[rpd] AFPUB-2020-GEN-001-DRAFT01 - Policy Compliance Dashboard

[Ekaterina Kalugina]

Dear JORDI, dear all,
Please see my comments in line:



On Wed, 30 Sep 2020, 13:43 JORDI PALET MARTINEZ via RPD <rpd at afrinic.net>
wrote:


> Hi AK, Moses, all,

>

>

>

> I will like you to reconsider your decision on this proposal, following

> CPM 3.5, on the grounds of my responses below, which have already been

> provided thru previous discussions and I don’t think any of those are

> valid-objections to the proposal.

>

>

>

> See my points below, in-line.

>

>

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> 5.       Policy Compliance Dashboard

>

> The policy proposal seeks to provide a framework or a policy compliance

> dashboard be developed by AFRINIC and incorporated in myAFRINIC (and future

> member’s communication platforms).  It will allow a periodic review of the

> policy compliance status of each member. It will also enable members to

> receive automated notifications for any issue. Staff will receive repeated

> warnings of lack of compliance or severe violations enshrined in the CPM.

> However, there are several oppositions to this proposal, such as:

>

> a.                      This policy seems to be redundant of the status

> quo as violations are already checked and processed by the human staff.

>

>

>

> That's the key human vs. automation. Human verification is costly and

> inefficient if it can be automated.

>


Yes, I agree that generally automation is more efficient. However, in our
case we must ask ourselves whether it will be more efficient in the case of
AFRINIC. I understand that through this policy notifications will be
automated but who will be reviewing the compliance status of each member?
This work will still be done by the staff. So the question here is would
the resources invested in this policy be worth a few automated emails?

In addition, it is much easier to dismiss automated emails than those
coming from a real human being. There is no guarantee that these alerts
won't be simply disregarded.


>

>

> b.                      There is already an existing system of guidelines

> on keeping track of the violations of members.

>

>

>

> The RSA and bylaws have generic provisions. There is nothing against the

> power of the community to make those more clearly stated. Furthermore this

> will protect the members against a mistake, which according to the legal

> bindings today, can call for an immediate resource reclamation.

>

>

I am wondering whether there are already precedents of such issue. As far
as I understand staff notifies the resource holder in case there are any
violations. So how would this policy make a difference?


>

> c.                       The policy is not binding and does not enforce

> members actually to follow the rules and not violate policies.

>

>

>

> All the policies are binding for all the members. This is clearly stated

> in the legal documents.

>


Yet, there is no mechanism to ensure that members will actuality check the
dashboard.


>

>

> d.                      Ignorance could be a convenient excuse for

> violations because one could claim that they never got notified about their

> violations.

>

>

>

> On the other way around, this is the actual status quo. This policy

> ensures that ignorance can’t be used as an excuse, because it will send

> alerts and show them also in the member account GUI.

>



>

> e.                      There is no comprehensive system on how the board

> should take proper actions once members violate policies, nor does it give

> guidelines based on the severity of the violations.

>

>

>

> This is on purpose. There are different severity levels, and this even may

> depend on circumstances, so it is up to the operational details of the

> implementation, to better detail it, which can be done in consultancy with

> the community. If the community think the staff is not doing that

> correctly, then a new proposal can be submitted, but with this proposal we

> have a starting point at least. Trying to agree on if making a mistake on

> this or that part of the CPM is more or less severe than doing 3 times

> wrong this or that, will be and endless discussion and too operational.

>


This is interesting because when discussing resource transfer policy you
stated, and I quote:
"Now, regarding the point on “we can get this policy working” and then
resolve the issues with another proposal … I will love to believe in that,
but I’m every day more and more convinced that this will not happen. If we
don’t get it right (or almost right on the first shot), we will not agree
in 1 year to resolve it."

When it comes to your own policy you are open to passing it and then
amending it later as necessary. But when it concerns the policy proposed by
someone else, this is one of your main counter arguments. Doesn't this seem
to be a little of a double standard?

Also, I understand your point on giving AFRINIC staff the freedom to decide
the severity of each violation. However, I think if we were to ever pass
this policy it AT LEAST has to include a set guidelines for the appropriate
procedure that is to be followed by the board when such violations occur.
Otherwise we could be stuck in a situation where violations take place, and
no one is really sure what to do about it. And since the decision making
process of the community can take months, I fail to see how this is in any
way effective or efficient.


>

>

> f.                        This policy takes away resources that could be

> used for more beneficial pursuits to AFRINIC for something existing in the

> system.

>

>

>

> On the other way around. It is clear that automation **saves** resources.

> The policy doesn’t state **how** or **when** it should be implemented,

> and it is just fine that the staff defines what parts of the CPM are

> implemented when and in what order, depending on the availability of the

> human resources unless the board decides that this is key and should be

> implemented faster.

>


Again, without a thorough cost benefit analysis, any claims of whether or
not this would save AFRINIC resources in the long term are completely
groundless. However, it IS obvious that in the short term implementating
this policy will be a great financial burden.


>

>

> g.                      It an administrative  process, and this should be

> left to staff

>

> Is not. The community has the right to ensure that the policy compliance

> is monitored in a way that, because it is automated, doesn’t make a

> difference in how much time the staff has to do that manually and then do

> it faster for some resource holders than others. Automation makes it quick

> (no difference among resource holders), human means you do it for each

> resource holder “when you can”. Trying to make this in a way that is fair

> for all members by humans, will mean having almost as many staff human

> resources for each “validation” pass as resource holders. It will also mean

> that you do a reduced number of “passes” per year, while automation means

> you can do it every week or month.

>

In my view, maintaining policy compliance is a purely operational issue
that is outside the scope of the PDP. The policies should only focus on HOW
the resources are distributed and not on whether or not members follow
these policies.

I understand where you are coming from in regards to proposing this policy.
But I really think it requires way more assessment,  review, and discussion
to determine if it is really necessary and whether or not it is actually in
the scope of the PDP.

Best,

Ekaterina


>

>

> Chairs Decision:  NO rough Consensus

>

>

> **********************************************

> IPv4 is over

> Are you ready for the new Internet ?

> http://www.theipv6company.com

> The IPv6 Company

>

> This electronic message contains information which may be privileged or

> confidential. The information is intended to be for the exclusive use of

> the individual(s) named above and further non-explicilty authorized

> disclosure, copying, distribution or use of the contents of this

> information, even if partially, including attached files, is strictly

> prohibited and will be considered a criminal offense. If you are not the

> intended recipient be aware that any disclosure, copying, distribution or

> use of the contents of this information, even if partially, including

> attached files, is strictly prohibited, will be considered a criminal

> offense, so you must reply to the original sender to inform about this

> communication and delete it.

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd

>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200930/ff72727c/attachment-0001.html>