Thursday, 27 October, 14:00 - 15:30 (UTC+2)
Scribe: Gergana Petrova
Chairs: Johan (Julf) Helsingius, Desiree Miloshevic and Achilleas Kemos (online)
Status: Final
Julf welcomed the attendees. He reminded them of the WG’s previous discussion on the sender-pays proposal (see RIPE 84 minutes). The European Commission is soon launching a discussion paper that will be open for comments. Julf encouraged everyone to think about responding. The RIPE NCC and the RIPE Community might also try to formulate community responses.
Desiree presented the agenda and the speakers.
Dragana Ilic, CETIN
The presentation can be viewed at:
https://ripe85.ripe.net/archives/video/962/
Dragana Ilic gave an overview of the telecom regulatory situation in Serbia. The electronic communication law was updated in 2010 and is line with the EU legislation. RATEL, the regulator, is working on new regulations that would focus on stronger net neutrality protections, expanding broadband coverage, on new players that are not part of the traditional electronic communications market and preconditions for 5G auctions. They are also working on rural broadband deployment subsidies. A successful first phase included 400 rural areas, and a call for second phase will aim at 1500 rural areas.
There were no questions.
Lauren Crean, OECD
The presentation can be viewed at:
https://ripe85.ripe.net/archives/video/965/
Lauren Crean mentioned two reports that the OECD published recently: Security of the Domain Name System (DNS) and Report on Routing Security (BGP Incidents, Mitigations Techniques and Policy Actions). She walked us through the latter. BGP events such as leaks and hijacks are increasing which is leading governments to take a closer look at them and issue inquiries and recommendations. Policy makers can play a role in securing the routing system, mainly by promoting measurement and collection of time-series data (e.g. United States), by leading by example (e.g. Netherlands), by facilitating information sharing (e.g. Japan) and by defining a common framework with the industry (e.g. Brazil, Japan, Switzerland, Finland).
Kevin Meynell, Internet Society, and a project owner of MANRS, commented that the report gets empirical evidence and measurements from the MANRS observatory platform. Some improvements need to be made to that measurement data, but it is a good starting point and does provide a lot of evidence for the state of routing security on the Internet. He encouraged people to use the data for this type of research.
Lauren agreed.
Maarten Aertsen, NLnet Labs, asked if they came across good sources of data which would be relevant to policy makers when they are thinking about this topic and the role of Open Source.
Lauren answered that they did think about Open Source even though it is not highlighted in the report (although it is mentioned a few times). There is a work stream that looks at securing communication networks and one that deals with the communication network infrastructure, not specifically on routing security, where they talk about Open Source.
Geoff Huston, APNIC, commented that for many years the OECD has promoted the idea of open and deregulated markets. However, the report missed an analysis of the economics of routing security, which in his view, is failing. If a network operator invests more money into security, they can't charge their customers more. There is no premium to have packets routed securely. He asked how we can align the market with the incentives of investors to achieve secure outcomes.
Lauren recognised that this is indeed a problem they thought about and acknowledge in the report. Her colleagues at the digital security department discussed how to get consumers to value digital security enough to incentivise providers. They have not managed to do this in industry.
Chris Buckridge, RIPE NCC, said that the RIPE NCC and the other RIRs have engaged with the OECD for over a decade through the Internet Technical Advisory Committee (ITAC). This was a good example of a paper where the OECD Secretariat and researchers submitted a draft to the ITAC, after which they adapted and improved the paper based on their input. It is important for the RIPE NCC that correct information reaches policy makers and the RIPE NCC is continuing to engage in this space.
Jim Reid, rtfm llp, speaking privately, asked if the NIS Directive has an impact on the economic incentives for trying to secure the routing infrastructure.
Lauren said she would like to hear the views of the technical community on that. Policy makers prefer not to be too prescriptive, because that might not be the right course of action.
Jim added that some NIS provisions are enacted for things like DNS, but there is nothing that tells operators which software to use. If there is outage of longer than certain time, there will be consequences. But there is nothing that incentivises operators to follow MANRS or RPKI. Maybe policy makers can think of doing so.
Lauren thanked Jim for the interesting comment.
David Hausheer, OVGU Magdeburg, congratulated Lauren on the report and for including a section on the signed Internet architecture, thereby acknowledging the contribution of SCION to improve routing security. He added that Swiss banks are already using it productively.
There were no more questions or comments.
Lucien Castex, Université Sorbonne Nouvelle and Julien Rossi, Université Paris 8
The presentation can be viewed at:
https://ripe85.ripe.net/archives/video/968/
Lucien and Julien presented their research on Internet fragmentation. Fragmentation can take different forms: no communication between two networks, non-uniqueness of the DNS system, outages, technological silos and application-layer incompatibilities, alignment and censorship, filter bubbles. Fragmentation can be intentional or incidental and could be caused by technological factors (IPv6, protocol competition, BGP errors), political factors (censorship, data localisation, the Russian internet, the Great Chinese firewall) and commercial factors (technological silos, net partiality, browser incompatibilities). They provided four ways forward for policy makers and discuss pros and cons of each. They concluded that some fragmentation might be necessary in democratic societies.
Lauren Crean, OECD asked if there is a link to the study.
Lucien sent it in the chat.
Mila Bajic, Share Foundation
The presentation can be viewed at:
https://ripe85.ripe.net/archives/video/970/
Mila talked about the findings of the second Freedom of the Net report on Serbia produced by Freedom House recently (the first report was published last year). The report ranks how free people are on the Internet in different countries. At the moment, Serbia is ranked as “free”, although a number of issues were recognised. Serbia scored well on the category “obstacles to access” and “limits on content online” but loses a lot of points in category “violations of user rights”. Telecom companies have to retain communication metadata and there have been instances where authorities have accessed this data through dubious legal means. There is also an “application for independent access” where authorities do not need to file an official request but are directly connected to the infrastructure of the telecommunications company, which allows them to directly access the data. This means that the telecommunications companies cannot reliably submit information on how many times the metadata has been accessed by authorities.
Rüdiger Volk, retired, commented that it is great that the GDPR is mirrored in the Serbian legislation. The control of access to metadata is not very clear in the EU. The EU Court has fined the German legislature a couple of times for attempting to access metadata. He asked how the metadata control in Serbia is compared to what’s expected of the EU legal system.
Mila responded that she is not a legal expert, but while doing research they discovered that in Serbia there are multiple avenues that the State could use to gain access to metadata without any kind of court process or submitting requests for access. What is worse, it is not just metadata. Text messages of journalists have been leaked and put into tabloids and it's clear where they are coming from. Nothing is being done to curb it.
There were no more questions.
Chris Buckridge and Bastiaan Goslings, RIPE NCC
The presentation can be viewed at:
https://ripe85.ripe.net/archives/video/971/
Bastiaan gave an update on the ITU Plenipotentiary meeting that took place over three weeks in October 2022 and involved over 2000 participants from 193 members states. The RIPE NCC was there as a sector member and provided technical input but could not vote or participate in the negotiations of the text, which is only allowed for Member States. A number of Internet-related resolutions were discussed and updated. Some open questions that remained: 1) How prominent the reference to the RIRs and other Internet organisations should be (footnote or main body)? 2) How big of a role the ITU should have in Internet governance, specifically in IP address management? 3) Should the Council Working Group on Internet be open to all stakeholders or sector members? (right now just Member States) 4) Should the ITRs be reviewed, revised, redrafted? Should a new WCIT be organised, or should the work on ITRs be stopped entirely at least for the time being?
Next, Chris talked about why it is important for the technical community to engage at the UN level. The decisions that are going to be taken in the next few years are going to be hugely important for the future development of Internet governance and digital cooperation. He highlighted the upcoming 20-year review of WSIS in 2025 as a key opportunity to review the UN commitment to a multistakeholder approach.
Jim Reid, rtfm llp, thanked the RIPE NCC team for the work they have been doing at the Plenipotentiary. He mentioned that it is very important that the Internet community is represented at these meetings and our voice is heard, even if it has to be relayed through cooperative and friendly Member States as it happens at the Plenipotentiary.
Jim also mentioned that with the election of Doreen Bogdan-Martin as Secretary General of the ITU, he expects to see much more cooperative environment from the ITU than what we have seen in the past, due to her involvement in the development sector.
Martin Winter, NetDEF/OpenSourceRouting, speaking on his behalf, asked if there were discussions at the Plenipotentiary which didn't get through this time but could impact us when they are brought up next time.
Chris answered that there was discussion about the fact that the OTT resolution was not changed this time and that's a good thing. The OTT resolution is related to the idea from the WCIT conference in 2012 about the “sender pays” model. We have seen such proposal now coming back. It could be a case of energy being diverted away from the ITU to the European Commission and elsewhere around the world. It doesn't necessarily mean the danger is gone – the issue is just played out elsewhere.
Martin said that he couldn’t get access to the reports and resolutions from the ITU Plenipotentiary. He asked if the RIPE NCC can make them accessible.
Chris answered that the final acts are restricted now because they are only provisional. He hopes that when there is a final sign-off from the states the final acts will be public.
Farzaneh Badii, Digital Medusa, commented that our community has always been scared that the ITU is going to come up with a resolution that's going to affect the Internet in a negative way. We hypothesise about the risks. In the future we need to have some criteria of what aspects we should pay attention to and what the effect of our participation really is. This way we can make evidence-based decision whether we should pay attention to the ITU.
Chris responded that we need to manage expectations around the ITU and processes like the Plenipotentiary. He gave the example of the big success of 12 years ago of mentioning the RIRs and ICANN into a footnote in these Internet resolutions. If the footnote wasn’t there, it wouldn’t change the work we do. However, diplomatic agreements such as the resolutions agreed at the Plenipotentiary are very different from the RFCs. We need to measure the impact and significance quite differently than we do when looking at a RIPE policy document.
Rick Nelson, V.I.E., asked what “fraudulent use of OTT applications that impact the revenue of operators” means on resolution 206.
Bastiaan clarified that that text did not end up in the resolution. He explained that communication services lost a lot of revenue to OTT services.
Rick asked how that makes them fraudulent.
Bastiaan responded that some are trying to convince their public authorities that they are fraudulent and regulate them as such.
Julf added that for him this is an abuse of legislation.
Maria Häll, RIPE NCC Executive Board, speaking in her own capacity, said that as someone who has been involved in ITU work she recognises the work that the RIPE NCC staff and others from the technical community put and thanked them for contributing to these discussions. She also thanked the co-chairs of the Cooperation Working Group for hosting these discussions between the technical community and government stakeholders.
There were no more questions. Julf closed the meeting.