[anti-abuse-wg] 2019-03 and over-reach

On Fri, Mar 22, 2019 at 05:13:20PM +0000, Nick Hilliard wrote:
>The aim of the 2019-03 proposal, as far as I understand it, is to 
>grant the RIPE NCC the authority to make formal judgements about 
>alleged abuse of network resources with the implicit intention that 
>unless the party involved ends the alleged abuse, the RIPE NCC would 
>enforce the judgement by LIR shutdown if the alleged infringer were a 
>member, or refusal to provide service if the alleged infringer were 
>not.

It is actually worse than this, as I understand it. Based on
recent contributions in this discussion, I now understand that
it is proposed to make the determination of "network abuse"
entirely outside the NCC and then to give this determination to
the NCC Board to rubber-stamp and enforce it (and, implicitly 
assume the legal liability, one would presume)

>There are other pile of other considerations here, not least whether 
>the RIPE NCC would have any legal jurisdiction to deregister resources 
>where it had determined "abuse", and what the legal liability of the 
>company would be if it were determined that they didn't have 
>jurisdiction to act.

I am also somewhat worried about the possible fall-out for the
members if the NCC were to be found to have acted incorrectly and
be liable for the damages to the business of a member that was
shut down...

I would be very interested in NCC Legal's opinion on this.

>But, this is not how to handle the problem of BGP hijacking.  Even if it 
>had the slightest possibility of making any difference at a technical 
>level (which it won't), the proposal would set the RIPE Community and 
>the RIPE NCC down a road which I believe would be extremely unwise to 
>take from a legal and political point of view, and which would be 
>difficult, if not impossible to manoeuver out of.

Much better put than I could hope to do, I fully endorse this
statement.

rgds,
SL


>Nick
>