-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/05/2011 07:43, Sander Steffann wrote:
There is no specific Dutch legislation that can be used to order the deregistration of Internet number resources or change the registration details of Internet number resources. Nor is there any legislation that applies to the revocation of certificates over Internet number resources.
In the absence of such legislation, a court cannot order the revocation of certificates.
It is the RIPE NCC’s view, based on this analysis, that the RIPE NCC cannot be ordered to revoke resource certificates.
There are a couple of other possible current vectors, as well as the question of future legislation. 1. Legal counsel referred to the lack of legislation that specifically mentioned revocation of certificates. Most of the existing and draft legislation I know of (not Dutch, but some EU) refers instead to "preventing access to Internet [locations/sites/content]". As a generalisation, courts will not normally order someone to do something utterly outside their power, but may order someone to take such steps as they are able to achieve an end if they are seen as being able to make a significant contribution, even if that contribution won't be wholly successful. For example, courts sometimes order newspapers and broadcasters not to publish information, even though they know the information may end up being published online. Right now it is commonly said that RIPE NCC does not have control over routing, so a court would be unlikely to order the RIPE NCC to prevent access to an Internet location. If, as a result of this policy, RIPE NCC is seen to have the capability to significantly reduce the reachability of an Internet location, a court might be willing to order it to "prevent access to the location" to the extent that it is able. No explicit mention need be made of certificate revocation. 2. Within some jurisdictions LEAs argue that Internet intermediaries are themselves criminally liable if they "facilitate" criminal activity by refusing to prevent access to an Internet location where criminal activity is ongoing, once they have been informed of the criminal activity. Intermediaries are thus induced to block access without a court order being necessary. Within the EU, network operators have special protection against this threat from the E-Commerce Directive as "mere conduits", but unfortunately registries like the RIPE NCC probably do not fit the definition of "mere conduit". In the UK, Nominet (the .uk ccTLD registry) has been induced to suspend domain registrations using this argument. RIPE NCC might in future be exposed to the same pressure. 3. Finally, new legislation not only /could/ be created, but most certainly will. The Netherlands is subject to EU law. Whether such new law would affect the RIPE NCC we cannot be certain, but I am certain that the only thing restraining lobbyists is a lack of awareness of the existence of RIPE NCC (and awareness is increasing), and a belief that the RIPE NCC has no relevant technical capability, which this policy would change. - -- Malcolm Hutty | tel: +44 20 7645 3523 Head of Public Affairs | Read the LINX Public Affairs blog London Internet Exchange | http://publicaffairs.linx.net/ London Internet Exchange Ltd Maya House, 134-138 Borough High Street, London SE1 1LB Company Registered in England No. 3137929 Trinity Court, Trinity Street, Peterborough PE1 1DA -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3DoywACgkQJiK3ugcyKhSlSACdGyEFtxJUai+xrWtGB/vwZjoJ VnUAoLpgRXaghPiUTTDwF3SIoQxgCEa+ =eFIF -----END PGP SIGNATURE-----