[cooperation-wg] Minutes session 1 and 2 Cooperation WG at RIPE69

Hi all

Here below you find the minutes from both Cooperation WG sessions Thursday 5th November 2014, at RIPE69 in London.

We wish you all a Merry Xmas and a Happy New Year! See you soon again!

Best, 

Maria, Meredith, Alain
co-chairs Cooperation WG



Session 1 - IANA Oversight Transition and Internet Governance

After giving a brief background to the IANA stewardship discussions, Chris Buckridge presented on the processes currently underway at the RIR community level (including the formation of the Consolidated RIR IANA Stewardship, or CRISP, team) and global level to develop a stewardship transition proposal to the United States government. He also detailed the current draft RIPE community principles that have been distributed on the Cooperation Working Group mailing list and the subject of some discussion, and gave an outline of what the RIPE NCC believes a Service Level Agreement between the RIRs and the IANA functions operator would look like. He concluded with a summary of discussions to date in the other RIR communities. 

Athina Fragkouli gave a presentation on the inter-related process going on to ensure and enhance the accountability of all organisational players related to the IANA functions, including the RIRs and ICANN. 

Paul Rendek led an open discussion of the issues raised in the two presentations and of the RIPE communities position in relation to IANA stewardship. 

Randy Bush noted that the Internet Engineering Task Force (IETF) already has a Service Level Agreement in place with ICANN regarding ICANN’s management of the IANA functions relating to protocol parameters, and asked if the plans for an RIR-IANA SLA were being coordinated with IETF participants. Athina noted that the RIPE NCC and CRISP team will look to coordinate with the IETF and investigate opportunities to build on what they have already developed. 

Daniel Karrenberg agreed with Athina, and speaking as a member of the IANA Stewardship Transition Coordination Group (ICG), noted that it is an explicit part of the process that all communities talk to each other while developing their parts of the proposal. He stressed that the current time line cannot be met should the ICG receive incompatible proposals and added that when the CRISP team is constituted, ICG members will do their best to help ensure that the CRISP team does not work in isolation. Patrik Fältström and Chris Buckridge noted the documents produced by ICANN's Security and Stability Advisory Committee (SSAC) on the IANA functions themselves and the existing contractual relationships that currently relate to their operation. 

Randy also noted that there can be no accountability without transparency - he suggested that ICANN has not been a good example of transparency, while some of the RIRs have done better in this regard.  

Alexander Isavnin noted that organisations are “accountable” to someone, and the question of to whom ICANN or the RIRs are accountable will be important to many stakeholders, particularly in government. He also suggested that informed community contribution to this process will rely on published analysis of the existing documents and arrangements.

Salam Yamout, noting the ICANN accountability process, suggested that we think about longer term goals for ICANN and its accountability. Paul Rendek suggested that this highlighted the importance of ensuring that the IANA stewardship and ICANN accountability are considered separately (as Athina noted in her presentation on the Enhancing ICANN Accountability Cross Community Working Group) and particularly the need to emphasise that longer term accountability goals not hinder the IANA stewardship transition. He noted that while the RIRs are not perfect, they can provide an example in terms of what specific ICANN accountability issues will need to be resolved ahead of the IANA stewardship transition. 

Carsten Schiefner asked whether the RIPE NCC and community were regarding it as settled that ICANN would continue in its role as IANA functions operator. Responding, Daniel Karrenberg noted that while there is not clear consensus for the long-run, minimal change to a working system has been identified as an important goal by the community; in the short-term, that means ICANN continuing in the role. He added that the RIRs have been happy with ICANN's performance of these duties, but he stressed that moving forward, the RIRs need to make sure a contract is in place and that the term and options for termination of that contract are clearly spelled out. He also noted that not specifying ICANN in the role at this stage of the process would be seen as a specific political statement.

Tahar Schaa asked what are the risks in this process are, and whether the RIPE NCC has an opinion on whether this is a good thing or a risky thing. Paul Rendek noted that the idea of this transition is not new, and that while there was some risk that this process would end up with no change to the status quo, the status quo was actually working. He noted, however, that a failure to transition the NTIA out of its current role would have political repercussions, as highlighted in discussion at the recent meeting in Brussels with RIPE NCC, CENTR and EU government representatives.

Filiz Yilmaz described IANA stewardship as a colossal opportunity and a chance to bring RIR principles to parts of the Internet community where accountability has not been so clear. In terms of risk, she agreed that maximum stability must be prioritised at all stages of the discussion and in any eventual SLA, but we don’t want to see the process get stuck and it is important that the RIR legal teams taking a lead here. 

Ashley Heineman of the NTIA offered her thanks for the invitation to sit in on the session, and stressed the importance of the NTIA understanding what the communities are thinking. She noted that the NTIA is happy to be a resource in terms of answering questions about their role and the existing contracts. Sandy Murphy noted that the NTIA did not promise that they would accept the final proposal that it receives, and asked whether that has changed. Ashley noted that while this has not changed, the NTIA and the U.S. government are very committed to transition process, and as long as the proposal is within the framework of clear basic requirements laid out in the initial announcement, the NTIA are happy to review with the intention of approving the proposal. 

Jason Schiller noted that the output of the recent LACNIC meeting suggests that the contracting party would be Number Resource Organization (NRO), while the current RIPE draft says that the RIRs would be the contracting parties. Axel Pawlik noted that the NRO is not incorporated, and that any legal agreement would need to be signed by the RIRs. 

Patrik Fältström noted that when it comes to merging proposals from the three communities (names, numbers and protocol parameters), the names is unique, as this is the only place that NTIA has an operational role - he stressed that it will therefore be important for the CRISP team to work with communities that have slightly different needs. Paul Rendek agreed that the names community does not have the same kind of communities or processes. Patrik noted that for IANA to work, there needs to be trust between the requestor of IANA changes and the IANA functions operator that makes those changes, and this is a central issue to the stewardship transition discussion. 

Randy Bush noted that he understands that the IETF and the RIRs have been happy with ICANN’s performance as IANA operator for many years, and that in these cases, IANA is essentially a bookkeeper for the Internet. But he too noted that the situation for names is different. 

Heather Schiller questioned what about this process would improve the transparency of ICANN itself, and suggested that this was one of the most problematic issues. Paul Rendek noted that the RIRs are not entrenched in ICANN, but that the RIRs can demonstrate our own accountability, and we can help with building the community there. Heather argued that monetisation of the DNS means that in the ICANN context, little attention is paid to the RIRs and the numbering community, but the operation of ICANN is important to this community. Paul agreed, but noted that while ICANN accountability is a long discussion, a proposal for IANA stewardship is needed by next summer. 

Hans Petter Holen suggested that it is important for the community to look at what RIPE NCC is: an organisation accountable to its members via the Executive Board, and also accountable to RIPE as an open policy forum. He stressed that the IANA operator should be accountable to “us” (the global Internet) - if that means entering into a contract with a non-transparent, open organisation, we need to make sure that our lawyers ensure that we have the contractual power over that organisation. He noted that in terms of names, ICANN needs to be more accountable, but that the big question for the RIR communities is, can we trust an organisation that’s not yet open and transparent? 

Paul Rendek suggested that no responsible administration (including the NTIA) would release stewardship of these functions to a new, untested process, and therefore we need to stay true to our existing principles, not make up new ones. 

John Curran noted that the existing policy authorities are already recognised, the current system works and we can keep ICANN in place without much changing. However, such a change could mean that the RIRs are eternally in this stewardship role, meaning the RIRs need to make sure that they are accountable to their communities. The ability for someone else to intervene goes away with the change being proposed. 

Jim Reid argued that we need to avoid being sidetracked by ICANN accountability issues, which may never be fully solved, and focus on the issues relating to the IANA functions issues, which are clearly understood. Randy Bush disagreed, arguing that the community is responsible not just to people in this room, but to the users, and while taking on ICANN accountability is a large problem, the pressure to get the IANA stewardship transition successfully completed may provide us with the only chance to solve the bigger accountability issue. 

Ruediger Volk noted that while the RIPE NCC is accountable to the relatively small stakeholder group of RIPE operators, it must also consider users and the broader world, and he noted that in other RIR discussions (in LACNIC for instance), the communities have seen a need to reach out further. He noted that this may be walking into a swamp, but it is a question that the RIPE community needs to ask. Paul Rendek noted that while LACNIC have raised the issue of whether RIR community processes fit the definition of multistakeholder, the RIPE community unquestionably operates according to bottom-up, open, inclusive processes, and we should stay true to those principles in any IANA proposal. 

Paul Rendek also noted that other discussions about the IANA stewardship issues have been facilitated by the RIPE NCC in regional meetings and network operator groups across the service region. The resounding impression from those events is community members asking “how will this affect my business and my relationship with RIPE NCC?”. 

Paul closed the discussion and encouraged everyone to continue the discussions on the Cooperation Working Group mailing list. 


Session 2

Securing the Internet Post-Snowden: Securing hardware with Cryptech, Randy Bush
Randy Bush provided an update on Cryptech, a community project to develop a Hardware Security Module. He briefly described the project, gave an update on its progress to date and outlined what the project needs from the technical community, policymakers, industry partners and supporters generally.

Meredith Whittaker asked when the HSMs would be in production. Randy noted that the goal of the project is open source design, rather than actual production, but that as part of their work, the project partners plan to produce around 50 laptop boards in coming month for people to play with. 

Vesna Manojlovic asked for more specific details on how people in the RIPE community could help. Randy noted that money would be very useful to progressing the project, but that any additional crypto, hardware or software tool chain expertise would also be useful. 

Shane Kerr asked about plans for certification. Randy noted that while there are no immediate plans for certification, the project partners do have FIPS certification in mind. The expectation is that someone using the Cryptech designs could make a FIPS-certified product. 

Sasha van Geffen asked whether this was simply shifting the security problem to the production side of things, particularly given the patent environment surrounding chip design. Randy noted that the project includes an academic with expertise in patent law, and all efforts are made to use well‑known open algorithms, so they are not too worried about patents. He conceded that trojans are more of a concern. 

Sasha clarified that he was asking how they can ensure that their design is actually built into machines as intended. Randy agreed that this is a challenge - if you pay Juniper to put the Cryptech HSM on a board, how do you know that you are getting that design? Designing for testability of the whole production process, not just the random number generator itself, is vital. 

Meredith Whittaker noted that auditability is a major issue, and also a subject under consideration in the “Caring for the Core Infrastructure Commons” BoF session.

Patrik Fältström asked whether the Cryptech team was working with any certification agencies to ensure that those agencies can use the final design, and volunteered his assistance in that. Randy pointed out that they were deliberately not working with agencies, as they are wary of how strongly their engineering decisions are influenced by any part of the culture, but that they believe they can design for certification. But he stressed the importance of engagement of engineers from other places, noting that they have a Russian crypto designer on the team, but are unable to get anyone from China. 


Measuring and Preserving Freedom of Expression Online

Technology, Policy, and the Need to Engage Local Communities, Amelia Andersdotter
Amelia Andersdotter, a former Member of the European Parliament (MEP), spoke about the need for better engagement by technical community (and the public more generally) with legislative processes and the parliamentarians that have a role in those processes. 

Amelia noted her past experience as a recently-unseated Swedish MEP for the Pirate Party, and her hope that she might use this experience to help people engage with the European Parliament. She noted the challenge in having local constituencies engage in larger legislative processes, but noted that Parliament is quite different from national regulators or governments Ministries and departments, as the Parliamentarians are directly accountable to voters, whereas government employees are often more comfortable and stable in their role. 

Amelie highlighted copyright reform as an issue that can affect people directly, and which is the subject of a current legislative proposal coming from the European Commission. She noted that this proposal has been very contentious, and there has been significant public participation, but she emphasised that the outcome of this discussion will affect the way decisions are made about technical issues. 

One strategy that Amelia emphasised to effectively influence discussion in the European Parliament was to engage directly with the local councils rather than parliamentarians or larger government structures. This is because the local councils have a key role in selecting the lists of MEP candidates for each party, giving them a stronger voice in the process. 

Alexander Isavnin thanked Amelia for her presentation, but noted that it spoke only about engaging the institutions of the European Union, and asked how it might relate to engagement in Russia. Amelia noted that the former Russian president had been the only leader to ever discuss full reform of the Berne Convention [for the Protection of Literary and Artistic Works], but that that this did not seem to have carried over to the current administration. Alexander asked whether Amelia felt Internet services should be regarded as utility services for everyone and regulated accordingly. Amelia emphasised her belief that a competitive market is important, and while not seeing telecommunications as “critical infrastructure”, it is vital to allow as many people as possible to have access. She stressed the importance of action at the local level, looking at municipalities that have provided wifi access and other initiatives.

Carsten Schieffner noted that MEPs are bombarded with many issues, and asked how local communities could make themselves heard. Amelia noted that (absent money to pay lobbyists) you  need to find someone whose time and attention will be valuable to an MEP, and again emphasised the role of municipal councillors - she noted that the challenge is getting those local councillors interested in your issue.

George Michaelson noted what he saw as very problematic legislative proposals coming out of the European Commission (EC) in recent years last year, and noted his general scepticism of technology when it comes to advancing social issues. Amelia agreed that there had been justified criticism of EC proposals in the past, but that on the copyright issue there has been a useful public consultation, more than 5000 citizens contributing (a summary of these contributions is available on the EC website). But she stressed that, given the large corporations with a stake in these discussions, it is only through public engagement that any idea of the public good will be preserved and reflected in the legislation.

What Does it Mean to be a Socially Responsible ISP? Sacha van Geffen
Sacha van Geffen of Dutch ISP Greenhost discussed his organisation’s work with activist communities, their approach to privacy preservation and making ecologically responsible choices. 

Chris Baker from DYN noted that while Tor may be good, it is often used by criminals, and asked what tools Greenhost are using to keep botnets and other abuse in check. Sacha noted that highways also cater to criminals, but agreed that there are good policies you can set to Tor exit nodes to minimise problems. He agreed that there is some collateral damage, but also suggested that criminals have more sophisticated strategies than just using Tor. Chris suggested that it was also better to hedge across a range of technologies rather than focusing on a well-known technology like Tor, which Sacha agreed was important.

ISP Interconnection and Consumer Internet Performance, Collin Anderson
Collin Anderson, an independent researcher with the University of Pennsylvania and the Open Technology Institute, discussed his collaborative work using open data to measure the impact of ISP relationships on consumer Internet access.

Shane Kerr suggested that this might seem to be work that the regulator should be doing, and asked how much impact it was likely to have in directing policies? Colin stated that the success of study is based on the number of civil society organisations citing it, on regulators interacting with the data, and on how much the work informs the public debate. He also noted that research teams like his provide infrastructure that a lot of governments cannot afford at this time, so if any way of getting this data into the governmental conversations is a success.