Search RPD Archives
[rpd] Staff & Legal Assessements on "Internet Numbers review by AFRINIC"'s Proposal
Dewole Ajao
dewole at forum.org.ng
Thu May 11 15:28:23 UTC 2017
Hi Arsene,
The staff and legal assessments are an avenue for staff to show what
impact(s) a draft policy proposal may (potentially) have on AFRINIC (the
company).
If staff and/or legal indicate that parts of a draft policy proposal
will be of negative impact, I would expect the community and authors to
discuss and improve on such areas with the goal of producing a better
policy document.
As recommended at the last Public Policy Meeting, staff and legal have
worked hard to get their assessments out early so that the community and
authors have the opportunity to revise proposal contents up to the
no-change-deadline (i.e. one week before the Public Policy Meeting).
https://www.afrinic.net/library/policies/1829-afrinic-consolidated-policy-manual#s3_4
I hope this clears up any confusion.
Regards,
Dewole.
On 11/05/2017 13:26, Arsène Tungali wrote:
> Thanks Arnaud,
>
> May I ask te PDP chairs to let us know what is expected from us?
>
> Thanks,
> Arsene
>
> ------------------------
> **Arsène Tungali* <http://about.me/ArseneTungali>*
> Co-Founder & Executive Director, /Rudi international
> <http://www.rudiinternational.org>/,
> CEO,/Smart Services Sarl <http://www.smart-serv.info>/, /Mabingwa
> Forum <http://www.mabingwa-forum.com>/
> Tel: +243 993810967/
> /
> GPG: 523644A0/
> /
> _Goma, Democratic Republic of Congo_/
>
> /
> 2015 Mandela Washington Felllow
> <http://tungali.blogspot.com/2015/06/selected-for-2015-mandela-washington.html>
> (YALI) - ISOC Ambassador (IGF Brazil
> <http://www.internetsociety.org/what-we-do/education-and-leadership-programmes/next-generation-leaders/igf-ambassadors-programme/Past-Ambassadors>
> & Mexico
> <http://www.internetsociety.org/what-we-do/education-and-leadership-programmes/next-generation-leaders/Current-Ambassadors>)
> - AFRISIG 2016 <http://afrisig.org/afrisig-2016/class-of-2016/> -
> Blogger <http://tungali.blogspot.com> - ICANN Fellow (Los Angeles
> <https://www.icann.org/news/announcement-2014-07-18-en> & Marrakech
> <https://www.icann.org/resources/pages/marrakech55-attendees-2016-03-14-en>).//AFRINIC
> Fellow//(Mauritius
> <http://www.afrinic.net/en/library/news/1907-afrinic-25-fellowship-winners>)/-
> /IGFSA Member <http://www.igfsa.org/> - Internet Governance - Internet
> Freedom.//
>
> Check the /2016 State of Internet Freedom in DRC/ report (English
> <http://cipesa.org/?wpfb_dl=234>) and (French
> <http://cipesa.org/?wpfb_dl=242>)
>
> 2017-05-09 17:11 GMT+02:00 Arnaud AMELINA <amelnaud at gmail.com
> <mailto:amelnaud at gmail.com>>:
>
> Hi Community,
> Dear PDPWG, please find bellow The New Staff assessment concerning
> our Proposal on "Internet Number Resources Review by AFRINIC" and
> for your information the Old assessment follow the new one. Thanks
>
> Regards
>
> Arnaud
> *
> *
> *New Assessment : *
> ===============================================
>
>
> Staff Assessment for : Internet Number Resources Review by AFRINIC
>
>
> *Proposal*
>
> AFPUB-2016-GEN-001-DRAFT-04
>
> *Title*
>
> Internet Number Resources Review by AFRINIC
>
> *URL*
>
> https://afrinic.net/en/community/policy-development/policy-proposals/2073-internet-numberresources-review-by-afrinic
> <https://afrinic.net/en/community/policy-development/policy-proposals/2073-internet-numberresources-review-by-afrinic>
>
> *Assessed*
>
> 26/April/2017
>
>
> 1.0 Staff Understanding of the Proposal
>
> * AFRINIC to conduct resource utilization reviews (audits) of
> IPv4, IPv6 and ASN resources randomly, periodically and/or
> triggered by a whistleblower to ensure compliance with policy
> provisions and all terms of the AFRINIC RSA.
> * Non-Compliant resources to be recovered (and can be reallocated).
> * An arbitration team (whose decision is final) to be instituted
> (by AFRINIC) to handle any complaints by members unsatisfied
> with the review/audit report.
> * A report of all review/audit activity conducted every year
> will be published on the website, contents of which must
> comply with the Mauritius Data Protection Act as well as any
> NDA in place with any AFRINIC member.
>
>
> 2.0 Staff Comments
>
> * On Sec 13.6 - Our previous concerns that AFRINIC may be
> legally exposed regarding what member data can be published in
> the annual "Compliance Report" seem to have been addressed by
> the inclusion of "in accordance with Mauritius Data Protection
> Act and NDA with members." The act however, only concerns
> personal information. The kind of information to include in
> the compliance report should preferably be to the discretion
> of AFRINIC.
> * Authors to clarify on if the arbitration process can be
> initiated by the member anytime during or (only) after the
> review is completed. There also needs to be a time limit
> around when the arbitration process must complete (for the
> arbitration team to produce their findings/report).
> * On Staff Workload: All review requests shall be handled First
> in, First Out (at staff discretion) - in which case, no
> significant impact to staff workload is expected.
> * On the clause: “The review shall be conducted in full
> transparency and neutrality”. Authors need to expound more on
> what this means - as AFRINIC cannot disclose details of an
> ongoing audit/review to the public while doing the review - if
> this is what authors meant by "transparency".
> * On the Clause: “AFRINIC shall publish the resources to be
> recovered for a period of three (3) months; during which the
> organization may at any time, seek compliance” - AFRINIC will
> add “remarks” attributes to the concerned whois database
> objects, with information regarding the ongoing review. We
> think that this is sufficient to address the "publish"
> requirement in this clause.
>
>
> 3.0 Comments from Legal Counsel
>
> *Legal Counsel’s Assessment*
>
> 1. In the implementation phase staff will have to deal with
> evidence emanating from several jurisdictions. Moreover, staff
> will face the arduous task of assessing evidence/information/data
> from different sources and of different evidential value. Staff
> will be burdened with testing the reliability of this
> evidence/information/data to assess and weigh theses evidences and
> to decide whether same may be used to establish abuse or wrongful
> use of Internet Number Resources.
>
> The possibility of collecting evidence/information/data coming
> from different sources via affidavits or depositions before
> Commissioner of Oath may have to be envisaged to partly ease
> pressure on staff.
>
> AFRINIC will have to protect itself and act only on reliable,
> cogent and admissible evidence before finally revoking allocation
> of resources which the investigated member claims has been
> prejudicial to it and consequently claims for compensation. This
> possibility should always be envisaged. The increasing value of
> IPv4 resources point in that way.
>
> 2. What modus operandi should be put into place to “hear” the
> investigated party to ensure fairness? The policy proposal does
> not provide anything in this regard and should address it.
>
> 3. It will not always be possible to confront the investigated
> party with data/documents/evidence coming from third parties who
> may have disclosed same in confidence and have expressly refused
> to be named or referred to.
>
> 4. The arbitration referred to in the proposal has to be effected
> within the jurisdiction of one country – and the main question is
> – which would this country be?
>
> 5. Section 13.5 of the proposal states: “the outcome of the
> arbitration process is unequivocal”. This is in contradiction of,
> Articles 1027 to 1027-9 of the Code de Procedure Civile of
> Mauritius which provides that a party to an arbitration may seek
> the “annulation “of an award by seizing the Supreme Court.
>
> 6. The "Mauritius Data Protection Act" only applies to personal
> information/data.
>
>
> *The Old One : *
>
> ********************************************************************************************
>
> http://afrinic.net/en/community/policy-development/policy-proposals/1947-internet-number-resources-review-by-afrinic
> <http://afrinic.net/en/community/policy-development/policy-proposals/1947-internet-number-resources-review-by-afrinic>
>
>
>
> /Staff & Legal Assessment and Comments/
>
> /*Staff Comments*:/
>
> * /The proposal appears to be enabling AFRINIC to “enforce”
> article 4(b) the Registration Services Agreement, a matter of
> procedure and process./
> * /We already have the ability to enforce the RSA, and the RSA
> already includes a requirement for policy compliance./
> * /We already have the ability, in terms of the RSA, to recover
> resources that are not being used for the purpose for which
> they were allocated/assigned./
> * /AFRINIC already reviews or audits members when they request
> additional resources. We also have the ability to review at
> other times, but we do not regularly exercise such ability./
> * /We see no problem in principle with allowing complaints to
> trigger a review, but we are concerned about the details./
> * /It's not clear who decides whether a complaint "warrants
> investigation". We interpret this part of the proposal as
> giving AFRINIC staff the discretion to decide which complaints
> to investigate or not to investigate./
> * /Each investigation will have large impact on staff workload,
> and is also likely to have a large impact on the organisation
> being investigated. We are especially concerned about the
> impact of unjustified complaints./
> * /AFRINIC staff workload may be greatly increased by a large
> number of requests for review or audit. The requirement that
> the complaint "warrants investigation" may mitigate this
> issue, if staff have the ability to decide that certain
> complaints do not warrant investigation, but staff resources
> will nevertheless be expended on determining whether or not
> the complaint warrants investigation./
> * /There is no policy requirement for visibility in the global
> routing table. AFRINIC will have no contractual basis for
> treating "lack of visibility of the resource on the global
> routing table" as a problem under this policy. We suggest that
> this proposal should focus on policy violations, and leave the
> issue of global routing visibility to some other proposal that
> might be introduced in future./
> * /There is a reference to "unauthorised transfers". At present,
> all transfers (other than under mergers and acquisitions) are
> unauthorised. Even under possible future transfer policy, any
> "unauthorised transfer" would be in violation of such policy.
> Accordingly, we suggest that there is no need to treat
> unauthorised transfers differently from any other policy
> violation./
> * /The requirement that "the records of the previous holder of
> the recovered resource shall be removed from AFRINIC
> databases"is in conflict with current practice that when a
> resource is returned or transferred, it remains possible to
> find out information about the previous holder of the resource./
> * /The requirement that the review be conducted with "full
> transparency" may be in conflict with privacy provisions in
> NDAs, in the RSA, or in law./
> * /The requirement to publish a "compliance report" may be in
> conflict with privacy provisions in NDAs, in the RSA, or in law.
> /
> * /There is a requirement for AFRINIC to create and document an
> appeal process, and appoint a pool of arbitrators. Creating
> the process, including a public comment period and subsequent
> revisions, would probably take 3 to 6 months. Calling for
> volunteers and appointing them would probably take another 2
> months./
>
> /*Legal*:/
>
> * /TheRSAisacommunityapproveddocument and all members are bound
> by each and every clause thereof once they sign the agreement.
> It isacontractwherebothpartiessubscribetoclearobligations./
> * /In application of the law of contract of Mauritius as found
> in Article 1134 of the Mauritius Civil Code Section 4, the RSA
> is already binding,asaresult,onallmemberswhosigntheagreement./
> * /It is perfectly lawful , in terms of the application of the
> Mauritius Civil Code , for AFRINIC to act under the said
> section and reclaim
> resourcesfromthosememberswho/whichfailanaudit/reviewexercise./
> * /The policy can do no more than allow AFRINIC to do what it is
> already doing in a clear and transparent manner on the basis
> of a community approveddocument/
>
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net <mailto:RPD at afrinic.net>
> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
>
>
>
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20170511/b5faa039/attachment-0001.html>
More information about the RPD
mailing list