ICANN/DNSO
DNSO Mailling lists archives

[council]


<<< Chronological Index >>>    <<< Thread Index >>>

[council] RE: motion to waive rules


Agree with Bruce here. To add another argument: 

The Names Council is a group of only 20 people, it is not a large
and anonymous group. All one has to do is make the results of 
an email ballot public - after all, our votes in a teleconference are
public and visible anyway - and the risk of fraud drops to zero.
For I would be able to instantly see whether someone had voted
for me in the wrong way.

>>> Bruce Tonkin <Bruce.Tonkin@melbourneit.com.au> 02/12/02 06:01PM >>>
Hello All,

> 
> I agree with Marilyn.  Given the potential for fraud, I think it is 
> important that NC votes are ratified in person or via a telephone 
> conference.  I am willing to share the burden by attending some calls 
> outside of US business hours to accommosate our friends from other 
> hemispheres. 
> 

Well I am amazed at the concern for fraud.  But since you mention it:
(1) how do you verify the voice on the other end of the line - no one
checked it was me when I last called in - this was no checking of caller
line ID, no scrambling of an encoded telephone line.
(2) how do you know it is me when I turn up face-to-face - I have never been
asked for passport ID when attending an ICANN meeting.

Technically it is possible to defeat the existing namescouncil security for
both in person and phone calls.

In any case, it is about risk management.  From a personal point of view I
believe that the risks for fraud via email in this instance are acceptable
(but it might just be that I have been using email for about 20 years and I
am perfectly comfortable with it for consensus building and decision
making).  There are additional mechanisms for improving the security of
email - digital certificates etc, just as there are for voice and
face-to-face verification.

So I still stand by my earlier comments regarding email being acceptable.
It is in many other business contexts and Boards I operate in.  Again we
should be using the Internet constructively, and not relying on traditional
means of communication.  If there is a concern about security of email -
then lets use the readily available technologies to secure it.

This debate reminds me of those that are concerned about using their credit
card over the Internet, yet will let a waiter take their credit card away at
a restaurant to use from the kitchen while you wait for it to be returned.

In any case it is not a big issue for me.  If the majority wish to not use
the Internet to conduct ICANN business that is fine by me - it does send a
worrying message to the outside world though.

Regards,
Bruce Tonkin



<<< Chronological Index >>>    <<< Thread Index >>>