Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Staff & Legal Assessements on "Internet Numbers review by AFRINIC"'s Proposal

Arnaud AMELINA amelnaud at
Fri May 12 16:32:30 UTC 2017

Hi Co-Chairs, Dear community,

After reading and analyzing the staff analysis, we realized that it was
totally different from the first staff analysis. Then a question came to
mind, why a new staff analysis for the same policy, even though all updates
are made to address the old staff analysis and discussions on the PDPWG.

Perhaps Arsene is confused because this should have come as an update from
the Co-chairs on the rpd, not the authors



2017-05-11 15:28 GMT+00:00 Dewole Ajao <dewole at>:

> Hi Arsene,
> The staff and legal assessments are an avenue for staff to show what
> impact(s) a draft policy proposal may (potentially) have on AFRINIC (the
> company).
> If staff and/or legal indicate that parts of a draft policy proposal will
> be of negative impact, I would expect the community and authors to discuss
> and improve on such areas with the goal of producing a better policy
> document.
> As recommended at the last Public Policy Meeting, staff and legal have
> worked hard to get their assessments out early so that the community and
> authors have the opportunity to revise proposal contents up to the
> no-change-deadline (i.e. one week before the Public Policy Meeting).
> consolidated-policy-manual#s3_4
> I hope this clears up any confusion.
> Regards,
> Dewole.
> On 11/05/2017 13:26, Arsène Tungali wrote:
> Thanks Arnaud,
> May I ask te PDP chairs to let us know what is expected from us?
> Thanks,
> Arsene
> ------------------------
> **Arsène Tungali* <>*
> Co-Founder & Executive Director, *Rudi international
> <>*,
> CEO,* Smart Services Sarl <>*, *Mabingwa Forum
> <>*
> Tel: +243 993810967
> GPG: 523644A0
> *Goma, Democratic Republic of Congo*
> 2015 Mandela Washington Felllow
> <>
> (YALI) - ISOC Ambassador (IGF Brazil
> <>
> & Mexico
> <>)
> - AFRISIG 2016 <> - Blogger
> <> - ICANN Fellow (Los Angeles
> <> & Marrakech
> <>
> ). AFRINIC Fellow (Mauritius
> <>
> )* - *IGFSA Member <> - Internet Governance -
> Internet Freedom.
> Check the *2016 State of Internet Freedom in DRC* report (English
> <>) and (French
> <>)
> 2017-05-09 17:11 GMT+02:00 Arnaud AMELINA <amelnaud at>:
>> Hi Community,
>> Dear PDPWG, please find bellow The New Staff assessment concerning our
>> Proposal on "Internet Number Resources Review by AFRINIC" and for your
>> information the Old assessment follow the new one. Thanks
>> Regards
>> Arnaud
>> *New Assessment : *
>> ===============================================
>> Staff Assessment for : Internet Number Resources Review by AFRINIC
>> *Proposal*
>> AFPUB-2016-GEN-001-DRAFT-04
>> *Title*
>>  Internet Number Resources Review by AFRINIC
>> *URL*
>> proposals/2073-internet-numberresources-review-by-afrinic
>> *Assessed*
>> 26/April/2017
>> 1.0 Staff Understanding of the Proposal
>>    - AFRINIC to conduct resource utilization reviews (audits) of IPv4,
>>    IPv6 and ASN resources randomly, periodically and/or triggered by a
>>    whistleblower to ensure compliance with policy provisions and all terms
>>    of the AFRINIC RSA.
>>    - Non-Compliant resources to be recovered (and can be reallocated).
>>    - An arbitration team (whose decision is final) to be instituted (by
>>    AFRINIC) to handle any complaints by members unsatisfied with the
>>    review/audit report.
>>    - A report of all review/audit activity conducted every year will be
>>    published on the website, contents of which must comply with the
>>    Mauritius Data Protection Act as well as any NDA in place with any AFRINIC
>>    member.
>> 2.0 Staff Comments
>>    - On Sec 13.6 - Our previous concerns that AFRINIC may be legally
>>    exposed regarding what member data can be published in the annual
>>    "Compliance Report" seem to have been addressed by the inclusion of "in
>>    accordance with Mauritius Data Protection Act and NDA with members." The
>>    act however, only concerns personal information. The kind of
>>    information to include in the compliance report should preferably be
>>    to the discretion of AFRINIC.
>>    - Authors to clarify on if the arbitration process can be initiated
>>    by the member anytime during or (only) after the review is completed.
>>    There also needs to be a time limit around when the arbitration process must
>>    complete (for the arbitration team to produce their findings/report).
>>    - On Staff Workload: All review requests shall be handled First in,
>>    First Out (at staff discretion) - in which case, no significant
>>    impact to staff workload is expected.
>>    - On the clause: “The review shall be conducted in full transparency
>>    and neutrality”. Authors need to expound more on what this means - as
>>    AFRINIC cannot disclose details of an ongoing audit/review to the
>>    public while doing the review - if this is what authors meant by
>>    "transparency".
>>    - On the Clause: “AFRINIC shall publish the resources to be recovered
>>    for a period of three (3) months; during which the organization may
>>    at any time, seek compliance” - AFRINIC will add “remarks” attributes to
>>    the concerned whois database objects, with information regarding the
>>    ongoing review. We think that this is sufficient to address the
>>    "publish" requirement in this clause.
>> 3.0 Comments from Legal Counsel
>> *Legal Counsel’s Assessment*
>> 1. In the implementation phase staff will have to deal with evidence
>> emanating from several jurisdictions. Moreover, staff will face the
>> arduous task of assessing evidence/information/data from different sources
>> and of different evidential value. Staff will be burdened with testing the
>> reliability of this evidence/information/data to assess and weigh theses
>> evidences and to decide whether same may be used to establish abuse or
>> wrongful use of Internet Number Resources.
>> The possibility of collecting evidence/information/data coming from
>> different sources via affidavits or depositions before Commissioner of
>> Oath may have to be envisaged to partly ease pressure on staff.
>> AFRINIC will have to protect itself and act only on reliable, cogent and
>> admissible evidence before finally revoking allocation of resources
>> which the investigated member claims has been prejudicial to it and consequently
>> claims for compensation. This possibility should always be envisaged. The
>> increasing value of IPv4 resources point in that way.
>> 2. What modus operandi should be put into place to “hear” the
>> investigated party to ensure fairness? The policy proposal does not
>> provide anything in this regard and should address it.
>> 3. It will not always be possible to confront the investigated party with
>> data/documents/evidence coming from third parties who may have disclosed
>> same in confidence and have expressly refused to be named or referred to.
>> 4. The arbitration referred to in the proposal has to be effected within
>> the jurisdiction of one country – and the main question is – which would
>> this country be?
>> 5. Section 13.5 of the proposal states: “the outcome of the arbitration
>> process is unequivocal”. This is in contradiction of, Articles 1027 to
>> 1027-9 of the Code de Procedure Civile of Mauritius which provides that
>> a party to an arbitration may seek the “annulation “of an award by seizing
>> the Supreme Court.
>> 6. The "Mauritius Data Protection Act" only applies to personal
>> information/data.
>> *The Old One : *
>> ************************************************************
>> ********************************
>> proposals/1947-internet-number-resources-review-by-afrinic
>> *Staff & Legal Assessment and Comments*
>> *Staff Comments:*
>>    - *The proposal appears to be enabling AFRINIC to “enforce” article
>>    4(b) the Registration Services Agreement, a matter of procedure and
>>    process.*
>>    - *We already have the ability to enforce the RSA, and the RSA
>>    already includes a requirement for policy compliance.*
>>    - *We already have the ability, in terms of the RSA, to recover
>>    resources that are not being used for the purpose for which they were
>>    allocated/assigned.*
>>    - *AFRINIC already reviews or audits members when they request
>>    additional resources. We also have the ability to review at other times,
>>    but we do not regularly exercise such ability.*
>>    - *We see no problem in principle with allowing complaints to trigger
>>    a review, but we are concerned about the details.*
>>    - *It's not clear who decides whether a complaint "warrants
>>    investigation". We interpret this part of the proposal as giving AFRINIC
>>    staff the discretion to decide which complaints to investigate or not to
>>    investigate.*
>>    - *Each investigation will have large impact on staff workload, and
>>    is also likely to have a large impact on the organisation being
>>    investigated. We are especially concerned about the impact of unjustified
>>    complaints.*
>>    - *AFRINIC staff workload may be greatly increased by a large number
>>    of requests for review or audit. The requirement that the complaint
>>    "warrants investigation" may mitigate this issue, if staff have the ability
>>    to decide that certain complaints do not warrant investigation, but staff
>>    resources will nevertheless be expended on determining whether or not the
>>    complaint warrants investigation.*
>>    - *There is no policy requirement for visibility in the global
>>    routing table. AFRINIC will have no contractual basis for treating "lack of
>>    visibility of the resource on the global routing table" as a problem under
>>    this policy. We suggest that this proposal should focus on policy
>>    violations, and leave the issue of global routing visibility to some other
>>    proposal that might be introduced in future.*
>>    - *There is a reference to "unauthorised transfers". At present, all
>>    transfers (other than under mergers and acquisitions) are unauthorised.
>>    Even under possible future transfer policy, any "unauthorised transfer"
>>    would be in violation of such policy. Accordingly, we suggest that there is
>>    no need to treat unauthorised transfers differently from any other policy
>>    violation.*
>>    - *The requirement that "the records of the previous holder of the
>>    recovered resource shall be removed from AFRINIC databases"is in conflict
>>    with current practice that when a resource is returned or transferred, it
>>    remains possible to find out information about the previous holder of the
>>    resource.*
>>    - *The requirement that the review be conducted with "full
>>    transparency" may be in conflict with privacy provisions in NDAs, in the
>>    RSA, or in law.*
>>    -
>> *The requirement to publish a "compliance report" may be in conflict with
>>    privacy provisions in NDAs, in the RSA, or in law. *
>>    - *There is a requirement for AFRINIC to create and document an
>>    appeal process, and appoint a pool of arbitrators. Creating the process,
>>    including a public comment period and subsequent revisions, would probably
>>    take 3 to 6 months. Calling for volunteers and appointing them would
>>    probably take another 2 months.*
>> *Legal:*
>>    - *TheRSAisacommunityapproveddocument and all members are bound by
>>    each and every clause thereof once they sign the agreement. It
>>    isacontractwherebothpartiessubscribetoclearobligations.*
>>    - *In application of the law of contract of Mauritius as found in
>>    Article 1134 of the Mauritius Civil Code Section 4, the RSA is already
>>    binding,asaresult,onallmemberswhosigntheagreement.*
>>    - *It is perfectly lawful , in terms of the application of the
>>    Mauritius Civil Code , for AFRINIC to act under the said section and
>>    reclaim resourcesfromthosememberswho/whichfailanaudit/reviewexercise.*
>>    - *The policy can do no more than allow AFRINIC to do what it is
>>    already doing in a clear and transparent manner on the basis of a community
>>    approveddocument*
>> _______________________________________________
>> RPD mailing list
>> RPD at
> _______________________________________________
> RPD mailing listRPD at afrinic.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list