.ZA Domain Name Authority 2013 objectives

Meeting report

South African Broadcasting Corporation (SABC) Predetermined Objectives 2013/14: Auditor General SA comment
Mr Wikus Janse van Rensburg, Senior Manager, Auditor-General South Africa, introduced the mandate of the Auditor-General South Africa (AGSA) as the supreme audit institution, and said it strengthened South Africa’s democracy by enabling oversight, accountability and governance in the public sector through auditing,  and thereby building public confidence.

The final draft of the 2013-2016 Corporate Plan for the South African Broadcasting Corporation (SABC), with all its indicators and targets, had been reviewed by AGSA with a view to assessing the  usefulness of the information and the measurability, relevance and definition of targets, to meet the SMART principles that they be specific, measurable, time-bound and relevant.

AGSA noted that 84% of the indicators were not well-defined (Goals 1, 2, 3, 4, 6 and 7); and 84% were not verifiable (Goals 1, 2, 3, 4, 6 and 7). With regards to the targets, 76% were not specific (Goals 1, 2, 3, 4, 6 and 7) while 76% were not measurable (Goals 1, 2, 3, 4, 6 and 7). 14% of the targets were not time bound (Goals 4, 6 and 7) while 3% of the targets (Goal 6) were not relevant.

AGSA therefore concluded that the 2013/14 plan fell short in that the number of targets not specific and not measurable was above the threshold for qualification, while the targets not time bound were below the threshold for qualification. The indicators not well-defined and not verifiable were also above the threshold for qualification, while the indicators and related targets that were not relevant were below the threshold for qualification.

AGSA recommended, in order to correct the error rate, that SABC leadership must guide and direct the development and implementation of proper performance planning and management practices. It should have clearly defined roles and responsibilities linked to corporate plan and individual performance contracts. There should be training and consultation with the National Treasury to enable application of the principles in the Framework for Managing Programme Performance Information (FMPPI). SABC should develop and implement standard operating procedures and establish policies and procedures. It needed to improve its record keeping, establish a forum for the portfolio to share insights and have a consistent approach, and finally to continue involving the AGSA in the planning process. In this regard, he noted that SABC management had only embarked on the processes very late, and that AGSA was also called in at a later stage.

Discussion
Mr A Steyn (DA) asked for clarity on what Mr van Rensburg meant by referring to the ‘portfolio’ in the recommendations. He asked why the review of the targets had taken so long. Previously, he had questioned why the technical information was not available on the website, but slide 10 of the presentation indicated that there was in fact no requirement of publishing such information, and he requested clarity on the point.

Mr van Rensburg responded said that his reference to the ‘portfolio’ in the recommendations included a forum with the Portfolio Committee on Communications. He noted that this was the first time that the AGSA was reviewing the targets of SABC. There was a need still to have the technical information on the websites verified, hence the recommendation of record keeping, which would ensure that SABC could readily make the required information available when the AGSA needed it.

Ms J Kilian (COPE) asked if baseline information was available, and how it related to record keeping.

Mr van Rensburg said that SABC’s record keeping was not sound, and so there was need to improve it by putting controls in place that would support AGSA’s role of reviewing and auditing.

.ZA Domain Name Authority (.ZADNA) 2013/14 Business Objectives: Briefing
Dr Hasmukh Gajjar, Board Chairperson, .ZA Domain Name Authority, called for some guidance from the Committee as to how he should proceed. He noted that the .ZA Domain Name Authority (the Authority or .ZADNA) was established by the Electronic Communications and Transactions Act (ECTA) in 2003, and its work has been on-going since 2004. Any domain that ended with “.za” was under the oversight of .ZADNA.

From an international perspective, the Internet Corporation for Assigned Names and Numbers (ICANN) was responsible for managing top level domains such as .com, .org and .net. .za was a country code top level domain. Databases could only be changed through the authority that ICANN allocated to .ZADNA as a regulator of the .za domain. .ZADNA’s mandate, as stipulated in the ECT Act, was essentially to ensure that there was stability around the domain name space.

Part of .ZADNA’s agenda was to transform the environment so that it could be more diverse. South Africa had been trying to catch up with the rest of the world, over the last four to five years, in progressing in the area of regulation of domain name space.

Mr Vika Mpisane, General Manager, .ZADNA, said that every South African had a right to be a member of the .ZADNA, upon application, and the members were the highest decision making body in terms of aspects like the business plan. .ZADNA was listed as an entity under schedule 3A in terms of the Public Finance Management Act. Its vision was to be the namespace of choice for domain name holders who were seeking a South African identity online. Its vision was to administer, manage and regulate .ZADNA in a manner that met the needs of its registrants, and that supported security and stability of the domain name system.

 .ZADNA’s key objectives were informed by section 65 of the ECTA, which dealt with the Domain Name Authority. This section required .ZADNA to manage and regulate domain space and licencing entities such as the State Information Technology Agency, and to create awareness of the need to register domain names. He explained that registration of a domain name under .com meant subsidising the United States who had responsibility for that domain, whereas using a .za domain had positive implications for local circulation of money. This section further enjoined .ZADNA to improve the .ZA infrastructure capabilities to be able to prevent hacking threats, as was the case in Estonia in 2007.

.ZADNA was also mandated to influence internet governance and development. Policies made by ICANN could have serious implications for South Africa. .ZADNA would also play a role in the regional and international internet governance and development forums. The issues and policy around ICANN’s role as related to government regulators was something that .ZADNA would continue to work on, with the Department of Communications (DoC).

He outlined the business objectives, focusing on effective policy and regulation, and said that .ZADNA would clarify and finalise second level domain (SLD) charters, such as .co.za and org.za. The name .co.za was available for everybody but .gov.za was reserved for Government and its entities. .ZADNA would also develop relevant ZA policies  on Whois, privacy security (DNSSec and Anycast) and pricing. .ZADNA was working on the Anycast technology that duplicated databases across a number of circles globally, to protect against scenarios like cyber-attacks. The Domain Name System Security Extensions (DNSSec) technology made sure that domain names like Parliament.gov.za had a particular signature on the internet, so that a person searching would get an indication that the information on site could be trusted.

.ZADNA was required to extend ZA Alternative Dispute Resolution (ADR) process to cover other SLDs as this would help in preventing lengthy court processes. It would also monitor compliance with ZA policies and drive .Cities generic Top Level Domain (gTLD) policy development. There were currently approximately 250 million domain names registered worldwide, with .com accounting for 47% of this total number. ICANN sought to create competition by opening up new extensions. .ZADNA, in consultation with the DoC, had decided to protect South Africa’s major cities such as Cape Town, Durban and Johannesburg and this was done in collaboration with the municipalities, who were very supportive of the idea. This would see extensions ending with .capetown, .durban and .joburg.

In terms of ZA development and competitiveness, the Authority would implement an education and awareness programme for the public in areas of policy changes, Central Registry and alternative dispute resolution. The Authority was also going to work towards improving stakeholder relationships both locally and internationally. Research and surveys would also be conducted in the areas of second level domain and ZA market research. The Authority would also seek to improve the .za profile, in light of generic top level domains in terms of second level domain profiles, communications and marketing.

Mr Mpisane outlined that in pursuing the improvement of infrastructure capabilities, the Authority would facilitate the transfer of relevant second level domains to the Central Registry. There would also be a re-opening of .net.za and .web.za to accept new registrations, and clarifying the Registrar’s requirements for them. The Authority would firstly be finalising policy and procedures then deploying DNSSec in these two areas. The centralisation of automated second level domain Whois operations would help in verifying ownership. This would be helpful in tracking down the source of attacks as well as spam and phishing.

Mr Mpisane noted that the Authority would be engaging with relevant players such as ICANN and Africa Top Level Domain, on relevant topical policy issues, thereafter providing policy recommendations to the Department of Communications, and would also support the ECT Act amendments to address gaps and clarify the powers on regulation.

He briefly described the budget (see attached document) and noted that 50% of the budget was going to be allocated to effective policy framework, 20% to the development of the ZA namespace, 10% to infrastructure development, and 20% to influencing internet governance and development.

Discussion
Ms M Shinn (DA) said that other countries had made domain names free and asked if South Africa could do the same. She enquired if she was correct that the registration cost for a domain was around R75.

Mr Gajjar responded that although the Authority had also considered the provision of free domain names, this required massive investment, and also involved the Central Registry. With the appointment of a Central Registry, leading global practices had been implemented, such as the electronic registration that had helped in the decreasing of prices. He noted that the old system of registration had been costly and that was the reason for the shift, with the initial R50 for registration of a domain name on the .za later being reduced to R35. An onus had also been placed on the Central Registry to encourage and migrate existing owners to adopt the new method of online registration that cost R35. The new method of online registration worked on a ‘first come first serve’ basis, so that whoever registered a site first was deemed to own it.

However, he noted that owners were still required to re-register each year. The R75 fee was charged to encourage owners to adopt the electronic mode of registration. In the event that a site was not re-registered, there were policies in place that guided the Authority on when such a site could be released, and the name registered by a new person. The Authority was only entitled to R7 out of the R35, with the rest for the Central Registry, which was established on a cost recovery basis. The Authority did not manage the Central Registry to avoid any conflict where it might be both referee and player.

Mr Gajjar added that although there were some free second level domains these still had to be hosted, but this was done not by the Authority but rather by Internet Service Providers (ISPs). Making domain names free had the effect of attracting wrong elements like hackers. Trust and security were the primary objectives of the Authority.

Mr Mike Silber, Director: .ZADNA Board, said that the Authority, as a regulator, wanted to ensure that it remained in a competitive market through monitoring and regulation of the .za domain space. In terms of ensuring that licensees pay, he said that the Registry system of using industry standards that included a renewal was helpful. Non-payment of the domain fee would lead to suspension of the account and de-registration, which would of course affect the owner’s use of the site and its information.

Mr Lucky Masilela, Director, .ZADNA re-iterated that the low pricing was meant to encourage people to move to the new process of registration, which was cheaper and easier.

Mr A Steyn (DA) asked what other policy measures .ZADNA had made in the past year that had been brought to the attention of the Department of Communications.

Ms R Morutoa (ANC) asked as to how many Committees .ZADNA was reporting to in Parliament, and whether it was working with the Department of Communications with regards to cyber-security.

Mr Gajjar responded that in terms of the World Conference of International Telecommunications meeting, there was on-going input to the Department of Communications policies. It was the Authority who had recommended to the Department of Communications the establishment of a Central Registry.

Mr Steyn enquired how far the Authority was on the process of signatures.

Mr Steyn noted that there little awareness in the general public and wondered when the Awareness Programme would be launched.

Ms W Newhoudt-Druchen (ANC) said that she had never seen any awareness-raising, and when and how South Africans were to be educated

Mr Mpisane said that the Authority was in the early phase of DNSSec opting to take an incremental approach in starting with small domains. The focus for this year was going to be educational awareness through initiatives such as workshops. The Authority was in the process of adding three more staff personnel in the new financial year. He added that the education and awareness campaign would help in raising revenue, if more people would move from .com to .za. The resource constraint that was hindering the implementation had now been resolved. 

Mr Steyn asked what was happening in other countries in regard to cyber-security, and asked also how .ZADNA was cooperating with other bodies on this issue.

Ms Newhoudt-Druchen enquired what .ZADNA was doing about hackers.

Ms J Kilian (COPE) made reference to cyber-security and waves of attacks on certain websites. She asked what an ordinary citizen could do to report such attacks and what measures South Africa could take to address the hackers.

Mr Gajjar in response to the questions raised said that the Authority was limited in its mandate to internet addresses and that once a person got to the site, the rest was not within its power and mandate. He added that in terms of phishing and hacking, the Authority only secured the street address site and not the content or the manner in which others might reach such site.

Mr Mpisane added that the tracking of hackers fell under the Department of Communication’s cyber-security hub.

Ms Stella Ndabeni, Deputy Minister of Communications, said that the Department of Communications had established a cyber-security policy framework and that a cyber-security hub was going to be implemented in November 2013.

Ms Palesa Legoze, Director: Cyber-security, Department of Communications, said that the internet was a global resource on which many countries were depending, to do many things including business. Technology had evolved hugely and everything was IT-based. South Africa’s take was that having one country or entity responsible for the internet resource required accountability and transparency on how things were done. Governments were advising ICANN on policy issues, something that was rare in the world. There needed to be an international body that would take responsibility, for many years, for administering the internet.

Mr Steyn wanted more detail on the .com domain and its control by America, and the processes that .ZADNA engaged in.

Ms Morutoa also expressed her concern about the possibility of Western countries dominating South Africa and said there was a need for regular reports from .ZADNA.

Mr Silber said that the fears about Western dominance were not entirely correct. The Authority sat on the Board of ICANN and South Africa would be hosting the ICANN meeting in Durban in July 2013. He responded to another question that ICANN was based in California and it was connected to the US Department of Communications. It also worked with other bodies in the world.

Mr Gajjar said that the Authority operated under the mandate of the ECT Act. The issue of ICANN or internet management was not part of the Authority’s mandate, although it provided some input into the forum.

Ms Legoze said that South Africa was at the crossroads with ICANN on the extensions that were country specific. For instance, there was a problem where an entity in Europe had applied for the domain name .zulu claiming that it had done that on behalf of the Zulu nation, and that that entity had the king’s approval – South Africa had objected to this. ICANN was a “club” of a few making policies that affected all countries worldwide.

Ms M Shinn (DA) asked where the remainder of the R35 registration fee that was not paid to the Authority was going.

Mr Silber said that retail price levels were set by the retailers. R28 went towards the Central Registry and the R35 wholesale price was a competitive price.

Mr Gajjar noted that the R35 was paid to the ISPs by the applicants. Because of a need for transparency, the Authority was adopting the principle of the more the domain names, the cheaper the price.

Ms W Newhoudt-Druchen (ANC) wanted to know who protected e-mail addresses and how they could be secured, as she indicated that recently an email address in Parliament was used for fraudulent purposes.

Mr Gajjar said that the hacking of emails fell under the cyber-security domain. The ISPs were licenced through the Central Registry and that there were technical requirements while applying. He reiterated that hacking and spam were not within the mandate of the Authority.

Ms J Kilian (COPE) said that she needed a copy of the Authority’s mandate.

Mr Mpisane noted that the Authority’s mandate was set out under chapter 10 of the ECT Act.

Ms S Tsebe (ANC) asked for clarity on the role of the Department of Communications with regard to the awareness campaign.

Ms Shinn asked who managed the Central Registry.

Mr Steyn said that there were no explanatory notes on the Central Registry.

Mr Gajjar expanded that the Central Registry was established as a non-profit entity, and the initial idea was that it could be licensed by the Authority, but this was not in fact the case. There was a contract in place with the entity, who was under an obligation to report to the Authority every year.

Ms Tsebe asked for the date of the last Annual General Meeting and the term of office for the directors.

Mr Gajjar said that the last AGM was held in December 2012. He said that the Authority was a non-profit entity funded by membership. The tenure for the directors had expired, but the Department of Communications had written to the Authority advising that the directors continue in their current positions until the Minister appointed a new Board.

Ms Kilian asked if this meant that the Directors were appointed without a time frame.

Mr Gajjar confirmed that this was so.

 to which the Board Chairperson responded yes.

Mr C Kekana (ANC) said that the Authority should inform the Minister of the fact that the Board membership was overdue for appointment.

The Deputy Minister said that the Minister was aware that the board was overdue but that there were on-going processes that would be reported on next week.

The Chairperson said that the Authority had to ponder as to whether it was contributing to the broader agenda of the country, in areas such as job creation.

The morning session was adjourned.