[anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Sara,

isn't making the world (and the internet) first and foremost a job of 
law enforcement agencies like the police and Europol? While I agree that 
everyone has a role to play, crime prevention and protection of the 
public is part of the LEA job description, right? Civil society entities 
certainly have a role to play, but it does not help trying to deputize 
them into a role they do not carry.

I disagree that the contract language you quote puts any duty of care 
regarding the abuse of any networks by third parties on the parties to 
the agreement. That duty may arise from other sources, but this language 
is directed at its own information the party provides to RIPE NCC and 
the cooperation with any audits. Just because it includes the word 
security does not mean it refers to all thinkable security issues.

The ability of any part of the internet infrastructure to curtail abuse 
that somehow touches services it providers is usually severely curtailed 
and its ability to review abuse complaints is usually limited to the 
resources it provides. In many cases, that is simply not enough 
information to go on when dealing with many common forms of abuse.

Best,

Volker

Am 16.01.2020 um 14:23 schrieb Marcolla, Sara Veronica:
>
> Very well put, Sérgio. Thank you for voicing clearly the concern of 
> (at least a part of) the community.
>
> We should not forget that, according to the provisions of RIPE NCC 
> audits, “e/very party that has entered into an agreement with the RIPE 
> NCC is contractually obliged to provide the RIPE NCC with complete, 
> updated and accurate information necessary for the provision of the 
> RIPE NCC services and to assist the RIPE NCC with audits and security 
> checks”. /Complete, accurate information goes hand in hand with a duty 
> of care, of promptly taking actions against abuse, and should be 
> accompanied by a social responsibility of trying to make the Internet 
> a safe and secure place for everyone, thus not enabling actively DDoS, 
> spammers, and criminals in general.
>
> If the community does not agree that everyone has the right to a safe, 
> spam free, crime free Internet, maybe we have some issue to solve here 
> first.
>
> Kind regards,
>
> **
>
> *Sara *
>
> *Europol - *O3 European Cyber Crime Centre (EC3)
>
> Eisenhowerlaan 73, 2517 KK
>
> The Hague, The Netherlands
>
> www.europol.europa.eu <http://www.europol.europa.eu>
>
> *From:*anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> *On Behalf Of 
> *Sérgio Rocha
> *Sent:* 16 January 2020 13:38
> *To:* anti-abuse-wg at ripe.net
> *Subject:* Re: [anti-abuse-wg] working in new version of 2019-04 
> (Validation of "abuse-mailbox")
>
> Hi,
>
> Agree, This anti-abuse list seems the blocking group to any anit-abuse 
> response measure.
>
> It's amazing that nobody cant propose anything without receiving a 
> shower of all sorts of arguments against
>
> There is an idea that everyone has to hold, if as a community we 
> cannot organize a policy, one of these days there will be a problem 
> that will make governments take the opportunity to legislate and we 
> will no longer have the free and open internet.
>
> There are a feew ideas that is simple to understand:
>
> 1 - If you have been assigned a network you have responsibilities, 
> paying should not be the only one.
>
> 2 - There is no problem with email, since ever are made solutions to 
> integrate with emails. There is no need to invent a new protocol. Who 
> has a lot of abuse, invests in integrating these emails.
>
> 3 - If you have no ability to manage abuse should not have addressing, 
> leave it to professionals.
>
> The internet is critical for everyone, the ability for actors to 
> communicate with each other to respond to abuse must exist and RIPE 
> must ensure that it exists.
>
> It’s like the relation with local governments, there is a set of 
> information that has to be kept up to date to avoid problems, in RIPE 
> it must be the same.
>
> Sergio
>
> *From:*anti-abuse-wg [mailto:anti-abuse-wg-bounces at ripe.net] *On 
> Behalf Of *Fi Shing
> *Sent:* 16 de janeiro de 2020 04:55
> *To:* anti-abuse-wg at ripe.net <mailto:anti-abuse-wg at ripe.net>
> *Subject:* Re: [anti-abuse-wg] working in new version of 2019-04 
> (Validation of "abuse-mailbox")
>
> >> Best not to judge the race until it has been fully run.
>
> I just do not understand how anyone on this list (other than a 
> criminal or a business owner that wants to reduce over heads by 
> abolishing an employee who has to sit and monitor an abuse desk) could 
> be talking about making it easier for abuse to flourish.
>
> It is idiotic and is not ad hominem.
>
> This list is filled with people who argue for weeks, perhaps months, 
> about the catastrophic world ending dangers of making an admin verify 
> an abuse address ONCE a year .... and then someone says "let's abolish 
> abuse desk all together" and these idiots emerge from the wood work 
> like the termites that they are and there's no resistance?
>
> The good news is that nothing talked about on this list is ever 
> implemented, so .. talk away you criminals.
>
>     --------- Original Message ---------
>
>     Subject: Re: [anti-abuse-wg] working in new version of 2019-04
>     (Validation of "abuse-mailbox")
>     From: "Ronald F. Guilmette" <rfg at tristatelogic.com
>     <mailto:rfg at tristatelogic.com>>
>     Date: 1/16/20 11:47 am
>     To: "anti-abuse-wg at ripe.net <mailto:anti-abuse-wg at ripe.net>"
>     <anti-abuse-wg at ripe.net <mailto:anti-abuse-wg at ripe.net>>
>
>     In message
>     <20200115155949.af7f9f79718891d8e76b551cf73e1563.e548b98006.mailapi@
>     email19.asia.godaddy.com
>     <mailto:20200115155949.af7f9f79718891d8e76b551cf73e1563.e548b98006.mailapi@%0bemail19.asia.godaddy.com>>,
>     "Fi Shing" <phishing at storey.xxx <mailto:phishing at storey.xxx>> wrote:
>
>     >That is the most stupid thing i've read on this list.
>
>     Well, I think you shouldn't be quite so harsh in your judgement. It is
>     not immediately apparent that you have been on the list for all
>     that long.
>     So perhaps you should stick around for awhile longer before making
>     such
>     comments. If you do, I feel sure that there will be any number of
>     stupider things that may come to your attention, including even a few
>     from your's truly.
>
>     Best not to judge the race until it has been fully run.
>
>     >Which criminal is paying you to say this nonsense, because no
>     ordinary person
>     >that has ever received a spam email would ever say such crap.
>
>     I would also offer the suggestion that such inartful commentary,
>     being as
>     it is, ad hominem, is not at all likely to advance your agenda. It may
>     have felt good, but I doubt that you have changed a single mind, other
>     than perhaps one or two who will now be persuaded to take the opposing
>     position, relative to whatever it was that you had hoped to achieve.
>
>
>     Regards,
>     rfg
>
> *******************
>
> DISCLAIMER : This message is sent in confidence and is only intended 
> for the named recipient. If you receive this message by mistake, you 
> may not use, copy, distribute or forward this message, or any part of 
> its contents or rely upon the information contained in it.
> Please notify the sender immediately by e-mail and delete the relevant 
> e-mails from any computer. This message does not constitute a 
> commitment by Europol unless otherwise indicated.
>
> ******************* 
-- 
Volker A. Greimann

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20200116/71694cfd/attachment.html>