Dear
Klaus,
I'm not close enough to the specifics of this
situation to suggest where it went wrong, but I do
appreciate your approach of criticism from someone
who ultimately wants ICANN to work rather than to
fail.
Clearly, something (things?) has gone horribly
wrong, but there is a lot more schadenfreude from
various quarters than is consistent with detailed
knowledge or concern for the new gTLD programme
more broadly. It really is a terrible year - IGF
etc - for ICANN to have massively dropped the
ball.
Maria
On 18 April 2012
16:01, klaus.stoll
<[log in to unmask]>
wrote:
Dear Friends
Unfortunately all of the below is true.
Many questions but little answers. It
seems to me the time has come to start a
comprehensive re-thinking and re-planning
process. If things go on as they are the
damage will increase and increase. ICANN
is not perfect, ICANN has a lot of
problems, ICANN at times is a madhouse of
interests and egos, BUT ICANN is the best
system for Internet Governance we have, we
should be proud for the way it worked so
well so far, everything else is even
worse. Now it seems that ICANN is under
real pressure we need to work twice as
hard to protect ICANN and at he same time
think twice as hard about possible
solutions. Now is the time for
self-confidence and innovation, everything
else is counter productive. Thinking back
over the years we need to look where
things started to get seriously wrong and
correct the basic mistakes made. Any
suggestions where it all went wrong?
Does anybody know where the reset button
is on that one?
Yours
Klaus
-----Original Message----- From: Carlos A.
Afonso
Sent: Tuesday, April 17, 2012 2:18 PM
To: [log in to unmask]
Subject: Fwd: [governance] ICANNLeaks -
Loosing Trust to Maintain the Secrecy
Imram pretty much summarizes the extension
of the incredible blunder,
especially in its liability aspects.
At a minimum ICANN will need to hire
independent specialist auditors to
do a full check on the damage and on who
has been affected (although I
do not believe in the tale that just a few
have been affected). But
these auditors would be chosen by staff,
so the blunder might rise to
new levels. Could the applicants
participate in this choice?
This is going to escalate, the question
now is how far it will go.
What should NCSG do about it? I frankly do
not know what to propose
right now. The IOC/RC process, the refusal
by the NTIA to renew the IANA
contract, and now this incredible TAS
blunder, all in a few months... it
seems ICANN is trying hard to burn itself
out.
I wonder who are the "four candidates" for
the post of Beck Rodstrom
(sic on purpose :)), the brave individuals
who wish to come to ICANN and
try and clean up this mess?
frt rgds
--c.a.
-------- Original Message --------
Subject: [governance] ICANNLeaks - Loosing
Trust to Maintain the Secrecy
Date: Tue, 17 Apr 2012 04:29:17 -0700
(PDT)
From: Imran Ahmed Shah <[log in to unmask]>
Reply-To: [log in to unmask],Imran
Ahmed Shah <[log in to unmask]>
To: [log in to unmask]
<[log in to unmask]>
CC: Imran @IGFPak.org <[log in to unmask]>
Dear
All,
Security, Stability and Resiliency of the
Internet layers was the prime
responsibility of the ICANN, but the
organization
couldn't protect/ secure its latest online
application submission system
of new
gTLDs (TAS). Would it be fair to say the
best practices were not followed to
design the system which was built to keep
the information secure,
confidential
and protected. This
application supported the collection of
850+ applications and over $150m
funds.
ICANN
has been informed about this the glitch on
19th but ICANN did not taken it
seriously, decision making took about 23
days.
ICANN took its TAS Application
offline on 12th April which was the last
date when it has to be closed
automatically. ICANN has its plan to
reopen this TAS system to the
public that
mean Expansion the 90days window by
extension of closing
date.
"We have learned of a possible glitch in
the TLD application system
software that has allowed a limited number
of users to view some other
users' file names and user names in
certain scenarios."
Technically it was necessary to use the
secure method
and variables should not be displayed in
the URL. According to the
policy the
information of the applicants will not be
disclosed however, the
applicant name
and the applied for string has to
publically announced at a later stage.
Many of them may have lost their
secrecy& confidentiality. It is next
to impossible to discover that who is
the beneficiary and who is the looser?
However, it will raise the conflicts
and bidding values.
In
short ICANN has lost its trust for
maintaining the confidentiality,
Integrity and Information Security. ICANN
has to re-define its policy or
call public comments that how to deal with
this scenario.
Thanks
Imran Ahmed Shah
.