Sérgio, I’m not sure if you’ve had the opportunity to read the RIPE Policy Development Process - https://www.ripe.net/participate/policies - but it lays out how policy is created in the community. Very deliberately this is not a vote, it comes out of discussion (which can, at times, seem to be or actually be, circular and/or not incredibly productive) which leads to consensus or lack thereof regarding the policy at hand. The RIPE Community that makes these policies is open to all, not just RIPE NCC members and a voting mechanism would be very easy to corrupt. While we, as a community, must never say “that is the way it is, we cannot change it” the PDP has generally worked over the years and has resulted in many new policies being created. However the policies and discussions that happen here are often on the more complex or more… fraught end of the scale. At the end of each phase of a proposal myself, Alireza and Tobias, with the wonderful help of the Policy Development Officer in the NCC, to look at the discussions and determine the next steps, as laid out in the PDP. Consensus can be hard to judge and sometimes it seems as if no progress is ever made, but this WG has produced a number of policies over the years, for the better of the Internet, while I acknowledge that they do not go far enough for some, and too far for others. For all the flaws of any human system, I do believe the PDP is a better process than would be gained by simply voting on a particular policy at any given point. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> On Behalf Of Sérgio Rocha Sent: Friday 17 January 2020 00:49 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox") Hello everyone, Someone said: You must be new here, yes it's true, I'm on the list for a few months. Maybe that's why you're still optimistic. Someone said that the shower of comments against any proposed amendment was Democracy. Maybe that is what we really need. Many complain that this working group never produces anything, some agree that either the community does something for itself, or sooner or later we will have politicians imposing laws and following goals that may not be beneficial. I have been on the list for a very short time but today I have learned one thing: Those who want to do something are more than I imagined, probably a silent majority and a noisy blocking group (maybe small). Respect divergence of opinion and respect freedom of expression a lot, we debate a lot and do little, maybe because we don't put democracy into practice. Perhaps what we need is for the RIPE NCC to allow us to create polls within the site (to have votes with registered accounts) and instead of arguing backwards and forwards, we submit ideas to votes, if the proposals have the majority then RIPE NCC should take into account the proposals. What I have seen is that all attempts to change something die in the debate and we never count votes. let's keep arguing but let’s vote at the end Sergio De: anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] Em nome de Liam Glover via anti-abuse-wg Enviada: 17 de janeiro de 2020 00:14 Para: ripedenis@yahoo.co.uk<mailto:ripedenis@yahoo.co.uk> Cc: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> Assunto: Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox") I’ve been following this mailing list for the last couple of years having read far too many arguments resulting in next to no progress. This post from Denis was a refreshing read and one that many should read more than once! Thank you Denis for a reasoned, adult (accepting the UK jab) and constructive message. Liam On 16 Jan 2020, at 23:30, ripedenis--- via anti-abuse-wg <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>> wrote: Colleagues I have just read this whole thread, it took a while (I should get sick more often and spend a day in bed reading emails). I have a few points to make. Some are similar to points already raised but I will reinforce them. I cut out the bits I want to respond to, but sorry I have not included the authors (you will know if it's you). "If I need to use a web form, which is not standard, for every abuse report that I need to submit, there is no sufficient time in the world to fill all them." So instead each resource holder must interpret randomly written emails and find any relevant information from within lots of junk. "ever since the day that RIPE NCC first published an abuse reporting address in the data base, it has, in effect, injected itself, even if only to a minimal degree, into the relationship between a network abuse victim and the relevant resource holders that have clear connections to the abuse source" To be clear, the RIPE NCC is the data controller, not the data content provider. The RIPE NCC does not publish the abuse contacts, they facilitate resource holders to publish them. "make abuse-c: an optional attribute (basically, unrolling the "mandatory" part of the policy proposal that introduced it in the first place)" As co-author/designer of "abuse-c:" one of the original aims of the "abuse-c:" attribute was to provide one single point of contact for a resource holder's abuse reports. If it is made optional, abuse reports would simply be sent to the "admin-c:", "tech-c:", "notify:", etc email addresses, as they were before. People will simply search the database for any email address associated with the resource holder and spam them all. It won't stop abuse reports being sent 'somewhere'. And once someone has had to go to the trouble of finding a list of email addresses to use for the resource holder who has no "abuse-c:", then they will probably do the same for all reports they send. So those of you who do respond to abuse complaints will find complaints being sent to a whole host of your email addresses from the RIPE Database. We lose the 'keep it in one well defined location' benefit. "at the very least, RIPE NCC could set up and maintain just a basic review "platform" where the public at large can at least make it known to all observers which networks are the assholes and which ones aren't." This would be an excellent way for a network operator to 'take out' their competitors. "While I would accept Gert's proposal for making abuse-c an optional attribute, the reason I offered a counter proposal for publishing "a statement to the effect that the network operator does not act on abuse reports" is to add clarity at a high level." How many operators are going to make such a statement? It would become an invitation to block their traffic. If that was the alternative to any verification then they know if they don't make such a statement there will be no penalty. So just don't make a statement and still ignore the reports. "i'm more worried about someone using real e-mail addresses of real unrelated people than the /dev/null or unattended mailboxes." Separately to this discussion we need to have a mechanism to say "Remove my email address from this resource", as Google has when someone uses your gmail address as a recovery address. (A service I use on a weekly basis) "Nice analogy, but when you add the eCommerce Directive into the mix, where a network provider (or hosting provider) is not liable for what their users do, the outcome changes. Only if you have knowledge there might be a possibility for liability, but if you do not accept abuse notices, and therefore do not have knowledge you are not liable. Also note there is no monitoring obligation, but if you do monitor you can gain knowledge and become liable for -everything-." If you hide behind this type of logic, the EU in particular could easily change the law so that refusal to accept notifications renders you liable as if you had received it. 'Ignorance of the law is no excuse' comes to mind. ">It's amazing that nobody cant propose anything without receiving a shower of all sorts of arguments against It's called 'democracy'." Many of the countries in the RIPE region are not democracies (including the UK now). Having been on this mailing list for many years, as others have said, this discussion has gone round in circles so many times. It really makes it hard to follow what the general view is. To me there seems to be 2 camps. One camp wants to 'do something' to try to improve the situation. The other camp wants to do nothing for a variety of reasons (not the RIPE NCC's job, gets tangled up with other policies, too much work/time, a burden on those who do the right thing, won't help with those who avoid it, we are engineers not social workers or police). These are the same reasons used against almost every policy proposal on this list. We are in a new decade now. We have to take a more holistic view of the RIPE Database and services around it. I started at the RIPE NCC as a software engineer working on the database. But over time I became involved in almost every aspect of it, including legal, policy, feature design, contracts, etc. I thought the days of demarcation lines went out in the 70s when an engineer thought only about engineering issues. Abuse (in all its forms) is a problem on the internet. Some organisations work hard to tackle it, others ignore it. As a community (of holistic engineers) we need to try things out to reduce abuse. There have been so many negative comments in this thread and so few positive ones. It isn't just LEAs that watch what we do, it's governments as well. If we don't 'try' to reduce abuse, we may find a form of GDPR coming down the line for abuse on the internet. Then every organisation, large and small, will be rushing to their lawyers to ensure they are GDPR(abuse) compliant. Avoiding a little effort now may involve a huge effort later. We are no longer a little group of chatty engineers. We are prominent figures in a global, life critical service. Lets try to be a little more positive and constructive.... cheers denis co-chair DB-WG