Home / Blogs

2nd Annual RIPE NCC - LEA meeting: Cooperation Unfolds

Wout de Natris

On Wednesday 16 March the Serious Organised Crime Agency organised a meeting in London with the RIPE NCC. For the second time law enforcers from the whole world met with the RIPE NCC and RIPE community representatives to discuss cooperation.

RIPE NCC staged several very interesting presentations that showed the LEAs the importance of the work done within RIPE and ARIN, the information RIPE NCC has and the relevance of all this to LEAs. Also issues were addressed that can potentially be harmful to future investigations.

An invitation to cooperate

If the law enforcement agencies got one message in London to take home, it was as SOCA's senior manager e-crime Lee Miles formulated it: "the door is open at RIPE NCC to cooperate". (In an off-conference remark a police officer said: "We are not used to the fact that a door is open. It is the opposite, we always have to break in the door. This is a new situation".)

There are many issues at present or in the near future that are of interest to or will effect law enforcement (investigations). RIPE NCC presented freely on this, thus showing her willingness to build a serious and in depth relationship with law enforcement. All presentations were of excellent quality and made it quite clear to LEAs what the state of play concerning RIPE policy making is, which information RIPE NCC has available and where in the case of technical problems around IPv4 depletion and (the lack of) transition to IPv6 a role for governments is necessary. This was a very stark message the police officers present got to take home: only governments can regulate or promote IPv6 transition!

Influence only through participation

LEAs were clearly made to understand that RIPE policy is formed in a bottom up process and that to have influence on this participation is necessary. If LEAs can address common concerns about the distribution and where necessary reclamation of IP addresses in the RIPE policy groups, they may be able to achieve changes that were not foreseen until recently. Their concerns are already more widely and receptively heard than expected even less than a year back. If the regular interaction of the past year has shown something, it is that several topics concerning the prevention of criminal use of IP resources are firm on the agenda.

If IP resources become more difficult to acquire for cyber criminals and RIPE NCC has a more stringent policy for reclaiming addresses, the Internet becomes safer at one of its front doors. Hence the importance for LEAs to work with the RIPE community in shaping policy together, policy RIPE NCC will execute.

Cyber Crime Working Party

LEA cooperation with RIPE NCC and the RIPE community is foreseen to go through the CCWP. From this body RIPE policy can be monitored and influenced, trainings coordinated, war games staged for all parties, knowledge exchanged and trust build. SOCA showed quite keenly showed her colleagues what she stands to gain through cooperation. All LEAs were invited to either join or support the initiative.

The fact that ARIN has now joined the CCWP is a strong sign that both RIRs think this initiative is of significant importance. The work ARIN does in the field of LEA cooperation and self-regulation in the U.S. and Canada is seen as an example by RIPE NCC.

Standardised information exchange

One of the goals of the CCWP is providing LEAs with a template that standardises information requests to RIPE NCC. This would make the work of the RIPE NCC substantially easier. On the spot it was decided to start work on the template. A breakthrough and success to be for the CCWP.

21st Century cooperation

Should this cooperation take off further in the near future, it will give a good example how public — private cooperation takes shape. Two entities not used to work together are forced to take each other's stock and commit resources to mend an acute problem. The moment they pull this off, the world is changed. Can LEAs afford not to be present as this unfolds? I don't think so.

By Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Domain Names

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

DNS Security

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

IP Addressing

Sponsored byAvenue4 LLC

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byAfilias