ANA Calls for Independent Investigation of ICANN System Vulnerability

ANA has called on the Internet Corporation for Assigned Names and Numbers (ICANN) to engage an independent third-party IT expert or experts to conduct a comprehensive investigation of its recent system vulnerability.  In a letter to Rod Beckstrom, President and Chief Executive Officer of ICANN, ANA President and CEO Bob Liodice outlined the need for immediate answers regarding this serious problem.

Our letter pointed out that this vulnerability – which has shut down the generic top-level domain (gTLD) application system since April 12, 2012 – may have enabled some applicants to see other applicants’ file names and potentially serving to compromise competitive information, which might provide some parties an unfair competitive marketplace advantage. To date, ICANN has failed to fully explain the cause or the scope of the system vulnerability, or announce corrective steps.

We have also written to the Department of Commerce (DOC) and its National Telecommunications and Information Administration (NTIA) asking that they exercise their oversight of ICANN and encourage ICANN to engage an independent IT expert to fully investigate the vulnerabilty.

In the letter to Beckstrom, we identified these core questions that an independent investigator should address:

  • What was the specific vulnerability that caused the leak of this information, and why did ICANN wait so long after reports of the vulnerability to shut down the application system?
  • Which file names and applicant names were visible; what kind of information was leaked?
  • What steps, if any, has ICANN taken to alert all parties affected by the vulnerability?
  • A consistent complaint among stakeholders has been that there is little transparency in ICANN’s operations; why has ICANN released so little information about this situation to date?
  • What corrective measures is ICANN taking or planning to ensure that system vulnerabilities or a similar incident will not occur in the future?
  • Should the gTLD expansion program be curtailed in scope or suspended until ICANN employs a sufficiently experienced and/or large enough number of technical Internet security staff to oversee it?

If you have any questions, please contact Dan Jaffe in ANA's Washington office at 202-296-2359 or at