Update 2012-04-30: The CEO of ICANN, Rod Beckstrom stated in an interview today that ICANN “will not publish information about who could see what”.
ICANN posted an update today but it wasn’t about when TAS would reopen. Here it is…
Statement by Akram Atallah, COO
27 April 2012
ICANN will notify all applicants within the next seven business days whether our analysis shows they were affected by the technical glitch in the TLD application system.
In order to make these notifications, we are identifying each applicant file name and user name that might have been viewed, and who might have viewed them. To do that, we are reviewing internal system logs and full packet-level capture of all traffic to and from the application system from 12 January through 12 April.
Our analysis continues to show that a limited number of applicants were affected.
Shortly after the notification process has been completed, we will announce the schedule for reopening the application system and completing the application period. We are mindful of the need to allow sufficient time during the reopening period for applicants to confirm the completeness of their submissions.
We are also continuing to test the fix and enhance system performance in preparation for reopening.
We fully understand the frustration and inconvenience caused by the continuing suspension of the application system and will provide further updates as new information becomes available.
Some things that ICANN put out were a little concerning to me. At one point in an interview of ICANN’s Chief Security Officer, Jeff Moss, he stated something like,
“Correct, we’re putting everybody on notice, that we know what file names and user names were displayed to what people were logged in and when. And we want to do this very publicly because we want to prevent any monkey business. We are able to reconstruct which files names and user names were displayed.”
There are two things that irked me.
1.) His reference to “monkey business”. He admitted that no one was trying to hack the system. Why then would ICANN’s accidental display be called potential “monkey business”? It just bothered me. In fact, it was applicants who saw these things that alerted ICANN of the problem. To even suggest monkey business seems wrong.
2.) I hope they’re not going to make the names or user names of people who were exposed to others’ files public? Is that OK? I am not personally using TAS but I’d be a little unhappy if my name was made public because of someone elses mistake. Honestly, I don’t know if this is proper, legal, or not. But it seems to me that since it was ICANN at fault, they shouldn’t be making anyone’s name public in any form about this unless some real “monkey business” occurs.
Am I wrong?
Regarding the delay, most of the applicants I’ve spoken to had some relief. I even had one or two who suspected that it was intentional (although I doubt that is the case). But a few have expressed concern about the fairness of this long delay. There are applicants who worked very hard to get their applications done on time, paid up, and proper. Why now is ICANN taking so long to finish the process. This is giving potential competitors who were much less prepared a chance to catch up. I think this is a valid concern and ICANN should consider it. They need to get TAS up and running and move this process along. People who are on time shouldn’t be penalized for others who are late.