In message <Pine.LNX.4.64.2001301338580.909@yuri.anime.net>, Dan Hollis <goemon@sasami.anime.net> wrote:
What can or should be done when a registry goes rogue?
Answering that question is a task which is above my pay grade. I would be remiss however if I did not take this opportunity to make a few brief and relevant points. *) There are other and additional shoes yet to drop with respect to AFRINIC. I am not free to go into more details regarding that assertion at this time. *) It is implausible on the face of it that only one AFRINIC insider was stealing all of this stuff and spiriting it all out the backdoor at midnight while all other AFRINIC employees, management, and board were entirely clueless and totally in the dark about the fact that any of this was going on, right under their own roof and right under their noses. And I have some not-entirely-speculative reasons to believe that others were involved. *) Throughout my investigation, AFRINIC officials and board members have, almost without exception, avoided answering many simple and relevant questions regarding this and other matters, even when the questions quite obviously do not have any relevance whatsoever to AFRINIC's contractual confidentiality commitments to its member organizations. If you ask AFRINIC what time of day it is, they will tell you that that is covered under an NDA, and that thus, they can't tell you. It really is almost that bad, and there appears to me to be a pervasive culture of secrecy within the organization which effectively thwarts reasonable inquiry and any and all outside accountability. This appeared to me to be the case even well before AFRINIC became fully aware of the activities of their rogue employee, and now, the existance of what is supposedly a serious police inquiry by the crack Mauritian police investigators is being used as a basis for AFRINIC to answer even fewer questions than before, since the whole matter is now said to be "under police investigation". (It is left as an exercise for the reader to deduce whether or not the high-tech crimes investigative unit of the Mauritian national police is at all likely to obtain or expose more answers in this case than I and journalist Jan Vermeulen already have done. In estimating the odds of that, it may be of value to keep in mind that the entire nation of Mauritius, known primarily for sunny beaches and tax avoidance schemes, has a total population of slighty less than the city of Dallas, Texas.) *) Ever since the publication of Jan Vermeulen's first article on this matter on September 1, 2019, it has been alleged that AFRINIC has been conducting its own internal investigation. More recently Jan has learned that AFRINIC's internal investigation may have actually started much earlier, in April of 2019. In all this time, neither anyone from AFRINIC nor anyone from the Mauritian national police have made any effort to ask either Jan or myself what, if anything, we know about these matters that has not yet appeared in print. If they had asked, as part of their "internal investigation", we could have told them some things. They never asked. *) Entirely separate from the matter of the looting of IPv4 resources from AFRINIC, it was announced some time ago the AFRINIC's auditor of many years, PriceWaterhouseCoopers (PwC), has effectively fired its client, AFRINIC, for reasons that have yet to be revealed, either to the AFRINIC membership or to the public at large. This is the same accounting firm that has been named in numerous recent press reports as having possibly played some role in the large scale looting of the state coffers of the southern African country of Angola: https://www.nytimes.com/2020/01/19/world/africa/isabel-dos-santos-angola.htm... https://www.theguardian.com/world/2020/jan/23/pwc-growing-scrutiny-isabel-do... https://www.icij.org/investigations/luanda-leaks/pwc-head-shocked-and-disapp... This raises the almost unavoidable question: How bad must AFRINIC's books be in order to cause even the likes of PriceWaterhouseCoopers to walk away from their client, AFRINIC, after so many years? And what is it in those books that AFRINIC and its board would prefer everyone not know about? *) At the present time, and reportedly even well before Jan Vermeulen's September 1st article which suggested, unambiguously, that there was something rotten going on within AFRINIC, AFRINIC has been allegedly endeavoring to investigate itself. I problems with that are, I believe, self-evident to any unbiased observer. I personally have no faith that the full truth or the full facts relating either to the IPv4 pilfering or to the other and unrelated accounting issues, whatever they may be, are at all likely to emerge from AFRINIC's investigation of itself. Furthermore, I believe that this is itself considered by the AFRINIC board to be a feature rather than a bug. If anyone were seriously motivated to get to the full truth of these matters then the solution is quite obvious. There should be an independent outside investigation. And to be clear, I am most definitely *not* talking about an investigation performed by what is effectively AFRINIC's parent company, ICANN. That organization also has more than a little vested interest in seeing to it that both of these matters, the IP thefts and the accounting irregularities, are all swept under the rug as quickly and as quietly as possible. For this reason, I have no doubt whatsoever that both AFRINIC and ICANN would vigorously oppose the notion of an independent outside investigation. And since ICANN calls the tune with respect to all Internet governance matters I also have no doubt at all that there will be no indepndent inquiry into any of this abundant funny business, and that the full facts will never be known to the public, and most likely not even to the few AFRINIC staff members who are, at present, and reportedly since last April, "investigating". Regards, rfg