In message <Pine.LNX.4.64.2001301338580.909@yuri.anime.net>,
What can or should be done when a registry goes rogue?
Answering that question is a task which is above my pay grade. I would
be remiss however if I did not take this opportunity to make a few brief
and relevant points.
*) There are other and additional shoes yet to drop with respect to
AFRINIC. I am not free to go into more details regarding that assertion
at this time.
*) It is implausible on the face of it that only one AFRINIC insider was
stealing all of this stuff and spiriting it all out the backdoor at midnight
while all other AFRINIC employees, management, and board were entirely
clueless and totally in the dark about the fact that any of this was going
on, right under their own roof and right under their noses. And I have
some not-entirely-speculative reasons to believe that others were involved.
*) Throughout my investigation, AFRINIC officials and board members have,
almost without exception, avoided answering many simple and relevant
questions regarding this and other matters, even when the questions quite
obviously do not have any relevance whatsoever to AFRINIC's contractual
confidentiality commitments to its member organizations. If you ask
AFRINIC what time of day it is, they will tell you that that is covered
under an NDA, and that thus, they can't tell you.
It really is almost that bad, and there appears to me to be a pervasive
culture of secrecy within the organization which effectively thwarts
reasonable inquiry and any and all outside accountability. This appeared
to me to be the case even well before AFRINIC became fully aware of
the activities of their rogue employee, and now, the existance of what
is supposedly a serious police inquiry by the crack Mauritian police
investigators is being used as a basis for AFRINIC to answer even fewer
questions than before, since the whole matter is now said to be "under
police investigation".
(It is left as an exercise for the reader to deduce whether or not the
high-tech crimes investigative unit of the Mauritian national police is
at all likely to obtain or expose more answers in this case than I and
journalist Jan Vermeulen already have done. In estimating the odds of
that, it may be of value to keep in mind that the entire nation of
Mauritius, known primarily for sunny beaches and tax avoidance schemes,
has a total population of slighty less than the city of Dallas, Texas.)
*) Ever since the publication of Jan Vermeulen's first article on this
matter on September 1, 2019, it has been alleged that AFRINIC has been
conducting its own internal investigation. More recently Jan has learned
that AFRINIC's internal investigation may have actually started much
earlier, in April of 2019. In all this time, neither anyone from AFRINIC
nor anyone from the Mauritian national police have made any effort to ask
either Jan or myself what, if anything, we know about these matters that
has not yet appeared in print. If they had asked, as part of their
"internal investigation", we could have told them some things. They never
asked.
*) Entirely separate from the matter of the looting of IPv4 resources
from AFRINIC, it was announced some time ago the AFRINIC's auditor of
many years, PriceWaterhouseCoopers (PwC), has effectively fired its client,
AFRINIC, for reasons that have yet to be revealed, either to the AFRINIC
membership or to the public at large. This is the same accounting firm
that has been named in numerous recent press reports as having possibly
played some role in the large scale looting of the state coffers of the
southern African country of Angola:
This raises the almost unavoidable question: How bad must AFRINIC's books
be in order to cause even the likes of PriceWaterhouseCoopers to walk away
from their client, AFRINIC, after so many years? And what is it in those
books that AFRINIC and its board would prefer everyone not know about?
*) At the present time, and reportedly even well before Jan Vermeulen's
September 1st article which suggested, unambiguously, that there was
something rotten going on within AFRINIC, AFRINIC has been allegedly
endeavoring to investigate itself. I problems with that are, I believe,
self-evident to any unbiased observer.
I personally have no faith that the full truth or the full facts relating
either to the IPv4 pilfering or to the other and unrelated accounting
issues, whatever they may be, are at all likely to emerge from AFRINIC's
investigation of itself. Furthermore, I believe that this is itself
considered by the AFRINIC board to be a feature rather than a bug.
If anyone were seriously motivated to get to the full truth of these matters
then the solution is quite obvious. There should be an independent outside
investigation. And to be clear, I am most definitely *not* talking about
an investigation performed by what is effectively AFRINIC's parent company,
ICANN. That organization also has more than a little vested interest in
seeing to it that both of these matters, the IP thefts and the accounting
irregularities, are all swept under the rug as quickly and as quietly as
possible.
For this reason, I have no doubt whatsoever that both AFRINIC and ICANN
would vigorously oppose the notion of an independent outside investigation.
And since ICANN calls the tune with respect to all Internet governance
matters I also have no doubt at all that there will be no indepndent
inquiry into any of this abundant funny business, and that the full facts
will never be known to the public, and most likely not even to the few
AFRINIC staff members who are, at present, and reportedly since last April,
"investigating".
Regards,
rfg