Search RPD Archives
[rpd] Policy Development Process and Elections
JORDI PALET MARTINEZ
jordi.palet at consulintel.es
Thu Aug 20 07:46:19 UTC 2020
Hi Ronald,
In-line below as [Jordi]
El 19/8/20 22:37, "Ronald F. Guilmette" <rfg at tristatelogic.com> escribió:
In message <AF256225-1FBC-4494-9523-92DD1D757749 at consulintel.es>,
JORDI PALET MARTINEZ <jordi.palet at consulintel.es> wrote:
>Hi Ronald,
>
>While I fully agree that it is suspicious and it doesn't look good if you want your inputs to the PDP to be seriously considered, to not have a corporate account and your real name, or introduce yourself, etc., nothing in the PDP of any RIR prevent from participate.
I have no problem with people participating. I had gathered however that
there was an issue currently being discussed with respect to -voting-.
[Jordi] However there should not be difference in participating and voting! We are not voting for membership roles, but community roles. The PDP doesn't (and should not in my opinion) differentiate that. The co-chair roles are those that judge consensus of the proposals. All is the same: a community matter. In fact, it is the same in all the RIRs.
>It is even much more suspicious in this list, when we have already previous cases of people impersonating others ... that definitively set a very bad background, unfortunately, and even worse than that, the board decided not to make a legal claim so google is forced to identify the real persona behind that email so we could take, for example, a decision to suspend the real person posting rights or whatever.
I was not aware of this. Anyway, I can only say that I support the board
in this instance. Legal actions can be quite costly, and I do believe
there are other and much more worthy things that the money could be spent
on.
[Jordi] I don't know in Mauritius, but in Spain you can start this investigation without any investment and then decide if you want to put some money to ask for compensation to this person and in most of the cases, that person will need to pay all the costs of the legal actions. What I was asking for was simply to open the case, so Google can be legally queried for "who is this person", nothing else. Because once we know who is this person, the board/community rules can take actions. Otherwise, everybody in the community knows they can do the same ... not good at all. Even if this cost money to AFRINIC, it saves AFRINIC from the situation of having instead of a single impersonation case, hundreds of them and being in big troubles.
More to the point however... and I hope that someone will correct me if
I have misunderstood... it seems that the real issue is "sock puppets"
infiltrating the mailing lists AND then asking to vote, or being allowed
to vote.
[Jordi] That's what we are trying to prevent now, because until now, despite that the PDP indicated that anyone participating in the meeting (on-site and remotely) can participate, the real situation is that until now only on-site people were able to vote. The previous problem that we talked about was people disturbing the mailing list, ad-hominem, etc.
This problem, which appears to be a real one, needs to be solved in some
comprehensive and long lasting way that does not require the initiation,
by AFRINIC, of a huge plethora of legal actions.
It is my firm believe that there are numerous different technical strategies
that could be called upon for effectively combatting this sort of thing,
ranging from the gentle to the draconian, and I would be happy to discuss
the available options to the extent that people on this list sincerely
care about this "sock puppet" issue. It is certainly the case that AFRINIC
is by no means alone in being faced with this unique but widespread problem
of the online world, and many other companies and organizations have found
inventive and effective ways to thwart the sock puppets, and these existing
technical stratgies stand as working examples and real-world lessons,
showing us what can be done if there is a sincere desire to address the
problem.
[Jordi] Agree and I think the best one is that *everybody* should be able to participate but that doesn't prevent that there is some degree of identity confirmation. I will much prefer a non-anonymous participation and that will definitively resolve the problem. I don't see valid reasons for justifying (even if I respect them at the moment) anonymous participation. However, for the benefit of the community I think is good to know the "face" of each one (which avoids impersonation), and what is your background/interest/work/etc, so we can better understand the positions of each contributor.
[Jordi] I don't know if this is done in other countries, I guess so, but in Spain you can open a bank account with a simple face picture holding your ID, done via the bank app. This clearly univocally identify your face, your name, your ID and the email that you're going to use. It will avoid people using multiple emails and in most of the cases will avoid anyone asking hundreds of friends to "support you".
>By the way, I don't have resources in any RIR, so from your perspective I will not be allowed to participate?
I am also in your exact same situation!
Of course my feeling is that you and I should be able to "participate".
When it comes to -voting- however, I am of two minds on this question.
[Jordi] Remember that we are talking about voting community positions (ASO, co-chairs, etc.), not membership ones. To change that (to disallow non-members to vote), we will need to change the PDP (and that will be against ICANN ICP-2)!
On the one hand, I like to think that both you and I are capable of making
positive contributions, both to mailing list discussions and also to the
outcome of various votes. On the other hand however, I, at least, am not
a "member" per se, of AFRINIC. I pay no dues or fees to the orgainzation,
and thus, arguably, I have no real stake in the outcome of deliberations.
I do not have, as we say here, "skin in the game".
[Jordi] Well, I disagree here ... if we are individuals using and working in Internet, we are all affected by what is done in policies in ALL the RIRs. That's how the system has been designed, because it is a global Internet, so a global community. It makes senses that the rules (policies) can be slightly different among regions, because cultural and other differences, but only up to a certain point, and if we look into history, the facts probe that policies tend to converge (at least in the main aspects) among regions, it is just a matter of time.
That having been said, I certainly DO NOT believe that it is even necessary
to make -any- choice that deviates from current practice when it comes to
the question of allowing voting by non-members. This is NOT the issue (and
perhaps I should not have even brought it up). The issue is sock puppets
and their elimination from the voting pool. This can be done, and, I would
argue, MUST be done in order to maintain the fairness of the voting process.
(And I hope that this much, at least, is self evident.)
Neither you nor I are sock puppets, and thus, the careful technical
elimination of sock puppets, if done properly, should have no effect
whatsoever on either you or I, or for that matter on any other actual
and legitimate independently-acting homo sapien.
>That's said, I also feel very uncomfortable not knowing who I'm speaking to, but not because the process doesn't allow it, but because I think as humans, we prefer to know the "face" of the people (that's why it is important to participate in meetings), and more important, we can better understand the other people positions if we know what is their work and background, etc.
My own concern goes well beyond mere discomfort.
As you and others on this list should surely know, there has been quite
a lot of hanky panky of late, by certain Bad Actors, trying to inject
themselves into the structures and/or processes of global Internet
governance. The recent unusual increase in AFRINIC mailing list signups
certainly suggests the very real possibility that these signup are a part
of a very deliberate effort to seize some measure of power via unscruplous
means. This cannot be allowed to stand.
As noted above, there are many practical and effective counter-measures
that could be deployed, right now, to counter this sort of thing. I will
be more than happy to go into more detail, however I think that anyone
who researches the topic, and looks into how reality is already routinely
being separated from fiction, e.g. on the web sites of, and in the sign-up
processes of various cryptocurrency exchanges, will quickly see that
there are a lot of possibilities, ranging from simple CAPTCHAs on up
through quite invasive identification/verification methods.
One thing I can say, quite definitively, is that a simple banning, from
voting, of any account that has been active for less than 6 months feels
like a rather eentirely ham-fisted approach to the problem, and one that
quite certainly will not stand the test of time. This is merely "security
by kicking the can own the road". There has to be a better way.
Regards,
rfg
_______________________________________________
RPD mailing list
RPD at afrinic.net
https://lists.afrinic.net/mailman/listinfo/rpd
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
More information about the RPD
mailing list