Malcolm, There was an IGF workshop in Vilnius last year "Routing and Resource Certification: Self-governance and security at the core of Internet operations" (http://www.intgovforum.org/cms/component/content/article/102-transcripts2010...) I found Paul Vixie's remark he made there very useful in articulating the trade-offs we are facing here. He said: "I'd like to move from the situation we're in now, where the good guys have no recourse against the bad guys, to a new situation where the good guys will have some recourse against other good guys if these powers are misused, and that is the choice I'd rather see discussed [...]" Andrei Malcolm Hutty wrote on 5/5/11 11:39 :
On 05/05/2011 08:36, Randy Bush wrote:
shall we have a policy that covers black helicopters and sci-fi attacks as well as demanding perfection in everything?
Black helicopters in slides presentations are amusing. But if you seriously think the governments, law enforcement and private litigants won't see this as a new capability to prevent traffic to certain networks you haven't (note to self: be polite, Malcolm) all the facts.
Fact 1. In the Co-operation WG where British law enforcement officials have /already/ been asking for procedures to re-assign netblocks to their agency because they think that would help prevent traffic flowing to places where crimes occur. Of course, as a community we could refuse to cooperate, unless/until the NCC is compelled.
Nonetheless, this demonstrates LEAs do have both the awareness and the intent; it's not a wild conspiracy theory.
Fact 2. There is draft legislation ALREADY going through the EU that if passed would require all EU governments (including the Dutch) to introduce laws to "take the necessary measures to obtain the blocking of access" to certain Internet locations [1]. It could be argued that this would give Dutch LEAs sufficient power to require the RIPE NCC to revoke a certificate - or perhaps not; it probably depends on how the Netherlands chooses to implement this European law if/when it goes through.
I would say that this shows that the risk, although not certain, is pressing and immediate, not a vague worry for the distant future.
Fact 3. There is continuous lobbying within the EU, to which Dutch law is subject, for greater measures to require Internet intermediaries to prevent the reachability of certain Internet locations. This has mainly focussed on network operators, but more recently EU officials have opened dialogue with ccTLD registries and the RIPE NCC too.
There's no end of topics for which some people believe controlling access to Internet locations would be a useful means of fighting some social evil - child pornography and copyright infringement have in my estimation the largest and most organised lobbying in favour of such measures, but there's also active work in the areas of terrorism, "cybercrime" generally, gambling, xenophobia racism and hate-speech, just off the top of my head.
In my view the range of actors who would seek to use any new capability is wide, and they are outside our control as a technical community. They operate at the political level, and they have no interest in the technical community's opinions, apart from an answer to the question "What is it technically possible for the RIPE NCC to do to impede reachability to the locations we specify?"
Once the RIPE NCC comes to be seen as a "gateway controller" that can significantly impact the reachability of "bad" networks, it will irrevocably become a ongoing target for use as a tool of public policy enforcement.
Malcolm
[1] I'm referring to Article 21 of the Draft Directive on Child Sexual Exploitation, which is currently in Trialogue negotiations between the European Parliament, Commission, and Council of Ministers. http://bit.ly/9D5cg8