[anti-abuse-wg] False positive CSAM blocking attributed to RIPE

>I am writing about a case that has been referred to my organization involving 
>global blocking (packet dropping, apparently) of IP addresses that have been 
>reported as hosting CSAM by the Canadian Center for Child Protection (C3P).

lose one point everyone who didn't read that this is a watchdog not the
site owner -- and if you Google their name, one whose activities and
focus has attracted some controversy

>However, in the case that was reported to me, rather than allowing the hosting 
>provider to take down the offending image, the takedown notice was followed by 
>global packet dropping of the hosting IP address, which took down the entire 
>server and other websites along with it:

there's no such thing as "global packet dropping" but if the website is
offline then either traffic is being blocked near to the site itself by
a hosting company or upstream provider, or some national level blocking
is being applied (though often this takes the form of arranging that the
website name does not resolve in DNS rather than packet dropping per se)

> the hosting provider has attributed 
>this censorship to RIPE, 

RIPE NCC operates a directory service -- maintaining lists of which
organisations have been assigned which IP addresses (along with 4 other
Regional Internet Registries)

>although I cannot verify whether or not this is true. 

it is untrue, you should interrogate the hosting provider directly
because their statement (whatever it was) has clearly been severely
garbled before you reported it here

>If I am able to obtain more details from RIPE staff, I will follow up with them.

that would be a waste of their time -- you need to backtrack to the
hosting provider and, if you can obtain some technical help, ascertain
the actual nature of the blocking (assuming it is still in place) or at
least review what technical evidence there is about the impact (assuming
that's the aspect you care about -- rather than what you describe as an
error of categorisation by C3P)

>I'm writing to find out if anyone has more information that they 
>can share about how this might have happened, and how it can be 
>prevented from happening in the future.

there is considerable information to be found online about how blocking
works, the mechanisms used and how it regularly goes wrong. Entering
this arena without attempting to do your homework is counterproductive.

-- 
Dr Richard Clayton                               <richard.clayton at cl.cam.ac.uk>
Cambridge Cybercrime Centre                          mobile: +44 (0)7887 794090
Computer Laboratory, University of Cambridge, CB3 0FD   tel: +44 (0)1223 763570
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20210929/53000306/attachment.sig>