On 24 and 25 February 2011 the European Commission, DG Home Affairs, organised a meeting on cyber crime in cooperation with the US government, Department of Justice, with representatives of the law enforcement community, registries and registrars. The basis of the discussion was the RAA due diligence recommendations (hence: the recommendations) as presented by LEAs in the past years during ICANN meetings. The meeting was constructive, surprising and fruitful. I give some background, but what I would like to stress here is what, in my opinion, could be a way forward after the meeting.

The idea behind the RAA recommendations

Registries and registrars together with other entities lower in the Internet ecosystem, the Local Internet Registries, respectively resellers, have a role in making access to the Internet possible for end users. They dispense IP addresses or domain names around the globe. Domain names are either generic names like .com, .biz and .org or country code domain names like .be and .nl. The domain name registrars’ impression of the meeting is found in the Register. Nigel Roberts, CTO of the .gg registry, wrote on the topic from a privacy point of view on this site. (I could not find a link to the recommendations. So google: RAA + recommendations + ICANN + May 2009 for a downloadable Word document.)

From a law enforcement projective, in short, it is important that the registration of the IP resources are as correct as possible and easily, but lawfully accessible. The more correct data is, the easier it is for law enforcement to investigate abuse or crime. More correct data will most probably lead to less abuse of IP resources. The recommendations look for ways to raise accuracy of registrations as well as to enforce the accreditation agreement between registered parties and ICANN, when a registry or registrar is not in compliance with the agreement. Where access is concerned, I’m fairly convinced that LEAs would not mind having slightly easier than full open access to the data, if the data found is accurate.

The EU-US cyber crime meeting

The meeting started off with the understanding that the document was endorsed by e.g. the Government Advisory Committee of ICANN, the Message Anti-Abuse Working Group, the London Action Plan, in other words almost clad in iron. This made what happened in Brussels all the more surprising. In the afternoon of the first day the meeting’s agenda was set aside for an in-depth discussion of the recommendation text. This led to a fruitful discussion and to more insight into each other’s motivation, background and intent. Let me name a few.

The registrars and registries felt themselves heard by governments and LEAs as they could freely speak on content and process. This led to text amendments in the recommendation on the spot and a first step to an inventory on solutions, but also made understanding between both parties to grow. The presentations of VeriSign, ARIN and the Cyber Crime Working Party at RIPE NCC showed forms of cooperation and different approaches to information sharing. What also became evident is that there is a difference between the recommendations itself and the enforcement of it. That this is not dealt with in the recommendations, but that this is a task for ICANN herself. It became clear that parties agreed on the intent, as industry clearly stated that they do not (want to) profit from criminals. For LEAs it was made evident which parts of the recommendations were a real no-go zone for industry and why.

In one way the meeting took everyone two steps back as the endorsed text is of the table, but momentum wise the people in the room took giant steps. This makes it possible to take a look forward.

Cooperation in the near and medium future. Is it possible?

When I think back to the meeting, I can see several ways forward that could be discussed over the coming period, that may take the registrar community as well as their interaction with law enforcement to another level.

– Information and communication. It may be worthwhile looking into communication both ways. The discussed template for information requests to registrars from law enforcement will make procedures more efficient and less costly. Next to that, in what way could the community communicate towards law enforcement, e.g. through their respective websites? This would make communication more efficient as well. Can this be seen as a two way street?

– Competition vs. mutually perceived concerns. Despite the fact that the registrar community is highly competitive, are there, analogous to the banking industry, segments of interaction between them that could be declared as non-competitive, that once identified may actually lead to a mutual benefit? This could lead to a different approach and commonly agreed upon solutions for these concerns.

– Enforcement. As soon as the leading registrars act on common concerns, many smaller will follow. This sets the good guys apart from the bad guys, who can be easily identified. This makes enforcement, ICANN and LEA wise, of the real black hats a distinct possibility. What does it take for ICANN to act and what role could the registrars play in this?

– Information sharing. Are there ways in which the registry and registrar communities can work with LEAs on exchanging information that will take intelligence gathering to a higher level?

Answers to these questions may just make life a lot easier and safer for the community herself and for everyone concerned.

Results to strive for

Quite rightly it was commented that the registries and registrars are not the source of all evil. There are other and even much bigger issues concerning the Internet that also need to be tackled. However, fact is that in order to push back abuse and crime on the Internet, the registration of IP resources is one of the factors that have to be taken into account. If by a common effort we do manage to make registration for criminals harder and deregistration more efficient, it becomes harder for them to access the Internet and inflict harm on end users.

It is a fact that at this moment there are a lot of people involved in Internet fraud and crime, because it is easy money with an almost zero percent chance at getting caught. They will go away if access becomes less easy and arrests go up. Figures in the Netherlands prove this, even for international criminal gangs. They move elsewhere when opposition is put up effectively.

Industry also stands to win. Requests from LEAs will first become more efficient, then will drop, black hats are identified and dealt with and reputation of the group as a whole goes up. There will always be crime, but the momentum in the room at the Albert Borschette in Brussels may just make it possible to push Internet crime rates back to more normal proportions

I hope to be able to say in a while that I was present at a meeting that proved to be a breakthrough. Let’s work at making this work.