Cooperation Working Group Minutes RIPE 88
Thursday, 23 May 2024, 09:00 - 10:30 (UTC+2)
Scribe: Kjerstin Burdiek
Chairs: Johan (Julf) Helsingius, Desiree Miloshevic and Achilleas Kemos
Status: Draft
View the session recording
Read the stenography transcript
Julf welcomed the attendees and asked the WG to review the minutes of the last meeting that had been posted to the list. He also announced that Desiree had been re-selected as co-chair. Desiree then introduced the agenda.
Update on EUROPOL Activities
Emmanuel Kessler, Head of Prevention and Outreach Team, EUROPOL
The recording is available at:
https://ripe88.ripe.net/archives/video/1344/
Emmanuel explained EUROPOL’s goals and how it operates through cooperation with other groups to tackle cybercrime. He also detailed how the organisation was set up internally. Emmanuel then shared current priorities for EUROPOL, including Internet governance. Some major concerns were the need to combat DNS abuse and ensuring law enforcement’s access to information. He encouraged information sharing with EUROPOL whenever possible to most effectively fight crime.
Hervé Clément, Orange and ETNO, said that ETNO thought of EUROPOL as an important partner on major issues. He also said that he had been part of an effort to propose an anti-abuse policy, making it possible for the RIPE NCC to check an anti-abuse email database.
Alex de Joode, AMS-IX, noted that AMS-IX was an EC3 partner. He encouraged anyone interested to contact Emmanuel or EC3 if they were interested in getting involved in this area.
Emmanuel noted the importance of these organisations’ partnerships and mutual trust.
Julf asked Emmanuel how he would define DNS abuse.
Emmanuel said this was indeed hard to answer. It was the precursor to a crime that they looked at within an investigation framework. They needed to work with partners to address this globally.
Alistair Woodman, NetDEF, asked how AI was affecting the trend of attacks.
Emmanuel said they had produced a report on AI. Machine learning could be useful for EUROPOL, as it helped them process large amounts of information. But it was also a threat criminal rings could use, giving more people the capacity to launch attacks. There were versions of ChatGPT on the Dark Web used by criminals. AI could also be used in scams to make them even more persuasive. EUROPOL had a unit focusing on AI.
Friso Feenstra, Rabobank, asked if EUROPOL ever addressed threats from nation states and how they dealt with political elements in their work.
Emmanuel said they were law enforcement, not an intelligence agency. State actors destabilising politics were more in the scope of security organisations. However, it was possible that, during an investigation, they would discover a state actor was responsible. They did work on NotPetya, but only because of the massive scale. Generally, these political matters were not in scope for EUROPOL.
Julf said asked how to define valid versus invalid law enforcement, such as if a country asked for help finding digital evidence of people violating their specific morality laws.
Emmanuel said they had strategic agreements with partners and various countries, including outside of the EU. However, their work was carried out following a framework that had already been negotiated by higher authorities. J-CAT was one partner. But EUROPOL did not work with people outside of these partners and always considered EU legislation in their work.
Update on NetMundial+10
Jeanette Hoffman (WZB), HIIG, Weizenbaum Institute
The recording is available at:
https://ripe88.ripe.net/archives/video/1345/
Jeanette talked about the original NETMundial, which produced a document of Internet governance principles and a roadmap. The current NetMundial+10 process was intended to work on these principles and make them more relevant to today, such as by talking about digital policy alongside Internet governance. Jeanette shared the process so far, like the São Paulo Multistakeholder Guidelines, and noted that the document they were producing was more flexible than the original. It also referenced other ongoing processes in the Internet governance world and gave guidance about ideal governance.
Paul Rendek, DStream Group, shared that he liked that the original principles were being reused because they were well-done. At the same time, he was concerned that this document might already have too many different ideas in it. He asked what would happen next for NetMundial and why it was worth investing in.
Jeanette said this document would likely not change the multilateral tide in the UN, but it was a way to encourage multilateral processes to be more inclusive. It could also serve as a benchmarking guideline for multistakeholder organisations.
Peter Koch, DENIC, said that the document’s language might sound rather abstract and high-level to this community, and that words like “stakeholder” might have different connotations here. He noted that during the NetMundial process, RIPE had been mentioned as an example of successful self-governing community. He asked how best to get the technical community involved in these sorts of processes, given the necessity of doing so.
Jeanette said that part of what was needed was to be straightforward in communications. Just like all the acronyms in the governance community, technical language could also leave non-technical stakeholders confused. It was important for the technical community to explain their recommendations in a way policy makers could understand. This would bring more stakeholders into the conversation who could offer useful outside perspectives.
Alistair Woodman, speaking on behalf of himself, referenced the previous talk on EUROPOL and asked how to reconcile individual freedom and law enforcement needs. Technically speaking, you either had to collect all data or none, and the trend was leaning toward collecting all data. He also referenced the current whistleblower intimidation controversies related to Boeing and to the Post Office scandal in UK. He stressed the need for more effective whistleblower protection.
Jeanette said there could be a more institutionalised response, with democratic oversight holding organisations accountable. The multistakeholder approach could help here. It would also help to have more governmental oversight over data collectors, such as law enforcement.
Alistair said that the Post Office in the UK had had political oversight, and it had not really helped. Even more oversight would not change anything. What could work was for civil society to protect whistleblowers and embarrass executives for wrongdoing.
Saša Kovačević, Office for IT and eGovernment, on his own behalf asked if it was possible to lower international roaming prices.
Achilleas Kemos said this question was not very relevant.
Bruna Santos, Digital Action, said there had been a lot of discussion about future uses for the NetMundial+10 document. She asked if the São Paulo Guidelines could be used to analyse current and future multistakeholder or processes.
Jeanette recommended organisations look at the document and see how well they fit the guidelines, as well as if the guidelines were suitable. She said this was a rolling document that organisations needed to review.
Paul Rendek urged the RIPE NCC to look at this document and also the community to contribute to this process and stand behind these principles.
Julf noted that the RIPE NCC had submitted their input during this process.
SOLID
Osama Al-Dosary, Advisor, Saudi Internet Exchange (SAIX)
The recording is available at:
https://ripe88.ripe.net/archives/video/1349/
Osama Al-Dosary of SAIX introduced SOLID, an infrastructure for greater web privacy and collaboration. Rather than major companies hoarding data, SOLID featured shared data pods. This would bring back decentralisation to the Internet, allowing for benefits like more interoperability, more freedom for innovation and more user control over data. He shared some organisations using SOLID and encouraged the community to get involved.
Chris Buckridge, Buckridge Consultants, said that Project Liberty was working on a Decentralized Social Networking Protocol. He asked if this was in any way connected to SOLID.
Osama said he was not aware of this particular project. SOLID however was hopefully going to be a W3C standard soon.
EU Regulatory Update
Romain Bosc, Senior Public Policy & Governance Advisor, RIPE NCC
The recording is available at:
https://ripe88.ripe.net/archives/video/1351/
Romain shared ongoing legislative efforts in the EU, such as GDPR and the Digital Services Act. Some of the EU’s priorities were economic security and digital sovereignty, as well as network security and resilience. Upcoming EU parliamentary elections could lead to a shift in the Internet governance landscape. He also shared the work the RIPE NCC had been doing to engage with policy makers and invited attendees to an upcoming Cooperation WG interim session discussing Europe’s digital future.
Alex de Joode, AMS-IX, suggested that the RIPE NCC look into the e-evidence package, as it would give all EU police officers access to the RIPE Database.
Romain said the RIPE NCC was discussing this with EUROPOL.
There were no more questions. The chairs closed the session.