[governance] ICANNLeaks - Loosing Trust to Maintain the Secrecy

Imran Ahmed Shah ias_pk at yahoo.com
Tue Apr 17 07:29:17 EDT 2012 

Dear
All,
Security, Stability and Resiliency of the Internet layers was the prime responsibility of the ICANN, but the organization
couldn't protect/ secure its latest online application submission system of new
gTLDs (TAS). Would it be fair to say the best practices were not followed to
design the system which was built to keep the information secure, confidential
and protected. This
application supported the collection of 850+ applications and over $150m funds.
 
ICANN
has been informed about this the glitch on 19th but ICANN did not taken it
seriously, decision making took about 23 days. 
ICANN took its TAS Application
offline on 12th April which was the last date when it has to be closed
automatically. ICANN has its plan to reopen this TAS system to the public that
mean Expansion the 90days window by extension of closing
date.
 "We have learned of a possible glitch in the TLD application system software that has allowed a limited number of users to view some other users' file names and user names in certain scenarios."
 
Technically it was necessary to use the secure method
and variables should not be displayed in the URL. According to the policy the
information of the applicants will not be disclosed however, the applicant name
and the applied for string has to publically announced at a later stage. Many of them may have lost their
secrecy& confidentiality. It is next to impossible to discover that who is
the beneficiary and who is the looser? However, it will raise the conflicts
and bidding values.
In
short ICANN has lost its trust for maintaining the confidentiality, Integrity and Information Security. ICANN has to re-define its policy or call public comments that how to deal with this scenario. 
 
Thanks
 
Imran Ahmed Shah
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120417/84c72a88/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list