Fwd: [governance] ICANNLeaks - Loosing Trust to Maintain the Secrecy

Tue Apr 17 14:18:54 CEST 2012

Imram pretty much summarizes the extension of the incredible blunder,
especially in its liability aspects.

At a minimum ICANN will need to hire independent specialist auditors to
do a full check on the damage and on who has been affected (although I
do not believe in the tale that just a few have been affected). But
these auditors would be chosen by staff, so the blunder might rise to
new levels. Could the applicants participate in this choice?

This is going to escalate, the question now is how far it will go.

What should NCSG do about it? I frankly do not know what to propose
right now. The IOC/RC process, the refusal by the NTIA to renew the IANA
contract, and now this incredible TAS blunder, all in a few months... it
seems ICANN is trying hard to burn itself out.

I wonder who are the "four candidates" for the post of Beck Rodstrom
(sic on purpose :)), the brave individuals who wish to come to ICANN and
try and clean up this mess?

frt rgds

--c.a.

-------- Original Message --------
Subject: [governance] ICANNLeaks - Loosing Trust to Maintain the Secrecy
Date: Tue, 17 Apr 2012 04:29:17 -0700 (PDT)
From: Imran Ahmed Shah <ias_pk at yahoo.com>
Reply-To: governance at lists.igcaucus.org,Imran Ahmed Shah <ias_pk at yahoo.com>
To: governance at lists.igcaucus.org <governance at lists.igcaucus.org>
CC: Imran @IGFPak.org <imran at igfpak.org>

Dear
All,
Security, Stability and Resiliency of the Internet layers was the prime
responsibility of the ICANN, but the organization
couldn't protect/ secure its latest online application submission system
of new
gTLDs (TAS). Would it be fair to say the best practices were not followed to
design the system which was built to keep the information secure,
confidential
and protected. This
application supported the collection of 850+ applications and over $150m
funds.

ICANN
has been informed about this the glitch on 19th but ICANN did not taken it
seriously, decision making took about 23 days.
ICANN took its TAS Application
offline on 12th April which was the last date when it has to be closed
automatically. ICANN has its plan to reopen this TAS system to the
public that
mean Expansion the 90days window by extension of closing
date.
 "We have learned of a possible glitch in the TLD application system
software that has allowed a limited number of users to view some other
users' file names and user names in certain scenarios."

Technically it was necessary to use the secure method
and variables should not be displayed in the URL. According to the
policy the
information of the applicants will not be disclosed however, the
applicant name
and the applied for string has to publically announced at a later stage.
Many of them may have lost their
secrecy& confidentiality. It is next to impossible to discover that who is
the beneficiary and who is the looser? However, it will raise the conflicts
and bidding values.
In
short ICANN has lost its trust for maintaining the confidentiality,
Integrity and Information Security. ICANN has to re-define its policy or
call public comments that how to deal with this scenario.

Thanks

Imran Ahmed Shah
.