AT-LARGE GATEWAY

At-Large Website

ALAC

RALOs

At-Large Regional Policy Engagement Program (ARPEP)

At-Large Governance

At-Large Reports

Policy Comments & Advice

Working Groups

ICANN Meetings

At-Large Summit (ATLAS III)

At-Large Review Implementation Plan Development

ALAC and RALO Elections, Selections, and Appointments

At-Large Priority Activities - 2021

Versions Compared

Old Version 1

changes.mady.by.user Garth Bruen

Saved on

compared with

New Version Current

changes.mady.by.user Garth Bruen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Brief

Several years of research by the community into ICANN Compliance handling of various complaints has created considerable concern. The main outcome is that the Compliance department does not appear to be independent and does not operate in the interest of the Internet user or consumer. The problems were most recently highlighted in a Wall Street Journal article which focused on a case brought to ICANN's attention by At-Large in 2011. In brief, ICANN Compliance seemed to be unable to recognize the simple fact that the cited domain was in violation for over three years. It was only after persistent work by At-Large that the registrar, BizCn, was issued a 2014 breach notice for just the violations cited by At-Large in 2011. A memo has been drafted, listing the issues, but more importantly recommending fundamental changes to ICANNs structure. The main recommendation is that the Compliance function be made independent of ICANN. A timeline of the difficulties is also provided for reference.

I. APPROVEDONLINEPHARMACY, RAPETUBE, BIZCN and ICANN COMPLIANCE

  • Malicious and fraudulently registered domains were reported to ICANN multiple times over several years
  • The invalid records appeared to be part of BizCn's official privacy protection
  • Compliance seemed unable to recognize the invalid registrations despite the evidence
  • Independent investigations by two newspapers found the records to be invalid
  • Employees who worked on the cases were fired and the cases summarily closed
  • Compliance issued contradictory statements about the various issues
  • The CEO requested a report from At-Large leadership, which was provided, but it was not responded to
  • ICANN eventually breached the registrar, BizCn, for the same conditions which it did not accept earlier

II. ICANN's Internal Structure Questioned

  • At-Large, and the entire community, were informed that ICANN's Compliance director would be reporting to the CEO instead of the Legal Department
  • Budget documents show that most Compliance funds are controlled by the Business division and the rest are controlled by Legal

III. Prior Relationships Between Officers

  • ICANN interim CEO Akram Atallah brought in the current CEO, Fadi Chehade, from their company CoreObjects Software
  • Atallah apparently also brought in Maguy Serad who is is the wife of former CoreObjects Software officer Roger Serard
  • CEO Chehade promoted Maguy Serad and made Atallah head of the new Global Domains Division

IV. Rejection of Complaints following Transcribed Request

  • During the March 2014 Singapore meeting Compliance explicitly requested a list of violating domains which followed a pattern of abuse at BizCn, which At-Large provided
  • Compliance immediately rejected the list of violating domains, contradicting statements on transcript

V. Ombudsman Problems

  • Problems in Compliance handling of above issues were reported to the Ombudsman
  • The Ombudsman did not conduct an investigation but rather based his decision on Compliance statements about BizCn which were later contradicted in the Compliance breach notice against BizCn

VI. Recommendations

  • Make Compliance an independent part of the ICANN structure
  • Further distance the Ombudsman from the ICANN structure
  • Keep IANA as a distinct entity
  • At-Large should actively evaluate specific ICANN functions and offices
  • At-Large should maintain its own complaint system to monitor ICANN handling of complaints

 

"Quis custodiet ipsos custodes?" -Juvenal

Please see the response from the ICANN Compliance Department.

"Quis custodiet ipsos custodes?" -Juvenal

I. NARALO Q&A - This is an opportunity for At-Large and members of the community to pose questions directly to ICANN Staff concerning Compliance issues.

...

II. Review of Compliance Newsletter

Comments or questions here refer to the last (October 2012) Compliance Newsletter

...

III. Review of Compliance Meeting in Toronto

...

IV. Review of Compliance Recent Activities

...

  • In general breaches marked as "cured" do not have any dates or specifics provided. Therefore the community has no transparent information as to the timelessness or conditions of the cure. Our specific question is: Can Compliance at a minimum post the date which the Registrar responded and a brief of the actions taken?

 

V. Previous Questions

There are a number of outstanding unanswered compliance questions which can be found here

VI. Miscellaneous

The above questions are asked in the context of the ICANN Compliance stated goals to:

  • Demonstrate the openness and transparency of ICANN's operations
  • Provide fair and equitable treatment to all business partners
  • Establish clear and easy-to-use channels for communication on compliance matters
  • Supplement staff knowledge and enable greater responsiveness to changes in the environment
  • Provide clear and regular communications to the community regarding contractual compliance activities, accomplishments and ongoing work
  • Identify areas for reform to be considered by the ICANN community

This recent Article in SecurityWeek notes a number of concerns without any response or quotes from ICANN staff