ICANN Security Glitch Revealed TLD Bid Details

The recent glitch in ICANN’s TLD Application System (TAS) could have resulted in applicants being able to see competitors bids. While nobody has come forth to say they saw other bid details, it is also most likely if you had knowledge of competitor’s bids one would stay silent and possibly even use the information for commercial advantage.In a statement from Akram Atallah, ICANN’s chief operating officer, ICANN acknowledged some users may have been able to see other bid details.”As we have reported, ICANN has learned of a technical issue with the TLD application system software, or TAS, that allowed a limited number of users to view some other users’ file names and user names in certain scenarios. We temporarily shut the system down on 12 April 2012 to protect applicant data, and to look into the technical issue and fix it.”The glitch saw ICANN shut down the TAS for some hours Tuesday last and the closing date for applications extended one week until Friday, 20 April.It is possible that had a registered user of the TAS seen details of existing applicants, they could then use this information to encourage organisations, and in particular brand owners, to apply.Speaking to The Guardian, Kieren McCarthy, former ICANN staffer and currently managing the dot-nxt consultancy, said ICANN “might bear some liability if applicants lost out because of the fault: ‘it depends on what people could see. And if a competing applicant changed details at some point through the process. If someone loses their bid – most likely if the same name is applied for under a ‘community’ application and so gets precedence – then the losing party may sue and use discovery to subpoena records relating to what the problem was and whether ICANN was responsible or, worse, knew about it.'”It is also likely ICANN became aware of the problem on 19 March following a user report the organisation acknowledged in a statement.In the statement from Atallah, it also stated that ICANN “believed the issues identified in the initial and subsequent reports had been addressed, [but] on 12 April we confirmed that there was a continuing unresolved issue and we shut down the system.”ICANN “are still aggressively looking into the issue, and we will publish additional information as soon as it can be confirmed.”What happens if competitors of applicants gained information to their benefit, and detriment of organisations already applying, is unsure.