What ICANN Should Do To Rebuild Trust After Security Breach
During what was supposed to be the exciting early stages of an Internet domain name “revolution,” ICANN is finding itself in a heap of controversy over its new generic top-level domain program. In January, the Internet Corporation for Assigned Names and Numbers began rolling out its historic decision to open up the domain name market.
The application process was supposed to end on April 12, but was shut down and postponed indefinitely after ICANN detected a technical issue in its TAS software. Furthermore, the glitch allowed some applicants to see the user or file names of other applicants.
Does ICANN’s security glitch put the entire new gTLD program into question? What do you think?
There have been many groups that have opposed ICANN’s decision from the start. The Association of National Advertisers (ANA) has been one of the biggest forces in speaking out against the move and, believes these recent developments are proof of the concerns they have raised all along.
“It is of concern that the system that they said had to be moving forward rapidly has been closed down more than 18 days,” Dan Jaffe, the Group Executive Vice President of Government Relations at ANA, told WebProNews.
ICANN has not been very forthcoming with the details about its glitch, which has raised even more concerns over the incident. Jaffe believes the issue is more than just a “glitch” since the system has been shut down for such a long time.
ANA has reached out to ICANN requesting that it bring in a third party consultant to investigate the issue. It would like ICANN to release a full report explaining how the incident happened, who was impacted, and what ICANN is doing to make sure everyone involved is being treated fairly.
“It’s a little hard, however, even if they extend the application period, if some groups have better information than all the others,” said Jaffe. “I don’t know they’re going to put everybody on the same footing.”
Jaffe went on to say that ANA encouraged ICANN to ensure that its system was running effectively before the application process began. He pointed out that a program that was intended to transform the way people use the Internet needed to be handled with more “care and caution” than it was given.
At this point, ICANN has not issued any type of response to ANA. The association, however, also reached out to the Commerce Department’s Larry Strickling asking that it get involved in addressing the concerns. Jaffe told us that he hopes the department presses ICANN for answers and doesn’t allow it to move forward with its plan until applicants are assured of protection.
When asked if he thought the new gTLD program should be suspended as a result of these developments, Jaffe told us that he wasn’t sure if such a drastic measure was necessary. He would like to see ICANN take action on the “Do Not Sell” approach, which ANA has proposed, that would protect brands from applying for new top-level domains for defensive purposes, but, again, it has not received a response on it.
“We think it’s inappropriate, and we are hopeful that ICANN would do something about it,” said Jaffe. “So far, they have not taken any steps to protect brand holders in that area either.”
ICANN is currently notifying the applicants that were compromised and is expected to re-open the application process once everyone is informed, which is supposed to be by May 8. Here’s the latest statement from ICANN’s COO Akram Atallah on the issue that includes statistics of the breach:
ICANN is in the process of notifying applicants whether they were affected by the software glitch that caused us to take the TLD Application System, or TAS, offline. As we announced earlier this week, we plan to complete this notification process on or before 8 May.
As we notify applicants, we want to share some data that gives insight into the scope of the problem and the number of applicants affected.
At the time we took the system offline, there were 1268 registered users and some 95,000 file attachments in the system. Of these, there were approximately 455 instances where a file name and the associated user name might have been viewed by another applicant. We are continuing to review system logs and packet-level traffic to confirm how many viewings actually did occur.
Our review has determined that approximately:
• 105 applicants might have had file names and user names viewed by another applicant.
• 50 applicants might have viewed file names and user names from one or more other applicants.
Work continues on enhancing system performance and testing the fix for the glitch.
We recognize and regret the inconvenience to applicants as they try to plan their schedules and resources in anticipation of TAS reopening. As we have previously announced, we will keep the system open for at least five business days to allow applicants to assure themselves that their applications remain as they intended.