[anti-abuse-wg] AA-WG Minutes - RIPE 66
Brian Nisbet brian.nisbet at heanet.ie
Tue May 6 10:45:53 CEST 2014
Colleagues, It appears, a few months ago, I'd convinced myself that the minutes of RIPE 66 had been circulated and I asked the WG to approve them in Athens. In fact neither the 66 nor 67 minutes have been circulated. I include the minutes from our meeting in Dublin below and I hope to bring you the minutes from Athens in the next few days. While these have been formally approved, please let me know if you have any objections and they can be changed as needed. RIPE 66 Anti-Abuse Working Group 16 May 2013 14:00 - 15:30 WG Co-Chairs: Brian Nisbet, Tobias Knecht Scribe: Rumy Spratley-Kanis A. Administrative Matters • Welcome • Scribe, Jabber, Stenography • Microphone Etiquette • Approve Minutes from RIPE 65 • Finalise agenda Brian welcomed attendees to the session, thanked the RIPE NCC staff for scribing and chat monitoring. B. Update • B1. Recent List Discussion There were no list discussions mentioned. • B2. CleanIT Project Close-Off The project was closed in March, the document was posted on-line and the URL was sent to the mailing list. Brian mentioned that the document explicitly states that they do not believe that filtering and blocking is a way to deal with on-line terrorism and the promotion of terrorist activities that the project was trying to solve. There were no comments on the project. • B3. AA-WG Charter Brian gave an update on the WG Charter and proposed that he and Tobias will review the charter. The core principles will not change, and the WG will not cover things like copyright theft or the Digital Millennium Copyright Act. Brian also mentioned that they would not embed a definition of “abuse”. Michele Neylon, Blacknight, mentioned the importance of reviewing the types of abuse. He also mentioned being supportive of keeping away from intellectual property copyright. It’s not something that the Anti-Abuse WG should try to solve. He suggested to mention this as a footnote in the charter. Brian replied that it is in the charter. Sasha Luck, Rapid Broadband, mentioned not having major issues with the WG defining what they think is abuse, but he does have a problem with the proposed charter update, because it would mean that the RIPE community would empower the RIPE NCC to become an enforcer of content, or even a censor. Brian mentioned that he understands his objection and mentioned it is important to phrase things to make sure that this is not the case. The point is not to have the AA WG force the NCC to become a sensor or any form of Internet Police. Peter Koch, DENIC, asked what the problem was with the current charter. Brian replied that the intention is for the WG to act against abuse of networks, particularly spam but all forms of network abuse. According to Brian this is too far for this WG to go because it would lead to the WG saying the NCC should be shutting people down. Peter Koch asked if the suggestion to broaden the charter was the preempt the decision on another ongoing proposal Brian replied that there is no proposal Peter Koch: so why change the charter if there is no reason to? Brian replied that it was asked for, and it was time to look at the charter and maybe broaden a couple of things, send it to the WG for review and see where to go from there. Peter Koch suggested that if there is a proposal with significant support and people feel it is not in the remit of the WG, then a charter should be reconsidered. Brian replied that he was not suggesting changing the charter, but that this was something that was asked for, didn’t get significant support, but it was clear that it needed to be looked at. He added that there will be no fundamental change, but since it was mentioned on the list the appropriate thing to do was mention it during the session. C. Policies • RIPE Policy 2011-06 Denis Walker, RIPE NCC, gave an update on the implementation of ABUSE-C The presentation is available at: https://ripe66.ripe.net/presentations/254-Abuse-c_update-66.pdf Patrick Tarpey, OFCOM, asked what the consequences would be if someone didn’t fill in the ABUSE-C contacts. Denis replied that the requirement was that all LIRS must have added this by the end of September. If not, the RIPE NCC would add the LIR contacts email address and create the ABUSE-C for the contact. Patrick Tarpey mentioned that it could be that the emails concerning abusive behaviour would end up going to the network team that manages that allocation. Denis replied that this can be changed in the LIR Portal. Brian Nisbet explained that if an ISP has a customer who hasn’t filled this in, the ISP’s contact address will go in there, and this would act as an encouragement to the ISP to encourage their customers to fill in their correct details. Kaveh Ranjbar, RIPE NCC, gave a quick outline: by the end of September, all LIRs will have an ABUSE-C contact. In the meantime, every month the RIPE NCC will send a reminder to LIRs who haven’t added the ABUSE-C. The second phase of the project will focus on PI space, there is a one year deadline for that. Sebastian, Net Connects, asked via chat if an object has both an admin email and an abuse email listed, which one they should use for ABUSE-C? Denis replied that according to policy, the abuse role object must have an abuse mailbox attribute. The policy does not define what e-mail address you add. • RIPE Policy Proposal 2013-01 D. Interactions • D1. Working Groups Brian talked about an idea for a policy proposal he and Tobias thought of that would be presented in the Database or RIPE NCC Services WG. The aim would be to start doing regular data verification of the ABUSE-C details. The idea would be that there would be an automated check to see if someone is reading the used email address. The next step could be to have the “admin-c” and “text-c” attributes behave in a similar way to the ABUSE-C and to also apply data verification for those attributes. Brian finished by saying that the Anti Abuse WG would be kept informed of the progress of this proposal. Michele Neylon mentioned as additional information that ICANN has a similar problem, and that it would be a good idea for the NCC to talk to ICANN to see if there is some kind of data sharing they can do in this area. Sasha Luck expressed his surprise that the Anti-Abuse WG was proposing to spam all the LIR contacts and forcing them to reply, too. Brian replied that he was just informing the Anti-Abuse WG of a proposal going on in another working group and that he did not see this as spam. He added that if the community is against the proposal, they will have the opportunity to oppose it. • D3. RIPE NCC Gov/LEA Interactions Update Marco Hogewoning, RIPE NCC, gave an update on Outreach to Law Enforcement. The presentation is available at: https://ripe66.ripe.net/presentations/300-RIPE-NCC-LEA-AA-final.pdf There were no questions. • D4. An Introduction to European Cybercrime Centre – Richard Leaning Richard Leaning gave an introduction to the European Cybercrime Centre. The presentation is available at: https://ripe66.ripe.net/presentations/246-An_Introduction_to_European_Cybercrime_Centre.zip Michele Neylon mentioned that ICE was an unfortunate choice of wording since the US government has a rather large federal body that is called ICE. Richard replied that he is open to suggestions on different names. Richard asked hoe many in the audience have had contact with law enforcement. There were not many, but some. He added that if someone feels the need to engage with law enforcement community to come to him and he would be able to put them in contact with the right departments. Alexander Isavnim mentioned that being from a Russian Federation he does not fall under the Europol jurisdiction. He mentioned that the Russian police department has not been very successful in the area of cybercrime prevention. He asked how the EC3 was planning to control this? Richard replied that EC3 does not have any executive power but are there to coordinate and support the Member States. Paul Rendek thanked Richard for his presentation and added that it’s great to see the European Commission and the EC3 reaching out and wanting to engage with our community. Richard added that the idea would be for him to come to the next RIPE meeting in Athens, and after that every other RIPE meeting. A. Presentation • E1. “Save Money Online Without Killing Yourself” – Michele Neylon & ASOP The presentation is available at: https://ripe66.ripe.net/presentations/255-ripe66-fakepharma.pdf Peter Koch from DENIC asked what the expectation was. What was the engagement being asked for. Michele replied that nobody is being forced to act, but that it would be helpful to agree on certain things. For example when/why should somebody be taken offline? If someone started abusing your Whois server, I assume you would take action? Peter refused to reply. Michele replied that that is not fair. The reality is that the Internet is a resource and we all have to play nice in the playground to a certain degree. He added that they had signed an agreement with LegitScript - and that he is not asking everybody else to do that, but he is asking for everybody to engage and help raise issues. Peter apologised for his previous answer. He mentioned that in case of abuse they would take appropriate measures to protect the interests of their customers. He added that he did not see the immediate link between the two. The abuse, or over-abuse of a Whois server isn’t immediately related to this. Michele replied that the Whois server was an example, and they could continue their conversation later on. Benedikt Stockebrand from Stepladder IT Training and Consulting mentioned that the actual problem is that this is very international, so it’s a lot of work for the EC3 and other instances, and that if you want to deal with this, we should address the actual problem. What is needed is to make it more expensive or less lucrative for people to do illegal activities on the internet. He added that he didn’t know how much the community could do about that. Patrick from OFCOM asked if the distribution of Pharma sites are on conventional hosted platforms. Michele replied that he doesn’t have the exact breakdown but that there seems to be a mixture. Some sites aren’t the actual end distributor, but a complex affiliate network. A lot of them use the bulletproof hosting - using providers who will not look at their activities closely. In terms of domain name distribution, some country codes are attractive to them because they are low cost, but you probably see the biggest concentration in .com and .net. I. A.O.B. There was no AOB Z. Agenda for RIPE 67 Brian Nisbet asked for early agenda items for RIPE 67 in Athens in October and encouraged the attendees to mail him or Tobias or the mailing list for agenda items. Brian thanked everyone for their participation and closed the session.