[governance] ICANNLeaks - Loosing Trust to Maintain the Secrecy
Nicolas Adam
nickolas.adam at GMAIL.COM
Thu Apr 19 03:39:02 CEST 2012
Just read the interruption updates and it still doesn't say much about
how this was discovered other than "some applicants were able to see
file names and user names that belonged to other applicants" and that
"We also want to inform all applicants, before we reopen, whether they
have been affected by the glitch."
The thing about the March 19th date is this [and is hardly incriminating]:
"As part of that process[of inquiring, deeply, after the fact,
inquisitively, with great minutia and one could even suggest paranoia],
we are sifting through the thousands of customer service inquiries
received since the opening of the application submission period [doing
some plain old police work]. This preliminary review has identified a
user report on 19 March that appears to be the first report related to
this technical issue."
So we know it is, officially, a 'glitch'. We also know that ICANN has
been open about some crucial part of its findings (that knowledge of the
glitch could have been had by potential glitch victims, as well as by
potential beneficiaries, and by ICANN itself, for that matter). There
doesn't appear to be secrecy or scheming, and that is good.
I'm impressed (neither in a good or in a bad way) by how little has
leaked so far though, and also somewhat by the absence of any comment by
Jeff Moss.
However it was discovered the important thing is that it has, from then,
been handled properly.
If so there is no blunder. Just yet some other grounds on which ICANN
will need to defend itself against in the legal aftermaths that are sure
to follow expansion.
Nicolas
On 4/18/2012 4:05 PM, David Cake wrote:
> I agree with Maria that this is a most unfortunate thing to have
> happen, and the level of schadenfreude is unreasonably high.
>
> As a member of SSR Review Team, I am interested to know details of how
> ICANN dropped the ball so badly on security of its own application
> process.
>
> Regards
>
> David
>
> On 19/04/2012, at 1:27 AM, Maria Farrell wrote:
>
>> Not that there is ever a good time for such a failure!
>>
>> m
>>
>> On 18 April 2012 18:26, Maria Farrell <maria.farrell at gmail.com
>> <mailto:maria.farrell at gmail.com>> wrote:
>>
>> Dear Klaus,
>>
>> I'm not close enough to the specifics of this situation to
>> suggest where it went wrong, but I do appreciate your approach of
>> criticism from someone who ultimately wants ICANN to work rather
>> than to fail.
>>
>> Clearly, something (things?) has gone horribly wrong, but there
>> is a lot more schadenfreude from various quarters than is
>> consistent with detailed knowledge or concern for the new gTLD
>> programme more broadly. It really is a terrible year - IGF etc -
>> for ICANN to have massively dropped the ball.
>>
>> Maria
>>
>>
>> On 18 April 2012 16:01, klaus.stoll <klaus.stoll at chasquinet.org
>> <mailto:klaus.stoll at chasquinet.org>> wrote:
>>
>> Dear Friends
>>
>> Unfortunately all of the below is true. Many questions but
>> little answers. It seems to me the time has come to start a
>> comprehensive re-thinking and re-planning process. If things
>> go on as they are the damage will increase and increase.
>> ICANN is not perfect, ICANN has a lot of problems, ICANN at
>> times is a madhouse of interests and egos, BUT ICANN is the
>> best system for Internet Governance we have, we should be
>> proud for the way it worked so well so far, everything else
>> is even worse. Now it seems that ICANN is under real pressure
>> we need to work twice as hard to protect ICANN and at he same
>> time think twice as hard about possible solutions. Now is the
>> time for self-confidence and innovation, everything else is
>> counter productive. Thinking back over the years we need to
>> look where things started to get seriously wrong and correct
>> the basic mistakes made. Any suggestions where it all went wrong?
>>
>> Does anybody know where the reset button is on that one?
>>
>> Yours
>>
>> Klaus
>>
>> -----Original Message----- From: Carlos A. Afonso
>> Sent: Tuesday, April 17, 2012 2:18 PM
>> To: NCSG-DISCUSS at LISTSERV.SYR.EDU
>> <mailto:NCSG-DISCUSS at LISTSERV.SYR.EDU>
>> Subject: Fwd: [governance] ICANNLeaks - Loosing Trust to
>> Maintain the Secrecy
>>
>> Imram pretty much summarizes the extension of the incredible
>> blunder,
>> especially in its liability aspects.
>>
>> At a minimum ICANN will need to hire independent specialist
>> auditors to
>> do a full check on the damage and on who has been affected
>> (although I
>> do not believe in the tale that just a few have been
>> affected). But
>> these auditors would be chosen by staff, so the blunder might
>> rise to
>> new levels. Could the applicants participate in this choice?
>>
>> This is going to escalate, the question now is how far it
>> will go.
>>
>> What should NCSG do about it? I frankly do not know what to
>> propose
>> right now. The IOC/RC process, the refusal by the NTIA to
>> renew the IANA
>> contract, and now this incredible TAS blunder, all in a few
>> months... it
>> seems ICANN is trying hard to burn itself out.
>>
>> I wonder who are the "four candidates" for the post of Beck
>> Rodstrom
>> (sic on purpose :)), the brave individuals who wish to come
>> to ICANN and
>> try and clean up this mess?
>>
>> frt rgds
>>
>> --c.a.
>>
>> -------- Original Message --------
>> Subject: [governance] ICANNLeaks - Loosing Trust to Maintain
>> the Secrecy
>> Date: Tue, 17 Apr 2012 04:29:17 -0700 (PDT)
>> From: Imran Ahmed Shah <ias_pk at yahoo.com
>> <mailto:ias_pk at yahoo.com>>
>> Reply-To: governance at lists.igcaucus.org
>> <mailto:governance at lists.igcaucus.org>,Imran Ahmed Shah
>> <ias_pk at yahoo.com <mailto:ias_pk at yahoo.com>>
>> To: governance at lists.igcaucus.org
>> <mailto:governance at lists.igcaucus.org>
>> <governance at lists.igcaucus.org
>> <mailto:governance at lists.igcaucus.org>>
>> CC: Imran @IGFPak.org <imran at igfpak.org
>> <mailto:imran at igfpak.org>>
>>
>> Dear
>> All,
>> Security, Stability and Resiliency of the Internet layers was
>> the prime
>> responsibility of the ICANN, but the organization
>> couldn't protect/ secure its latest online application
>> submission system
>> of new
>> gTLDs (TAS). Would it be fair to say the best practices were
>> not followed to
>> design the system which was built to keep the information secure,
>> confidential
>> and protected. This
>> application supported the collection of 850+ applications and
>> over $150m
>> funds.
>>
>> ICANN
>> has been informed about this the glitch on 19th but ICANN did
>> not taken it
>> seriously, decision making took about 23 days.
>> ICANN took its TAS Application
>> offline on 12th April which was the last date when it has to
>> be closed
>> automatically. ICANN has its plan to reopen this TAS system
>> to the
>> public that
>> mean Expansion the 90days window by extension of closing
>> date.
>> "We have learned of a possible glitch in the TLD application
>> system
>> software that has allowed a limited number of users to view
>> some other
>> users' file names and user names in certain scenarios."
>>
>> Technically it was necessary to use the secure method
>> and variables should not be displayed in the URL. According
>> to the
>> policy the
>> information of the applicants will not be disclosed however, the
>> applicant name
>> and the applied for string has to publically announced at a
>> later stage.
>> Many of them may have lost their
>> secrecy& confidentiality. It is next to impossible to
>> discover that who is
>> the beneficiary and who is the looser? However, it will raise
>> the conflicts
>> and bidding values.
>> In
>> short ICANN has lost its trust for maintaining the
>> confidentiality,
>> Integrity and Information Security. ICANN has to re-define
>> its policy or
>> call public comments that how to deal with this scenario.
>>
>> Thanks
>>
>> Imran Ahmed Shah
>> .
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20120418/bb443c78/attachment-0001.html>
More information about the Ncuc-discuss
mailing list