Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Staff & Legal Assessements on "Internet Numbers review by AFRINIC"'s Proposal

Arsène Tungali arsenebaguma at
Thu May 11 12:26:11 UTC 2017

Thanks Arnaud,

May I ask te PDP chairs to let us know what is expected from us?


**Arsène Tungali* <>*
Co-Founder & Executive Director, *Rudi international
CEO,* Smart Services Sarl <>*, *Mabingwa Forum
Tel: +243 993810967
GPG: 523644A0
*Goma, Democratic Republic of Congo*

2015 Mandela Washington Felllow
(YALI) - ISOC Ambassador (IGF Brazil
& Mexico
- AFRISIG 2016 <> - Blogger
<> - ICANN Fellow (Los Angeles
<> & Marrakech
). AFRINIC Fellow (Mauritius
- *IGFSA Member <> - Internet Governance - Internet

Check the *2016 State of Internet Freedom in DRC* report (English
<>) and (French

2017-05-09 17:11 GMT+02:00 Arnaud AMELINA <amelnaud at>:

> Hi Community,
> Dear PDPWG, please find bellow The New Staff assessment concerning our
> Proposal on "Internet Number Resources Review by AFRINIC" and for your
> information the Old assessment follow the new one. Thanks
> Regards
> Arnaud
> *New Assessment : *
> ===============================================
> Staff Assessment for : Internet Number Resources Review by AFRINIC
> *Proposal*
> AFPUB-2016-GEN-001-DRAFT-04
> *Title*
>  Internet Number Resources Review by AFRINIC
> *URL*
> internet-numberresources-review-by-afrinic
> *Assessed*
> 26/April/2017
> 1.0 Staff Understanding of the Proposal
>    - AFRINIC to conduct resource utilization reviews (audits) of IPv4,
>    IPv6 and ASN resources randomly, periodically and/or triggered by a
>    whistleblower to ensure compliance with policy provisions and all terms
>    of the AFRINIC RSA.
>    - Non-Compliant resources to be recovered (and can be reallocated).
>    - An arbitration team (whose decision is final) to be instituted (by
>    AFRINIC) to handle any complaints by members unsatisfied with the
>    review/audit report.
>    - A report of all review/audit activity conducted every year will be
>    published on the website, contents of which must comply with the
>    Mauritius Data Protection Act as well as any NDA in place with any AFRINIC
>    member.
> 2.0 Staff Comments
>    - On Sec 13.6 - Our previous concerns that AFRINIC may be legally
>    exposed regarding what member data can be published in the annual
>    "Compliance Report" seem to have been addressed by the inclusion of "in
>    accordance with Mauritius Data Protection Act and NDA with members." The
>    act however, only concerns personal information. The kind of
>    information to include in the compliance report should preferably be
>    to the discretion of AFRINIC.
>    - Authors to clarify on if the arbitration process can be initiated by
>    the member anytime during or (only) after the review is completed.
>    There also needs to be a time limit around when the arbitration process must
>    complete (for the arbitration team to produce their findings/report).
>    - On Staff Workload: All review requests shall be handled First in,
>    First Out (at staff discretion) - in which case, no significant impact
>    to staff workload is expected.
>    - On the clause: “The review shall be conducted in full transparency
>    and neutrality”. Authors need to expound more on what this means - as
>    AFRINIC cannot disclose details of an ongoing audit/review to the
>    public while doing the review - if this is what authors meant by
>    "transparency".
>    - On the Clause: “AFRINIC shall publish the resources to be recovered
>    for a period of three (3) months; during which the organization may at
>    any time, seek compliance” - AFRINIC will add “remarks” attributes to
>    the concerned whois database objects, with information regarding the
>    ongoing review. We think that this is sufficient to address the
>    "publish" requirement in this clause.
> 3.0 Comments from Legal Counsel
> *Legal Counsel’s Assessment*
> 1. In the implementation phase staff will have to deal with evidence
> emanating from several jurisdictions. Moreover, staff will face the
> arduous task of assessing evidence/information/data from different sources
> and of different evidential value. Staff will be burdened with testing the
> reliability of this evidence/information/data to assess and weigh theses
> evidences and to decide whether same may be used to establish abuse or
> wrongful use of Internet Number Resources.
> The possibility of collecting evidence/information/data coming from
> different sources via affidavits or depositions before Commissioner of
> Oath may have to be envisaged to partly ease pressure on staff.
> AFRINIC will have to protect itself and act only on reliable, cogent and
> admissible evidence before finally revoking allocation of resources which
> the investigated member claims has been prejudicial to it and consequently
> claims for compensation. This possibility should always be envisaged. The
> increasing value of IPv4 resources point in that way.
> 2. What modus operandi should be put into place to “hear” the investigated
> party to ensure fairness? The policy proposal does not provide anything
> in this regard and should address it.
> 3. It will not always be possible to confront the investigated party with
> data/documents/evidence coming from third parties who may have disclosed
> same in confidence and have expressly refused to be named or referred to.
> 4. The arbitration referred to in the proposal has to be effected within
> the jurisdiction of one country – and the main question is – which would
> this country be?
> 5. Section 13.5 of the proposal states: “the outcome of the arbitration
> process is unequivocal”. This is in contradiction of, Articles 1027 to
> 1027-9 of the Code de Procedure Civile of Mauritius which provides that a
> party to an arbitration may seek the “annulation “of an award by seizing
> the Supreme Court.
> 6. The "Mauritius Data Protection Act" only applies to personal
> information/data.
> *The Old One : *
> ************************************************************
> ********************************
> internet-number-resources-review-by-afrinic
> *Staff & Legal Assessment and Comments*
> *Staff Comments:*
>    - *The proposal appears to be enabling AFRINIC to “enforce” article
>    4(b) the Registration Services Agreement, a matter of procedure and
>    process.*
>    - *We already have the ability to enforce the RSA, and the RSA already
>    includes a requirement for policy compliance.*
>    - *We already have the ability, in terms of the RSA, to recover
>    resources that are not being used for the purpose for which they were
>    allocated/assigned.*
>    - *AFRINIC already reviews or audits members when they request
>    additional resources. We also have the ability to review at other times,
>    but we do not regularly exercise such ability.*
>    - *We see no problem in principle with allowing complaints to trigger
>    a review, but we are concerned about the details.*
>    - *It's not clear who decides whether a complaint "warrants
>    investigation". We interpret this part of the proposal as giving AFRINIC
>    staff the discretion to decide which complaints to investigate or not to
>    investigate.*
>    - *Each investigation will have large impact on staff workload, and is
>    also likely to have a large impact on the organisation being investigated.
>    We are especially concerned about the impact of unjustified complaints.*
>    - *AFRINIC staff workload may be greatly increased by a large number
>    of requests for review or audit. The requirement that the complaint
>    "warrants investigation" may mitigate this issue, if staff have the ability
>    to decide that certain complaints do not warrant investigation, but staff
>    resources will nevertheless be expended on determining whether or not the
>    complaint warrants investigation.*
>    - *There is no policy requirement for visibility in the global routing
>    table. AFRINIC will have no contractual basis for treating "lack of
>    visibility of the resource on the global routing table" as a problem under
>    this policy. We suggest that this proposal should focus on policy
>    violations, and leave the issue of global routing visibility to some other
>    proposal that might be introduced in future.*
>    - *There is a reference to "unauthorised transfers". At present, all
>    transfers (other than under mergers and acquisitions) are unauthorised.
>    Even under possible future transfer policy, any "unauthorised transfer"
>    would be in violation of such policy. Accordingly, we suggest that there is
>    no need to treat unauthorised transfers differently from any other policy
>    violation.*
>    - *The requirement that "the records of the previous holder of the
>    recovered resource shall be removed from AFRINIC databases"is in conflict
>    with current practice that when a resource is returned or transferred, it
>    remains possible to find out information about the previous holder of the
>    resource.*
>    - *The requirement that the review be conducted with "full
>    transparency" may be in conflict with privacy provisions in NDAs, in the
>    RSA, or in law.*
>    -
> *The requirement to publish a "compliance report" may be in conflict with
>    privacy provisions in NDAs, in the RSA, or in law. *
>    - *There is a requirement for AFRINIC to create and document an appeal
>    process, and appoint a pool of arbitrators. Creating the process, including
>    a public comment period and subsequent revisions, would probably take 3 to
>    6 months. Calling for volunteers and appointing them would probably take
>    another 2 months.*
> *Legal:*
>    - *TheRSAisacommunityapproveddocument and all members are bound by
>    each and every clause thereof once they sign the agreement. It
>    isacontractwherebothpartiessubscribetoclearobligations.*
>    - *In application of the law of contract of Mauritius as found in
>    Article 1134 of the Mauritius Civil Code Section 4, the RSA is already
>    binding,asaresult,onallmemberswhosigntheagreement.*
>    - *It is perfectly lawful , in terms of the application of the
>    Mauritius Civil Code , for AFRINIC to act under the said section and
>    reclaim resourcesfromthosememberswho/whichfailanaudit/reviewexercise.*
>    - *The policy can do no more than allow AFRINIC to do what it is
>    already doing in a clear and transparent manner on the basis of a community
>    approveddocument*
> _______________________________________________
> RPD mailing list
> RPD at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list