Search RPD Archives
[rpd] Staff & Legal Assessements on "Internet Numbers review by AFRINIC"'s Proposal
arsenebaguma at gmail.com
Thu May 11 12:26:11 UTC 2017
May I ask te PDP chairs to let us know what is expected from us?
**Arsène Tungali* <http://about.me/ArseneTungali>*
Co-Founder & Executive Director, *Rudi international
CEO,* Smart Services Sarl <http://www.smart-serv.info>*, *Mabingwa Forum
Tel: +243 993810967
*Goma, Democratic Republic of Congo*
2015 Mandela Washington Felllow
(YALI) - ISOC Ambassador (IGF Brazil
- AFRISIG 2016 <http://afrisig.org/afrisig-2016/class-of-2016/> - Blogger
<http://tungali.blogspot.com> - ICANN Fellow (Los Angeles
<https://www.icann.org/news/announcement-2014-07-18-en> & Marrakech
). AFRINIC Fellow (Mauritius
- *IGFSA Member <http://www.igfsa.org/> - Internet Governance - Internet
Check the *2016 State of Internet Freedom in DRC* report (English
<http://cipesa.org/?wpfb_dl=234>) and (French
2017-05-09 17:11 GMT+02:00 Arnaud AMELINA <amelnaud at gmail.com>:
> Hi Community,
> Dear PDPWG, please find bellow The New Staff assessment concerning our
> Proposal on "Internet Number Resources Review by AFRINIC" and for your
> information the Old assessment follow the new one. Thanks
> *New Assessment : *
> Staff Assessment for : Internet Number Resources Review by AFRINIC
> Internet Number Resources Review by AFRINIC
> 1.0 Staff Understanding of the Proposal
> - AFRINIC to conduct resource utilization reviews (audits) of IPv4,
> IPv6 and ASN resources randomly, periodically and/or triggered by a
> whistleblower to ensure compliance with policy provisions and all terms
> of the AFRINIC RSA.
> - Non-Compliant resources to be recovered (and can be reallocated).
> - An arbitration team (whose decision is final) to be instituted (by
> AFRINIC) to handle any complaints by members unsatisfied with the
> review/audit report.
> - A report of all review/audit activity conducted every year will be
> published on the website, contents of which must comply with the
> Mauritius Data Protection Act as well as any NDA in place with any AFRINIC
> 2.0 Staff Comments
> - On Sec 13.6 - Our previous concerns that AFRINIC may be legally
> exposed regarding what member data can be published in the annual
> "Compliance Report" seem to have been addressed by the inclusion of "in
> accordance with Mauritius Data Protection Act and NDA with members." The
> act however, only concerns personal information. The kind of
> information to include in the compliance report should preferably be
> to the discretion of AFRINIC.
> - Authors to clarify on if the arbitration process can be initiated by
> the member anytime during or (only) after the review is completed.
> There also needs to be a time limit around when the arbitration process must
> complete (for the arbitration team to produce their findings/report).
> - On Staff Workload: All review requests shall be handled First in,
> First Out (at staff discretion) - in which case, no significant impact
> to staff workload is expected.
> - On the clause: “The review shall be conducted in full transparency
> and neutrality”. Authors need to expound more on what this means - as
> AFRINIC cannot disclose details of an ongoing audit/review to the
> public while doing the review - if this is what authors meant by
> - On the Clause: “AFRINIC shall publish the resources to be recovered
> for a period of three (3) months; during which the organization may at
> any time, seek compliance” - AFRINIC will add “remarks” attributes to
> the concerned whois database objects, with information regarding the
> ongoing review. We think that this is sufficient to address the
> "publish" requirement in this clause.
> 3.0 Comments from Legal Counsel
> *Legal Counsel’s Assessment*
> 1. In the implementation phase staff will have to deal with evidence
> emanating from several jurisdictions. Moreover, staff will face the
> arduous task of assessing evidence/information/data from different sources
> and of different evidential value. Staff will be burdened with testing the
> reliability of this evidence/information/data to assess and weigh theses
> evidences and to decide whether same may be used to establish abuse or
> wrongful use of Internet Number Resources.
> The possibility of collecting evidence/information/data coming from
> different sources via affidavits or depositions before Commissioner of
> Oath may have to be envisaged to partly ease pressure on staff.
> AFRINIC will have to protect itself and act only on reliable, cogent and
> admissible evidence before finally revoking allocation of resources which
> the investigated member claims has been prejudicial to it and consequently
> claims for compensation. This possibility should always be envisaged. The
> increasing value of IPv4 resources point in that way.
> 2. What modus operandi should be put into place to “hear” the investigated
> party to ensure fairness? The policy proposal does not provide anything
> in this regard and should address it.
> 3. It will not always be possible to confront the investigated party with
> data/documents/evidence coming from third parties who may have disclosed
> same in confidence and have expressly refused to be named or referred to.
> 4. The arbitration referred to in the proposal has to be effected within
> the jurisdiction of one country – and the main question is – which would
> this country be?
> 5. Section 13.5 of the proposal states: “the outcome of the arbitration
> process is unequivocal”. This is in contradiction of, Articles 1027 to
> 1027-9 of the Code de Procedure Civile of Mauritius which provides that a
> party to an arbitration may seek the “annulation “of an award by seizing
> the Supreme Court.
> 6. The "Mauritius Data Protection Act" only applies to personal
> *The Old One : *
> *Staff & Legal Assessment and Comments*
> *Staff Comments:*
> - *The proposal appears to be enabling AFRINIC to “enforce” article
> 4(b) the Registration Services Agreement, a matter of procedure and
> - *We already have the ability to enforce the RSA, and the RSA already
> includes a requirement for policy compliance.*
> - *We already have the ability, in terms of the RSA, to recover
> resources that are not being used for the purpose for which they were
> - *AFRINIC already reviews or audits members when they request
> additional resources. We also have the ability to review at other times,
> but we do not regularly exercise such ability.*
> - *We see no problem in principle with allowing complaints to trigger
> a review, but we are concerned about the details.*
> - *It's not clear who decides whether a complaint "warrants
> investigation". We interpret this part of the proposal as giving AFRINIC
> staff the discretion to decide which complaints to investigate or not to
> - *Each investigation will have large impact on staff workload, and is
> also likely to have a large impact on the organisation being investigated.
> We are especially concerned about the impact of unjustified complaints.*
> - *AFRINIC staff workload may be greatly increased by a large number
> of requests for review or audit. The requirement that the complaint
> "warrants investigation" may mitigate this issue, if staff have the ability
> to decide that certain complaints do not warrant investigation, but staff
> resources will nevertheless be expended on determining whether or not the
> complaint warrants investigation.*
> - *There is no policy requirement for visibility in the global routing
> table. AFRINIC will have no contractual basis for treating "lack of
> visibility of the resource on the global routing table" as a problem under
> this policy. We suggest that this proposal should focus on policy
> violations, and leave the issue of global routing visibility to some other
> proposal that might be introduced in future.*
> - *There is a reference to "unauthorised transfers". At present, all
> transfers (other than under mergers and acquisitions) are unauthorised.
> Even under possible future transfer policy, any "unauthorised transfer"
> would be in violation of such policy. Accordingly, we suggest that there is
> no need to treat unauthorised transfers differently from any other policy
> - *The requirement that "the records of the previous holder of the
> recovered resource shall be removed from AFRINIC databases"is in conflict
> with current practice that when a resource is returned or transferred, it
> remains possible to find out information about the previous holder of the
> - *The requirement that the review be conducted with "full
> transparency" may be in conflict with privacy provisions in NDAs, in the
> RSA, or in law.*
> *The requirement to publish a "compliance report" may be in conflict with
> privacy provisions in NDAs, in the RSA, or in law. *
> - *There is a requirement for AFRINIC to create and document an appeal
> process, and appoint a pool of arbitrators. Creating the process, including
> a public comment period and subsequent revisions, would probably take 3 to
> 6 months. Calling for volunteers and appointing them would probably take
> another 2 months.*
> - *TheRSAisacommunityapproveddocument and all members are bound by
> each and every clause thereof once they sign the agreement. It
> - *In application of the law of contract of Mauritius as found in
> Article 1134 of the Mauritius Civil Code Section 4, the RSA is already
> - *It is perfectly lawful , in terms of the application of the
> Mauritius Civil Code , for AFRINIC to act under the said section and
> reclaim resourcesfromthosememberswho/whichfailanaudit/reviewexercise.*
> - *The policy can do no more than allow AFRINIC to do what it is
> already doing in a clear and transparent manner on the basis of a community
> RPD mailing list
> RPD at afrinic.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the RPD