Dear colleagues,

Regarding Brian’s initial question, we do not know what is driving this volume of requests; we have explained our processes and our available data to this particular LEA multiple times.

Kind regards,

Theodoros Fyllaridis
Legal Counsel
RIPE NCC

On Thu, 11 Apr 2024 at 02:11, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
I was expecting something like this for a long, long time, to be honest.  What you now have is something created for want of that mythical beast, the internet police, which nobody ever seems to be.

--srs

From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Alex de Joode <adejoode@idgara.nl>
Sent: Thursday, April 11, 2024 12:32:24 AM
To: Serge Droz <serge.droz@first.org>
Cc: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net>
Subject: Re: [anti-abuse-wg] LEA Transparency Report 2023
 
​The EU is working on implementing the e-Evidence directive. 

This means any-and-all EU based LEO's can request data from RIPE NCC and RIPE NCC needs to supply the data if it has the data available. No 'let us check' no 'you can have this via our website' answers possible anymore. This will most likely be extended for signatories of the 'Budapest convention', the US is very eager to have access to this data also. (There is the public data, but to know who pays for a resource is of course easier to check as the banks know a lot more about their clients than RIPE). 


On Wed, 10-04-2024 19h 28min, Serge Droz via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:
Hi Randy

Agreed and I'm not saying we should just hand everything over on a gold plate to LE. Bien we cannot just say no all the time, but should actually come up with solutions we feel are good or a good compromise.

I expect LE to understand our issues, but we should understand theirs

Best
Serge


On 10 April 2024 16:25:26 UTC, Randy Bush <randy@psg.com> wrote:
In a recent talk Jane Easterly said: "The private sector has promised
better security for yeas but has not delivered. This has to change".

was this not in the context of software and platform safety? easterly
has been riding that hobby horse for a few years, and with serious
justification.

but i agree that the RIRs could be clearer in what they can and can not
do for LE. and there needs to be a balance of visibility and privacy.
LE is always gonna want more; that's their job, and we need them. but,
as jeff schiller said (in the ietf protocol design context) "Law
enforcement was not supposed to be easy. Where it is easy, it's called
a police state."

randy

--
Dr. Serge Droz
Director, Forum of Incident Response and Security Teams
https://first.org
--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg