RIPE NCC Services
26th October 2022
At 2:30 p.m: Good afternoon, everyone. This is RIPE 85. Two different screens showing two different things. So this is your favourite Working Group, as always. This is your most favourite Working Group, it's the NCC Services Working Group before we start, this is the reminder that directly after this the NCC Services Working Group, will actually directly after this we technically have a break, if you ask too many questions we don't have a break but after that, we have the General Meeting and if you are registered for the General Meeting and you haven't went outside and got your GM sticker that you need to enter, now is the time to go to the registration desk and there is the operational update from in a little bit and that is considered as included in the GM once that starts.
So with that preamble, the agenda, we are going to start with the welcome which we are doing at the moment and then we have the agendas announced earlier in the week and then we also going to go through the Chair selection for this time, open microphone and hopefully we will move on to a break.
On the admin matters, welcome again. We have a scribe, I presume. Yes, good. Good, we have a scribe. Thank you NCC for providing a scribe. And we just done the agenda and the minutes of the last Working Group meeting at RIPE 84 was published on 16th October to the mailing list and we have received no comments on or off‑line so I presume they can be considered approved. Done.
With that, I have done intro and I am going to ‑‑ I forgot to say I am Kurtis Lindqvist, I am one of the Chairs, I got two co‑chairs who can't be here this time so you only get me. And with that, we are going to go on to the first agenda item which is the operation update. Felipe?
FELIPE VICTOLLA SILVEIRA: This is the RIPE NCC operational update. I would like to start by discussing services levels and what we are doing to improve in this area. So our main objective is to deliver world class services to our members, we define that through three different key results, the first two ones are related to membership satisfaction so it's the NPS core and also respond to all tickets within one business day.
So first I would like to start sharing some information about resource update tickets over time. So this kind of tickets including things like transfers, mergence and acquisitions, sponsorship changes and so on and there are a couple of points I would like to highlight here. The first one is a consolidation of a trend we have been observing since the beginning of the year in the reduction in the number of tickets. It's a bit hard to see on the slides so it's the grey line so that's 2022 and you can see they are kind of going back to levels they have seen a couple of years ago back in 2019.
The second point that I would like to highlight is this ‑‑ is the peak in the number of these kind of requests by the end of the year so you can see on the blue line supposed to be green but it's blue, and the purple one is they are peaks by the end of the year and this trend should not happen at this year again and the main reason we didn't hand over many /24s, a couple of years ago, so there will not be a lot of address space eligible for transfers by the end of the year.
So I would like to switch topics to the Net promoter score, that's one of the metrics use to measure the membership section so the question we ask, we ask to Sunday surveys when you close a ticket and we ask this question: How likely are you to speak highly of the RIPE NCC to your friends and colleagues? The results go from 0 to 10, 0 you highly disagree with this statement, 10 you highly agree, and in the industry 9 and 10 are considered promoters, from 0 to 6 are considered detracters, and then you calculate the score by subtracting the percentage of detracters from the percentage of promoters. In other words, if you have a score 0 you have the same percentage promoters and detractors. If you have negative score it means you have more detractors than promoters, so anything above 0 is considered a good score, anything above 50 is considered an excellent score, and anything above 80 is considered world class. So that's our target. We are aiming quite high at a score of 80 or higher than that. We are not there yet, but we have a pretty good score of 67 .7, so that's based on the score from Q3 and based on 350 responses.
So now going to the next metric which is customer effort score so the question we ask here is to what extent do you agree or disagree with this statement. The RIPE NCC made it easy to handle my issue. Scores go from 1 to 7. 1 you highly disagree with this statement, 7 you highly agree with this statement, so the higher the bet our target is higher than 6 .5, so we are pretty ambitious here as well.
For registry update and member update tickets we are meeting that target so 6 .5 or 6.6, a pretty high score so that includes data from Q3 and also a little bit from Q2 as well. We are not quite there yet for new LIR and billing, and especially for billing we are going through the results of the survey, identifying the main complaints from our members and we have a project in place in order to improve there.
So the next metric I would like to highlight is the percentage of tickets responding within one day so our target is to respond to all of them but you can be a bit for giving if it's up to 90% that's considered okay. We didn't meet that target back in March and that was mostly related to the war in Ukraine where we received a high number of messages mostly from LIRs in Ukraine asking questions about their invoices. So we didn't have the manpower to handle that ticket world load.
We had some hiccups back in July, mostly related to the holiday season, a lot of people off plus people are getting ill so didn't manage to meet the target there as well.
And after that situation is pretty normalised. There are some differences between the teams, some teams are meeting the target better than others so also looking to ways to better distribute the workload so we can fix that.
Just to summarise the first part of my presentation: The average number of tickets is being reduced when you compare to previous years and that's allowing us to focus more on service quality and accuracy of the registry and that will be the next topic of my presentation today.
Second, the service quality, when you use those metrics NPS and customer effort score are at excellent levels. We have identified some issues, though, in billing tickets and there is a project in place in order to improve there.
And finally, there are some bumps in our ability to deal with tickets, with all tickets and these are normally concentrated in specific times and areas, like, for example, billing tickets at the beginning of the year around February or March right after we do the invoicing, for the member services team so looking to ways to better distribute the workload so we can cope with that.
Now, for the second part of my presentation, registry accuracy and compliance, so our objective here is to ensure a highly accurate and compliant registry, so we have five different key results, the first two are about verifying all members and end users every five years. The third one is completing at least 200 ARCs per month and finally the percentage of members with inaccurate data that we find doing ARCs, it should be less than 1%. I am going to explain each one of these metrics now.
So the first metric is about the percentage of members verified. So the idea here is that every time we process a registry update like, for example, a transfer, an MNA we do an ARC with the member, we verify the information against an official source so we know for sure that, at that specific point in time, the information in the registry is accurate. So, at that point we put a time stamp in that record and basically measure the information in the registry. So that's basically the result of this measurement. The first time we did we identified a quarter of our members with more than 5 years old registration information. And we have been focusing on those, mostly doing our our ARCs so managed to reduce that by half approximately.
Now about end users. The run time we run this measurement we identified that half of our end users had older registration information, and there we had to do one‑off project where we use stamps and verified all the information for the end users. And we managed to do a huge improvement so we reduced these number of members that is members with older registration information by almost five fold.
So this is how we aim to improve the accuracy of the registry, so we aim to complete as many ARCs as possible for the ones of you who are not familiar with it, an ARC stands for assisted registry check. It's audit activity that has the aim of ensuring quality rates to data and aim to provide a good understanding of our services.
We can see here in this chart that by the end of last year, we had to reduce significantly the amount of ARCs that are providing to our members, and that was due to the very high workload that we experienced at the end of last year so since then, we have managed to put more people working on ARCs and are almost restoring the numbers that we had in the past. So we are doing about 200, more than 200 ARCs per month.
So now like to introduce a new metric that have been using to measure the accuracy of the registry, so every time we audit a member as I explained before we verify their information against official sources, like, for example, online registries. And sometimes it turns out the information we have about our member, so the information about the company, about their companies in the registry turns out to be incorrect. Like, for example, merger went ‑‑ a member went into a merger and acquisition and we didn't know about that. So we start collecting this data in August, so we don't have a lot of data yet, of course over time we are going to get more, but overall we have 440 ARCs performed so far with this data and then we found two members went to a merge and acquisition, and two members were closed companies so had an inaccuracy of about 1%.
So one question is how can we improve in this data?
So, to give a little bit of background, we use Dun and Bradstreet and Dow Jones as tools to ensure our European Union compliance, they have information about all the different companies and every time a company is added to the sanction list we receive a notification from them and then we start an investigation. So the idea here is that we use the same tooling to also monitor against changes in the legal structure of our members. So, for example, a member goes into liquidation, we receive a notification from Dunn and Bradstreet and then we start ‑‑ we start an investigation about that.
The idea behind this is by processing these changes proactively we avoid this often painful and slow updates in the future. So think about a company that went into a merge and acquisition like ten years ago and today they request a transfer it might take a very long time for us to be able to go through back through the chain of holdership and then be sure about who is the legitimate holder of those resources. And these are often long‑standing tickets that will be very painful for our members and also for the RIPE NCC.
So this is a chart basically explaining what I just said, so the have information about our members, something changes in the legal structure of our members, we receive a notification, so this process is fully automated, a ticket will be created, it's going to be assigned to the right queue and then an agent will pick up this ticket and will start the investigation. So going to online registries we check what's the right state for that member and then depending if the registry is not accurate or we are going to trigger a process with a member and going up to date the registry.
So now I'd like to change topics and talk about our sanction transparency report, that's a quarterly report that provides including data from our members and users and legacy resource holders so how they are affected by sanctions without violating their confidentiality and privacy. I put here a link to the last version of the report. I would like to highlight the main differences compared to the last report so on 13th May we have frozen an end users from Russia, and then on 26th July we have frozen a member from Russia and on 17th October we froze a member from Georgia and another member from Russia and here we can see all the different details about that.
On top of that we have a very large number of potential matches that under investigation by the RIPE NCC. So I was explaining before the Dow Jones, we receive a lot of alerts from that and that trigger an investigation by the legal team and by the RS team and because there is no grace period allowed for sanction compliance we must treat all these potential cases as though they are sanction until we can prove otherwise.
So, the last version of the report I have 932 alerts in total, we have managed to clear 372 of those as false positives, or that the sanctions are not applicable to the RIPE NCC.
And then the total number of cases that we have confirmed as their sanction indeed, went from 4 to 8.
So to summarise: We have hard metrics and targets on how to measure the accuracy of the registry. In order to improve on those, we are aiming for two strategies: The first one is increase number of ARCs in order to verify all members every five years; the second strategy is that we automatically monitor changes in the legal structure of our members by leveraging data from Dun and Bradstreet. Our ultimately goal is to ensure quality registry data.
Finally ensuring sanction compliance remains one of our key folks areas.
So now, I am going going to go to the last part of my presentation so it's about software engineering. So our objective is to operate highly available, resilient and secure software services. We have four key results, first one is ensure up time for critical services higher than four 9s; second, is that all issues that we found during the red team testing have been mitigated, I will explain more in a bit; third, that increase the security and resiliency of the RIPE NCC access so our SSO; and finally, that IS AE 3,000 control framework audit is delivered.
So start of the RIPE NCC access modernisation, we have been working on alternatives to address issues on the SSO, I have reported more about that in RIPE 84. And it boils down to a replacing Atlassian crowd as the third part engine that they are using currently and providing a ground up rewrite of our home‑grown layer built on top of it. We have performed an extensive product selection and unfortunately all the Cloud alternatives had to to be ruled out and the main reason for that was our preferred candidate decided to stop providing services in some countries within our service region and that is due to what I would consider an overstrict interpretation of sanction regulations. And there is a risk that the audit providers might to do the same so it's a risk we are not willing to take.
So now we are assessing Open Source solution called key cloak and the timelines for this project unfortunately had to be shifted. We were originally planning to deploy this by the end of next year, early next year, more likely Q22023.
Now I would like to talk about red team testing, that's a nice exercise we did for RPKI, for the ones of you who are not familiar with it, red team testing is when you have a third party, so it's an external team that has an objective and in this case objective was to get access to our RPKI production environment. And to do this exercise they can do many different things, like can try to get physical access to the RIPE NCC office, they can send phishing e‑mails, they can do engineering, external attacks and so on. And this was a serious exercise so we spent an amount of three months in total so that's above what you normally see in the industry.
So ultimately the red team was unable to gain access to our systems using the conventional methods, which I will explain in a bit. So the report was delivered two years ago ‑‑ sorry, two weeks ago. There is a strong parameter, it means the external part of our security is quite good. There is good security awareness which means the issues were reported to the security team. And we have detected physical security breach. So once we run what they call assumed compromised scenario, handed them over a laptop with access to our VPN they are able to complete the assignment, they got access to the RPKI production environment. So there was a list of vulnerabilities that they have reported, we are categorising those and prioritising those and making sure they get fixed, once we close a high level, the top priority of vulnerabilities we are going to disclose more details from this report.
I cannot promise going to disclose the report itself because that involves negotiation with the party that ran the routing testing.
Now like to talk about publish in parent. So this is a new functionality for RPKI that is intended for people who run their own CA so delegated RPKI. And they decide to publish what they can publish their objects in the RIPE NCC repositories instead of maintaining their own repositories, so that's called hybrid RPKI. Also like to take this opportunity to thank you all for the input provided in the Routing Working Group, that was very useful for us to understand the specifications of this service. We plan to deploy this new functionality to our members and he will eligible resource holders over the next few weeks.
So to summarise, and you can see this is my last slide, security and resiliency are a top priority for our software services. The modernisation of the RIPE NCC access is taking longer than expected due to the unsuitability of Cloud solutions that we have assessed so far. However, we do expect that the new solution will be more robust if you consider the delicate geopolitical situation in our service region. And finally there is a new service being launched for RPKI published in parent and we look very much forward to your feedback about it.
(Applause)
.
KURTIS LINDQVIST: Any questions?
AUDIENCE SPEAKER: I was wondering what were the criteria for selection of these audit companies that you work with for providing sanction lists?
FELIPE VICTOLLA SILVEIRA: It's a good question, I have to check with ‑ team. I cannot give the answer.
AUDIENCE SPEAKER: That would be great.
FELIPE VICTOLLA SILVEIRA: I can get back to you.
RUDIGER VOLK: I wonder about the security work in a presentation a year ago at the meeting here someone was reporting really bad security for the RIRs and, in particular, for the RIPE NCC. Conclusions, resource databases are poorly protected, attacks against accounts are practical, fixes are fixed but not enforced. I wonder whether kind of ‑‑ kind of a review of that report has been done and secured that things are not as reported or have been fixed.
FELIPE VICTOLLA SILVEIRA: To be honest, I would have to look at the details, I cannot remember off the top of my head.
RUDIGER VOLK: Look for the T word, Athina in German, that's from a security group in Darmstadt ‑ and it would not be completely surprising if the alarms raised by that report are not really to be taken serious but kind of it would be obviously a bad thing for the NCC if problems are publicly reported this way and not taken into account and checked.
FELIPE VICTOLLA SILVEIRA: I will get back to you, Rudiger.
HANS PETTER HOLEN: We can do this off‑line but if anybody has that report in detail, don't show it to me but send it to me because when this was released it was not public and it was created in a sort of an assumption that there is something here and I will tell you later and that's not the proper way to release security ‑ we do have responsible disclosure and please, if you find something use our responsible disclosure programme, I want to say that, thank you.
KURTIS LINDQVIST: Thank you. Maybe you can argue outside. Questions in the Q&A, sorry.
AUDIENCE SPEAKER: From the Ministry of Justice of Ukraine and it says: Please consider stricter due diligence procedure to find and freeze EU sanctioned... of Ripes's IP addresses, Ukrainian government provided you with that list and are direct authorities of terrorist organisations. If needed please do manual check of connected entities as well."
FELIPE VICTOLLA SILVEIRA: That sounds more like a statement, not a question, right. We are already performing stricter due diligence checks for transfer from distressed regions but Athina is going to give more details in her presentation now.
AUDIENCE SPEAKER: There is a second one from: Were any IPs recovered after LIRs have been found sanctioned in 2022, if so how many?
FELIPE VICTOLLA SILVEIRA: They are not recovered, they are frozen and that's covered in the sanction transparency report, you can see all the list there.
AUDIENCE SPEAKER: Final one, IP transferring from Ukraine: Hi everyone, I represent Internet express from Ukraine, registry IDUA express. I agree the solution of temporary frozen any IP transferring from Ukraine including distressed territory.
FELIPE VICTOLLA SILVEIRA: Also a statement, I guess.
KURTIS LINDQVIST: Thank you, Felipe, third applause of the day. Next up is Fergal from RIPE NCC to talk about the outreach, or expanding the outreach. I want to say one thing before that, I forgot to say about me about the only Working Group Chairs here, I have an assistant Brian Nisbet, so thank you Brian for stepping in to help me in this session as well.
FERGAL CUNNINGHAM: Thank you, I am from the RIPE NCC, I am the head of membership engagement and I am going to talk about a topic that's dear to my heart, it's breaking down barriers to engagement and I think this should be an important one for you guys as well.
Just to start off, what am I talking about, I am pretty much talking about everything we do as the NCC, to talk to you people about our services and activities, everyone. And everything we do to allow to you talk to each other, I am talking about our channels, our platforms and the content we put on those platforms, and really what I'm talking about here is people talking to other people and the mechanism that allow that to happen. And I think one important thing is my folks here is on people, I know we have members and we have community and we have different groups within the community etc. But my focus is generally on people and getting people to talk to each other. Why is it important? Well we need dialogues, if we don't get them we don't know if they are developing our services and carrying out our activities as people want us to do them, it's really important that we hear from people, and if we get that, it helps people to trust us which is a core thing for the RIPE NCC, and it also helps us to deal with complex issues, and there seems to be quite a few at the moment, I think the next presentation from Athina has been mentioned, we have seen that from dialogues in our community and membership, which is really great and we are really eager to take part in those. But I believe our people need dialogues too, if you want to have a thriving membership and vibrant community we need to have those dialogues and we need to be able to accommodate them and I think everything about RIPE and the NCC has emerged, we arrive at consensus when these and I believe these dialogues should be open to pretty much everyone.
What are the barriers that I see? This is not an exhaustive list, I believe there's lots more we could put in but some of the main ones is lack of understanding and awareness, maybe from people who are newer into this environment, it's hard to engage when you don't understand or you are not aware of what's going on. There are a lot of different preferences, people are very protective of their preferences and saying this is how it should be, but we have a lot of preferences on how people should send and communications. Accessibility is something we don't mention too often and maybe there's a lack of interest in some of the topics going out there. I don't know. I do hear quite often people are reluctant to put themselves out into broader communication because there is fear of criticism, there's fear of being, having their ideas shot down and that can kind to some reluctance to engage and there may be some confusion on how to engage and where. A big one is experience, shared experience is important in this and we do have lots of different experiences, cultures, backgrounds, languages, interests and those differences can make dialogues difficult.
But this is what we are doing at the moment to try and break down barriers. We have been doing quite a bit over the last year or two. Our content delivery, so during the pandemic we got quite lucky, we decided just before the pandemic started to build a media room in our Amsterdam offices, space turned out not to be a problem because of Covid and we are now using this on a daily basis and this is allowing us to do a lot of stuff and put out a lot of great content, we are doing podcasts with staff and community, we are putting out videos from people who are developing the services so for instance last week we put out videos on to how to troubleshoot Atlas probes and it's not someone like me, someone in coms standing up talking about our services, it's someone engaged in creating those services and I think that's important. We are doing better and more webinars, more videos from our trainers and this coincided with our new RIPE Labs which is a really nice hub for lots of interesting content. Here is a podcast going on right now, we have our old RIPE Labs editor and our new RIPE Labs editor, Alain, I think he has done a lot of podcasts on a lot of topics, including with Mirjam, it's a 40 minute deep dive into topics and yeah, there's a lot to discuss in there and it's a good space, I don't think we have had space for that type of dialogue in the past. This is Anastasia who is piloting Pedro delivering a webinar or training content. I can't tell you what a boon this has been for us. Languages, we are now providing a languages Wiki and covering six languages on eight RIPE NCC‑based topics. I actually presented on this at RIPE 81 to get feedback from everybody if we should do this in the first place and if so, how. So we had a reasonable budget for this, it can get quite expensive, we kept it low, we had a Wiki, we had some content on there to help build knowledge among our membership in particular and I am hoping this will be really useful to staff to help people who are trying to find out a lot of stuff in tickets, they can point them to things in their own languages. We had a lot of reasons for choosing the six languages we did, some covered broad regions and some large countries with big members that we don't hear from very often and there's a couple our staff said it would be useful if you provided in these languages because we get requests for that. That's why we chose them and we think this is a good basis. If you have ideas please talk to me, there's information on how to contact us on the Wiki, we have people who are offering to translate in other languages and people who are suggesting new content, so we'd like to hear from you on that.
The RIPE NCC forum we launched this last week, it's already kicked off, I won't be shy, I love this, I think it's great, it gives us a whole new means of communicating. As you can see here it's already up and running and what I love about it is the variation in topics, stuff from one of our Executive Board posted about running, also stuff like DNS encryption issues, stuff like how are we going to create a new measurements course and people are coming in with feedback. We are using discourse for this, it's Open Source, it works over IPv6, if you are familiar with NANOG, they are using it too, Python community, lots of other technical communities are using it and we moderate it in line with the Code of Conduct. It's a trust based system, you can flag content you don't like, you might think it's spam or offensive and there's one user who keeps slagging spam and stuff like this and I get notified and I say yes, he is right and he gets a message saying thank you for notifying this, it's beautiful, user‑based moderation, I like it. Anyone with an e‑mail address can sign up and participate, you don't have to be a member of the RIPE NCC, you just have to have an interest in topics related to our community and and the NCC. And it's intended to add a new and inclusive way for people to talk about us and each other. We hope the topics and the conversations are the most important rather than categorising people and forcing them into channels and making them figure out where they need to have conversations, go to the forum, it will be great.
But an important point it's not intended to replace any existing communication channels. We are quite happy to add something, we are not trying to take something away or replace something. On that note, we are mailman 3, we will be upgrading, we are currently using 2 and we have already started this internally and will be pushing it it out to the rest of our mailing lists probably next year and we will let you know when we are doing that. The idea with mailman 3, it's faster, more secure, easier to use, for people on the back‑end as well are, for moderators, the interface is a big improvement and you get bigger viewing options such as threads and it has better archiving. We have a RIPE forum, that's not the forum I just talked about. This is a read only interface to our archive messages and we plan to remove this when mailman 3 is complete because it replicates that function.
So, this is a big project we are engaged with too, we are completely overhauling ripe.net, and that includes everything on the back‑end and everything on the front end, it's a huge project. We are changing the CMS from Plone to Wagtail, it's Python based, Open Source, we have used this before with RIPE Labs. This new design is going to allow better accessibility, we are looking at the web content accessibility guidelines from W3C. A lot of people have accessibility issues, probably way more than you would think and we need to focus on this a bit so that's going to be something we are doing from now on. The design, we will talk to people, we will do usability studies, we will talk to the community and the members, we are not going to do this in a vacuum, and for things like the languages Wiki this is great because once we have the new CMS we can start bringing that back into ripe.net. Finally on this one an important thing is Mirjam and Niall have been talking to me a lot about giving the RIPE community a better presence on ripe.net, maybe we are all fine but for newer people there's often confusion, what's RIPE NCC and what's RIPE and we want to give RIPE a better and clearer identity on ripe.net so Mirjam will leave me alone if that happens so I am looking forward to that. As we add stuff we think about taking away stuff or changing stuff, we have the Networking App here, we have seen usage go down since we started using Meetecho because people can just send messages in Meetecho and that seems to have taken some of the load. The Networking App is English only, when we go to Kazakhstan Uzbekistan an English only app is fine but not for great for locals and we do want to look at better options so Oliver is here, he is our web services manager. Stand up Oliver, please talk to Oliver about this. Well done, Oliver. Talk to him about this, talk to him about the web developments that I just talked about before, he would love to hear from you. And also engage in content. So, this is something that is really important to us, you need something to engage about. A big thing for us is our quarterly plans, we started doing this last year, we detail all the upcoming work from our development teams and now do this for nine development teams in the NCC. Input on these are great, we don't get much feedback on them, we generally take that to think these plans are fine but we'd love to hear especially saying we think these plans are good, we like what you are doing, that helps our development teams know they are on the right track. Tell us where things or wrong or want to change but do tell us if we are on the right track. RIPE Labs is a great source, all the stuff we put out on development plans or e‑mails whatever, please see that as invitation to talk, that's what all our communications is and we really welcome it. These are the list of services we do quarterly planning on, it covers everything, pretty much.
Some final thoughts: These are the members we have now. It's not just members we want to engage with but this is a nice thing to think about. And when I think about shared experience I think about the different shared experience different members have so this is a pretty arbitrary line I put in from September 2012 when we hit the last /8, I could have done it for a lot of different things but I tend to believe having worked in the NCC for a long time that the 5,696 have a different experience from a lot of the people in the 14 .5 thousand, they were dealing with complex policy development back then that maybe newer people haven't seen, they have more experience dealing with the community and how to do things and they are more experienced operators. People in the previous one might be in more senior positions and talk to other people in senior positions so I feel a barrier there, and I think trying to force people together too much is difficult sometimes, I think it's something we should aim at but we should also allow people to think about connecting with people in their own groups, people who have common interests and things like the forum do that and things like languages that build knowledge and awareness can help break down that barrier, I think that's important.
This is kind of a last one, this is how I look at engagement a little bit, we have different media, we have different levels of complexity and different audience sizes so when you see us putting out tweets you are not interested in, that's fine, it's covering a really broad audience and we need to get those people to become more comfortable with complex material and equally, we need to put out the complex material, the technical reports, we don't expect tens of thousands of people to get into this but we do need to cater for that, that's what our community is about, it's about getting into the nuts and bolts of the Internet, that's what we are trying to cover, both of though triangles, you can think about where you are but we are trying to cover you all.
My last thoughts, not everything is for everyone, we all know that but maybe sometimes we forget it. And what we really want to do is create a culture where dialogue is normal about everything. Inclusion is a key concept, we want more people, more ideas, more discussions, maybe more fun. I think a lot of people come here to have important discussions but also fun, we would like to see that spread out a little bit and what makes that all happen is you engaging.
I have a slide here on the survey in 2013 we got a lot of engagement and got a lot of nice things. Check that link. Rather than a question slide, I have a normal NCC question slide and I have some useful links but these are questions I have for you. If you don't have time to answer them now or you want to think about them, do so, come find me and tell me what you think. But otherwise that's it. Thank you very much.
(Applause)
KURTIS LINDQVIST: Thank you. Any questions for Fergal?
AUDIENCE SPEAKER: Hi with Internet Society Serbia. Thank you for all these good content and the work that you have been doing, I really like the new set of RIPE Lab articles, it's really very helpful for the Working Group Chairs as well to have all these activities reported. But since you mentioned the survey of 2019, do you have any plans to do another survey since we have Covid and such a long time?
FERGAL CUNNINGHAM: Thanks Desiree and she has worked with us on previous surveys in the past. We are planning to do one next year. I have a colleague here Ulka who is here with the express purpose of talking to a lot of people to find out what are the main issues among our membership and community that we might plug into the survey. Please talk to her if you can. But we are planning to put it out at the next RIPE meeting and get the results this time next year.
AUDIENCE SPEAKER: Individual network ‑ at the moment I am not aware of a way to use ‑ recording archives across different meetings because you need to go to the specific meeting website and YouTube is YouTube. Maybe it would be a good option to have a peer tube instance or something which is connected to the ‑ and to upload the videos on one specific ‑‑
FERGAL CUNNINGHAM: Yes.
AUDIENCE SPEAKER: So everything is in one place.
FERGAL CUNNINGHAM: I can see my web services manager nodding his head sagely. I find our RIPE meeting content is a huge on‑tap source of interesting stuff that we don't put out well enough so I think that's a really good comment, thanks.
(Applause)
KURTIS LINDQVIST: Thank you, Fergal. So, next up we have Athina to talk about updates to the registry from distressed areas and I also do know there is, for those of you on Meetecho there is one answered questions from Felipe's session but it's relating to what Athina is about to present so we will let her present and come back to the question.
ATHINA FRAGKOULI: I am the chief legal officer of the RIPE NCC. I am here to discuss an issue that has been brought up already a couple of times during this week. So this is the concern we have, let's frame it as it is, the concern has to do with updates to the registry or requests for transfer, for example, that are questionable, the legitimacy is questionable because they come from areas that have particular circumstances, and to be frank, there are doubts of the legitimacy of registries because people are afraid that certain requests have been submitted under threat, for example.
This is something that we want to see in a broader sense, not only for Ukraine, although yes the war in the Ukraine was the reason this was brought up because within our service region there are other countries that are affected by war and conflict.
Any possible solution we want to investigate, we want to adhere to our commitments and these commitments have been highlighted many times in the past, and they are the following: To provide support for local network operators, this is our big priority; to be neutral and transparent as well; and, of course, to comply with the RIPE policies.
So let's see what we do already for these matters. We have a due diligence procedure. According to this due diligence procedure, every time we have a request we evaluate this request, we ensure its validity. What we do, for example, we check the authority of the person that submits this request and the authority of the people that sign contracts and agreements. We check the registration documents from national authorities of the legal entities that are involved in the request and possibly we also check the identification of the individuals involved.
According to our current procedures if there are doubts about a request, then we perform extra checks, stricter checks. For example, we don't just check the authority of the person but we also check the validity of the document that shows the authority of the person.
So if a request comes from an area in distress, we are applying the stricter checks according to our current procedure. A very valid follow‑up question from that is okay, what are these areas in distress?
To evaluate whether a country is in an area ‑‑ there is an area in distress in a country, we don't want to be based on our common sense or on the experience of our staff; we'd rather want to be based on third party independent resources. And we have found a couple of them that are helpful already. I can show you already a couple of them that we have identified, this is from the Dutch authorities, of course it talks about travel advice but it shows an indication of whether an area is safe to travel to, for example, and that gives an indication on whether there is a distressed area. In fact, this map gives details, says why there is an issue in this area. This is another map that isual useful is again for travel advice for a commercial company and it shows areas where there are issues ‑‑ security issues, for example.
Finally, I found this list of countries that is more closely to what we are looking for, like conflict of affected countries, from the World Bank. Unfortunately, this list is not updated as frequently as we would like to; for example, it has been only recently included Ukraine, although the war started months ago.
And we are open actually for your recommendations if you can find other sources that can help us with this evaluation, we are open for your recommendations.
So this is what we do now. Here are now some possible extra measures we could apply, and these measures are recommendations that we have identified in comments of people in opinions of people expressed and we have investigated already. The one option is the extra disclaimer option and I will explain what's that. In general, as a legal principle, legal transactions that occur under threat or deception can be nullified later by a court of law. Now, applying this principle in our situation, if there is a request that looks good on paper and is compliant with policies and everything looks fine, we can accept it with an extra disclaimer: If, later, any of the documents that support the request is nullified by court, then the update will be reverted, and this disclaimer will follow the resources if they are further transferred to another party. So this receiving party, every time, will be informed of this disclaimer and will have to accept the consequences and the risk of this ‑‑ of a future nullification.
Now, this is an option that is legally sound and can be implemented now, it's something that we can already do.
A second option we heard from people is to freeze all updates, which means that any update requested come from areas in distress will be rejected. Indeed, if you apply this rule, there won't be any illegitimate updates, in fact even legitimate updates won't be made, will be blocked, we wonder if this will have an impact in the accuracy of the registry but transfers will happen anyway but there won't be register. Our biggest concern right now is our exposure to liability, because if a request comes, it looks legally on paper fine, it compliance to RIPE policies; if we reject it we violate the RIPE policies and we might be exposed to liability so if the community wants this solution, we would like some strong mandate on the matter and our preference is with a policy because this way we have like a very strong mandate.
A third option was the freeze button. A resource holder can choose to request for freeze to resources for ‑‑ for freeze registration for a specific period, six months, for example, and this indeed provides like a sense of security to the resource holders that may see a threat coming. We believe that this solution has some side effects, it's vulnerable to abuse, it can be misused or abused by malicious parties, it does have some administrative challenges, who is the one that will be authorised to push the button, this can be solved but is a challenge, nevertheless. Of course if somebody get merged or liquidated and some updates come from this merger or acquisition or liquidation, the freeze button will not prevail, the registration will be updated accordingly.
Apart from that, if we implement this solution, we will wonder again if this will have an impact on the accuracy of the registry because a transfer that takes place within the time of ‑‑ when the freezing button period, if a transfer happens during this time and it's not registered we will have an issue with the accuracy of the registry. Again, we have ‑‑ we will have some liability ‑‑ exposure to liability in case let's say a resource holder, a resource holder requests to use this solution and a week later, their presentation changes and there is a new authorised representative of this resource holder and says no, I want to do the transfer so in this case if we deny again a sound, a legally sound request that complies with the policy because the previous representative pushed the button then we might again be open to ex ‑‑ exposed to liability. So yes, we would prefer, again, a RIPE policy, to support this decision.
A fourth option we have heard and we wanted to explore as well, is the review of this request by local governments. So during the time of a conflict, a local government will verify the requests. Indeed, this can help minimising the risk of illegitimate transfer. It will undermine the self‑governance model. The request will not evaluate it any more based on policy criteria but it will be evaluated based on political criteria. It opens the door for further involvement of governments that want more and more control over the Internet operations, and it may have again an impact on the accuracy of the registry. A government may deny the transfer ‑‑ the transfer will happen anyway, it will just won't be registered. And again, if a legally sound and policy compliant transfer gets blocked because of a government we are exposed to liability so therefore we would like if the community wants this requirement to be part of evaluation of a transfer, to be in the policy.
So, yes, before I go, these are like the four options that we heard and we investigated. We are open to other options, and we are open to hear from you, how else you think we can solve this problem. This is the moment to get input from everyone. But before I open the floor for that, I would like to say a final word just to clarify certain ‑‑ certain aspects regarding registration documents from areas under dispute. Now, areas under dispute are areas claimed by multiple states or areas self proclaimed as independent states. This is different from areas in distress. An area in dispute may as well be area in distress but it's not the same. And it doesn't have to be. Now the question we hear is what kind of national papers do you accept in this case from this ‑‑ from legal entities in these areas? Like, which countries should issue these national authority papers? So this is something that we have investigated back in 2014, we have found a solution, we have presented on it and we have documented this solution in our due diligence document which you can see in your right head on this slide. It is here, areas under dispute. This is the session and here are the two specific provisions. So if assigning parties look at it in an area claimed by two or more states, then we accept proof of establishment issued by whichever authority the signing party chooses. And if a legal person is located in an area that is self proclaimed as independent state, then we can accept proof of establishment issued by the relevant authorities accompanied with further documentation. And I would like to highlight the reason why we took this decision back then, and it's here in the same document, if I may zoom in, because the solution adhered to our commitments as I mentioned in the beginning: Our commitment to facilitate the provision of services to network operators, our commitment to be neutral and our commitment to comply with RIPE policies for an accurate registry. And after I close this, we can start this discussion. Thank you very much.
(Applause)
KURTIS LINDQVIST: Before we go to the microphones, I am going to take the questions on Meetecho first, I think Athina has covered the questions in there but I am going to go to them because they waited the longest.
BRIAN NISBET: So from Georgy from the Ministry of Justice of Ukraine which I think is the point you just made but we are going to clarify and be fair: Thank you for your presentation. I was highly interested in the question from Mr. Andrei ... may you kindly mention why you provide IP addresses to Russian proxies on the occupied territories, does it correspond with the due diligence proceeding and the neutral position? If yes, why?
ATHINA FRAGKOULI: Indeed this is part of what I said before, like our commitment to support the local network operators there, and if they are in ‑‑ located in an area under dispute, this is how we deal with it. I also want to mention that if an entity is in the sanction list we follow our sanction compliance process.
KURTIS LINDQVIST: Take the second one, I think it's related.
BRIAN NISBET: From Andrei, again the Ministry of Justice of Ukraine. In part of protection of customers in distressed areas for Ukraine potential solutions may be that RIPE freezes all requests under red flags, re‑registration from Ukrainian to Russian in current situation, 100 percent of such re‑registrations are illegal. Prompt addressing of this issue may be cooperating with Ukraine's government structures which currently do their best to protect Ukraine businesses, telecom and IT. I mean we have kind of got a couple of these. And I'm not sure that Meetecho is the right, right way of communicating this so is there ‑‑ would you prefer if they e‑mailed you or what are we doing here?
KURTIS LINDQVIST: I know there's a huge statement in there, if you read the statement I suggest to engage with Athina off‑line or the mailing list but in order of fairness I suggest Brian reads them and we go to the microphones, if there's any questions, but pure statements we just read them.
BRIAN NISBET: I think the rest of them are statements.
KURTIS LINDQVIST: Just read them out.
BRIAN NISBET: From the same gentleman: For Ukraine we consider you do not need to wait for court decisions if you are able to avoid any potential breach by RIPE by way of cooperating consulting with Ukraine authorities first.
I am going to read the statements. There is a question there which we can get to. ‑‑ we haven't worked together for very long, sorry. From Alexander: I think of his own ‑‑ yes, from himself: Any transfer that takes place with a resident of Ukraine must be stopped, especially if it happens to accompany that is not in the legal field of Ukraine. Such transfers may be at gunpoint and you will not be able to verify the validity of such transactions, ban or do it through the State regulator. Igor... I represent a scientific industrial firm from Ukraine, registry IDU... I support decision to temporary freeze any IP addresses transferring procedures from Ukraine until RIPE NCC prepare new rules that can meet the current situation in Ukraine.
I am going to say it is fundamentally the same point from Alex from Freenet LTD.
And they are the statements, I think, yes. So they are all the statements.
KURTIS LINDQVIST: Thank you. So then I am going to shortest microphone queue first to keep myself slightly sane.
AUDIENCE SPEAKER: So I just wanted to comment on the community has made for the local government to review the requests and I have got to point out sometimes the local government is the aggressor and the entity that does these things, so I think it's a really bad idea.
And the other thing that, I don't know if this is helpful or it's kind of like, it does not fit your framework but when we talk about people in distress, are we talking about only like in conflict and war, like nationally, why are we only thinking about countries? There could be like a group of vulnerable people located in peaceful countries that don't have access to rule of law or the rule of law is weak but there's not like a certainty conflict or they simply don't have ‑‑ or they are in very beautiful democratic countries but they don't have that access to court so if we can think about it that aspect if it fits your framework, then?
ATHINA FRAGKOULI: Thank you.
AUDIENCE SPEAKER: I am from Ukraine and also represent I guess my LIR domain registry. I looked at these four points, I guess we can slice this in ten more ways and spend another year debating the perfect procedure. I am in favour of the freeze until the freeze button resolved or any other non‑policy method. I did speak to one of the address policy co‑chairs and their own response was it doesn't fit strictly into Address Policy group because a lot of transfer doesn't change the policy, it's not what you do, are it's how you do it and I do agree with that statement. So, it looks like it's a bit of the legal back and forth, you know, let's save the RIPE NCC from liability at all costs, frankly I can't imagine what kind of damage they can suffer until it's bankrupt for not allowing transfer. And I have one more comment: This thing about areas in dispute, so basically it's like you say the Donetsk, People's Republic so‑called and Russia has authority over the...and Ukraine thinks it's within the borders, RIPE is happily going to take documents from either of these three authorities and to me this is just wrong because basically the definition around the disputes against transferring LIRs to Netherlands saying that just like recent referendum in Netherlands to accept Russia into the kingdom of Netherlands which is not a bad idea how far go in dispute, avoid any country document, any country's documents to claim jurisdiction? I mean to claim that my company has reached ‑‑ that doesn't sound right to me. Just putting its ‑‑ the proverbial head into the sand and reduce the liability. I don't think it's going to fly. And in other countries which had active wars and would maybe have active wars in the future, I think we need some other way to solve that. Thank you.
AUDIENCE SPEAKER: Tobias speaking for myself. I think there are two major issues, the first one is working with definitions because when I think of the Ukrainians I know most of them don't claim there was a war started on 24th February but simply a continuation of a war started in 2014. So even the definition we work with here is already, well, not reflected to what happened on the ground. And the other thing is we are talking about things happening within a legal framework but we are not ‑‑ well, it was brought up in parts like ‑ but the RIPE NCC might very well think about the situation what should one of the ticket handlers do if they receive a transfer request attached with a photo which says dear RIPE NCC member, click the okay button or we kill people. Please do not follow the procedure of involving like whatever of the four slices we pick. If do you that, if you follow your policy, we kill people, just click the okay button. So I think that that should actually be part of the threat model we are working with because the current suggestions all work under some form of assumption that all parties are trying to act within a legal framework, which I think will not be the case in a place of war.
ATHINA FRAGKOULI: Thank you.
ERIK BAIS: I am also going to make some comments here as co‑chair for address policy. Athina, thank you for the very detailed explanation here. I would like to go back to the first slides for the first option. Yes. That one. This is for us not doing anything already an option. I think, however, that we as a community need to be more clear that this is an option and we may need to address the appeal process. One of the things that I am missing here in this solution is we need to appoint a court in ‑‑ and to my perspective, I would prefer the Amsterdam court because the NCC is in the Netherlands in Amsterdam, as an impartial party that actually reviews this because if we are going to do this and accept court papers from disputed areas, this has absolutely no value. So this is something that I would stress to add that to this process. Then point 3, please. The freeze button. As we have the option here, this ‑‑ to my knowledge, should be open to any LIR. If we are going to do this, people can actually lock themselves out for transfers. Yes, there are going to be limitations, as you have stated by merger and acquisitions and stuff like that, a director changing his mind, whatever. That has a whole new can of worms that we can push ourselves into. It needs to be publicly published in the database so that, with the allocations or assignments or even the legacy space that might be there, that this is not for transfer for a certain amount of time. This is a question from you there that says we need some policy adjustment. My question is: What are you looking for? And this is with my address policy hat on?
ATHINA FRAGKOULI: An exception, I suppose, to the transfer policy, that explains under what condition a person can lock transfer request for their resources and we can work together on the wording of that.
ERIK BAIS: Those kind of services are basically under the service agreement from how I see it, from the NCC to the members and the end users. Why not do this in the SSA, for instance, or in the ‑‑
ATHINA FRAGKOULI: Yes, I mean certainly there are aspects ‑‑ not all aspects are covered in the RIPE policies. We have our agreements, our procedures, we have a whole legal framework. However, every aspect of this agreement and every aspect of our procedures are not in violation of the policies. They are to complement the policies, to facilitate the policies, to give details but never to violate the policies. We believe that a button stopping and rejecting an absolute compliant transfer request is a violation of a policy.
ERIK BAIS: So if somebody shoots himself in the foot and saying I do not want to transfer and basically transfers for my LIR is not, you know, I'm not going to use this part of the LIR Portal because you need to go through the process on the LIR Portal, you need to upload the documents yourself as the administrative contact for that LIR, you need to sign the documents yourself, and then basically you can do the whole process, you know how this works. That's a wet form, that's not a policy. We can do this in a week, you know, the process for a policy especially documenting how this and when this and do that, and in a community discussion here, I know we've done quick policies. This will take weeks and weeks and weeks and we are having people here in the room that are asking can we do this next week, today, tomorrow? So, from a point of view where I think just this might be an option for people to select to do this themselves, this might be a better option to say, you know, tick a box, you agree, blah‑blah‑blah, you know, a simple term of service that you do not want to use this service for the next six months, be done with it, be practical here.
ATHINA FRAGKOULI: Thank you for your input. We can come back to that.
SANDER STEFFANN: Part of what I wanted to say was exactly this: Please do not put this into a RIPE policy because this has nothing to do policy. If one of your members voluntarily says for my own safety I don't want to use this feature you are offering me or this whatever, please respect that member. This is something between the RIPE NCC and the member where the member voluntarily decides not to use a certain feature. To protect their own safety. Why would you refuse them? So, I mean, I am intentionally formulating it a bit harsher but you get what I mean.
So I really think this is not a policy thing, this has nothing to do with policy, this is a legal thing, this is an implementation issue, so please don't push this ‑‑ to the RIPE community. As a member of the RIPE community I would happily give you the mandate to implement protection features for your own membership.
The other one that worries me a bit about point 3, so you say oh, it's vulnerable to abuse, who can push the button and you go on: If company merge ‑‑ if there's an MNA then this. If you can do an MNA you can do the other things, put them at the same level. If you can accept paperwork that is strong enough to execute an MNA for a member, you can do the same paperwork to implement the button. If you have the ‑‑ if you have the legal framework to do an MNA just require that the administrative changes this button whatever, follows the exact same rules. Because if you say we can do this and but can't do that and they are at the same level something doesn't make sense.
ATHINA FRAGKOULI: I understand the confusion, Sander, I do.
SANDER STEFFANN: I am not confused. I am pretty sure if you can approve MNAs you can approve the use of a change in the services contract to let somebody voluntarily not use some services.
ATHINA FRAGKOULI: Right. These are complex legal matters and I can help like everyone understand the difference between an MNA and a transfer request or a statement by someone to, I don't know, to freeze or not use a services and so on. RIPE NCC does not approve MNAs. What we do is we get the documents that prove a merger or acquisition and, based on those documents, we update the registry. So if we have an outside event that is so important that has been registered with the authorities, we have no option but to update the registry because we must have an aggregate registry, this is our mandate. Now, having a member, a resource holder, a representative saying I am not going to use your services for the next year, fine, this is fine by us, and yes, sure, push your button if you want an extra verification of that, no problem. If their presentation changes and the next authorised representative says I want you to do that no matter what and we say you can't because your previous representative said no, this person will say wait a minute, I am coming here with a request that is compliant with your policies, your policies, and you refuse to follow your policies because the previous representative signed a document, again, I understand ‑‑ yes, we do have a legal framework that goes further than the policies. It's never violation of the policies. We do have tools to upload your request. These are tools that help the implementation of the policies. We don't feel we have the mandate to go against the RIPE policies.
SANDER STEFFANN: You are not going against the policy, in my view.
KURTIS LINDQVIST: Is this a question or are you going to say the same thing again. There's quite a few questions left.
SANDER STEFFANN: Sorry. But I just want to say if you are worried but who can push the button, make it something that has to be notarised or something.
KURTIS LINDQVIST: That is the question that you just said.
SANDER STEFFANN: No, but it upsets me. This is important matter and this has been raised in Berlin and we are now half a year later so I am upset about this.
KURTIS LINDQVIST: Thank you.
ATHINA FRAGKOULI: Thank you, Sander.
AUDIENCE SPEAKER: I am from Ukraine, I am the director and co‑owner of the ‑ company, the telecommunication operator of business and critical infrastructure from Ukraine, member of Internet association of Ukraine and the member of Ukrainian leader community.
And first of all I want to thank for the opportunity to stay here with the RIPE NCC family. I want to thank RIPE NCC for bringing me here in the fellowship programme, from the telecommunication community of view, I bow to keep the Ukraine programme.
(Applause)
You have no idea how important this support is for us. You inspire us, you give us energy, you must know it. I thank RIPE NCC for bringing open to dialogue on problematic topic, this is amazing for me staying here for the first time.
Now for the problematic questions:
Anyone knows that today the Ukrainian community does not think about money, about future, they think only about how to survive in this extremely difficult conditions. When 40% of the energy or infrastructure has been destroyed. And now we need a lot of generations. We continue to work, we do not transfer business abroad. We fight every day for the possibility of existence. We know about forced IP transfers of Ukrainian LIRs to another jurisdictions. And we understand that once someone stands with a gun at your head and forces you to IP‑transfer it is natural that the person will think first of all about his family, the life of our children, it's normally. The Ukrainian LIR community is a part of the big RIPE NCC family and now we are asking you to protect us. IP resources are critically important for the point of view of security as financial resource, it is a component of the critical infrastructure of the country. Already today just now we do not have enough IP addresses, only for providing services. I must tell ‑‑ thank you very much for, Athina, for your article, for work which you did to analyse, to work for way, good way for Ukrainian, thank you very much. And we are willing to work with the RIPE community. And RIPE NCC to find a proper solution in the spirit of the RIPE transfer policies and the community values.
In the meantime, we ask you to temporarily freeze IP transfers from the territory of Ukraine. We are sure that this will make peer resources of holders not a director for... and therefore, will protect its holders. And today, more than 100 LIRs are registered online and now they are present and listening, cheering for us. Of course, they have electricity and the Internet. I just received the official position of Internet association of Ukraine. The largest community that has been protecting their interests of ISP providers, the LIR community for more than 20 years, the official letter has been sent to you but I want to announce the main message: Internet association of Ukraine requests to temporary freeze IP transfers outside of Ukraine. In any case the temporary ban of transfers should be lifted after the end of Marshal law in Ukraine. One more, thank you very much for supporting Ukraine and of course we are ‑‑ we invite you, everybody, to visit after our win. Welcome to Ukraine, thank you very much.
(Applause)
AUDIENCE SPEAKER: Hi for all, my name is Victoria, I am also from Ukraine. I represent Ukrainian ISP provider, at this meeting I also represent association of ‑ owners and content providers, host members content and ISP providers. I also represent a huge informal community of Ukraine, it is telecom Ukraine which consists of more than 1,200 members. First, thanks to Athina for such clearly professional analysis, legal analysis for the situation and ways for ‑‑ ways which can respond and can be resolved for other problems. Thanks a lot all members of the Working Group who devote so many time for considering best solution for our problems and for resolving the problem issues of Ukraine.
As my colleague has said, we are the part of the RIPE community. We are a part of your family. We want to stay with you and we now we need your help and protection. It is very important and very valuable for us. Firstly, I am an Internet provider in Ukraine, the part of network of ‑‑ the part of our network is located on on the distressed territory just now. In the Kherson region. Occupiers stole equipment. I know under what pressure the traffic route is switched. And the same way, the documents may be signed for the IP transfer ‑‑ for the IP addresses transferring and that's why we need your your protect for illegal IP transferrings from Ukraine and the protect for our managers. Because we are staying in Ukraine, we still work in Ukraine. Every day we have a fight on the telecom front, restore our networks to keep people connected. It is very important for every Ukrainian today.
And staying here, represented ‑‑ representing the association of owners and content provides in this conference, I have a strong position of this associations, firstly we respect all RIPE NCC service policies. We want to stay and work according to this policy. And now while we are looking for the best way for the solution for protecting IP addresses, Ukrainian IP address sources maybe, we see that ‑‑ we understand that it is ‑‑ can take some time. And we have not this time. Because the war is going right now. Because the threats exist every day. That's why our association also support the consideration to freeze IP address transferring for the time while the best solution will be found and implemented. And also, as Elena said, thanks for all of you, for RIPE NCC, for Working Groups, Athina, for you, for hard work you do for Ukraine. Thanks a lot for every people who supported us in your heart, it is very important for us. And if ‑‑ an and when we will win, we will be very happy to see all of you in Ukraine and open Ukraine for all of you. Thank you very much.
(Applause)
JAN ZORZ: There seems to be a consensus that we need to freeze the transfers from Ukraine until we find a better solution. However, I would like to emphasise what Dmitry said the last: I hope there will be not other wars in our region, but we need to find a solution that would be appliable also to other similar cases if, hopefully not, they happen. Thank you.
(Applause)
KURTIS LINDQVIST: We have a number of questions on Meetecho so I am going to go through those people first.
KURTIS LINDQVIST: I am going to cut the microphone lines otherwise we won't have a GM.
BRIAN NISBET: Apparently people might get annoyed at us if we do that. Okay, so from Kurt Kaiser: Are number resources now bound to areas (under dispute/distress)? That's the question. Because this sounds new to me that one wants to align geolocation to number resources and drive this from policies.
I think the core question is: Are number resources now bound to areas? Is the core question being asked
ATHINA FRAGKOULI: We are talking about the location where the resource holders are located. It's good to clarify.
BRIAN NISBET: And the other, so from Brian story, again personal opinion, a lot is said about the hierarchical structure of allocations and assignments, it applies an authoritative structure ‑‑ should a shore level not be acting appropriately. This should apply to gainers as much as losers in the discussion we are having. There is also a digital principles consideration here in particular regarding secure and trusted online environments.
ATHINA FRAGKOULI: Is that a question?
BRIAN NISBET: I will till what. I will come over here and just show you this. This is sometimes easier. It's the one that's on the screen there.
ATHINA FRAGKOULI: I am going to say what I'm reading. "A lot is said about the hierarchical structure of the... structure should a lower level not be acting properly. This should apply to gainers as much as loser in the discussion we are having." I'm not sure I understand what gainers and losers ‑‑ there is also a digital principles consideration here, in particular regarding ‑‑ I am afraid I don't understand, I don't understand what you are saying but if you can clarify I am happy to ‑‑
KURTIS LINDQVIST: Or send to the mailing list. Was that the last one?
BRIAN NISBET: I think there might be one more which I probably should have stayed over there. There's a couple of statements. There is one more question:
So for disputed areas especially war zones and/or regions claimed by two countries your suggestion review, request ‑‑ of request by local government bears for me ‑‑ this is from Robert Scheck from ETES ‑‑ bears for me the risk that government A successfully verifies the request while government B does not, doesn't this introduce legal risks and/or liabilities for the RIPE NCC?
ATHINA FRAGKOULI: Indeed it may, that's why we believe if the community wants us to include such a review by the governments we would like to have this as a requirement in the policy.
KURTIS LINDQVIST: Okay. To the last four and please be brief, because we do not have ‑‑ we have more agenda items after this.
SANDER STEFFANN: I want to apologise for losing my compose our just now, I got a bit emotional, Randy Bush is usually not very fond of lawyers and he was very complimentary of you because he said Athina is somebody who looks for solution not problems. So please continue in that spirit. The reason I want to join the queue is, I was talking to some people in Ukraine and according to Ukrainian law it's completely illegal to do any transaction with any Russian entity at the moment so maybe the fact that this is illegal in Ukraine can help you in limiting some batch answers.
ATHINA FRAGKOULI: Thank you, Sander, for your nice words.
(Applause)
AUDIENCE SPEAKER: Tobias, personal opinion and I would like to reiterate the point of domestic measures, we are still in a situation where we spend energy discussing discussing a framework which works when all parties play by the rules but we are talking about a situation where people are getting shot for washing machines so a washing machine versus a /16 those are totally different layers and in that moment we should all recall the purpose of triage for doctors, the purpose of triage is not to make the most right and most useful decision, it is mostly to make sure that the doctors can still sleep ate night after they had to make a decision because they followed a process and didn't make a decision. And when we make a decision of what to do now, we have to keep that in mind, we have to find a process which we can follow, which we can follow even in the most adversarial circumstances and which allows us to go to outcome which is still okay, which I would claim is a situation where RIPE NCC just approves transfers following current policy but makes a very clear, understandable, attainable process for, I forgot the word, competing ‑‑ challenging transfers made. Thank you.
ATHINA FRAGKOULI: Thank you.
(Applause)
AUDIENCE SPEAKER: Maxim ‑‑ Ukrainian LIR. I would like to say it's not good idea try to save us until we ask. So, I would like to stress there are no consensus in Ukrainian society, in the LIRs, that all transfers should be banned. So, if some ‑‑ some people want to ban, some people don't want to ban so for me it's good idea to ban only transfers from these LIRs who wanted but not total. So, their main idea is just understand that there is no consensus about total ban now, thank you.
ATHINA FRAGKOULI: Thank you.
AUDIENCE SPEAKER: I am representing myself. I have a question about (representing) how and who will decide which object is Ukraine and which is not, because I am like from territory for ‑‑ from Crimea, so some parties say they are Ukraine in RIPE interface, some parties say they are Russia and some third country. So if RIPE decide like to ban all transfers, ban it ‑‑ it be only for company who stays like Ukraine in Crimea in RIPE interface and all other company will benefit because they will be free to go, transfer, to buy, who and how will decide what is Ukraine and what is not, thank you?
ATHINA FRAGKOULI: Thank you very much that's a very good point and we would like to consider it when we are looking to a solution, that is something indeed we will have to clarify then. Thank you.
KURTIS LINDQVIST: With that, we only have the RIPE NCC Chair left and then I am going to try and summarise this.
AUDIENCE SPEAKER: Let me come at this situation from the point of view of the board. We had a lot of interesting talks, we understand there is a huge part at least of Ukraine community that believes that this situation is very urgent and causes for some immediate reaction which is definitely not something that this Working Group can do because making a policy takes some time and has to be very well thought through so my suggestion is that I would bring it to the board as soon as possible and I will ask the board to of course, with cooperation of NCC staff, to make some kind of temporary fix to the situation that will make a relief for us, to all of us to find some proper solution how to handle this situation that we all believe that will not happen but life is always more coloured than we think so that is my proposal. I also of course took into account the last comment from max, I understand that 100 percent of community can never agree about anything even in this room, so we also need to take into account opposing voices but we will explore the consideration, consider what is the majority voice and try some solution which will not be ideal because if you do something quickly you cannot do it well, and we will wait for this ‑‑ for this Working Group to find some proper solution how to handle this solution so if you agree please let me know.
(Applause)
KURTIS LINDQVIST: No, Erik, I said no, I am really out of time. You get 30 seconds, it's not a statement.
ERIK BAIS: Standing here as myself but also as co‑chair. Andrei, thanks for your thoughts. We do have about three months if we need to talk about policy, we are talking about three‑month periods, if you can bring that to the board and come up with a temporary solution, we have a GM afterwards if there needs to be a vote, let's do it there.
ONDRE FILIP: I think the board has the authority to make some decision and is liable for it, making solution in minutes I think Athina spent a lot of time ‑‑
ATHINA FRAGKOULI: Even if we were having an an agreement right now we wouldn't be able to bring it to the GM for resolution, the resolution must be communicated to the whole members four weeks before the GM.
AUDIENCE SPEAKER: I have seen additional board meetings after GM.
KURTIS LINDQVIST: Before we start discussing GM resolutions and how they are drafted I am drawing an end of this. Thanks very much, Athina.
(Applause)
So we have three more agenda items, I am going to have to do very, very quickly go through, and you are going to be even quicker leaving. Before that, we have ‑‑ I am going to summarise this previous discussion, so as the Working Group Chair I think this proposal from Ondrej that this goes to the RIPE NCC board for immediate action is probably the best one and we will deal with this, there is nothing for NCC Services Working Group to do until we hear from that, until someone brings that back here from the time being.
The next point on the agenda is the selection of a Working Group co‑Chair so Rob Evans' term was up and he was the only one to continue and this has been supported on the mailing list so this is to confirm unless someone has major objections to Rob continuing and we welcome Rob for another period as Working Group Chair.
(Applause)
However, on that note, I am up next in 12 months' time and in the last three terms I have elected a Working Group Chair there has been no other candidates except incumbents. You remember that red line that Fergal had on his slide about people knew before and after, I can tell you if you do that graph from when I became Working Group Chair there will be no one on the left‑hand side because I was the first and so far only Working Group Chair that has been through the entire existence of this Working Group and I don't intend to be Working Group Chair after the next 12 months so we do encourage you to think about standing for ‑‑ the NCC Services Working Group Chair. You get to replace me, I mean, that alone should be quite good. So, please, please think about that and you have got 12 months to ask us if you want to know more about this.
With that, we have an open mic phone session and I hope that no one comes to the microphone, in the best ‑‑ I mean that in the best ‑‑ with the best intention. None. Okay. With that, we are done. Thank you all for coming and please leave as quick as you can so we can get ready for the GM, thank you.
