CircleID

At the Government Roundtable meeting in Amsterdam on 12 September RIPE NCC presented on her results on auditing Local Internet Registries (LIRs) and on the policy process concerning certification of her members. If this showed something to the world it is that cooperation with governments and law enforcement agencies (LEAs) pays off and self-governance can work. How did this come about?

First contact

Over four years ago the first contact between OPTA (the Dutch telecoms and post regulator) and the RIPE NCC was laid. It was an awkward meeting of two groups of people who were talking to each other, but didn't connect at any level. Around the same time RIPE NCC got into contact with LEAs that had an urgent need for accurate information in cybercrime investigations and was confronted with a growing number of requests for information. All this culminated in invitations participate in the Government Roundtable meetings for LEAs, including a special meeting aside.

From misconceptions to dialogue

At the first meeting in 2008 it was clear that there were several misconceptions on both sides as to content and purpose. There was a distinct tension between both parties and an expressed urgency on the side of the LEAs, which made dialogue hard to establish. What happened however, was that the friction built up during the first meeting was taken away by discussing possible future approaches. An agenda of topics was identified and an invitation formulated to continue the discussion. This led over the course of 2009 to the invitation to participate in respective relevant events. OPTA and representatives of cybercrime units presented at RIPE meetings, while RIPE NCC presented at the London Action Plan, the e-crime event in London and in the EU Cyber Crime Task Force. Relevant knowledge and information was shared between both sides.

Understanding each other's positions

This made a few things clear to participants. Law Enforcement officers learned to understand about policy processes within the RIPE community and that the only way to influence these processes is to participate and address the right people. Also they learned what sort of organisation RIPE NCC is and the sort of information she has on its members and the Internet in general. What of this information is public and what is private sensitive data. RIPE and RIPE NCC learned that (governments and) LEAs have legitimate concerns about the safety and security of the Internet and need accurate information on LIRs for investigating criminality or spam violations. But most probably also that they have no use for members that do not pay their bills and are untraceable as well as that it is not good for reputation when RIPE NCC is, no matter how unwillingly, associated with (organised) crime, which unfortunately, in very small numbers, was the case. This awareness caused RIPE NCC to look at her standards and procedures and alter them when deemed necessary, which is a great claim for self-governance.

Cooperation is successful

The reaching out led to the installation of the Cyber Crime Working Party in May 2010. In the CCWP LEAs, the Anti-Abuse Working Group of RIPE and LEAs share data and work together. The biggest challenge for law enforcement agencies is to dedicate resources to cooperation and participation, that do not immediately show a result in facts and figures presentable to the outside world. The figures presented by RIPE NCC on 12 September, as well as recent presentations by ARIN and AfriNIC, show that cooperation does pay off, but needs time to develop. On both sides! So use the figures within your respective organisations and make sure that this raises the awareness of the right people there.

As CCWP chair I complemented RIPE NCC with these results and noted that we have come a long way over the past few years. There is more to be done, but this moment of reflection is as good as any.

By Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement. More blog posts from Wout de Natris can also be read here.

Related topics: Cybercrime, Registry Services, Internet Governance, Policy & Regulation, Regional Registries, Spam, Whois