[address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call

Malcolm,

There was an IGF workshop in Vilnius last year "Routing and Resource
Certification: Self-governance and security at the core of Internet
operations"
(http://www.intgovforum.org/cms/component/content/article/102-transcripts2010/632-158)

I found Paul Vixie's remark he made there very useful in articulating
the trade-offs we are facing here. He said:

"I'd like to move from the situation we're in now, where the good guys
have no recourse against the bad guys, to a new situation where the good
guys will have some recourse against other good guys if these powers are
misused, and that is the choice I'd rather see discussed [...]"

Andrei

Malcolm Hutty wrote on 5/5/11 11:39 :
> On 05/05/2011 08:36, Randy Bush wrote:
>> shall we have a policy that covers black helicopters and sci-fi attacks
>> as well as demanding perfection in everything?
> 
> Black helicopters in slides presentations are amusing. But if you
> seriously think the governments, law enforcement and private litigants
> won't see this as a new capability to prevent traffic to certain
> networks you haven't (note to self: be polite, Malcolm) all the facts.
> 
> Fact 1. In the Co-operation WG where British law enforcement officials
> have /already/ been asking for procedures to re-assign netblocks to
> their agency because they think that would help prevent traffic flowing
> to places where crimes occur. Of course, as a community we could refuse
> to cooperate, unless/until the NCC is compelled.
> 
> Nonetheless, this demonstrates LEAs do have both the awareness and the
> intent; it's not a wild conspiracy theory.
> 
> Fact 2. There is draft legislation ALREADY going through the EU that if
> passed would require all EU governments (including the Dutch) to
> introduce laws to "take the necessary measures to obtain the blocking of
> access" to certain Internet locations [1]. It could be argued that this
> would give Dutch LEAs sufficient power to require the RIPE NCC to revoke
> a certificate - or perhaps not; it probably depends on how the
> Netherlands chooses to implement this European law if/when it goes through.
> 
> I would say that this shows that the risk, although not certain, is
> pressing and immediate, not a vague worry for the distant future.
> 
> Fact 3. There is continuous lobbying within the EU, to which Dutch law
> is subject, for greater measures to require Internet intermediaries to
> prevent the reachability of certain Internet locations. This has mainly
> focussed on network operators, but more recently EU officials have
> opened dialogue with ccTLD registries and the RIPE NCC too.
> 
> There's no end of topics for which some people believe controlling
> access to Internet locations would be a useful means of fighting some
> social evil - child pornography and copyright infringement have in my
> estimation the largest and most organised lobbying in favour of such
> measures, but there's also active work in the areas of terrorism,
> "cybercrime" generally, gambling, xenophobia racism and hate-speech,
> just off the top of my head.
> 
> In my view the range of actors who would seek to use any new capability
> is wide, and they are outside our control as a technical community. They
> operate at the political level, and they have no interest in the
> technical community's opinions, apart from an answer to the question
> "What is it technically possible for the RIPE NCC to do to impede
> reachability to the locations we specify?"
> 
> Once the RIPE NCC comes to be seen as a "gateway controller" that can
> significantly impact the reachability of "bad" networks, it will
> irrevocably become a ongoing target for use as a tool of public policy
> enforcement.
> 
> 
> Malcolm
> 
> [1] I'm referring to Article 21 of the Draft Directive on Child Sexual
> Exploitation, which is currently in Trialogue negotiations between the
> European Parliament, Commission, and Council of Ministers.
> http://bit.ly/9D5cg8
>