarters.
Security Services
As described above, the Company sold its Security Services customer contracts to Neustar on December 5, 2018. Security Services was primarily comprised of DDoS Protection Services and Managed DNS Services.
DDoS Protection Services supports online business continuity by providing monitoring and mitigation services against DDoS attacks. Customers include financial institutions, software-as-a-service providers, e-commerce providers, and media companies. Customers pay a subscription fee that varies depending on the customer’s network requirements.
Managed DNS Services is a hosting service that delivers DNS resolution, improving the availability of web-based systems. Customers include financial institutions, e-commerce, and software-as-a-service providers. Customers pay a subscription fee that varies based on the amount of DNS traffic they receive.
Operations Infrastructure
Our operations infrastructure consists of three secure data centers in Dulles, Virginia; New Castle, Delaware; and Fribourg, Switzerland as well as more than 160 resolution sites around the world. Our domain name servers provide the associated authoritative name servers and IP addresses for every
.com
and
.net
domain name on the internet and a large number of other TLD queries, processing more than 152 billion queries daily. These secure data centers operate 24 hours a day, supporting our business units and services. The performance and scale of our infrastructure are critical for our business, and give us the platform to maintain our leadership position. Key features of our operations infrastructure include:
|
|
•
|
Distributed Servers:
We operate a large number of high-speed servers globally to support localized capacity and availability demands. In conjunction with our proprietary software, processes and procedures, this platform offers rapid failover, global and local load balancing, and threshold monitoring on critical servers.
|
|
|
•
|
Networking:
We deploy and maintain a redundant and diverse global network, maintain high-speed, redundant connections to numerous internet service providers, and maintain peering relationships globally to ensure that our critical services are readily accessible to customers at all times.
|
|
|
•
|
Security:
We incorporate architectural concepts such as protected domains, restricted nodes and distributed access control in our system architecture. In addition, we employ firewalls and intrusion detection software, as well as proprietary security mechanisms at many points across our infrastructure. We perform recurring internal vulnerability testing and controls audits, and also contract with third-party security consultants who perform periodic penetration tests and security risk assessments on our systems. Verisign has engineered resiliency and diversity into how it hosts classes of products throughout its set of interconnected sites to mitigate unknown vendor defects and zero-hour security vulnerabilities. This includes different physical security silos, which themselves are separated into bulkheads, and in which servers are located. Corporate networks are in their own physical silo. Thus, the corporate networks to which personnel directly connect are separated from the silos that house production services; administration of production gear from corporate systems must go through an internal, fortified intermediary; and account credentials used within the corporate networks are not used within the production silos, nor on the fortified systems.
|
|
|
•
|
Data Integrity:
Verisign employs both phased and systemic integrity validation operations via a number of proprietary mechanisms on all internal DNS publication operations.
|
We have continuously expanded our infrastructure to meet demands to support normal and peak system load and attack volumes based on what we have experienced historically, as well as to address projected internet attack trends.
Call Centers and Help Desk:
We provide customer support services through phone-based call centers, email help desks and web-based self-help systems. Our Virginia call center is staffed with trained customer support agents 24 hours a day, every day of the year.
Operations Support and Monitoring:
Through our network operations center, we have an extensive monitoring capability that enables us to track the status and performance of our critical database systems and our global resolution systems. Our network operations center is staffed 24 hours a day, every day of the year.
Disaster Recovery Plans:
We have disaster recovery and business continuity capabilities that are designed to deal with the loss of entire data centers and other facilities. We maintain dual mirrored data centers that allow rapid failover with no data loss and no loss of function or capacity, as well as off-continent tertiary facilities. Our critical data services (including domain name registration and global resolution) use advanced storage systems that provide data protection through techniques such as synchronous mirroring and remote replication.
Marketing, Sales and Distribution
We seek to expand our business through focused marketing campaigns and programs that target growth in the
.com
and
.net
domain name base, both domestically and in foreign markets. We offer promotional marketing programs for our registrars based upon market conditions and the business environment in which the registrars operate. We provide tools to be used by both registrars and end users to allow them to find relevant domain names. We have marketing and sales offices in several countries around the world.
Research and Development
We believe that timely development of new and enhanced services, including monitoring and visualization, registry provisioning platforms, navigation and resolution services, data services, value added services, and new and enhanced ways to ensure the security, stability, and resiliency of our services, is necessary to remain competitive in the marketplace.
Our future success will depend, in large part, on our ability to continue to maintain and enhance our current technologies and services and to develop new ones. We actively investigate and incubate new concepts and evaluate new business ideas through our innovation pipeline. We expect that most of the future enhancements to our existing services and our new services will be the result of internal development efforts in collaboration with suppliers, other vendors, customers, and the technology community. Under certain circumstances, we may also acquire or license technology from third parties.
The markets for our services are dynamic, characterized by rapid technological developments, frequent new product introductions, and evolving industry standards. The constantly changing nature of these markets and their rapid evolution will require us to continually improve the performance, features, and reliability of our services, particularly in response to competitive offerings, and to introduce both new and enhanced services as quickly as possible and prior to our competitors.
Competition
We compete with numerous companies in the Registry Services business. The overall number of our competitors may increase and the identity and composition of competitors may change over time.
New technologies and the expansion of existing technologies may increase competitive pressure. In addition, our markets are characterized by announcements of collaborative relationships involving our competitors. The existence or announcement of any such relationships could adversely affect our ability to attract and retain customers.
We face competition in the domain name registry space from other gTLD and ccTLD registries that are competing for the business of entities and individuals that are seeking to obtain a domain name registration, establish an online presence, as well as other uses of domain names, such as branded email. In addition to the gTLDs and ccTLDs we operate or for which we provide back-end registry services, there are over 1,200 other operational gTLD registries, over 250 Latin script ccTLD registries, more than 50 IDN ccTLD registries, and over 150 IDN gTLD registries. Under our agreements with ICANN, we are subject to certain restrictions in the operation of
.com
,
.net
and
.name
on pricing, bundling, marketing, methods of distribution, the introduction of new registry services, and use of registrars, that do not apply to ccTLDs and other gTLDs and therefore may create a competitive disadvantage.
To the extent end-users navigate using search engines or social media, or transact on e-commerce platforms, as opposed to direct navigation, we face competition from search engines such as Google, Bing, Yahoo!, and Baidu, social media networks such as Facebook and WeChat, e-commerce platforms such as Amazon, eBay and Taobao, and microblogging tools such as Twitter. In addition, we face competition from these social media businesses and e-commerce platforms if they are used to establish an online presence by end-users rather than through the use of a domain name. Furthermore, to the extent end-users increase the use of web and mobile applications to locate and access content, we face competition from providers of such web and mobile applications.
We also face competition from service providers that offer outsourced domain name registration, resolution and other DNS services to registries that require a reliable and scalable infrastructure. Among our competitors are Afilias plc, CentralNic Ltd., and Neustar, Inc.
Industry Regulation
The internet is governed under a multi-stakeholder model comprising civil society, the private sector including for-profit and not-for-profit organizations such as ICANN, governments including the U.S. government, academia, non-governmental organizations, and international organizations. ICANN plays a central coordination role in the multi-stakeholder system. ICANN is mandated through its bylaws to uphold a private sector-led multi-stakeholder approach to internet governance for the public benefit. The multi-stakeholder process has and will continue to create policies, programs, and standards that directly or indirectly impact or affect our business. In addition, country-level regulations, such as those implemented by China, impose additional costs on our Registry Services, can affect the growth or renewal rates of domain name registrations, and may also affect our ability to do business. Similarly, in the European Union, legislative and regulatory bodies responsible for data privacy continue to enhance and modify data privacy protections, which impacts our collection and delivery of personal data as we provide our domain name registry services, and could affect costs of operation.
As the exclusive registry of domain names within the
.com
and
.net
gTLDs, we have entered into certain agreements with ICANN and, in the case of .
com
, the DOC under a Cooperative Agreement.
.com Registry Agreement
Following the extension of the
.com
Registry Agreement on October 20, 2016, the
.com
Registry Agreement provides that we will continue to be the sole registry operator for domain names in the
.com
gTLD through November 30, 2024. As part of the extension of the
.com
Registry Agreement, the Company and ICANN agreed to cooperate and negotiate in good faith to amend the terms of the
.com
Registry Agreement: (i) by October 20, 2018, to preserve and enhance the security and stability of the internet or the
.com
TLD, and (ii) as may be necessary for consistency with changes to, or the termination or expiration of, the Cooperative Agreement. ICANN and Verisign are engaged in discussions related to these obligations, including modifying the .
com
Registry Agreement based on changes to the Cooperative Agreement arising from Amendment 35. On a quarterly basis, we pay $0.25 to ICANN for each annual increment of a domain name registered or renewed during such quarter. We are required to comply with and implement temporary specifications or policies and Consensus Policies, as well as other provisions pursuant to the
.com
Registry Agreement relating to handling of data and other registry operations. The
.com
Registry Agreement also provides a procedure for Verisign to propose, and ICANN to review and approve, additional registry services.
The
.com
and
.net
Registry Agreements with ICANN contain a “presumptive” right of renewal upon the expiration of their current terms. ICANN could terminate or refuse to renew our .
com
and/or
.net
Registry Agreements if, upon proper notice, (i) we fail to cure a fundamental and material breach of certain specified obligations, and (ii) we fail to timely comply with a final decision of an arbitrator or court. See “Risk Factors - Risks arising from our agreements governing our Registry Services business could limit our ability to maintain or grow our business” in Part I, Item 1A of this Annual Report on Form 10-K for further information. Our
.com
and
.net
Registry Agreements contain obligations to provide access to our systems, restrictions on our ability to market and bundle our products and services, and restrictions on our ability to control our registrar channel or own a registrar.
Cooperative Agreement
Verisign and the DOC entered into Amendment 35 of the Cooperative Agreement on October 26, 2018, which, among other items, extends the term of the Cooperative Agreement until November 30, 2024. The Cooperative Agreement will automatically renew on the same terms for successive six-year terms unless the DOC provides written notice of non-renewal 120 days prior to the end of the then-current term. Under Amendment 35, standard renewals of the .
com
Registry Agreement with ICANN will not require further DOC approval, although any additional changes to the pricing section other than as approved in Amendment 35, changes to the vertical integration provisions, the functional or performance specifications (including the SLAs), the conditions for renewal or termination, or to the Whois service, as set forth in the Amendment 35, would require further DOC approval. As was the case with prior amendments, the DOC’s approval of Amendment 35 was not intended to confer federal antitrust immunity on Verisign with respect to the .
com
Registry Agreement.
Under Amendment 35 to the Cooperative Agreement, the Maximum Price (as defined in the
.com
Registry Agreement) of a
.com
domain name may be increased without further DOC approval by up to 7% in each of the final four years of each six-year period. The first such six-year period begins on October 26, 2018. The changes to the Maximum Price under Amendment 35 are not effective until such price increases are incorporated in the
.com
Registry Agreement with ICANN. Further, we are entitled to increase the Maximum Price of a
.com
domain name due to the imposition of any new Consensus Policy or documented extraordinary expense resulting from an attack or threat of attack on the Security or Stability of the DNS as described in the
.com
Registry Agreement, provided that we may not exercise such right unless the DOC provides prior written approval that the exercise of such right will serve the public interest, such approval not to be unreasonably withheld. The Cooperative Agreement further provides that we shall be entitled at any time during the term of the
.com
Registry Agreement to seek to remove the pricing restrictions contained in the
.com
Registry Agreement if we demonstrate to the DOC that market conditions no longer warrant pricing restrictions in the
.com
Registry Agreement, as determined by the DOC. Also, under Amendment 35, we clarified that the restrictions in the
.com
Registry Agreement relating to vertical integration apply solely to the .
com
TLD. As to the .
com
TLD, we are not permitted to acquire, directly or indirectly, control of, or a greater than 15% ownership interest in, any ICANN-accredited registrar that sells .
com
domain names. In addition, under Amendment 35, we have agreed to continue to operate the .
com
TLD in a content-neutral manner and to work within ICANN processes to promote the development of content-neutral policies for the operation of the DNS.
.net Registry Agreement
We entered into a renewal of our .
net
Registry Agreement with ICANN that was effective on July 1, 2017. The
.net
Registry Agreement provides that we will continue to be the sole registry operator for domain names in the
.net
TLD through June 30, 2023.
Root Zone Maintainer Service Agreement
In the fourth quarter of 2016, we entered into a new agreement with ICANN, the Root Zone Maintainer Service Agreement (“RZMA”) under which we perform the Root Zone Maintainer functions on behalf of ICANN. The RZMA will expire on October 19, 2024, with an automatic renewal, unless earlier terminated.
The descriptions of the
.com
Registry Agreement, the Cooperative Agreement, and the
.net
Registry Agreement are qualified in their entirety by the text of the complete agreements that are incorporated by reference as exhibits in this Form 10-K.
Intellectual Property
We rely on a combination of copyrighted software, trademarks, service marks, patents, trade secrets, know-how, restrictions on disclosure, and other methods to protect our proprietary assets. We also enter into confidentiality and/or invention assignment agreements with our employees, consultants and current and potential affiliates, customers and business partners. We also control access to and distribution of proprietary documentation and other confidential information.
We have been issued numerous patents in the U.S. and abroad, covering a wide range of our technologies. Additionally, we continue to file numerous patent applications with respect to certain of our technologies in the U.S. Patent and Trademark Office and internationally. Patents may not be awarded with respect to these applications and even if such patents are awarded, such patents may not provide sufficient protection of our intellectual property. We continue to focus on growing our patent portfolio and consider opportunities for its strategic use.
We have obtained trademark registrations for the VERISIGN mark and VERISIGN logo in the U.S. and certain countries, and have pending trademark applications for the VERISIGN logo in a number of other countries. We have common law rights in other proprietary names. We take steps to enforce and police Verisign’s trademarks. We rely on the strength of our Verisign brand to help differentiate ourselves in the marketing of our products and services.
Our principal intellectual property consists of, and our success is dependent upon, proprietary software used in our Registry Services business and certain methodologies (many of which are patented or for which patent applications are pending) and technical expertise and proprietary know-how we use in both the design and implementation of our current and future registry services. We own our proprietary Shared Registration System through which registrars submit second-level domain name registrations for each of the registries we operate, as well as the ATLAS distributed lookup system which processes billions of queries per day. Some of the software and protocols used in our business are in the public domain or are otherwise available to our competitors, and some are based on open standards set by organizations such as the Internet Engineering Task Force. To the extent any of our patents are considered “standard essential patents,” we may be required to license such patents to our competitors on reasonable and non-discriminatory terms or otherwise be limited in our ability to assert such patents.
Employees
The following table shows a comparison of our consolidated employee headcount, by function:
|
|
|
|
|
|
|
|
|
|
|
As of December 31,
|
|
2018
|
|
2017
|
|
2016
|
Employee headcount by function:
|
|
|
|
|
|
Cost of revenues
|
281
|
|
|
288
|
|
|
324
|
|
Sales and marketing
|
84
|
|
|
133
|
|
|
143
|
|
Research and development
|
219
|
|
|
226
|
|
|
228
|
|
General and administrative
|
316
|
|
|
305
|
|
|
295
|
|
Total
|
900
|
|
|
952
|
|
|
990
|
|
We have never had a work stoppage, and no U.S.-based employees are represented under collective bargaining agreements. Our ability to achieve our financial and operational objectives depends in large part upon our continued ability to attract, integrate, train, retain, and motivate highly qualified sales, technical and managerial personnel, and upon the continued service of our senior management and key sales and technical personnel. Competition for qualified personnel in our industry and in some of our geographical locations is intense, particularly for software development personnel.
ITEM 1A.
RISK FACTORS
In addition to other information in this Form 10-K, the following risk factors should be carefully considered in evaluating us and our business because these factors currently have a significant impact or may have a significant impact on our business, operating results or financial condition. Actual results could differ materially from those projected in the forward-looking statements contained in this Form 10-K as a result of the risk factors discussed below and elsewhere in this Form 10-K and in other filings we make with the SEC.
Risks arising from our agreements governing our Registry Services business could limit our ability to maintain or grow our business.
We are parties to (i) a Cooperative Agreement (as amended) with the DOC with respect to the .
com
gTLD and (ii) Registry Agreements with ICANN for
.com
,
.net, .name,
and other gTLDs including our IDN gTLDs. As substantially all of our revenues are derived from our Registry Services business, limitations and obligations in, or changes or challenges to, these agreements, particularly the agreements that involve .
com
and .
net
, could have a material adverse impact on our business. Certain competing registries, such as the ccTLDs, do not face the same limitations or obligations that we face in our agreements. Verisign and the DOC entered into Amendment 35 of the Cooperative Agreement on October 26, 2018, which, among other items, extends the term of the Cooperative Agreement until November 30, 2024. The Cooperative Agreement will automatically renew on the same terms for successive six-year terms unless the DOC provides written notice of non-renewal 120 days prior to the end of the then-current term. Further changes to the Cooperative Agreement require the mutual agreement of the DOC and the Company.
Modifications or Amendments.
In October 2016, the Company and ICANN entered into an amendment to extend the term of the
.com
Registry Agreement to November 30, 2024 (the “
.com
Amendment”). As part of the
.com
Amendment, the Company and ICANN agreed to negotiate in good faith to amend the terms of the
.com
Registry Agreement: (i) by October 20, 2018, to preserve and enhance the security and stability of the internet or the
.com
TLD, and (ii) as may be necessary for consistency with changes to, or the termination or expiration of, the Cooperative Agreement. ICANN and Verisign are engaged in discussions to satisfy this obligation including modifying the .
com
Registry Agreement based on changes to the Cooperative Agreement arising from Amendment 35. We can provide no assurance that any new terms for the
.com
Registry Agreement that we agree to as a result of these discussions will match the changes permitted in Amendment 35 nor can we provide assurances that certain terms that we agree to will not increase the costs or risks associated with the operation of the .
com
TLD. Under Amendment 35, standard renewals of the .
com
Registry Agreement will not require further DOC approval. If, in connection with a renewal of the
.com
Registry Agreement the Company seeks any additional changes to the pricing section other than as approved in Amendment 35, changes to the vertical integration provisions, the functional or performance specifications (including the SLAs), the conditions for renewal or termination, or to the Whois service, as set forth in the Amendment 35, DOC approval is required. We can provide no assurances that such approval would be obtained.
In addition, our Registry Agreements for new gTLDs, including the Registry Agreements for our IDN gTLDs, include ICANN’s right to amend the agreements without our consent, which could impose unfavorable contract obligations on us that could impact our plans and competitive positions with respect to new gTLDs. At the time of renewal of our
.com
or
.net
Registry Agreements, ICANN might also attempt to impose this same unilateral right to amend these registry agreements under certain conditions. ICANN has also included new mandatory obligations on new gTLD registry operators, including us, that may increase the risks and potential liabilities associated with operating new gTLDs. ICANN might seek to impose these new mandatory obligations in our other Registry Agreements under certain conditions. We can provide no assurance that any changes to our Registry Agreements as a result of the above obligations will not have a material adverse impact on our business, operating results, financial condition, and cash flows.
Pricing
. Under the terms of Amendment 35 to the Cooperative Agreement, the Company and ICANN may agree to amend the terms of the .
com
Registry Agreement to permit the price of registrations or renewals of .
com
domain names to be increased by up to 7% per year in each of the final four years of each six-year period beginning on October 26, 2018. In addition, we are entitled to increase the price up to 7%, with the prior approval of the DOC, due to the imposition of any new ICANN Consensus Policies, as established and defined under ICANN’s bylaws and due process, and covering certain items listed in the .
com
Registry Agreement, or documented extraordinary expense resulting from an attack or threat of attack on the security and stability of the DNS. However, it is uncertain that these additional circumstances will arise, or if they do, whether we would seek, or the DOC would approve, any request to increase the price for
.com
domain name registrations. We also have the right under the Cooperative Agreement to seek the removal of these pricing restrictions if we demonstrate to the DOC that market conditions no longer warrant such restrictions. However, it is uncertain whether we will seek the removal of such restrictions, or whether the DOC would approve the removal of such restrictions. In comparison, under the terms of the
.net
and
.name
Registry Agreements with ICANN, we are permitted to increase the price of domain name registrations and renewals in these TLDs up to 10% per year. Additionally, ICANN’s registry agreements for new gTLDs do not contain such pricing restrictions.
Vertical integration
. Under Amendment 35, the parties clarified that the restrictions in the
.com
Registry Agreement relating to vertical integration apply solely to the .
com
TLD. As to the .
com
TLD, we are not permitted to acquire, directly or indirectly, control of, or a greater than 15% ownership interest in, any ICANN-accredited registrar that sells .
com
domain name registrations. Historically, all gTLD registry operators were subject to a vertical integration prohibition; however, ICANN has established a process whereby registry operators may seek ICANN’s approval to remove this restriction, and ICANN has approved such removal for certain other registry operators. Additionally, ICANN’s registry agreement for new gTLDs generally permits such vertical integration, with certain limitations including ICANN’s right, but not the obligation, to refer such vertical integration activities to competition authorities. If we seek to remove the vertical integration restrictions contained in our agreements, it is uncertain whether ICANN approval would be obtained. Furthermore, even if we obtain such approval, we can provide no assurances that we will enter the domain name retail market, or that we will be successful if we choose to do so. If registry operators of other TLDs, including ccTLDs, are able to obtain competitive advantages through vertical integration, and we are not, it could materially harm our business.
Renewal and Termination
. Our .
com
, .
net,
and .
name
Registry Agreements with ICANN contain “presumptive” rights of renewal upon the expiration of their current terms on November 30, 2024, June 30, 2023 and August 15, 2020, respectively. The Registry Agreements for our new gTLDs including our IDN gTLDs are subject to a 10-year term and contain similar “presumptive” renewal rights. If certain terms in our
.com
and
.net
Registry Agreements are not similar to such terms generally in effect in the registry agreements of the five largest gTLDs, then a renewal of these agreements shall be upon terms reasonably necessary to render such terms similar to the registry agreements for those other gTLDs. There can be no assurance that such terms, if they apply, will not have a material adverse impact on our business. A failure by ICANN to approve the renewal of the
.com
Registry Agreement prior to the expiration of its current term on November 30, 2024 or to approve the renewal of the .
net
Registry Agreement prior to or upon the expiration of its current term on June 30, 2023, would have, absent an extension, a material adverse effect on our business. ICANN could terminate or refuse to renew our .
com
or .
net
Registry Agreements if, upon proper notice, (i) we fail to cure a fundamental and material breach of certain specified obligations, and (ii) we fail to timely comply with a final decision of an arbitrator or court. ICANN’s termination or refusal to renew either the .
com
or .
net
Registry Agreement would have a material adverse effect on our business.
Consensus Policies
. Our Registry Agreements with ICANN require us to implement Consensus Policies and specifications or policies established on a temporary basis (“Temporary Policies”). ICANN could adopt Consensus Policies or Temporary Policies that are unfavorable to us as the registry operator of
.com
,
.net
and our other
gTLDs, that are inconsistent with our current or future plans, that impose substantial costs on our business, that subject the Company to additional legal risks, or that affect our competitive position. Such Consensus Policies or Temporary Policies could have a material adverse effect on our business. As an example, ICANN has adopted a Consensus Policy that requires Verisign to receive and display Thick Whois data for
.com
and .
net
. In addition, ICANN has adopted a Temporary Specification that establishes temporary requirements for registry operators and registrars regarding the collection, display and disclosure of Thick WHOIS data pending ICANN’s establishment of a permanent Consensus Policy. The costs of complying or failing to comply with these policies as well as laws and regulations, such as General Data Protection Regulation (“GDPR”), regarding personally identifiable information and data privacy, such as domestic and various foreign privacy regimes, could expose us to compliance costs and substantial liability, and result in costly and time-consuming investigations or litigation.
Technical Standards and ICANN processes.
Our Registry Agreements with ICANN require Verisign to implement and comply with various technical standards and specifications published by the Internet Engineering Task Force (“IETF”). ICANN could impose requirements on us through changes to these IETF standards that are inconsistent with our current or future plans, that impose substantial costs on our business, that subject the Company to additional legal risks, or that affect our competitive position. Any such changes to the IETF standards could have a material adverse effect on our business. In addition, under Amendment 35, we have agreed to continue to operate the .
com
TLD in a content-neutral manner and to work within ICANN processes to promote the development of content neutral policies for the operation of the DNS. Such policies could expose us to compliance costs and substantial liability and result in costly and time-consuming investigations or litigation.
Legal Challenges
. Our Registry Agreements have faced, and could face in the future, challenges, including possible legal challenges, resulting from our activities or the activities of ICANN, registrars, registrants, and others, and any adverse outcome from such challenges could have a material adverse effect on our business.
Governmental regulation and the application of new and existing laws in the U.S. and overseas may slow business growth, increase our costs of doing business, create potential liability and have an adverse effect on our business.
Application of new and existing laws and regulations in the U.S. or overseas to the internet and communications industry can be unclear. The costs of complying or failing to comply with these laws and regulations could limit our ability to operate in our current markets, expose us to compliance costs and substantial liability, and result in costly and time-consuming litigation. For example, the government of China has indicated that it will issue, and in some instances has begun to issue, new regulations, and has begun to enforce existing regulations, that impose additional costs on, and risks to, our provision of
Registry Services in China and could impact the growth or renewal rates of domain name registrations in China. In addition to registry operators, certain of such regulations also require registrars to obtain a government-issued license for each TLD whose domain name registrations they intend to sell directly to registrants. Any failure to obtain the required licenses, or to comply with any license requirements or any updates thereto, by us or our registrars could impact the growth of our business in China.
Foreign, federal or state laws could have an adverse impact on our business, financial condition, results of operations and cash flows, and our ability to conduct business in certain foreign countries. For example, laws designed to restrict who can register and who can distribute domain names, online gambling, counterfeit goods, and intellectual property violations such as cybersquatting; laws designed to require registrants to provide additional documentation or information in connection with domain name registrations; and laws designed to promote cyber security may impose significant additional costs on our business or subject us to additional liabilities.
To conduct our operations, we regularly move data across national borders and receive data originating from different jurisdictions, and consequently are subject to a variety of continuously evolving and developing laws and regulations in the United States and abroad regarding privacy, data protection and data security. The scope of the laws that may be applicable to us is often uncertain and may be conflicting, particularly with respect to foreign laws. For example, the European Union’s GDPR, which greatly increases the jurisdictional reach of European Union law and adds a broad array of requirements for handling personal data, including the public disclosure of significant data breaches, and significant penalties, became effective in May 2018. Other countries and other states have enacted or are enacting data localization laws regulating or limiting data collection, storage and transfer. All of these evolving compliance and operational requirements can impose significant costs for us that are likely to increase over time.
Due to the nature of the internet, it is possible that federal, state or foreign governments might attempt to regulate internet transmissions or prosecute us for violations of laws. We might unintentionally violate such laws, such laws may be modified or enforced using new or novel legal theories, and new laws may be enacted in the future. In addition, as we continue to launch our IDN gTLDs and increase our marketing efforts of our other TLDs in foreign countries, we may raise our profile in certain foreign countries thereby increasing the regulatory and other scrutiny of our operations. Any such developments could increase the costs of regulatory compliance for us, affect our reputation, expose us to liability, penalties or fines, force us to change our business practices or otherwise materially harm our business. In addition, any such laws could impede growth of, or result in a decline in, domain name registrations.
Undetected or unknown defects in our service, security breaches, defects in the technologies and services in our supply chain, and DDoS attacks could expose us to liability and harm our business and reputation.
Services as complex as those we offer or develop could contain undetected defects or errors. Despite testing, defects or errors may occur in our existing or new services, which could result in service outages, compromised customer data, including DNS data, diversion of development resources, injury to our reputation, tort or contract claims, increased insurance costs or increased service costs, any of which could harm our business. Performance of our services could have unforeseen or unknown adverse effects on the networks over which they are delivered as well as, more broadly, on internet users and consumers, and on third-party applications and services that utilize our services, which could result in legal claims against us, harming our business. Our failure to identify, remediate and mitigate security vulnerabilities and breaches or our inability to meet customer expectations in a timely manner could also result in loss of or delay in revenues, failure to meet contracted service level obligations, loss of market share, failure to achieve market acceptance, injury to our reputation and increased costs.
In addition to undetected defects or errors, we are also subject to cyber-attacks and attempted security breaches. We retain certain customer and employee information in our data centers and various domain name registration systems. It is critical to our business strategy as well as fulfilling our obligations as the registry operator for
.com
and
.net,
that our facilities and infrastructure remain secure, that we continue to meet our service level agreements and we maintain the public’s trust in the internet services that we provide. The Company, as an operator of critical internet infrastructure, is frequently targeted and experiences a high rate of attacks. These include the most sophisticated forms of attacks, such as advanced persistent threat attacks and zero-hour threats. These forms of attacks involve situations where the threat is not compiled or has been previously unobserved within our observation and threat indicators space until the moment it is launched. In addition, these forms of attacks may target specific unidentified or unresolved vulnerabilities that exist only within the target’s supply chain or operating environment, making these attacks virtually impossible to anticipate and difficult to defend against. In addition to external threats, we may be subject to insider threats, including those from third-party suppliers such as consultants and advisors, SaaS providers, hardware, software, and network systems manufacturers, and other outside vendors, or from current or former contractors or employees; these threats can be realized from intentional or unintentional actions. The Shared Registration System, the root zone servers, the root zone file, the Root Zone Management System, the TLD name servers and the TLD zone files that we operate are critical to our Registry Services operations. Therefore, attacks against third-party suppliers that provide services to our Registry Services operations could also impact our infrastructure. Despite the significant time and money expended on our security measures, we have been subject to a security breach, as disclosed in our Quarterly Report on Form
10-Q for the quarter ended September 30, 2011, and our infrastructure may in the future be vulnerable to physical break-ins, disruptions resulting from destructive malware, hardware or enabling software defects, computer viruses, attacks by hackers or nefarious actors or similar disruptive problems, including hacktivism. It is possible that we may have to expend additional financial and other resources to address such problems. Any physical or electronic break-in or other security breach or compromise of the information stored at our data centers or domain name registration systems may cause an outage of, or jeopardize the security of, information stored on our premises or in the computer systems and networks of our customers. In such an event, we could face significant liability, fail to meet contracted service level obligations, customers could be reluctant to use our services and we could be at risk for loss of various security and standards-based compliance certifications needed for operation of our businesses, all or any of which could adversely affect our reputation and harm our business or cause financial losses that are either not insured against or not fully covered through any insurance that we maintain. Such an occurrence could also result in adverse publicity and therefore adversely affect the market’s perception of the security of e-commerce and communications over the internet as well as of the security or reliability of our services.
We use externally developed technology, systems and services including both hardware and software, for a variety of purposes, including, without limitation, compute, storage, encryption and authentication, back-office support, and other functions. While we have developed operational policies and procedures to reduce the impact of security vulnerabilities in system components, as well as at any vendors where Company data is stored or processed, such measures cannot provide absolute security. Vulnerabilities in, and exploits leading to, breaches of our vendors’ technology, systems or services could expose us or our customers to a risk of loss or misuse of Company data, including but not limited to sensitive personally identifiable information.
Additionally, our networks have been, and likely will continue to be, subject to DDoS attacks. Recent attacks have demonstrated that DDoS attacks continue to grow in size and sophistication and have an ability to widely disrupt internet services. Particularly since 2016, the size of DDoS attacks has grown rapidly, and we have successfully mitigated DDoS attacks during this time frame that are significantly larger than those we have historically experienced. While we have adopted mitigation techniques, procedures and strategies to defend against such attacks, there can be no assurance that we will be able to defend against every attack, especially as the attacks increase in size and sophistication. Any attack, even if only partially successful, could disrupt our networks, increase response time, negatively impact our ability to meet our contracted service level obligations, and generally hamper our ability to provide reliable service to our Registry Services customers and the broader internet community. We have historically incurred, and will continue to incur, significant costs to enable our infrastructure to process levels of attack traffic that are significant multiples of our normal transaction volume. Further, we are in the process of transitioning our Security Services customer contracts to Neustar. During this migration period, we will continue to operate DDoS protection services for customers that have yet to transition. These DDoS protection services share some of the infrastructure used in our Registry Services business. Therefore the operation of such services might expose our critical Registry Services infrastructure to temporary degradations or outages caused by DDoS attacks against those customers, in addition to any attacks directed specifically against us and our networks.
Changes to the multi-stakeholder model of internet governance could materially and adversely impact our business.
The internet is governed under a multi-stakeholder model comprising civil society, the private sector including for-profit and not-for-profit organizations such as ICANN, governments including the U.S. government, academia, non-governmental organizations and international organizations.
Role of the U.S. Government
. In the fourth quarter of 2016, the United States government completed a transition to the multi-stakeholder community of the historical role played by the National Telecommunications and Information Administration (“NTIA”) in the coordination of the DNS. Changes arising from this transition to the multi-stakeholder model of internet governance could materially and adversely impact our business. For example, ICANN has adopted bylaws that are designed, in part, to enhance accountability through a new organization called the Empowered Community, which is comprised of a cross section of stakeholders. ICANN or the Empowered Community may assert positions that could negatively impact our strategy or our business.
By completing the transition discussed above, the U.S. Government through the NTIA has ended its coordination and management of important aspects of the DNS including the IANA functions and the root zone. There can be no assurance that the removal of the U.S. Government oversight of these key functions will not negatively impact our business.
Role of ICANN
. ICANN plays a central coordination role in the multi-stakeholder system. ICANN is mandated through its bylaws to uphold a private sector-led multi-stakeholder approach to internet governance for the public benefit. If ICANN or the Empowered Community fails to uphold or significantly redefines the multi-stakeholder model, it could harm our business. Additionally, the Empowered Community could adversely impact ICANN, which could negatively impact its ability to coordinate the multi-stakeholder system of governance, or negatively affect our interests. Also, legal, regulatory or other challenges could be brought challenging the legal authority underlying the roles and actions of ICANN, the Empowered Community or us.
Role of Foreign Governments
. Some governments and members of the multi-stakeholder community have questioned ICANN’s role with respect to internet governance and, as a result, could seek a multilateral oversight body as a replacement. Additionally, the role of ICANN’s Governmental Advisory Committee, which is comprised of representatives of national governments, could change, and give governments more control of certain aspects of internet governance. Some governments and governmental authorities outside the U.S. have in the past disagreed, and may in the future disagree, with the actions, policies or programs of ICANN, the U.S. Government and us relating to the DNS. Changes to the roles that foreign governments play in internet governance could materially and adversely impact our business.
We face risks from our operation of two root zone servers and performance of the Root Zone Maintainer functions under the RZMA.
We operate two of the 13 root zone servers. Root zone servers are name servers that contain authoritative data for the very top of the DNS hierarchy. These servers have the software and DNS configuration data necessary to locate name servers that contain authoritative data for the TLDs. These root zone servers are critical to the functioning of the internet. We also have an important operational role in support of a key IANA function as the Root Zone Maintainer. In this role, we provision and publish the authoritative root zone data and make it available to all root server operators under an agreement with ICANN, the Root Zone Maintainer Service Agreement (“RZMA”).
As we perform the Root Zone Maintainer Services under the RZMA, we may be subject to significant claims challenging the agreement or our performance under the agreement, and we may not have immunity from, or sufficient indemnification or insurance for, such claims.
For example, DNSSEC enabled in the root zone and at other levels of the DNS requires new preventative maintenance, including root key signing key (“KSK”) rollover, necessitating functions and complex operational practices that did not exist prior to the introduction of DNSSEC. Any failure by us, ICANN, external DNS vendors and service providers, or other relying parties to comply with stated practices, such as those outlined in relevant DNSSEC Practice Statements and internet standards, introduces risk to DNSSEC relying parties and other internet users and consumers of the DNS, which could have a material adverse impact on our business. In particular, because root KSK rollover involves updates to the KSK public key (the “Trust Anchor”) and private key pair managed by ICANN’s Public Technical Identifiers (PTI) operation, to the root zone DNSSEC records published by us in our role as Root Zone Maintainer; and, to corresponding trust anchor configurations maintained by external DNS vendors and service providers’ DNSSEC-aware implementations, if such external parties are not adequately prepared for and/or do not appropriately effectuate root key updates, any root KSK rollover, including the initial rollover that occurred on October 11, 2018 at ICANN’s direction, may introduce substantial risk to relying parties. Even where we have correctly implemented our key updates, we could face potential legal claims and reputational harm if the failures described occur.
Additionally, over 1,200 new gTLDs have already been delegated into the root zone in the current round of new gTLDs. ICANN plans on offering a subsequent round of new gTLDs, the timing of which remains uncertain. We believe there are potential security and stability issues that could involve the root zone and at other levels of the DNS from the deployment of the new gTLDs that should have been addressed before any new gTLDs were delegated, and despite our and others’ efforts, some of these issues have not been addressed by ICANN sufficiently, if at all. For example, domain name collisions have been reported to ICANN, which have resulted in various network interruptions for enterprises as well as confusion and usability issues that have led to phishing and other cyber-attacks. It is anticipated that as additional new gTLDs are delegated now, or in subsequent rounds, more domain name collisions and associated security issues will occur.
The evolution of internet practices and behaviors and the adoption of substitute technologies may impact the demand for domain names.
Domain names and the domain name system have been used by consumers and businesses to access or disseminate information, conduct e-commerce, and develop an online identity for many years. The growth of technologies such as social media, mobile devices, apps and the dominance of search engines has evolved and changed the internet practices and behaviors of consumers and businesses alike. These changes can impact the demand for domain names by those who purchase domain names for personal, commercial and investment reasons. Factors such as the evolving practices and preferences of internet users and how they navigate the internet as well as the motivation of domain name registrants and how they will monetize their investment in domain names can negatively impact our business. Some domain name registrars and registrants seek to purchase and resell domain names at an increased price. Adverse changes in the resale value of domain names, changes in the business models for such domain name registrars and registrants, or other factors could result in a decrease in the demand and/or renewal rates for domain names in our TLDs. The resulting decrease in demand and/or renewal rates could negatively impact the volume of new domain name registrations, our renewal rates and our associated revenue growth.
Some domain name registrants use a domain name to access or disseminate information, conduct e-commerce, and develop an online identity. Currently, internet users often navigate to a website either by directly typing its domain name into a
web browser, the use of an app on their smart phone or mobile device, the use of a voice recognition technology such as Alexa, Cortana, Google Assistant, or Siri, or through the use of a search engine. If (i) web browser or internet search technologies were to change significantly; (ii) internet users’ preferences or practices shift away from recognizing and relying on web addresses for navigation through the use of new and existing technologies; (iii) internet users were to significantly decrease the use of web browsers in favor of applications to locate and access content; (iv) internet users were to significantly decrease the use of domain names to develop and protect their online identity; or (v) internet users were to increasingly use third level domains or alternate identifiers, such as social networking and microblogging sites, in each case the demand for domain names in our TLDs could decrease. This may trigger current or prospective customers and parties in our target markets to reevaluate their need for registration or renewal of domain names.
Some domain name registrars and registrants seek to generate revenue through advertising on their websites; changes in the way these registrars and registrants are compensated (including changes in methodologies and metrics) by advertisers and advertisement placement networks, such as Google, Yahoo!, Baidu and Bing, have, and may continue to, adversely affect the market for those domain names favored by such registrars and registrants which has resulted in, and may continue to result in, a decrease in demand and/or the renewal rate for those domain names. For example, according to published reports, Google has in the past changed (and may change in the future) its search algorithm, which may decrease site traffic to certain websites and provide less pay-per-click compensation for certain types of websites. This has made such websites less profitable which has resulted in, and may continue to result in, fewer domain registrations and renewals. In addition, as a result of the general economic environment, spending on online advertising and marketing may not increase or may be reduced, which in turn, may result in a further decline in the demand for those domain names.
If any of the above factors negatively impact the renewal of domain names or the demand for new domain names, we may experience material adverse impacts on our business, operating results, financial condition and cash flows.
Many of our markets are evolving, and if these markets fail to develop or if our products and services are not widely accepted in these markets, our business could be harmed.
We seek to serve many new, developing and emerging markets in foreign countries to grow our business. These markets are rapidly evolving, and may not grow. Even if these markets grow, our services may not be widely used or accepted. Accordingly, the demand for our services in these markets is very uncertain. The factors that may affect market acceptance or adoption of our services in these markets include the following:
|
|
•
|
regional internet infrastructure development, expansion, penetration and adoption;
|
|
|
•
|
market acceptance and adoption of substitute products and services that enable online presence without a domain, including social media, e-commerce platforms, website builders and mobile applications;
|
|
|
•
|
public perception of the security of our technologies and of IP and other networks;
|
|
|
•
|
the introduction and consumer acceptance of new generations of mobile devices, and in particular the use of internet navigation mobile applications as the primary engagement mechanism;
|
|
|
•
|
increasing cyber threats;
|
|
|
•
|
government regulations affecting internet access and availability, domain name registrations or the provision of registry services, data security or data localization, or e-commerce and telecommunications over the internet;
|
|
|
•
|
the maturity and depth of the sales channels within developing and emerging markets and their ability and motivation to establish and support sales for domain names;
|
|
|
•
|
preference by markets for the use of their own country’s ccTLDs as a substitute or alternative to our TLDs; and
|
|
|
•
|
increased acceptance and use of new gTLDs as substitutes for established gTLDs.
|
If the market for e-commerce and communications over IP and other networks does not grow or these services are not widely accepted in the market, our business could be materially harmed.
The business environment is highly competitive and, if we do not compete effectively, we may suffer lower demand for our products, reduced gross margins and loss of market share.
The internet and communications network services industries are characterized by rapid technological change and frequent new product and service announcements which require us continually to improve the performance, features and reliability of our services, particularly in response to competitive offerings or alternatives to our products and services. In order to remain competitive and retain our market position, we must continually improve our access to technology and software, support the latest transmission technologies, and adapt our products and services to changing market conditions and our customers’ and internet users’ preferences and practices, or potentially launch entirely new products and services such as new
gTLDs in anticipation of, or in response to, market trends. We cannot assure that competing technologies developed by others or the emergence of new industry standards will not adversely affect our competitive position or render our services or technologies noncompetitive or obsolete. In addition, our markets are characterized by announcements of collaborative relationships involving our competitors. The existence or announcement of any such relationships could adversely affect our ability to attract and retain customers. As a result of the foregoing and other factors, we may not be able to compete effectively with current or future competitors, and competitive pressures that we face could materially harm our business.
We face competition in the domain name registry space from other gTLD and ccTLD registries that are competing for the business of entities and individuals that are seeking to obtain a domain name registration and/or establish a web presence. We have been designated as the registry operator for certain new gTLDs including certain IDN gTLDs; however, there is no guarantee that such new gTLDs will be as or more successful than the new gTLDs obtained by our competitors. For example, some of the new gTLDs, including our new gTLDs, may face additional universal acceptance and usability challenges in that current desktop and mobile device software does not ubiquitously recognize these new gTLDs and developers of desktop and mobile device software may be slow to adopt standards or support these gTLDs, even if demand for such products is strong. This is particularly true for IDN gTLDs, but applies to conventional gTLDs as well. As a result of these challenges, it is possible that resolution of domain names within some of these new gTLDs may be blocked within certain state or organizational environments, challenging universal resolvability of these strings and their general acceptance and usability on the internet.
See the “Competition” section in Part I, Item 1 for further information.
We must establish and maintain strong relationships with registrars and their resellers to maintain their focus on marketing our products and services otherwise our Registry Services business could be harmed.
All of our domain name registrations occur through registrars. Registrars and their resellers utilize substantial marketing efforts to increase the demand and/or renewal rates for domain names as well as their own associated offerings. Consolidation in the registrar or reseller industry or changes in ownership, management, or strategy among individual registrars or resellers could result in significant changes to their business, operating model and cost structure. Such changes could include reduced marketing efforts or other operational changes that could adversely impact the demand and/or the renewal rates for domain names.
With the introduction of new gTLDs, many of our registrars have chosen to, and may continue to choose to, focus their short or long-term marketing efforts on these new offerings and/or reduce the prominence or visibility of our products and services on their e-commerce platforms. Our registrars and resellers sell domain name registrations of other competing registries, including the new gTLDs, and some also sell and support their own services for websites such as email, website hosting, as well as other services. Therefore, our registrars and resellers may be more motivated to sell to registrants to whom they can also market their own services. To the extent that registrars and their resellers focus more on selling and supporting their services and less on the registration and renewal of domain names in our TLDs, our revenues could be adversely impacted. Our ability to successfully market our services to, and build and maintain strong relationships with, new and existing registrars or resellers is a factor upon which successful operation of our business is dependent. If we are unable to keep a significant portion of their marketing efforts focused on selling registrations of domain names in our TLDs as opposed to other competing TLDs, including the new gTLDs, or their own services, our business could be harmed.
If we encounter system interruptions or failures, we could be exposed to liability and our reputation and business could suffer.
We depend on the uninterrupted operation of our various systems, secure data centers and other computer and communication networks. Our systems and operations are vulnerable to damage or interruption from:
|
|
•
|
power loss, transmission cable cuts and other telecommunications failures;
|
|
|
•
|
damage or interruption caused by fire, earthquake, and other natural disasters;
|
|
|
•
|
attacks, including hacktivism, by miscreants or other nefarious actors;
|
|
|
•
|
computer viruses, software defects, or hardware defects, both in our systems and those of our service providers and suppliers;
|
|
|
•
|
physical or electronic break-ins, sabotage, intentional acts of vandalism, terrorist attacks, unintentional mistakes or errors, and other events beyond our control;
|
|
|
•
|
risks inherent in or arising from the terms and conditions of our agreements with service providers to operate our networks and data centers;
|
|
|
•
|
interconnection and internet routing system vulnerabilities;
|
|
|
•
|
state suppression of internet operations; and
|
|
|
•
|
any failure to implement effective and timely remedial actions in response to any damage or interruption.
|
Most of the computing infrastructure for our Shared Registration System is located at, and most of our customer information is stored in, our facilities in New Castle, Delaware; Dulles, Virginia; and Fribourg, Switzerland. In 2019, we will begin transitioning some of our data center operations to a leased data center facility in Ashburn, Virginia. To the extent we are unable to partially or completely switch over to our primary alternate or tertiary sites, any damage or failure that causes interruptions in any of these facilities or our other computer and communications systems could materially harm our business. Although we carry insurance for property damage, we do not carry insurance or financial reserves for such interruptions, or for potential losses arising from terrorism.
In addition, our Registry Services business and certain of our other services depend on the secure and efficient operation of the internet connections to and from customers to our Shared Registration System residing in our secure data centers. These connections depend upon the secure and efficient operation of internet service providers, internet exchange point operators, and internet backbone service providers, some or all of which have had periodic operational problems or experienced outages in the past beyond our scope of control. In addition, if these service providers do not protect, maintain, improve, and reinvest in their networks or present inconsistent data regarding the DNS through their networks, our business could be harmed.
A failure in the operation or update of the root zone servers, the root zone file, the Root Zone Management System, the TLD name servers, or the TLD zone files that we operate, including, for example, our operation of the
.gov
registry, or other network functions, could result in a DNS resolution or other service outage or degradation; the deletion of one or more TLDs from the internet; the deletion of one or more second-level domain names from the internet for a period of time; or a misdirection of a domain name to a different server. A failure in the operation or update of the supporting cryptographic and other operational infrastructure that we maintain could result in similar consequences. A failure in the operation of our Shared Registration System could result in the inability of one or more registrars to register or maintain domain names for a period of time. In the event that a registrar has not implemented back-up services in conformance with industry best practices, the failure could result in permanent loss of transactions at the registrar during that period. Any of these problems or outages could create potential liability and exposure, including from a failure to meet our service level agreements in our Registry Agreements, and could decrease customer satisfaction, harming our business or resulting in adverse publicity and damage to our reputation that could adversely affect the market’s perception of the security of e-commerce and communications over the internet as well as of the reliability of our services or call into question our ability to preserve the security and stability of the internet.
Our operating results may be adversely affected as a result of unfavorable market, economic, social and political conditions.
An unfavorable global market, economic, social and political environment has impacted or may negatively impact, among other things:
|
|
•
|
our customers’ continued growth and development of their businesses, or their ability to maintain their businesses and continue as going concerns, which could affect demand for our products and services;
|
|
|
•
|
current and future demand for our services, including decreases as a result of reduced spending on information technology and communications by our customers;
|
|
|
•
|
price competition for our products and services;
|
|
|
•
|
the price of our common stock;
|
|
|
•
|
our liquidity and our associated ability to execute on any share repurchase plans; and
|
|
|
•
|
our ability to service our debt, to obtain financing or assume new debt obligations.
|
In addition, to the extent that the market, economic, social and political environment impacts specific industry and geographic sectors in which many end-users of our products are concentrated, that may have a disproportionate negative impact on our business.
Our international operations subject our business to additional economic, legal and political risks that could have an adverse impact on our revenues and business.
A significant portion of our revenues is derived from customers outside the U.S. Our business operations in international markets has required and will continue to require significant management attention and resources. We may also need to tailor some of our services for a particular market and to enter into international distribution and operating relationships. We may fail to maintain our ability to conduct business, including potentially material business operations in some international locations, or we may not succeed in expanding our services into new international markets or expand our presence in existing markets.
Failure to do so could materially harm our business. Moreover, local laws and customs in many countries differ significantly from those in the U.S. In many foreign countries, particularly in those with developing economies, it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. law or regulations applicable to us. There can be no assurance that our employees, contractors and agents will not take actions in violation of such policies, procedures, laws and/or regulations. Violations of laws, regulations or internal policies and procedures by our employees, contractors or agents could result in financial reporting problems, investigations, fines, penalties, or prohibition on the importation or exportation of our products and services and could have a material adverse effect on our business. In addition, we face risks inherent in doing business on an international basis, including, among others:
|
|
•
|
competition with foreign companies or other domestic companies entering the foreign markets in which we operate, as well as foreign governments actively promoting their ccTLDs, which we do not operate;
|
|
|
•
|
legal uncertainty regarding liability, enforcing our contracts, and compliance with foreign laws;
|
|
|
•
|
economic tensions between governments and changes in international trade policies;
|
|
|
•
|
tariffs and other trade barriers and restrictions;
|
|
|
•
|
difficulties in staffing and managing foreign operations;
|
|
|
•
|
potential problems associated with adapting our services to technical conditions existing in different countries;
|
|
|
•
|
difficulty of verifying customer information, including complying with the customer verification requirements of certain countries;
|
|
|
•
|
more stringent privacy and data localization policies in some foreign countries;
|
|
|
•
|
additional vulnerability from terrorist groups targeting U.S. interests abroad;
|
|
|
•
|
potentially conflicting or adverse tax consequences;
|
|
|
•
|
reliance on third parties in foreign markets in which we only recently started doing business; and
|
|
|
•
|
potential concerns of international customers and prospects regarding doing business with U.S. technology companies due to alleged U.S. government data collection policies.
|
We rely on our intellectual property rights to protect our proprietary assets, and any failure by us to protect or enforce, or any misappropriation of, our intellectual property could harm our business.
Our success depends in part on our internally developed technologies and related intellectual property. Despite our precautions, it may be possible for an external party to copy or otherwise obtain and use our intellectual property without authorization. Furthermore, the laws of foreign countries may not protect our proprietary rights in those countries to the same extent U.S. law protects these rights in the U.S. In addition, it is possible that others may independently develop substantially equivalent intellectual property. If we do not effectively protect our intellectual property, our business could suffer. Additionally, we have filed patent applications with respect to some of our technology in the U.S. Patent and Trademark Office and patent offices outside the U.S. Patents may not be awarded with respect to these applications and even if such patents are awarded, third parties may seek to oppose or otherwise challenge our patents, and such patents’ scope may differ significantly from what was requested in the patent applications and may not provide us with sufficient protection of our intellectual property. In the future, we may have to resort to litigation to enforce and protect our intellectual property rights, to protect our trade secrets or to determine the validity and scope of the proprietary rights of others. This type of litigation is inherently unpredictable and, regardless of its outcome, could result in substantial costs and diversion of management attention and technical resources. Some of the software and protocols used in our business are based on standards set by standards setting organizations such as the Internet Engineering Task Force. To the extent any of our patents are considered “standards essential patents,” in some cases we may be required to license such patents to our competitors on reasonable and non-discriminatory terms or otherwise be limited in our ability to assert such patents.
We also license externally developed technology that is used in some of our products and services to perform key functions. These externally developed technology licenses may not continue to be available to us on commercially reasonable terms or at all. The loss of or our inability to obtain or maintain any of these technology licenses could hinder or increase the cost of our launching new products and services, entering into new markets and/or otherwise harm our business. Some of the software and protocols used in our Registry Services business are in the public domain or may otherwise become publicly available, which means that such software and protocols are equally available to our competitors.
We rely on the strength of our Verisign brand to help differentiate Verisign in the marketing of our products. Dilution of the strength of our brand could harm our business. We are at risk that we will be unable to fully register, build equity in, or
enforce the Verisign logo in all markets where Verisign products and services are sold. In addition, in the U.S. and most other countries, word marks solely for TLDs have currently not been successfully registered as trademarks. Accordingly, we may not be able to fully realize or maintain the value of these intellectual property assets.
We could become subject to claims of infringement of intellectual property of others, which could be costly to defend and could harm our business.
We cannot be certain that we do not and will not infringe the intellectual property rights of others. Claims relating to infringement of intellectual property of others or other similar claims have been made against us in the past and could be made against us in the future. It is possible that we could become subject to additional claims for infringement of the intellectual property of other parties. The international use of our logo could present additional potential risks for external party claims of infringement. Any claims, with or without merit, could be time consuming, result in costly litigation and diversion of technical and management personnel attention, cause delays in our business activities generally, or require us to develop a non-infringing logo or technology or enter into royalty or licensing agreements. Royalty or licensing agreements, if required, may not be available on acceptable terms or at all. If a successful claim of infringement were made against us, we could be required to pay damages or have portions of our business enjoined. If we could not identify and adopt an alternative non-infringing logo, develop non-infringing technology or license the infringed or similar technology on a timely and cost-effective basis, our business could be harmed.
An external party could claim that the technology we license from other parties infringes a patent or other proprietary right. Litigation between the licensor and a third party or between us and a third party could lead to royalty obligations for which we are not indemnified or for which indemnification is insufficient, or we may not be able to obtain any additional license on commercially reasonable terms or at all.
In addition, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights in internet-related businesses, including patents related to software and business methods, are uncertain and evolving. Because of the growth of the internet and internet-related businesses, patent applications are continuously being filed in connection with internet-related technology. There are a significant number of U.S. and foreign patents and patent applications in our areas of interest, and we believe that there has been, and is likely to continue to be, significant litigation in the industry regarding patent and other intellectual property rights.
We could become involved in claims, lawsuits, audits or investigations that may result in adverse outcomes.
In addition to possible intellectual property litigation and infringement claims, we are, and may in the future, become involved in other claims, lawsuits, audits and investigations. For example, Afilias, a competitor and a losing bidder in the .
web
auction, filed an arbitration proceeding against ICANN on November 14, 2018, alleging that ICANN’s failure to disqualify Nu DotCo, LLC (“NDC”) from participating in the
.web
auction violated ICANN’s rules. The arbitration, which was filed more than two years after the .
web
auction took place, seeks to compel ICANN to award the .
web
TLD to Afilias. Neither Verisign nor NDC currently are parties in the Afilias arbitration, but both have filed requests to participate in the arbitration as interested parties as allowed by ICANN’s rules. We believe Afilias’ claims against ICANN are without merit. If Afilias were successful in the arbitration on its claims that ICANN violated its own rules, we believe that ICANN would still need to make a further determination to remedy such a violation. Nevertheless, it is possible that Afilias or another party could potentially become the operator of the .
web
TLD.
Litigation is inherently unpredictable, and unexpected judgments or excessive verdicts do occur. In addition, such proceedings may initially be viewed as immaterial but could prove to be material. Adverse outcomes in lawsuits, audits and investigations could result in significant monetary damages, including indemnification payments, or injunctive relief that could adversely affect our ability to conduct our business, such as our ability to obtain the .
web
gTLD, and may have a material adverse effect on our financial condition, results of operations and cash flows. Given the inherent uncertainties in litigation, even when we are able to reasonably estimate the amount of possible loss or range of loss and therefore record an aggregate litigation accrual for probable and reasonably estimable loss contingencies, the accrual may change in the future due to new developments or changes in approach. In addition, such claims, lawsuits, audits and investigations could involve significant expense and diversion of management’s attention and resources from other matters.
We continue to explore new strategic initiatives, the pursuit of any of which may pose significant risks and could have a material adverse effect on our business, financial condition and results of operations.
We explore possible strategic initiatives which may include, among other things, the investment in, and the pursuit of, new revenue streams, services or products, changes to our offerings, initiatives to leverage our patent portfolio, back-end registry services and IDN gTLDs. In addition, we have evaluated and are pursuing and will continue to evaluate and pursue acquisitions of TLDs that are currently in operation and those that have not yet been awarded or delegated as long as they support our growth strategy.
Any such strategic initiative may involve a number of risks, including: the diversion of our management’s attention from our existing business to develop the initiative, related operations and any requisite personnel, including, for example, management involvement in the transition of Security Services customers to Neustar; possible regulatory scrutiny or third-party claims; possible material adverse effects on our results of operations during and after the development process; our possible inability to achieve the intended objectives of the initiative; as well as damage to our reputation if we are unsuccessful in pursuing a strategic initiative. Such initiatives may result in a reduction of cash or increased costs. We may not be able to successfully or profitably develop, integrate, operate, maintain and manage any such initiative and the related operations or employees in a timely manner or at all. Furthermore, under our agreements with ICANN, we are subject to certain restrictions in the operation of
.com
,
.net,
.name
and other TLDs, including required ICANN approval of new registry services for such TLDs. If any new initiative requires ICANN review or ICANN determines that such a review is required, we cannot predict whether this process will prevent us from implementing the initiative in a timely manner or at all. Any strategic initiative to leverage our patent portfolio will likely increase litigation risks from potential licensees and we may have to resort to litigation to enforce our intellectual property rights.
We depend on key employees to manage our business effectively, and we may face difficulty attracting and retaining qualified leaders.
We operate in a unique competitive and highly regulated environment, and we depend on the knowledge, experience, and performance of our senior management team and other key employees in this regard and otherwise. We periodically experience changes in our management team. If we are unable to attract, integrate, retain and motivate these key individuals as well as other highly skilled employees, and implement succession plans for these personnel, our business may suffer. For example, our service products are highly technical and require individuals skilled and knowledgeable in unique platforms, operating systems and software development tools.
Changes in, or interpretations of, tax rules and regulations or our tax positions may adversely affect our income taxes.
We are subject to income taxes in both the U.S. and numerous foreign jurisdictions. Significant judgment is required in determining our worldwide provision for income taxes. In the ordinary course of our business, there are many transactions and calculations where the ultimate tax determination is uncertain. Our effective tax rates may fluctuate significantly on a quarterly basis because of a variety of factors, including changes in the mix of earnings and losses in countries with differing statutory tax rates, changes in our business or structure, changes in tax laws that could adversely impact our income or non-income taxes or the expiration of or disputes about certain tax agreements in a particular country. We are subject to audit by various tax authorities. In accordance with U.S. GAAP, we recognize income tax benefits, net of required valuation allowances and accrual for uncertain tax positions. For example, we claimed a worthless stock deduction on our 2013 federal income tax return and recorded a net income tax benefit of $380.1 million. Although we believe our tax estimates are reasonable, the final determination of tax audits and any related litigation could be materially different than that which is reflected in historical income tax provisions and accruals. Should additional taxes be assessed as a result of an audit or litigation, an adverse effect on our results of operations, financial condition and cash flows in the period or periods for which that determination is made could result.
The Tax Cuts and Jobs Act (“Tax Act”) was enacted on December 22, 2017. The Tax Act significantly revamped U.S. taxation of corporations, including a reduction of the federal income tax rate from 35% to 21%, a limitation on interest deductibility, and a new tax regime for foreign earnings. Our decision to redeem the convertible debentures, the new U.S. taxes on accumulated and future foreign earnings, other adverse changes resulting from the Tax Act, or a change in the mix of domestic and foreign earnings, might offset the benefit from the reduced tax rate, and our future effective tax rates and/or cash taxes may increase, even significantly, or not decrease much, compared to recent or historical trends. Many of the provisions of the Tax Act are highly complex and may be subject to further interpretive guidance from the IRS or others. Some of the provisions of the Tax Act may be changed by a future Congress or challenged by the World Trade Organization (“WTO”) or be subject to trade or tax retaliation by other countries. Although we cannot predict the nature or outcome of such future interpretive guidance, or actions by a future Congress, WTO or other countries, they could adversely impact our financial condition, results of operations and cash flows.
Our marketable securities portfolio could experience a decline in market value, which could materially and adversely affect our financial results.
As of December 31, 2018, we had
$1.28 billion
in cash, cash equivalents, marketable securities and restricted cash, of which
$912.3 million
was invested in marketable securities. The marketable securities consist primarily of debt securities issued by the U.S. Treasury meeting the criteria of our investment policy, which is focused on the preservation of our capital through the investment in investment grade securities. We currently do not use derivative financial instruments to adjust our investment portfolio risk or income profile.
These investments, as well as any cash deposited in bank accounts, are subject to general credit, liquidity, market and interest rate risks, which may be exacerbated by financial market credit and liquidity events. If the global credit or liquidity market deteriorates or other events negatively impact the market for U.S. Treasury securities, our investment portfolio may be impacted and we could determine that some of our investments have experienced an other-than-temporary decline in fair value, requiring an impairment charge which could adversely impact our results of operations and cash flows.
We are subject to the risks of owning real property.
We own the land and building in Reston, Virginia, which constitutes our headquarters facility. Ownership of this property, as well as our data centers in Dulles, Virginia and New Castle, Delaware, may subject us to risks, including:
|
|
•
|
adverse changes in the value of the properties, due to interest rate changes, changes in the commercial property markets, easements or other encumbrances, a government exercising its right of eminent domain, or other factors;
|
|
|
•
|
ongoing maintenance expenses and costs of improvements or repairs;
|
|
|
•
|
the possible need for structural improvements in order to comply with environmental, health and safety, zoning, seismic, disability law, or other requirements;
|
|
|
•
|
the possibility of environmental contamination or notices of violation from federal or state environmental agencies; and
|
|
|
•
|
possible disputes with neighboring owners, tenants, service providers or others.
|
We have anti-takeover protections that may discourage, delay or prevent a change in control that could benefit our stockholders.
Our amended and restated Certificate of Incorporation and Bylaws contain provisions that could make it more difficult for an outside party to acquire us without the consent of our Board of Directors (“Board”). These provisions include:
|
|
•
|
our stockholders may take action only at a duly called meeting and not by written consent;
|
|
|
•
|
special meetings of our stockholders may be called only by the chairman of the board of directors, the president, our Board, or the secretary (acting as a representative of the stockholders) whenever a stockholder or group of stockholders owning at least twenty-five percent (25%) in the aggregate of the capital stock issued, outstanding and entitled to vote, and who held that amount in a net long position continuously for at least one year, so request in writing;
|
|
|
•
|
vacancies on our Board can be filled until the next annual meeting of stockholders by a majority of directors then in office; and
|
|
|
•
|
our Board has the ability to designate the terms of and issue new series of preferred stock without stockholder approval.
|
In addition, Section 203 of the General Corporation Law of Delaware prohibits a publicly held Delaware corporation from engaging in a business combination with an interested stockholder, generally a person which together with its affiliates owns, or within the last three years has owned, 15% or more of our voting stock, for a period of three years after the date of the transaction in which the person became an interested stockholder, unless in the same transaction the interested stockholder acquired 85% ownership of our voting stock (excluding certain shares) or the business combination is approved in a prescribed manner. Section 203 therefore may impact the ability of an acquirer to complete an acquisition of us after a successful tender offer and accordingly could discourage, delay or prevent an acquirer from making an unsolicited offer without the approval of our Board.
Our financial condition and results of operations could be adversely affected if we do not effectively manage our indebtedness.
We have a significant amount of outstanding debt, and we periodically reassess our capital structure and may incur additional indebtedness in the future. Our substantial indebtedness, including any future indebtedness, requires us to dedicate a significant portion of our cash flow from operations or to arrange alternative liquidity sources to make principal and interest payments, when due, or to repurchase or settle our debt, if triggered, by certain corporate events, or certain events of default. It could also limit our flexibility in planning for or reacting to changes in our business and our industry, or make required capital expenditures and investments in our business; make it difficult or more expensive to refinance our debt or obtain new debt; trigger an event of default; and increase our vulnerability to adverse changes in general economic and industry conditions. Some of our debt contains covenants which may limit our operating flexibility, including restrictions on share repurchases, dividends, prepayment or repurchase of debt, acquisitions, disposing of assets, if we do not continue to meet certain financial ratios. Any rating assigned to our debt securities could be lowered or withdrawn by a rating agency, which could make it more difficult or more expensive for us to obtain additional debt financing in the future. The occurrence of any of the foregoing factors could have a material adverse effect on our business, cash flows, results of operations and financial condition.