At least a couple weeks until application period concludes.
ICANN’s online system for new top level domain applications is likely more than a week away from opening up again. If that’s the case, that means we’re at least a couple weeks away from the application period concluding.
In an update posted this evening, ICANN said applicants that had data potentially exposed by the bug will be notified within the next seven business days. They will also be told who may have seen the data. Although I suppose the notifications could be concluded sooner, history tells us to err on the side of this not happening.
After everyone has been notified, ICANN will then release a schedule for opening and completing the application round.
The non-profit has already said TAS will be open for at least five days. So I figure we’re looking at two or more weeks before the application period finally closes.
As an interesting aside, the latest communication doesn’t say whether it will tell applicants that may have been able to view data if they will also be informed of this disclosure. I think this would be fair, given that their information is being provided to another party. This disclosure of the identity of who could view data creates an interesting scenario. Presumably ICANN will tell applicants the name of the entity that was able to see the data. What if the name of the applicant is something like Rugby.com, Inc, thus giving away the name of their string?
John Berryhill says
Andrew,
It doesn’t seem you are reading the announcement accurately.
The only thing ICANN says it is going to tell anyone at this point is:
“ICANN will notify all applicants within the next seven business days whether our analysis shows they were affected by the technical glitch”
What this says is that applicants will be told whether – i.e. yes/no – they were affected.
It goes on to say (with emphasis added):
“In order to make these notifications, WE are identifying each applicant file name and user name that might have been viewed”
What the announcement appears to be saying is that ICANN is going to have all of the data on who was able to see what.
The announcement does not say what you then infer – i.e. that ICANN is going to make the disclosure of who-saw-what to anyone who is affected.
It only says that applicants will be told whether they were affected.
Clearly, it would be stupid to identify applicants to other applicants, prior to the general public disclosure of the applications, and for the reasons you suggest. That would seem to suggest one not read into the announcement details which are not there.
Andrew Allemann says
@ John Berryhill – fair point. Perhaps I’ve read too much into Jeff Moss’ “monkey business” comment in his video from April 20 as well.
Kristina says
John Berryhill is right. However, any affected applicant that does not demand to know which other user(s) saw its information needs better counsel, IMHO.
Andrew Allemann says
@ Kristina – but wouldn’t it be dumb of ICANN to reveal this info? Then it’s just making matters worse; revealing the information of even more applicants.
Kristina says
@Andrew – not if they do properly.
Andrew Allemann says
@ Kristina – and how would you properly disclose the name of another new TLD applicant, when that applicant has an understanding of confidentiality until the application period has closed?