From rbarnes at bbn.com Fri Dec 2 22:41:37 2011 From: rbarnes at bbn.com (Richard L. Barnes) Date: Fri, 2 Dec 2011 16:41:37 -0500 Subject: [cooperation-wg] Interaction between Dutch police and RIPE NCC In-Reply-To: <5FAC6C86-A176-46F4-BCE3-16081B90F4BF@frobbit.se> References: <5FAC6C86-A176-46F4-BCE3-16081B90F4BF@frobbit.se> Message-ID: For those of you who are interested in the court order, but don't read Dutch, I've transcribed it into text below, and attached a Google translation into English. All typos in the Dutch version are mine. -----BEGIN Dutch Court Order----- BEVEL EX ARTIKEL 2 VAN DE POLITIEWET Ter bescherming van de openbare orde en handhaving van de rechtsorde Ondergetekende, G.A. Wind, Inspecteur van politie, werkzaam bij het Team High Tech Crime van de Dienst Nationale Recherche van het Korps Landelijke Politiediensten Overwegende dat: -- Door de bevoegde autoriteiten van de Verenigde Staten van Amerika een strafrechtelijk onderzoek is ingesteld terzake van het (medeplegen van het) onbevoegd installeren van kwaadaardige software (malware) op miljoenen computersystemen in de Verenigde Staten en daarbuiten, alsmede terzake van het witwassen van de opbrengsten van criminele activiteiten; -- Deze feiten strafbaar zijn naar Nederlands recht, op grond van (in elk geval, maar niet uitputtend) de artikelen 138ab, 139d, 140, 350a en 420bis van het Wetboek van Strafrecht; -- Deze strafbare feiten een onmiddellijke bedreiging vormen voor de Nederlandse openbare orde en/of de rechtsorde; -- Op 14 December 2010 door de bevoegde autoriteiten van de Verenigde Staten van Amerika een justitieel rechtshulpverzoek werd gedaan aan de Nederlandse autoriteiten, strekkende tot het verrichten van opsporingshandelingen ten behoeve van het Amerikaanse opsporingsonderzoek; -- Op 3 November 2011 door de bevoegde autoriteiten van de Verenigde Staten van Amerika een aanvullend justitieel rechtshulpverzoek werd gedaan aan de Nederlandse autoriteiten, strekkende tot het uitvoeren van een rechterlijk bevel, afgegeven door de Honoroable William H. Pauley III, United States District Judge, Southern District of New York, op 3 November 2011 -- Het Amerikaanse rechterlijk bevel betrekking heeft op activiteiten van alle Regional Internet Registrars (RIR) ter wereld, waarvan de Reseach IP Europeens Network Coordination Center (RIPE NCC) haar zetel heeft in Amsterdam; -- Het Amerikaanse rechterlijk draagt aan iedere RIR op om die maatregelen te treffen waardoor wordt voorkomen dat: -- de verdachten in het Amerikaanse opsporingsonderzoek de controle overdragen van de relevante registratie(s) van een specifiek aantal IP-ranges in het publieke register; -- de verdachten in het Amerikaanse opsporingsonderzoek wijzigingen aanbrengen in de relevante registratie(s) van een specifiek aantal IP-ranges in het publieke register, behoudens voorafgaande schriftelijke toestemming van de FBI of de United States Attorney's Office for the Southern District of New York; -- de verdachten in het Amerikaanse opsporingsonderzoek een specifiek aantal IP-adresregistraties (IP-address records) overdragen aan een ander of anderen, behoudens voorafgaande schriftelijke toestemming van de FBI of de United States Attorney's Office for the Southern District of New York; In opdracht van de officier van justitie bij het Landelijk Parket mr. L.J.A. van Zwieten, Geeft hierbij opdracht aan: RIPE NCC Statutair gevestigd te Amsterdam Om ter bescherming van de openbare orde en handhaving van de rechtsorde te handelen overeenkomstig de tekst van het Amerikaanse rechterlijk bevel, met betrekking tot de navolgende IP-ranges: [redacted] Van het effectief zijn van deze maatregelen dient mededeling te worden gedaan aan ondergetekende op uiterlijk 8 Novermber 2011. Indien en voorzover de uitvoering van dit bevel voor RIPE technisch niet mogelijk is, dient hiervan zo spoedig mogelijk, doch uiterlijk op 8 November 2011, mededeling te worden gedaan aan onder getekende. Deze maatregelen dienen van kracht te zijn in de periode van 8 November 2011 tot en met 22 Maart 2012; Dit bevel is uitgereikt op 8 November 2011; G.A. Wind [Signed] Gea Wind Deputy Team Leader National High Tech Crime Unit National Crime Squad Netherlands' Police Agency Voor ontvangst: Namens RIPE NCC -----END Dutch Court Order----- -----BEGIN Google Translation----- ORDER UNDER ARTICLE 2 of the Police To protect public order and enforce law The undersigned, G.A. Wind, Inspector of Police, who works at the High Tech Crime Team of the National Crime Squad of the National Police Whereas: - The competent authorities of the United States a criminal investigation has been the matter of (co-perpetrator of) unauthorized installation of malicious software (malware) on millions of computers in the United States and abroad, and in respect of the laundering of proceeds of crime; - These facts punishable under Dutch law, under (at least, but not exhaustive) Articles 138ab, 139d, 140, 350a and 420bis of the Penal Code; - These crimes an immediate threat to the Dutch public order and / or the law; - On 14 December 2010 by the competent authorities of the United States of America a judicial assistance request was made to the Dutch authorities, seeking to perform acts of investigation for the U.S. criminal investigation; - On 3 November 2011 by the competent authorities of the United States of America an additional judicial assistance request was made to the Dutch authorities, seeking to carry out a court order issued by the Honoroable William H.Pauley III, United States District Judge, Southern District of New York on 3 November 2011 - The U.S. court order covers all activities of Regional Internet Registrars (RIR) in the world, whose Reseach IP Europ?ens Network Coordination Centre (RIPE NCC) has its headquarters in Amsterdam; - The U.S. court assigns to each RIR to make those measures which will prevent: - The defendants in the U.S. investigation of the control transfer of the relevant recording (s) of a specific number of IP ranges in the public register; - The defendants in the U.S. investigation changes in the relevant register (s) of a specific number of IP ranges in the public record without the prior written permission of the FBI or the United States Attorney's Office for the Southern District of New York; - The defendants in the U.S. investigation of a specific IP address entries (IP address records) over to another or others without the prior written permission of the FBI or the United States Attorney's Office for the Southern District of New York; Commissioned by the Public Prosecutor of the National Public Prosecutor Mr. LJA van Zwieten, Hereby command: RIPE NCC Corporate seat in Amsterdam In order to protect public order and enforce the law to act according to the text of the U.S. court order, relating to the following IP ranges: [Redacted] The effective communication of the measures should be taken to the undersigned on or before 8 Novermber 2011. If and insofar as the implementation of this order for RIPE technically possible, as soon as possible but no later than 8 November 2011, notification should be made to under-drawn. These measures should be in force during the period from 8 November 2011 to March 22, 2012; This order was issued on 8 November 2011; G.A. Wind [Signed] Gea Wind Deputy Team Leader National High Tech Crime Unit National Crime Squad Netherlands' Police Agency For receipt: RIPE NCC on behalf of -----END Google Translation----- On Nov 19, 2011, at 3:35 AM, Patrik F?ltstr?m wrote: > Hi, > > I presume many of you have seen this original story on the RIPE website from Nov 9: > > http://www.ripe.net/internet-coordination/news/about-ripe-ncc-and-ripe/ripe-ncc-to-seek-clarification-from-dutch-court-on-police-order-to-temporarily-lock-registration/ripe-ncc-blocks-registration-in-ripe-registry-following-order-from-dutch-police > >> RIPE NCC Blocks Registration in RIPE Registry Following Order from Dutch Police >> 09 Nov 2011 >> The RIPE NCC received a temporary order from the Dutch police to prevent any changes from being made to a registration of four specific blocks of IPv4 address space in the RIPE Registry. >> >> The order is effective from 8 November 2011 until 22 March 2012. > > This has been updated with new information on Nov 16: > > http://www.ripe.net/internet-coordination/news/about-ripe-ncc-and-ripe/ripe-ncc-to-seek-clarification-from-dutch-court-on-police-order-to-temporarily-lock-registration > >> The RIPE NCC is receiving independent legal advice and is in discussion with the appropriate authorities. It is the intention of the RIPE NCC to pursue this matter further in Dutch court to establish a precedent so that it is certain of its rights regarding such orders. >> >> In the interest of transparency, the RIPE NCC is working on full disclosure of the background documents. The RIPE NCC will update the community if and when any other publishable materials become available. >> >> The RIPE NCC is committed to acting in the best interest of its membership and will continue to inform the Internet community on this matter as it progresses. >> >> The RIPE NCC has not withdrawn, removed or reclaimed the address blocks in question; it has temporarily locked a registration of address blocks. > > On this last page there is also a link to the police order itself: > > http://www.ripe.net/lir-services/member-support/police-order-8-november-2011 > > Patrik F?ltstr?m > Co-chair, Cooperation Working Group > > > From vesely at tana.it Mon Dec 5 14:28:15 2011 From: vesely at tana.it (Alessandro Vesely) Date: Mon, 05 Dec 2011 14:28:15 +0100 Subject: [cooperation-wg] Work Programme 2012 of the European Commission published In-Reply-To: <37733D654721E340A0D2B6992C3171680BEDC0CC@S-DC-EXM13.net1.cec.eu.int> References: <37733D654721E340A0D2B6992C3171680BEDC0CC@S-DC-EXM13.net1.cec.eu.int> Message-ID: <4EDCC6EF.5070402@tana.it> On 20/Nov/11 12:21, Andrea.GLORIOSO at ec.europa.eu wrote: > > What you may probably be more interested in is the so-called Annex > I, which lists with some more detail the specific "key initiatives" > of the CWP (see > http://ec.europa.eu/atwork/programmes/docs/cwp2012_annex_en.pdf). > The Annex is divided by "policy themes". RIPE members may possibly > be interested in the actions under the "Digital Agenda" theme > (21-25) Under "Digital Agenda" there is an entry in the forthcoming initiatives 2013 saying Towards an EU Cloud Computing Strategy / Non-legislative The Communication will address several aspects of the current regulatory framework, which was conceived considering less demanding applications. In particular, cloud computing is raising specific issues related to data protection and data retention, applicable law and liability, as well as consumer protection. The aspects of interoperability, standardisation and portability of data and applications will also be addressed. (I guess that is the same initiative mentioned on [TNYT]). Is it possible to get in touch with those who are designing that initiative? I have an idea which has been brewing largely in my mind for some years for a consent-exchange Internet protocol for email users. It is summarized in [FIXF]. I proposed it to the Cooperation WG earlier this year, in [MAY]. In short, it is a legally difficult solution to a problem that most operators consider not urgent --just like that cloud computing strategy quoted above. Since email addresses are often used as identities in cloud computing, I think this issue fits nicely within that agenda entry. Thus I wish to talk to the relevant people and possibly work with them, if at all possible. Thank you for cooperating Alessandro [TNYT] http://www.nytimes.com/2011/11/10/technology/eu-to-tighten-web-privacy-law-risking-trans-atlantic-dispute.html [FIXF] http://fixforwarding.org/ [MAY] http://lists.ripe.net/pipermail/cooperation-wg/2011-May/000035.html From gordon.lennox.13 at gmail.com Thu Dec 8 16:57:32 2011 From: gordon.lennox.13 at gmail.com (Gordon Lennox) Date: Thu, 8 Dec 2011 16:57:32 +0100 Subject: [cooperation-wg] Work Programme 2012 of the European Commission published In-Reply-To: <4EDCC6EF.5070402@tana.it> References: <37733D654721E340A0D2B6992C3171680BEDC0CC@S-DC-EXM13.net1.cec.eu.int> <4EDCC6EF.5070402@tana.it> Message-ID: The unit in DG INFSO responsible for "Cloud Computing" is INFSO-D3 "Software & Service Architectures and Infrastructures". The Head of Unit is Rainer Zimmermann . His deputy is David Callahan . Regards, Gordon On 5 December 2011 14:28, Alessandro Vesely wrote: > Under "Digital Agenda" there is an entry in the forthcoming > initiatives 2013 saying > > ? Towards an EU Cloud Computing Strategy ?/ Non-legislative > > ? The Communication will address several aspects of the current > ? regulatory framework, which was conceived considering less > ? demanding applications. In particular, cloud computing is raising > ? specific issues related to data protection and data retention, > ? applicable law and liability, as well as consumer protection. The > ? aspects of interoperability, standardisation and portability of > ? data and applications will also be addressed. > > (I guess that is the same initiative mentioned on [TNYT]). > > Is it possible to get in touch with those who are designing that > initiative? ?I have an idea which has been brewing largely in my mind > for some years for a consent-exchange Internet protocol for email > users. ?It is summarized in [FIXF]. ?I proposed it to the Cooperation > WG earlier this year, in [MAY]. ?In short, it is a legally difficult > solution to a problem that most operators consider not urgent --just > like that cloud computing strategy quoted above. ?Since email > addresses are often used as identities in cloud computing, I think > this issue fits nicely within that agenda entry. ?Thus I wish to talk > to the relevant people and possibly work with them, if at all possible. > > Thank you for cooperating > Alessandro From Andrea.GLORIOSO at ec.europa.eu Thu Dec 8 17:03:34 2011 From: Andrea.GLORIOSO at ec.europa.eu (Andrea.GLORIOSO at ec.europa.eu) Date: Thu, 8 Dec 2011 17:03:34 +0100 Subject: [cooperation-wg] Work Programme 2012 of the European Commission published In-Reply-To: <4EDCC6EF.5070402@tana.it> References: <37733D654721E340A0D2B6992C3171680BEDC0CC@S-DC-EXM13.net1.cec.eu.int> <4EDCC6EF.5070402@tana.it> Message-ID: <37733D654721E340A0D2B6992C3171680BEDC470@S-DC-EXM13.net1.cec.eu.int> Dear Alessandro, apologies for the belated reaction, I was sick / on mission these past days. >-----Original Message----- >Under "Digital Agenda" there is an entry in the forthcoming >initiatives 2013 saying > > Towards an EU Cloud Computing Strategy / Non-legislative >Is it possible to get in touch with those who are designing that >initiative? Our activities in this area are coordinated by the colleagues in unit D3. You can contact the Head of Unit, Dr. Rainer Zimmermann , or the deputy Head of Unit, David Callahan . Please let me know if you need more information and I'll be glad to help. Best, Andrea From Andrea.GLORIOSO at ec.europa.eu Thu Dec 8 17:14:34 2011 From: Andrea.GLORIOSO at ec.europa.eu (Andrea.GLORIOSO at ec.europa.eu) Date: Thu, 8 Dec 2011 17:14:34 +0100 Subject: [cooperation-wg] Work Programme 2012 of the EuropeanCommission published In-Reply-To: <00d001ccaa87$595c7480$0c155d80$@theiet.org> References: <37733D654721E340A0D2B6992C3171680BEDC0CC@S-DC-EXM13.net1.cec.eu.int> <00d001ccaa87$595c7480$0c155d80$@theiet.org> Message-ID: <37733D654721E340A0D2B6992C3171680BEDC472@S-DC-EXM13.net1.cec.eu.int> Dear Steve, >-----Original Message----- >From: cooperation-wg-bounces at ripe.net >[mailto:cooperation-wg-bounces at ripe.net] On Behalf Of Steve Nash >Sent: Thursday, November 24, 2011 9:59 AM >To: cooperation-wg at ripe.net >Subject: Re: [cooperation-wg] Work Programme 2012 of the >EuropeanCommission published > >63 - Data retention is also relevant. Especially the >reimbursement bit! >Steve Nash Indeed, I can ensure it was left out by error. ;) Policies on data retention are being handle by DG Home Affairs (DG HOME): see http://ec.europa.eu/home-affairs/policies/police/police_data_en.htm and http://ec.europa.eu/home-affairs/news/consulting_public/consulting_0022_en.htm for more details. Best regards, Andrea From gordon.lennox.13 at gmail.com Tue Dec 13 14:07:07 2011 From: gordon.lennox.13 at gmail.com (Gordon Lennox) Date: Tue, 13 Dec 2011 14:07:07 +0100 Subject: [cooperation-wg] "No Disconnect Strategy" Message-ID: A press release, some aspects of which I presume are of particular interest to this group: http://europa.eu/rapid/pressReleasesAction.do?reference=IP/11/1525&format=HTML&aged=0&language=EN&guiLanguage=en From patrik at frobbit.se Tue Dec 13 14:24:04 2011 From: patrik at frobbit.se (=?iso-8859-1?Q?Patrik_F=E4ltstr=F6m?=) Date: Tue, 13 Dec 2011 14:24:04 +0100 Subject: [cooperation-wg] "No Disconnect Strategy" In-Reply-To: References: Message-ID: <8C6478E7-37D0-412F-AB72-F94603E5EE7A@frobbit.se> On 13 dec 2011, at 14:07, Gordon Lennox wrote: > A press release, some aspects of which I presume are of particular > interest to this group: > > http://europa.eu/rapid/pressReleasesAction.do?reference=IP/11/1525&format=HTML&aged=0&language=EN&guiLanguage=en Interesting... Good initiative I must say. But, how does it connect to what other DG do? What is the connection between initiatives like these and what DG Home Affairs is trying to do when looking at the Data Retention Directive and other things? I.e. is it DG INFSO or HOME or a combination that is responsible for calculation of the proportionality between for example human rights and effect, like is pointed out in 1(3a) in the electronic communications directive? > 3a. Measures taken by Member States regarding end-users access? to, or use of, services and applications through electronic communications networks shall respect the fundamental rights and freedoms of natural persons, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law. > > Any of these measures regarding end-users? access to, or use of, services and applications through electronic communications networks liable to restrict those fundamental rights or freedoms may only be imposed if they are appropriate, proportionate and necessary within a democratic society, and their implementation shall be subject to adequate procedural safeguards in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms and with general principles of Community law, including effective judicial protection and due process. Accordingly, these measures may only be taken with due respect for the principle of the presumption of innocence and the right to privacy. A prior, fair and impartial procedure shall be guaranteed, including the right to be heard of the person or persons concerned, subject to the need for appropriate conditions and procedural arrangements in duly substantiated cases of urgency in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms. The right to effective and timely judicial review shall be guaranteed. Or is that something this initiative by Kroes is supposed to give answers to? How this is to be implemented in reality in EU. Specifically given the statement by Ashton in the press release. Patrik From Andrea.GLORIOSO at ec.europa.eu Tue Dec 13 15:58:05 2011 From: Andrea.GLORIOSO at ec.europa.eu (Andrea.GLORIOSO at ec.europa.eu) Date: Tue, 13 Dec 2011 15:58:05 +0100 Subject: [cooperation-wg] Cloud computing / new documents Message-ID: <37733D654721E340A0D2B6992C3171680BEDC4FE@S-DC-EXM13.net1.cec.eu.int> Dear all, in the context of the development of the European Cloud Computing strategy, which was briefly referred to in this mailing list, you may be interested to know that the following documents have been recently published on the website of the European Commission: - Final report of the public consultation on Cloud Computing (16 May - 31 August 2011) http://ec.europa.eu/information_society/activities/cloudcomputing/docs/ccconsultationfinalreport.pdf - Recommendations from the "select industry group" to the European Commission on the orientation of a Cloud Computing strategy for Europe http://ec.europa.eu/information_society/activities/cloudcomputing/docs/industryrecommendations-ccstrategy-nov2011.pdf http://ec.europa.eu/information_society/activities/cloudcomputing/docs/annex-industryrecommendations-ccstrategy-nov2011.pdf (annexes) Best regards, -- Andrea Glorioso (Mr) European Commission - DG Information Society and Media Unit A3 (Internet; Network and Information Security) Avenue de Beaulieu 33 (2/84) / B-1049 / Brussels / Belgium T: +32-2-29-97682 M: +32-460-797-682 E: Andrea.Glorioso at ec.europa.eu Twitter: @andreaglorioso Facebook: https://www.facebook.com/andrea.glorioso LinkedIn: http://www.linkedin.com/profile/view?id=1749288&trk=tab_pro The views expressed above are purely those of the writer and may not in any circumstances be regarded as stating an official position of the European Commission. Les opinions exprim?es ci-dessus n'engagent que leur auteur et ne sauraient en aucun cas ?tre assimil?es ? une position officielle de la Commission europ?enne. Be transparent - Sign up to the European Commission's Register of Interest Representatives http://ec.europa.eu/transparency/regrin From roland at internetpolicyagency.com Tue Dec 13 15:57:50 2011 From: roland at internetpolicyagency.com (Roland Perry) Date: Tue, 13 Dec 2011 14:57:50 +0000 Subject: [cooperation-wg] "No Disconnect Strategy" In-Reply-To: References: Message-ID: Tue, 13 Dec 2011, Gordon Lennox remarked: >A press release, some aspects of which I presume are of particular >interest to this group: > >http://europa.eu/rapid/pressReleasesAction.do?reference=IP/11/1525&forma >t=HTML&aged=0&language=EN&guiLanguage=en "Three Strikes and you are still in" policy, but only in oppressed countries? -- Roland Perry