[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message <20190320141408.GP99066 at cilantro.c4inet.net>, 
"Sascha Luck [ml]" <aawg at c4inet.net> wrote:

>there has been a trend in recent years to make RIPE policy that
>transforms the NCC from a resource registry into a political
>agency...

I am a resident and citizen of the United States, and I have been a keen
observer of much of the news, over the past 2+ years.  I thus feel at
least somewhat qualified to offer the observation that there exist quite
sizable numbers of people here in my own country that have made, and that
countinue to make, the exact same mistake that Mr.  Luck has made here,
i.e. failing to note the clear distinction between things that are
"political" and things that are abjectly and abundantly criminal, e.g.
bank fraud, money laundering, and lying to Congress.  It is not, and
should not propely be considered to be merely a matter of "politics"
when manifestly malevolent parties, acting in what are clearly their
own private interests, are caught red handed, stealing from the cookie
jar, and no amount of dressing up these crimes as mere "politics" can
excuse these acts against the common good.  This is every bit as true
when it comes t shameless IP block hijackers as it is also in the case
of various U.S. administration officials and/or hangers-on, many of
whom are now, thankfully, heading off to prison.

I regret having to make this point here, and in this context, but Mr.
Luck has, perhaps unininetionally, touched what, for many of us here
in the U.S., is currently a very raw nerve.  Criminality is not politics
nor vise versa, even if about 42% of the population here still declines
to grasp the difference.

>2. "Resource hijacks" are transient in nature. They persist,
>generally, only until the "offender's" neighbours take action.
>Yet, 2019-03 proposes a long, convoluted, costly process involving
>"experts", reports, appeals and the NCC Board. By the time this
>process has run its course, the "resource hijack" in question
>will have long faded from memory. So the end result of this
>proposed process is that the "offender" gets a report which it
>will, in all likelihood, consign to the round archive (ie the
>recycling bin).

Strange as it may seem, I am actually inclined to agree with essentially
all of what Mr. Luck has said in the above passage.  His points and
criticisms are valid.  It is certainly the case that once caught and
publicly outted, hijackers have historically tended to give up their
stolen booty, or to be forced to do so my their peers and upstreams.
And this all tends to happen much faster than any of the porcesses
suggested in the proposal 2019-03.

The one important difference, of course, is that 2019-03 calls for the
hijackers to be deprived not only of whatever they have stolen, but also
and additionally, of every number resource that they were ever legitimately
granted, after a due process.  And this is not a small point, being as it
is, and as it is intended, a deterrent, and hopefully a persuasive one,
against this specific kind of anti-social foolishness.

>4. I want to forestall the inevitable argument here that "we can
>make policy to have those evildoers thrown out of the NCC
>later!". No, you can't. The SSA and its contents are solely the
>domain of the NCC Membership and I sincerely hope that that body
>will refuse to ratify any proposal that opens themselves to the
>loss of the services of a monopoly provider...

I would just like it noted, for the record, that RIPE is actually not a
"monopoly provider", and that the four other RIRs might reasonably take
umbrage at the very suggestion.


Regards,
rfg