These are unedited transcripts and may contain errors.

Anti-Abuse working group session:

CHAIR: Just as I'm about to start a bunch of people walk into the room. Can I assume there was a bell rung downstairs a minute or two ago?
Right, so. So good morning and welcome to the Anti?Abuse working group session for RIPE 64, your co?chairs for the next hour and a half of the exciting, illuminating and wonderful conversation are Tobias Knecht and myself,

BRIAN NISBET: . If you're all very good, we might let you out very early. Hopefully we'll be talking about things for far too long.

So administrative issues. We've done the welcoming bit and you are all very welcome. I'd like to thank the two lovely people from the NCC who will be doing the minuting and taking care of Jabber and remote participation and indeed our lovely stenographers, without whom we'd all forget what we said moments after we said it. Microphone etiquette: Please state your name and some manner of class or affiliation. Even if it is whatever Randy has to think about for his 70th mike conversation.

So to move on, we had minutes of RIPE 63 that was circulated to the mailing list. There was one comment made but that was not a disagreement with the content of the minutes, so unless anyone has anything to say right now, we're good and we can consider them approved and finalized and all that good stuff.

Excellent. So, the last part of the administrative, is the finalizing of the agenda. Does anyone at this point in time have anything they would like to cover under AOB or anything they would like to put in at the last moment? Again, no. Excellent.

So, we shall move on. Recent list discussion. In times past this was a very small agenda item. Over the last three months, this has changed somewhat. So we have had an increasing range of topics discussed on the mailing list. This is, by the way a wonderful thing and I heartly encourage you all, if you aren't already scribed to subscribe and to participate in the discussion. There's a few points I want to cover off and we'll have a couple minutes and if there's any other points or discussion or if anyone thinks I'm being unfair, please do say so.

So a reasonable percentage of the mails to the list are still conversations about abuse reports or allegations about specific abuse. This is not a bad thing. And indeed, as a mail conversation which has just taken place with a gentleman who was asking about information on IP addresses that were abusing him, shows the mailing list can be used and indeed the working group should be used as an exchange of information and an opportunity for people to assist other people in abuse matters. So someone has just responded to that query with a response regarding, I think the Lativan cert, and if he can help the person reporting abuse. This shows that while the mailing list cannot itself go, yes, we will swing into action and solve all your abuse problems, there are contacts there, information there, and it's not a terrible thing to mail the list in that way.

That said, it is not the right place ands that never been the right place to actually report abuse. All that can be done is information given. There's no direct action that is going to be taken out of that there. And the response that will be given will be similar to the one I gave this morning, which was to look at the spam and hacking FAQs and if required, to the reporting forum, which we'll get to, or the reporting procedure which we'll get to in a minute. But the nature of the list means it's always going to be part of the conversation, I think. The one thing I would say is, we do on occasion need to be a little careful with any allegations that are made. While I don't think anyone is going to swoop down and start complaining vociferously, you should be somewhat careful if you are mailing the list with allegations of abuse, that it's classed in such language that we're not suddenly accusing vast numbers of people that they aren't doing on a public mailing list.

If anyone has any comments, please feel free to stand up and interrupt me and we'll have a short amount of discussion afterwards.

The database bulk access, private data and data protection task force legal analysis, has been an ongoing threat on the list for the last few months. There's a variety of opinion on what is public and private data, in the database, what should be allowed as bulk access, what is acceptable bulk access to that database. As far as this working group is concerned, we have ?? hello. Let's all wave to the nice man. We have rules that were decided by the data protection task force and they're the rules that we're working and that the NCC is operating. Now, the NCC very kindly produced a document on the legal advice that had been given to the task force which was published a few weeks ago. And unfortunately there were ?? the working group felt there were a couple of bits missing from that document. And while I've spoken to Jochem and Athina and they explain why the document was written the way it was, conversation the working group does suggest in conversation I had prior to now and indeed that was on the mailing list, suggests it needs to be more detailed. So the first action to come out of this working group session, I would like the NCC to undertake to provide a more precise legal analysis citing specific legislation. And I'm seeing Athina nodding so I'm going to take that as a yes. Jochem is shaking his head. Life is hard.

SPEAKER: Can I make a clarification. This was a report from data protection task force. So the NCC support it but we sent it to the members of the task force and they looked at that. Just as a rectification.

CHAIR: Absolutely. That was the report but this working group would like the more detail. So any notion of time lines on that?

SPEAKER: Do you have any time line?

CHAIR: I don't particularly have any specific time line. It has been asked for. I don't ?? part of what we're saying here is, yes, it will be done. I don't think we're asking for it by the end of the week or anything /KRAEZ like that. If we could get some idea when you expect to have it, that would be great.

PETER KOCH: Peter Koch, DE?NIC. What is the next step after that? Are we going to expect a discussion of the legal aspects of that legislation and the applicability to the database that should better be taking place in a legal forum? Or what is the purpose of citing chapter and verse here? I'm not against doing that, I'm just wondering what the next step is. As far as I've seen this discussion going, I'm not really confident that we'll come to a constructive end at that point.

CHAIR: Yes, you are not the only person to have asked that question. From my point of view, the question that was raised was can ?? can we see citation, so that is what we're doing here. I'm not attempting and as far as I'm concerned if there are questions over bulk /SAES or data protection, this is not the Working Grouping grease. The data protection task force didn't come out of this initially and I see no reason for it to come out again. My framing for how this should be said, you've asked for citation, this is citation, this is a report of the task force that is over. This mailing list or any mailing list right now is not the place to discuss this. In no small part because what we're trying to do like with 2011?06 is make the relevant data available as specifically public data, to try and avoid some of the data protection conflicts which have cropped up as part of this. But I can't control what people are going to say on the mailing list.

PETER KOCH: Thank you for that clarification. I'm a bit behind on the mailing list traffic for reasons you've given. That guidance is probably in need of being repeated once in a while on that mailing list. The point here is there's an operational environment that the NCC or any other operator of such databases and my employer is one of those, has to operate in. No matter what a Working Group reaches consensus on, not saying there is one yet, the working group is not in a position to outperform the legal environment and ?? yeah, so, some things, some of us all have to accept and find ways around.

BRIAN NISBET: Precisely.

WILDRED WOEBER: Wilfred speaking as one of the members of the task force. Maybe with a slight ?? more slight correction. I think that it's not the task force that actually took the decision regarding what exactly has been implemented, because in the RIPE framework the task forces have sort of an advisory role. And in the end the decision is made by the community, most of the time by silently nodding their heads, but still formally. I think we should try to avoid to artificially keep a dead task force resurrected and starting to be used as a vehicle to discuss things which have been decided a while ago. And I appreciate the efforts by the RIPE NCC to sort of improve the documentation about the result of the task force, but other than that, I guess if someone has a particular problem with the way things are, as they are by now, then we need to start a well?defined new exercise, either by creating just a new task force or by bringing it up in the services working group or by bringing it up in this framework. I would ask for being careful sort of not to keep task force that's wrapped up, reappearing half heartedly or something like that. Just as an observation.

BRIAN NISBET: Absolutely. And that would be my thoughts on this. We are spending to a specific question and asking the NCC to answer that question. But that is the answer. It's just showing some more background for that answer. The community has accepted that if somebody wishes to change that, as you say, that's a whole new process, whole new thing. We're not into ?? well, one can't stop discussion, but we're certainly not looking at changing anything there.

So, to move on, policy proposal 2011?06, has its own separate agenda item, which Tobias will be leading later on. I'm not going to go into that now. There was a short discussion on community self?help reputation which seems to have kind of petered away for some useful responses were given to the original mail. I don't see Shane in the room, so ?? but some useful responses were given. That seems to have kind of died away again.

The spam FAQs and community interaction, I wish to site specifically as evidence that when the NCC do something and when the community doesn't think that it's good enough or specific enough or that it could be done better that the NCC reacted, changed things and improved what the documentation massively under guidance from people who know a lot about these people subjects. I want to thank the NCC for that and to show, again, that despite what has been ?? bluntly despite what has occasionally been accused on the mailing list, it is a dialogue, it's a responsive situation. And both myself and Tobias are grateful for the support given and those FAQs and things are up, and the documentation is up on line.

The RIPE NCC reporting procedure has also cropped up a number of times and Laura will be presenting on that in a few minutes. I'm not going to go into that on any detail. If we need to have discussion about that after the presentation, we can. And finally, I have data verification with a question mark. There's been a number of threads and comments and questions about data verification, whether at point of registration, whether as an ongoing rolling activity. This is bubbling under the surface is the best way to describe this at the moment. And from my own reading of the mailing list, this is something that cropped up partially in a proposal in 2010, we took that under ?? it was withdrawn for a number of reasons, one of was was the abuse management task force. That task force hasn't tackled that particular area yet. We looked initially at BDC in 2000 six which we'll get to. There's been a resurgence of commentary about data verification and it's a much more solid resurgence, one might say. So the discussion would suggest that there will be some manner of or class of policy coming in the not too hugely distant future. What the hugely distant future is, where the policy comes from, and this is a discussion when which the abuse contact management task force are going to be having. I realise there are members in the task force that didn't realise that. As chair of the task force I'll be raising this with the task force. Or whether it comes from an individual proposal on the mailing list and we try to work together on that. I think that that will be coming down the line. And we'll then see whether that should be best discussed here or it's entirely possible, that should proposal should be best discussed either in the database database working group or NC services, but we'll talk more about that later on this morning. But it's certainly, from my historical reading of the list, this is the most solid of the talking about it, and I don't think it's going to go away this time. I think the part of the community represented by the Anti?Abuse working group seems to be moving towards a feeling of why isn't this there already. We'll see how that plays elsewhere.

So are there any other matters that were discussed on the list which I haven't touched on, which I have touched on wrongly as far as people are concerned or other people want to raise?

No? Okay. Clearly my archival skills are improving.

Next up we have our updates, and there's two updates, two presentations from people who are interacting with the working group. So the first one, I would ask. From the CleanIT program to come up.

Speaker: Thank you very much. It's very nice to be here. Thank you very much to the chair from the Anti?Abuse working group to be in the ?? I'm very honoured to be here and to give this presentation about the CleanIT program which is an EU funded project. Let me introduce myself. My name is But Klassen I work for the ministry of security and just in the Netherlands and I'm leading this CleanIT project which is an EU funded project with several persons. Our partners are the ministries in Germany, Belguim, Spain and the UK. I work with the tourism unit, which is coordinating body within the Ministry, coordinating all the counter terrorism from several agents in the Netherlands. We're doing this project with our brothers and sisters in those partnering countries. So as I said I'm very honoured to be here because this Anti?Abuse working group, counter terrorism is for me a very specific form of abuse. And I'm not sure that you all folks have the same few about abuse and are aware what this counter terrorism use of the internet is. I would highlight three points in this presentation. I will try to explain what is this terrorist use of the internet. I also will try to explain how the project works and which challenges we face.

To start with this terrorist use of the internet. We see theoretically, you can use the internet in three ways. You could use it as a target, you could try to take it down. You could see it as a weapon, to target something else. Or you can see it as a resource. We have those three categories in our analyzer's department, analyzes those both three ways, those three categories, and they looked for which way the terrorists are using the internet. To start with the first one, internet as a target, actually we didn't see anyone that wants to target the internet. Not the bad guys, not the good guys. Because the internet is very beneficial to everybody, every part of society. Terrorists are not interested in targeting the internet itself. Internet as a weapon, that's something we see. You could use it as a weapon to attack critical infrastructures, for example. Cyber attacks are well known these days. But what we don't see is there are terrorist groups behind it. We see cyber attacks mainly from ?? a lot of cyber criminality, a lot of cyber he ispy onage. At the moment we don't see terrorist groups using the internet as a target to hit something else, not yet I have to say. Maybe it will change in the future. I don't know. But at the moment this is not a real threat. The third one, that's the one that we see, terrorist use the internet as a resource, in effect just like we are using it. Terrorist groups use the internet as a medium for propaganda, for recruitment, for funding, and even for planning and organising deadly attacks. And to explain this, we see ?? we have divided the internet into three parts. This is just from our perspective. The first part, which is the upper layer, is the most accessible part where you find the social media, Google, you tube sites. Very easy to access it and spread information. The second part or the second layer, I should say those are more specific websites, which are a little bit more difficult to find, where you can find idealogical material. You can see the Jihad explain how it works, also explains that you use violence to promote the Jihad. Those are more specialist websites. In their nature, the owners of these websites will never cooperate with authorities. Then the third layer, this is the most difficult part, this is the most difficult part to access, it's actually the hidden part of the internet, it's ?? where we find the private chat rooms. It's very difficult to access only if you have ?? if you are part of some groups, you can get access to those private chat rooms, and that's where the core terrorist groups are hiding.

In this picture, I tried to explain how these three layers are interfering with each other. So on the top you see social media, that's where the propaganda for terrorists material. It is spread on you tube and on Facebook. A few months ago I heard somebody from European parliament, had a question about how many friends al?Qaeda would have on Facebook. Some people were laughing but from the other side, you would be surprised how many friends there are on Facebook for Al Queda. It is well known that there are terrorist material on these social media. The secondary firms, those are more difficult to find. If you're interested and you find material in the first layer, you get attracted to the second layer. This is also where the radicalization process starts, it starts in the upper layer, you get attracted to more material, more idealogical sites, where they promote you should use violence and then you can go to the deepest part if you're really interested in terrorist and you want to become a terrorist. We see two processes, we see a process of radicalization, starting at the upper part and going down to the part that's very difficult to assess, and from the other way, it starts from the deep web parts and going up to the upper level.

Now, the point is, this is what we see that terrorists use of the internet. The question is how and when do we interfere? And this is the part I'm try and explain what our website ?? excuse me, what our project wants to achieve.

Now, the project, CleanIT project, is funded by the European Commission, and actually we're trying to do it the other way around. It's not a traditional project governments say, we have a problem, we want to build a solution and after we build a solution, we'll consult the private sector. This time we try to do it the other way, as a bottom?up process. We invited the private sector from the beginning. Governments were explaining what the problem is with terrorism, like I just do, but in more detail. And then we try to find solutions together. So we are working through a series of workshops. We've had three workshops, the first one in Amsterdam in October, the second one was Madrid in Jan and then we had a third workshop in Brussels. Early June we'll have the next one 6789 during these workshops we discuss all kinds of possible solution to this phenomenon of terrorism on this internet.

Those workshops, we have three perspectives coming together. We invite people from the business, from the internet business. Of course there's people from government, from counter terrorism organizations, from law enforcement, and we have NGLs. Specially we try to invite people who want to protect the freedom of the internet. And we fry try to balance those three groups as good as we can. We think we can only find the best solutions if all perspectives are heard in this discussion. So we try to actually have a kind of trusted community with all different perspectives, talking about this problem with terrorist use of the internet. And in those group we have an open dialogue. We discuss every possible solution. We try to define best practices. But we also try to define bad practices. So what we are actually trying to achieve ?? as it is a project, we have to define end result. And we had, specially at this EU funded project, which is very tight on bureaucratic rules. So we said the the end, beginning of this year, 200013, we'll have some general principles, which are supported by industry, government and NGLs. Maybe it's kind of code of conduct you might ?? might be an example. Those general principles are ?? well, okay, they're general, that's often the point with general principles, but attached to them are best practices. And those are best practices that are ?? they are not new best practices but existing best practices, on the local level, on the national level. For example, we found Germany had some good example how to define terms of reference, best for ISPs, this is an example that we could define as a best practice and could we add to this general principles that we want to present at the end of this year.

Now, we also facing challenges. As I said, this process of radicalization itself, it is not illegal. Recruitment is not illegal. It's more the total picture where the problem comes. Use of social media is not illegal. And it's very difficult to define when the threshold of illegality has crossed. This is what we try to define and in this context we try to find best practices we could use.

I would just like to name some of the best practices we are discussing. We are not ?? we have halfway in the project now, so we ?? it's not the end product, but I will just try to highlight about what kind of best practice we are thinking of. For example, legislation, we see that legislation in different countries is not always consistent. Govern policies, for example, I'm part of government, this is difficult for me to say they are not good, but let's say politely, they're not always well understood and something we could work on. We discussed, also, end?user control systems. These are not general filtering mechanisms, but more use by parents. Parents use to protect their children against child 54 nothing avenue. Might it be an idea to have something like that for terrorist content? I'm not sure, we're just discussing it. We also discussed that it's bad practice to put it at a higher level, company or state level. Flagging system, reporting system. We saw that illegal content is often notified by users, but not brought to the attention of law enforcement, this is something we could improve. I mentioned service and busy conditions. Notice and take down is another category. There are different systems, they're not always effective. In this part we could improve cooperation between law enforcement and private sector. And this cooperation could also be improved in police investigations, because police investigations, they need the private sector to share information. Awareness is also something. I think that what I just talked about terrorist use of the internet, however briefly, is not well known. As I just said in my introduction, I see this as a specific forum as abuse, and I think you are not aware that this could be a form of abuse. Actually I'm posing questions to you if you're seeing this as a point of abuse. Point of contact is mentioned. We saw law enforcement, the industry at NGLs don't know each other, kind find each other. Point of contact could be a way to improve it. We also thought about a database where we could share information about illegal content, illegal content that is removed by legal order from one ?? by one company, by one network and it pops up, why shouldn't we have a database where you can quickly check if this is known illegal content? We don't have discussed yet, but we will probably discuss real identity policy. We know, for example, that Facebook is in favour of this policy. Why does Facebook use it? How does it ?? can it be used by other firms? Is it desirable to use it by other platforms? Interesting topic. Referral units, also discussed because it's more small companies very difficult to assess or evaluate if certain content is legal or not. They need the help of governments. So the UK, for example, have excellent referral unit which has good contact with the private sector. Why this is only in the UK, I don't know. This should be something on the European level too. And finally, because ?? well, as I said, we are halfway. We don't have our end results at the moment, but the discussions are very very fruitful, and already at this moment, participants said we want ?? if this project starts, to continue this discussion because, as I said, we have invited NGO, industry and government in a balanced way, and this is a very good way to get in?depth discussion about these very complex issueds so I suggested to create a permanent platform and that's something we have to work out. Yes, five minutes, I think only one will be sufficient.

So a permanent platform, that's what you try to establish when the project is finished. Maybe we can host it with an existing organization, maybe create our own platform. We don't know yet. We heard what the group said and we will try to realise that. So I'm very glad, again, to be here. For me, you are a very interesting audience. I saw that governments are only in touch with you if there are some very urgent matters investigation, and they're not really used to discuss policies with you. It would be wonderful if you would like to join the discussions. Again, we are halfway on the project. There are plenty of possibilities to bring in your views, and you are invited to do so.

So if you want to contact us, you see the contact details on the screen. We have a website. And you'll see my email address too.

Thank you very much and I would be very happy to answer any questions.

BRIAN NISBET: Thank you very much. Are there any questions?

SPEAKER: Hello. What is the definition

BRIAN NISBET: Can you stale your name

SPEAKER: The question is what is the definition of work terrorism, because it's a very big ?? a lot of things can be covered with this word. What exactly?

SPEAKER: We are using the legal definitions that European Commission has defined, which is implemented in all European countries. It's specific for Europe. All over the world there are more definitions about terrorism. We are using the one is that in Europe is implemented in regulation. And I have to add that at this moment we're focussing on Al Queda influence terrorism because that's the biggest threat at this moment.

SPEAKER: Can you state this definition because I don't know.

SPEAKER: Would you.

BRIAN NISBET: Is there a website perhaps?

SPEAKER: Yes, it's the European Commission, you'll see it there. It's about the intention to interrupt society with idealogical motivation. You have to check the website for the precise words. It's very precise.

SPEAKER: It isn't on your site?

SPEAKER: For the European Commission.

SPEAKER: I have two remarks. The first one is about identity, that's more a question. You talked about identity on Facebook. What was this ruling about that Facebook will check identity of members?

SPEAKER: They are. They are doing that. And actually this is the part we will still have to discuss, we'll discuss this in London in September, but I know that Facebook is very in favour of this real?name identity policy. They think that Facebook only works if the person that you can see is really the person you'll ?? is the real person and not a fake person. So they have a policy in ?? to enforce this.

SPEAKER: Okay. And my second ?? that's more like a comment. In Switzerland, I'm from there, the police had set up a website where you can just, as a user, announce something that you think is illegal and then they check ?? they have ten or 20 announcements per day and they check them. If there are something interesting, they go forward with justice.

SPEAKER: There are more countries that have that kind of websites. In some countries it works well, in other countries, not. But something to improve. I think France also has a very good way of making these kind of notifications.

SPEAKER: Kind of a crowd source policy.

SPEAKER: The crowd sees a lot, much more than law enforcement. But the problem is it's very difficult to evaluate, if it's really illegal. Therefore, you need specialized knowledge. And also there's often a language problem, specially if it involves terrorism. There is a missing link somewhere, because the crowds aware of it and it doesn't reach the law enforcement in the proper way. There's a gap we try to fill.

SPEAKER: Hello. Patrick Tarpey. Do you see there's any tension between the aims of what your CleanIT project is doing and the proposed draft regulations on privacy? In particular, the notion of privacy by design for websites and also the notion of the right to be forgotten and extending to levels of privacy?

SPEAKER: I would say definitely, yes. In a way, the best practices or the tools or the ideas we're developing can come in conflict with privacy and with the freedom of access to internet. So this is ?? specially the reason why we invite people that wants to protect the freedom of the internet to participate in these discussions. One thing I'm sure, if we will try to find solutions with just governments and maybe just with some specific partners in the industry, they will create a solution that will definitely conflict with the freedom movement. And that's what we want to try to avoid. It is very difficult and it is ?? I think the main challenge of this whole project is to draw a right border between freedom of the internet on the one side and the good and effective law enforcement on the other side. That's the biggest challenge.

BRIAN NISBET: I know just from my own part, I'm very glad to see and to hear your comments about your opinions towards blocking, website blocking, that this is something that you don't believe is useful or effective on a community or a state level. It's been very encouraging to hear more commentary from the European Commission in regards to that. And people saying that they don't think this is the way forward anyway, which is fantastic. Unfortunately in my own country they seem to be lagging somewhat behind that awareness, and there's still people in various realms of Irish political life that think blocking will solve all their problems. But it's great to hear the European Commission and the projects coming out of it are of that opinion. Thank you for that anyway.

SPEAKER: I have one more question. I saw the screen is out, but I wanted to highlight a part of our draft text. On our website we ?? the part of this where we have real kind of consensus is published on the website. You can down load it and send comments. There was a question about the definition of terrorism and you can find on this paper, which is number 4. I wanted to mention it. For the complete text, visit our website and down load the document.

WILDRED WOEBER: Wilifried Woeber, and in our country also involved to some degree in securities and abuse fighting environment. Just one comment. I think this project is really interesting. And I wish you all success and all the luck to achieve your goals. But looking at the whole thing from the other side, it turns out simply by looking back in the most recent history, that government and much less governments across the European union are acting in a consistent way. And whatever your ?? or whatever the useful results of such a project might be, and I hope there are results, there is no ?? I don't think there is no precedent to assume and to hope that the findings from the project would actually trickle upwards in this case, not downwards to the community but upwards to the various directors in Brussels as well as to the national governments as well as to the national entities trying to solve small little national regional or pressure group problems. And as you yourself indicated when you said, well, the things that we are having or that we are sort of developing further in the framework of fighting child 54 nothing avenue, can be used also to fight terrorism. Yes. And then the bells start chiming because as soon as you have managed to argue with child pornography to install implementation, structures, tools, behavior and you extend it to terrorism, it takes another five seconds to have the same stuff extended to copyright violation. There is a slightly bigger country in Europe which is far down that path already bordering the Atlantic. So I think that one of the ?? sort of one of the goals or one of the activities of this project should be targeted upwards. Don't assume that the community is going to support you with one particular goal if you at the same time punish them with the same tools against their interests and against their financial interests. As you said, it's contentious, I'm well aware of that. And I wish you all the success because I don't want to be bombed. But on the other hand, there are pretty touchy things there.

SPEAKER: You're absolutely right. Actually you're underlining the main challenges of this project. And it is a project I would like to call more an experiment but these are really huge challenges. And just very brief reaction, we are trying to position the project team in the middle between the private and the public sector. So this is the reason we have our own website, otherwise it would never be allowed by my Ministry. And the reason behind this also, of course, we have, will have, recommendations for the private sector, but also recommendations for the government and we're away that governments don't always work very efficient. One of the results might be a call for better regulation. And we can do more as we are a non?legislative process but we can ask for it. If this is supported by the industry and by a lot of governments, I think the whole process will grow.

And finally, I think this permanent platform is very important, because if we adopt some best practices, we don't have to think like technicians that we can copy to another policy area. We have to be very very careful. This is developed for counter terrorism, but as you say, it is not automatically can be applied for all policy areas. We need a continuance good discussion between all partners and that's why we want to continue it in that platform. You're right we're not sure it will be a success because there's great challenges. We're just trying it.

SPEAKER: Patrick Tarpey. Something that occurred to me, you're using European definition of terrorism, and obviously, for example, the group here, RIPE, their membership here extends and exceeds a much larger territory than the European union. Is there the risk that you on actors that are deemed illegal in the European Union but outside of the European territory, are, in fact, legitimate? Would it not be more useful to make reference, to, for example, some UN organization listing?

SPEAKER: It would be. The point is we are pragmatic as well. One of the ideas of this project started with a project in the Netherlands which resulted in a code of conduct about notes and take down. But this only worked in the Netherlands. So we thought that's not logic if the problem of notes and take down is world wide. So we took it a step further and that's the reason we went to the level of European union. Of course, it would be better to cover the whole world at one time, but for pragmatic reasons it's not manageable at this moment. But in theory you're right. And if this will be a success, I think that should be the next step.

BRIAN NISBET: Right. I think we have to move on. But thank you very much for that. It's been very very interesting.


BRIAN NISBET: And both myself and Tobias are somewhat involved in this, and we'll be going to as many of the meetings as possible and if there's relevant information we'll report it back here to the working group. I think we can go straight on to

LAURA COBLEY: Thanks Brian. Well, as Brian said, I'm from the RIPE NCC, from the customer services department, and my name is Laura Cobley, and I'm back here again to give you guys an update on the RIPE NCC reporting procedure and where we're at with that.

Before I go into the form that we've developed, I'd like to maybe clarify a couple of things that also have been discussed on the list recently and Brian also mentioned that you guys are going to get together and make some proposals for us, which is really great. That's how we develop our activities.

The mandate that we have from the community at the minute is to maintain an up to date and accurate internet number resource registry. And we manage that by several things. We perform due diligence when we're registering members, when we're giving out the resources and also when we're coming to the closure of members. We also have contractual responsibilities that members and independent resource holders have. We perform audits on a regular basis and also handle in?coming reports from anywhere that they might originate. But just to clarify that the registry data that we hold is very specifically to manage the data, the internet number resources that we give out, to make sure that we know that they're giving them out, who we give them out to and registered publicly. That's registered in the RIPE database and as you know that's a public and open database. We put allocations in there so people can see who resources are registered to. But also further down the line, assignments are made. And that information is not put there by us, but it's also reflects people using internet number resources.

So what we've been doing right now is working within our mandate. We've not changed any of that because that's for you guys to change. And we wanted to make it easier for you to find out how to report to us. We wanted to make it easier to use. We feel that if you know that there's a form that you can use to report several things to us, you can be reassured that we will then look into it and we'll also confirm that to you. You know that when you use a form to report things to us, they're all coming in in a consistent way, we can manage the direction within the company, so he don't need to worry, who do I email about this specific thing, the former and the software will take care of that for you and internally we'll make sure it ends up in the right place. I put a screen shot of our website, the top corner of RIPE If you look on contact you come to two forms, one is contacting us with questions about our services and the other one is the one I'm going to tell you about which is how to report abnormalities to us, for further investigation. And one of the other goals, it's a goal that we have in all our work, because we're an internet registry and our mandate is to keep the information accurate. If people report an abnormality to us, we investigate it, we find that indeed a resource has been given to, for instance, an organization that no longer exists, we can update that, either there may have been a takeover or a closure, we can make sure that the registration is and remains up to date, and therefore, improving the quality of the internet number resource registry even more.

You have it on your agenda to talk about data validation, I've seen it on the list as well. So what we've done now is work within our existing policies. If you guise come together and make a policy proposal to change that, of course we'll implement that and make further changes to the process.

Just to give you an update on where we're at right now, we did have a look at our processes as we're doing with all our processes, going through them one by one to make sure they're easy to use, transparent, and this is one of the ones that we looked at. I came last time to RIPE 63 and presented what we were thinking of doing. We went away after that and developed a web form, updated all the references throughout our website, launched it three weeks ago now, I think, threeish. And at this stage we're gathering feedback, gathering experiences for ourselves, how people are using the form, what kind of things are being reported. I'm sure you're gathering experiences as well as you use the form, and any feedback you have is welcome. And you can send that through to NCC at The email address is on the slide at the end. If there's overwhelming support for a certain thing, or like I mentioned, if the mandate to the community changes, then, of course, we'll have further development.

So if I look at the form, the idea is not really that you should be able to read this. I'll explain the sections of the form. The first part of the form is about the report itself. So the user would select what it is that you want to report to us. We have two broad categories and that's abnormalities within internet number resource registrations and violation of the copyright or intellectual of the RIPE NCC.

The abnormalities in internet number resource allocations and assignment registrations can be subdivided and we subdivided them all because internally we deal with them in different departments. So if you come across a violation of policy or procedure, you can report that. If you come across or suspect that somebody has provided untruthful information to us, you can report that to us. If you think or have information to show that an organization holding resources is now bankrupt or gone bust, you can report this to us. And if you come across contact information for an internet resource which is incorrect, you can also report that to us. A preliminary step at this point is that you report it first to the internet number resource holder, so that they have a chance to fix the data which is out of date. And, of course, if you have difficults contacting them, you can report it to us, and we will follow it up using our internal contact database to reach the party responsible for the registration.

Now, the reason that we ask the user to play a part in this part is because of the mandate that we have. Our mandate is to make sure that the resources are registered clearly to the right organization, that the validation of the contact information that's in the database isn't part of that yet, maybe it will become part of it, but that's for the future to see.

Next, obviously, we need to identify which internet number resource holder we're referring to, so you can add an internet number resource or an organization object here. There's an imbedded database look up just here so that you can double check that, in fact, you've got the right resource or you've got the right company. And, of course, there's a place where you can report and explain in more detail what the problem is. This is where we want you to put the information that explains what you came across, information to support that, because, of course, we're not accepting unsubstantiated reports. We want to prevent that people try to damage each other's companies just by telling stories about each other. So you need to have some sort of reason to believe that an organization is bankrupt or that some information is incorrect.

This information that you got in this section of the form, we need to be air to share that with the party responsible for the violation or incorrect information. So anything you put in this section, we may share with them in order for them to know what the problem is and how they can fix it.

The second section of the form is for contact information, the users Apps contact information. While you're reporting a violation, anything other than incorrect contact information, your name and email address will only be used for us to interact with you about the request in case we need more information or are going to confirm we're going to accept the report or not.

Did I say that the right way around? Now I can't I can't remember. If you're reporting contact information that's incorrect in the database, this whole section will be forwarded to the person responsible for the resource registration. The aim in this case is that you found something incorrect in the contact information, you tried to report it to them, you're having difficults contacting them so we're going to help you get in contact with them. For that happen we're going to pass on your contact information. All the other reports, we only use your contact information to interact with you. Hopefully that's clear now.

You can add additional details if you like, but that's not mandatory.

Something that was mentioned during the last working group session last time, if we're going to be forwarding information to third parties, we need to first establish a working communication channel with the user. So we've added a validation step. It's a simple, when you submit the form, first you receive an email and you need to validate that email within seven days for it actually to be submitted, so we know now we have a working channel of communication.

When we receive the report, obviously we'll have a look at whether it can be accepted or not. If you reported something that is on the list of things that can be reported or if you just selected something because you want to get through the form and ?? we'll let you know if it's something we can investigate or not. Either way, if we do investigate we'll let you know and if we don't investigate we'll let you know. That's where the interaction between us and the reporter will end and we'll either in the case of incorrect contact information forward the report and in the case of all the other kinds of violation, we'll start a separate investigation with the responsible party so there's no overlap between the two parties.

To summarize, I just wanted to repeat that this is part of a bigger process improvement drive. We're doing it across the company to make all of our procedures simple and transparent. In this case we have a combined effort between users who notice something and do some initial information gathering in order to report that to us. The internet number resource holders have a role to play if they're contacted by somebody reporting something, they should look into that and correct it. And in the case that something is reported to us, we will take it up, investigate, we'll follow?up, and expect our members to comply with the investigation.

So now, yeah, we'd really like you to use the form and if you have feedback on the process itself or the form, just let us know. NCC at

BRIAN NISBET: Are there any questions?

PETER KOCH: Peter Koch, DENIC. Just a clarifying question. You mentioned when somebody reports incorrect data in the database, that report is forwarded to the responsible party, would that be the maintainer of the object, or the sponsoring quote LIR, however that is determined? Speak.

LAURA COBLEY: It depends on the resource if it's a direct assignment we made we'll take it up with our member, if it's concerning an assignment that a member has made or direct assignment via sponsoring LIR, we'll contact the relevant LIR. So in every case we're contacting our members or direct assignment users.

PETER KOCH: But some of the objects are maintained by maintainers that are not necessarily members. So the member channel isn't immediately available there. I am reiterating on this because we've had this discussion on the list, kind of, where people said sure, I can try and contact the maintainer, but the maintainer is the entity that has the problem with the incorrect data. So there's a dead lock there. How would that be broken in that case?

LAURA COBLEY: We contact our member because we have contractual requirements for members to maintain the data and to make sure that end users maintain the data and keep it up to date. So that's why we're going to be contacting the members. If we come across a situation like you said where the member is no longer able to influence the registration, then we have to look at it in a different way. But first we try the proper channel. But unresponsiveness is ?? shouldn't happen, and all members should have a contact for their customers. And yeah, if it doesn't happen, then we have to look at it again.

PETER KOCH: So part of the response, if I understand correctly, yes, you're using additional contact information that may not be available to the reporter through the public database. Is that correct?

LAURA COBLEY: First we try to contact people through the information that is available in the database, because ?? when an organization ?? in an organization object, for instance, that's the information we have as well for contacting our members but they sometimes additionally give us more specific contact information for can I have rent departments, let's say, and we'll try every way of getting in touch with them.

PETER KOCH: Thank you.

AUDIENCE: Just to emphasize, the answer is if the resource is not maintained directly by member we try to go to the hierarchy to see if we can find a member. Normally we should have working contact information for our members if we don't it brings the problem to another member. If you have contacted the member we should have information. This should cover a vast majority of the cases, but obviously not all.

BRIAN NISBET: Are there any other questions for Laura? No, okay. Thank you very much.


BRIAN NISBET: So we're now going to move on further. Excellent. Thank you very much. Reading my mind. We have a policy in the wild at the moment which is 2011?06 which is to do with the creation of the abuse C object in the database. Now, obviously discussion on policies as Gert and Sander repeatedly about telling us, takes place on the mailing list ?? the decisions take place on the mailing list and the main body of discussion should take place there. But sometimes it's useful to have conversations or things can be explained better in words rather than in text. So, Tobias, maybe if you could briefly go through the basic information about the policy and if we have any questions we need to discuss.

TOBIAS KNECHT: Thanks for being here. We started or I started the policy proposal about the abuse C about a years ago and we had some really difficult discussions on the mailing list which were really, on the other hand, really good discussions to go a step further. And on Monday this week we brought up the new version 2 policy proposal for the Abuse C. So the intent this time was to make it a little bit more lean and get rid of some of the implementation and transition phase to go back to the issue of Abuse C and the need of special object or a special reference in the WHOIS database and go away from the implementation details which is something, in my opinion, that should be proposed by RIPE NCC at the end and can then be discussed in the next step.

So at the moment we're just asking for the Abuse C attribute, which is showing more or less a role object. The only special thing with the role object, there must be an abuse attribute in this role object that it can be used for Abuse C, the whole thing should be mandatory and available without query restrictions on all the systems, WHOIS database, APIs, whatever tools are coming up in future from RIPE NCC, to get unlimited access to the roll account which is in this situation, not personal data, and that's already Brian mentioned, this is a policy proposal that should also face the differentiation between private data and public data so that we're not getting in trouble with the Abuse C in that case. The list discussion at the moment is going on. Whoever wants to comment or has ideas, you can talk to me or go to the mailing list. We already had some discussions on the mailing list about data accuracy. Some people think we should put everything into one big proposal, the Abuse C and the data accuracy part. I think the task force, me and Brian and people who are responsible, more or less or motor policy proposal, decided not to do this because it would get too complicated. And the Abuse C is a smaller issue than the data accuracy part which should cover the whole WHOIS database in a global way and not only one object like the Abuse C.

Some other discussions on the mailing list were in which way we want to implement it. Some people think it would be more accurate to have the data accuracy part first of all and then the Abuse C. We stated our reasons for doing it that way. We don't want to wait for the data accuracy which is much more complicated and then put the Abuse C part after a long along discussion, after proposal of the data accuracy. And ?? but I have the feeling at the moment that the policy proposal is in a good way at the moment. So we had a lot of work to do to get ?? to explain a lot of ideas, why we want to do it in the way we are proposing it. It seems more and more people are joining to our side. So it's getting more ?? or it seems like it's more going into the final phase of getting the proposal.

BRIAN NISBET: A long way from the final phase.

TOBIAS KUTTNER: Still a long way but...

BRIAN NISBET: Or Emeliio will pop up and repeat the whole PBP discussion. I'm not asking you to.

TOBIAS KUTTNER: From the discussions, we did, in my opinion, a good job of explaining why we are on this way and people start to understand and agree with us, and we changed some of the things inle policy proposal in a way that it makes sense for everybody or most of the people. So I think we're in a good way with it. And hopefully we can go as fast as it happens in the last weeks with the proposal.

BRIAN NISBET: Having said all that, is there any questions, anything people want to discuss right now or clarifications they feel they can't do, or Emilio, anything you want to add to that?
Emilio, RIPE NCC's friendly officer.

EMILIO MADAIO: This proposal is under going the PDP as all the others. We're not doing anything special. Tobias highlighted some implementation, there's the impact analysis that is part of the PDP and also as part of the NCC assessment of the policy proposal, and that will be the chance for the NCC to give the input to the community, considering, also, the evaluation of the Working Group chairs about the input received on the mailing list. So the more people participate in the mailing list, the more we will have to elaborate and will be easier for us to produce an efficient impact analysis.

TOBIAS KUTTNER: Even if you don't have anything against the proposal, come to the mailing list and tell us that it's a proposal you want to support. So that helps us as well to see there's a broader consensus, more information for us.

BRIAN NISBET: I don't see anyone leaping up to the microphones so I'm going to assume you're all going to write lots of e?mails to the mailing lists telling us it's a fantastic proposal or discussing all the ways you think it's a terrible idea. It's not a terrible idea. I joke because I am, in fact ?? because as obviously Tobias is the proposer here, he is not going to be acting as a chair in this and I am. Anyway, if there's no discussion on that, we shall move on.

I shall go back up here.

So, we have a couple more things just to cover off. So I lied about letting you out early for lunch. So working group interactions of which we have a couple. I was thinking about this extensively about after the conversations that were being had and I came up to a clear solution to all the Anti?Abuse working group problems. As with everyone else we're going to put it in the DNS, hand over all our problems in the DNS Working Group. This, apparently solves all problems. However, unfortunately, Geoff or Randy or someone would tell me that's not how to solve all the problems. Obviously there's been intersection with the database database working group on 2011?06 and that's been very much welcome. And that's eased off because the task force took a lot of it and we were working with the policy. But it's still there and the help there is very much appreciated. If we come up with a data verification policy, then that's going to require interaction with database, NC services, DNS, any data verification policy is going to be very wide?reaching, I feel. So it may end up not actually happening in Anti?Abuse. It may end up happening in Anti?Abuse with interaction from a lot of people or Anti?Abuse interacting with a working group that hosts the policy, so to speak. We're not sure what the shape of that is going to be at this point in time. There's no way that that policy, whatever shape it takes, is going to be housed in just one Working Group. There's going to be a lot of cross?working group involvement there. That's more predictions for the future. There's nothing else, 2011?06 is the live piece of that at the moment.

The other thing that this working group reports on is the RIPE NCC and RIPE community's interactions with law enforcement agencies. So the RIPE NCC LEA meeting took place in London over a month ago, where I went along and fought for the users. The representative as of the Anti?Abuse working group. And it was a very good meeting, very good day. Showed continuance awareness of the roll of the RIRs and their communities. That's a solved problem at this point in time. They're aware of this. There's no one sitting in the room, maybe we can get around these people. That doesn't crop up and it's a positive environment at this point in time. And I would like to thank the UK serious crime organization for their continued support of the community and, indeed of the policies that we have. There was a lot of expression of technical concerns which was an interesting conversation and the particular piece of that that I found to be most interesting is a years ago a lot of the law enforcement agencies were being scared of IPv6, they didn't know how to track IP addresses and so many of them out there, now they're looking at IPv6 okay, we can figure out how to track a subnet, carrier grade Nats scare us. As an operator, they scare me. Law enforcement is scared for a slightly different but similar reason. It's that change in technical problems and also shows that people are keeping up to a large extent. But carrier grade Nats was a large focus, and whatever you philosophically think about lawful interception and things like that, it's yet another problem highlighted by the technology moves towards using carrier grade NATs. So as one of the ?? I think Gert Döring says, have you configured IPv6 on something today, you really should. As I said, there's a wish to learn, wish to interact, and it's an ongoing process. One of the particular examples of that was the DNS changer conversation. I don't intend to repeat what was said in NC services or indeed in the DNS Working Group yesterday. I think we had a number of good discussions in there. They're there and on line for your perusal. But the outcome of the DNS changer, the freezing of resources in the database, albeit temporarily on response of the Dutch police order, does mean now the NCC are taking the Dutch take to court to find out what the procedure should be in the future and to improve that. And I think that's a very positive step, the right step to take. And I was heartened by Jochem's and Daniel's comments yesterday that they said while the NCC had reacted to the police order on foot of the DNS changer inquiries, that they would not be doing that again, that if a similar occurrence occurred without figuring out what was going on and a court order, the NCC would not be ?? I don't want to use Randy's words and say caving, but that's the most apt one I can find now, so that was a very encouraging thing to say. The whole area in the DNS changer, while there were questions with what happened in that, I think it was overall a positive interaction both in the RIPE region and the ARIN region and I think it will be positive and will improve how law enforcements are working with the RIRs.

The cyber crime had some interactions in London as well. That's ongoing and still a place for the law enforcement and RIR communities to discuss cyber crime issues.

So any questions on any of that? A lot there, I realise.

As I said, we'll continue to report as part of the mandate for this group and the RIPE community's interaction with law enforcement.

So if not ?? yes.

AUDIENCE: About the ?? I'll just repeat my comment I did, to solve the DNS problem, wouldn't it be useful to diverse the source somehow? You know what I mean, under different authorities?

BRIAN NISBET: I don't know if somebody else has an opinion on that. Personally ?? well, that's a very big question. It's not necessarily one to be answered here. Purely speaking personally, I trust the RIPE NCC to do the right thing, but that's speaking personally.

SPEAKER: RIPE NCC cannot go against justice.

BRIAN NISBET: No authority, regardless of who controls it, can go against national court or...

AUDIENCE: If you have diversity, maybe it will be so difficult, you know what I mean, if you have diversity around the world, that's what I mean. I propose by the air P /KAOEU that the five LIRs would be independent authorities that would have the advantage that you could use a majority system, so it would be quite difficult for the justice to invalidate your certificate, because you would actually have to make it in three countries at least.


AUDIENCE: I'm just showing it, like.

BRIAN NISBET: Absolutely and thank you for raising that point. I don't think there's anything more we can say to it at this point.

So any other busy business? No, a lot of hungry people. Due to the dynamic program committee, we're looking earlier and earlier for program items for RIPE meetings. If you have something you wish to present in Amsterdam in September, please think about it, mail it to the list or contact myself and Tobias are the chairs, the email address is on the website. And other than that, thank you all very much for your time. And we will see you in Amsterdam.

Thank you very much.