ANA Calls for Independent Investigation of ICANN System Vulnerability
April 25, 2012 - New York, NY – The Association of National Advertisers (ANA) today called on ICANN (Internet Corporation for Assigned Names and Numbers) to engage an independent third-party IT expert or experts to conduct a comprehensive investigation of its recent system vulnerability. In a letter to Rod Beckstrom, President and Chief Executive Officer of ICANN, ANA President and CEO Bob Liodice outlined the need for immediate answers regarding this serious problem.
Liodice pointed out that this vulnerability – which has shut down the generic top-level domain (gTLD) application system since April 12, 2012 – may have enabled some applicants to see other applicants’ file names and potentially serving to compromise competitive information, which might provide some parties an unfair competitive marketplace advantage. To date, ICANN has failed to fully explain the cause or the scope of the system vulnerability, or announce corrective steps.
In additional comments, Liodice underscored the severity of the problem, stating: “The marketing and Internet communities are highly concerned about ICANN’s system vulnerability which appeared shortly after ICANN opened its vast top-level domain expansion program. Allowing confidential application file names to become visible to the wrong TLD applicant could greatly compromise the integrity of the new TLD application selection process. It indicates that ICANN remains ill-equipped to manage a program the marketing community has consistently criticized as ill-conceived, overpriced and technologically suspect.”
Liodice further noted, “We are urgently requesting that the Department of Commerce and its National Telecommunications and Information Administration (NTIA) exercise their oversight of ICANN and encourage ICANN to engage an independent IT expert to fully investigate this serious and inadequately explained vulnerability.”
Liodice concluded, “Trust in the Internet’s integrity is paramount for marketers, who are building their businesses and consumer relationships on this vital communications and transactional platform.”
In the ANA letter to Beckstrom, Liodice identified these core questions that an independent investigator should address:
What was the specific vulnerability that caused the leak of this information, and why did ICANN wait so long after reports of the vulnerability to shut down the application system?
- Which file names and applicant names were visible; what kind of information was leaked?
- What steps, if any, has ICANN taken to alert all parties affected by the vulnerability?
- A consistent complaint among stakeholders has been that there is little transparency in ICANN’s operations; why has ICANN released so little information about this situation to date?
- What corrective measures is ICANN taking or planning to ensure that system vulnerabilities or a similar incident will not occur in the future?
- Should the gTLD expansion program be curtailed in scope or suspended until ICANN employs a sufficiently experienced and/or large enough number of technical Internet security staff to oversee it?
About the ANA
Founded in 1910, the ANA (Association of National Advertisers) leads the marketing community by providing its members with insights, collaboration, and advocacy. ANA's membership includes 450 companies with 10,000 brands that collectively spend over $250 billion in marketing communications and advertising. The ANA strives to communicate marketing best practices, lead industry initiatives, influence industry practices, manage industry affairs, and advance, promote, and protect all advertisers and marketers. http://www.ana.net, follow us on Twitter, join us on Facebook, or visit our YouTube channel.
Luna Newton, CooperKatz & Company for the ANA
firstname.lastname@example.org or 917.595.3061
Marcus Hardy, Cooperkatz & Company for ANA
email@example.com or 917.595.3043