[anti-abuse-wg] 2019-03 and over-reach

There's also the interesting comparison of how some TLD registries - many of them - act on canceling spam and phish domains while others go to every extreme not to do so.

--srs

________________________________
From: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> on behalf of ac <ac at main.me>
Sent: Saturday, March 23, 2019 11:16 AM
To: anti-abuse-wg at ripe.net
Subject: Re: [anti-abuse-wg] 2019-03 and over-reach

On Fri, 22 Mar 2019 17:13:20 +0000
Nick Hilliard <nick at foobar.org> wrote:
> Regarding over-reach, the RIPE NCC was instituted as a numbering
> registry and as a supporting organisation for the RIPE Community,
> whose terms of reference are described in the RIPE-1 document.  The
> terms of reference make it clear that the purpose of the RIPE
> Community and the RIPE NCC is internet co-ordination and - pointedly
> - not enforcement. Proposal 2019-03 goes well outside the scope of
> what the RIPE Community and the RIPE NCC were constituted to do, and
> I do not believe that the Anti Abuse working group has the authority
> to override this.
>
the wg is not overriding anything. 2019-03 is about removing resources,
in much the same way as same resources would have been removed for
payment. (RIPE NCC accounts person would "judge" that there was no
payment and resources would be affected)

Just because there is a decision it does not mean that such a decision

is "law enforcement" or judicial.

2019-03 is administrative

and not legal/law/judicial

> The second point relates to the long term consequences of the
> proposal. If the RIPE Community were to pass this policy, then it
> would direct the RIPE NCC to act as both a judiciary and policing
> agency for internet abuse.  Judgement and enforcement of behaviour
> are the competence of national governments, courts and law

No. You are saying the same thing, though eloquently, in a different way
and trying to link it to some future potential hijacking by gov of RIR.

It is not much of a decision that RIPE NCC has to make either as:

1. There was hijacking

OR

2. There was no hijacking

Whether it was accidental, ongoing for long period of time and all the
other technical and scientific facts, this may require some sort of
interpretation of facts.

But, not whether it actually happened or not.

>
> But, this is not how to handle the problem of BGP hijacking.  Even if
> it had the slightest possibility of making any difference at a
> technical level (which it won't), the proposal would set the RIPE
> Community and the RIPE NCC down a road which I believe would be
> extremely unwise to take from a legal and political point of view,
> and which would be difficult, if not impossible to manoeuver out of.
>
ianal, NCC legal will surely evaluate the legal aspects, but
practically every new shell company that has to deal with compliance
and other issues is just another layer in the onion.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190323/dccdd9e9/attachment.html>