[CCWG-ACCT] Special Community Leaders CAll - 6 October - Shared Materials

James Gannon james at cyberinvasion.net
Wed Oct 7 17:16:03 UTC 2015 

I’m sorry but Im going to reiterate, a new whistleblower program is not an NTIA defined criteria, is not a community power and we have enough on our plate for our current discussions.

Is this a great potential idea for WS2 and the staff/so/ac/accountability piece? For sure and I would think that WP3 (I think that’s the staff so/ac/accountability one) would be very open to hearing these ideas.

But for the moment, before Dublin we have an immense amount of work to do on fundamental issues and conflicts and I don’t think that we can spare time for additional work.

-jg

From: Ron Baione
Date: Wednesday 7 October 2015 at 6:03 p.m.
To: James Gannon, "kieren at kierenmccarthy.com<mailto:kieren at kierenmccarthy.com>", "nigel at channelisles.net<mailto:nigel at channelisles.net>", "accountability-cross-community at icann.org<mailto:accountability-cross-community at icann.org>"
Subject: Re: [CCWG-ACCT] Special Community Leaders CAll - 6 October - Shared Materials

Again, That whistleblower process is internal, not external, the company is involved directly in the decision process you described.

And remember, what you described is the Industry standard across high risk companies that are not multistakeholder and with different responsibilities.

Spending time developing my proposed external process is in fact fulfilling a solution to stated US Government NTIA post-transition security mandates as stated by the NTIA's requirments to their accepting the transition. Basically, They want to know if ICANN is going to have the processes in place for this sort of thing, and its usually the first question Congress asks. "What about foreign governments, is the process secure?".

The US Government will never approve the transition without knowing ICANN has every tool necessary to prevent foreign government pressure, and it should be a top issue, with an external whistleblower process officially drafted asap, or at least have the idea proposed in some facet.

Ron


________________________________
From: James Gannon <james at cyberinvasion.net<mailto:james at cyberinvasion.net>>;
To: Kieren McCarthy <kieren at kierenmccarthy.com<mailto:kieren at kierenmccarthy.com>>; Nigel Roberts <nigel at channelisles.net<mailto:nigel at channelisles.net>>; accountability-cross-community at icann.org<mailto:accountability-cross-community at icann.org> <accountability-cross-community at icann.org<mailto:accountability-cross-community at icann.org>>;
Subject: Re: [CCWG-ACCT] Special Community Leaders CAll - 6 October - Shared Materials
Sent: Wed, Oct 7, 2015 4:33:04 PM

While I won’t comment on the internal side of things I just want to note that an external compliance/whistleblower/reporting hotline which runs through a questionnaire and then gives the report back to the company is pretty industry standard and considered best practise across high risk industries.

Whats important is what happens once the report is given over to the company.

But given the work that we have ahead of us on fundamental issues I worry that spending cycles on such a small targeted issue might be time better spent on other matters, just my 2c.

-jg

From: <accountability-cross-community-bounces at icann.org<javascript:return>> on behalf of Kieren McCarthy
Date: Wednesday 7 October 2015 at 5:27 p.m.
To: Nigel Roberts, "accountability-cross-community at icann.org<javascript:return>"
Subject: Re: [CCWG-ACCT] Special Community Leaders CAll - 6 October - Shared Materials

The current whistleblower process is far worse than that.

For one, the entire process is a hotline to a company that reports directly back to ICANN.

That company receives a complaint and then takes it straight to ICANN and asks ICANN for what to do next. This is not hearsay, it is what happened to one person that actually used the process (and it wasn't me).

The company's first question was to ask what their name was. They asked that I'd they gave it, would it be given to ICANN. The answer was yes.

The individual heard nothing about their complaint for a while. Then the company got back: ICANN had decided not to progress with it, so it was considered closed.

In other words, the whistleblower program is a complete fraud completely determined and run by ICANN's legal team.

ICANN refuses to provides any details of this program (and no wonder) and that even extends to basic stats.

The only other person that I know used the program was fired shortly afterwards. I understand they gave their name to the company believing it would be confidential.

When ICANN was quizzed on the program, it had the audacity to argue that the low level of use of the whistleblower program showed that there weren't any concerns internally.

It's doesn't take a genius to realize that keeping your mouth shut is preferable to being fired and having the issue you were complaining about brushed under the carpet.


Kieren

On Wed, Oct 7, 2015 at 7:21 AM Nigel Roberts <nigel at channelisles.net<javascript:return>> wrote:
What's the point of a whistleblowing process if there's no one with a
big stick to listen to the whistle?



On 07/10/15 15:01, Ron Baione wrote:
> An idea I had was to include in the process some sort of mandatory monthly collaboration with a secure external whistleblower process.  It is perceived that ICANN members would be somewhat more suceptible to unlawful pressure by governments or inter-governmental entities post-transition.
>
> Having an external process might help gain public and U.S. government trust in the transition and accountability process.  Whistle-blower websites and reporters exist around the globe, and have been the subject of much controversy, but in a multistakeholder controlled external whistleblower process, you could have:
>
> 1)  A monthly process where a conjunction of 60 legit and diverse privacy groups are placed in a pool of availability
>
> 2) 5 privacy organizations would then be chosen at random each month, by algorithm or out of a hat to act as possible external whistleblowers for the ICANN community
>
> 3) Each of the 60 privacy groups must sign a non-disclosure contract with ICANN regarding the provision of their services at any given time
>
> 4) The names of the 60 privacy groups would be publicly known, published on January 1st each year,
>
> 5) It would not be lawful for those groups to reveal if they are that monthly representative, or risk losing their incentive to participate in the process, an jncentive which would be non-monetary.
>
> 6) The incentive would be, i suppose, the credibility gained for their organization by being considered worthy of external whistleblower stewardship
>
> 7) An ICANN led review process of which privacy groups are chosen and retained year over year would be conducted by the CCWG.
>
> 8) Since the model is for the creation of a a random selection process, groups could theoretically serve 12 times a year, therefore a limit on number of months a single organization could serve a whistleblower function would be capped at 8 months of service.
>
> 9) There would be a code-of-conduct signed by each organization allowing for automatic vote by CCWG on removal from the pool of organizations of an organization or retinment, for example, if an organization for failed to renew or delayed its renewal of its local registration or enacted or amended their bylaws, failed to submit requested information in a timely fashion, or acted in a way that was contrary to supporting a free and open internet.
>
> Ron
>
>
>
> _______________________________________________
> Accountability-Cross-Community mailing list
> Accountability-Cross-Community at icann.org<javascript:return>
> https://mm.icann.org/mailman/listinfo/accountability-cross-community
>
_______________________________________________
Accountability-Cross-Community mailing list
Accountability-Cross-Community at icann.org<javascript:return>
https://mm.icann.org/mailman/listinfo/accountability-cross-community

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/accountability-cross-community/attachments/20151007/22c0cf83/attachment.html>

More information about the Accountability-Cross-Community mailing list