I agree, but to avoid throwing the baby out with the bathwater, I would
suggest to you that it would be best if you could suggest to the proposal's
author and sponsor some different language with respect to the procedure
for judging such matters... some different process that would address
your reasonable concerns about process... rather than just saying that
the whole proposal is unacceptable.

In short, it appears that yur objection here is about implementation
details, and that you do not object to the over-arching concept, assuming
of course that the process of adjudicating such matters may be made
substantially more reliable and fool-proof.
Perhaps. I've spoken with at least one of the authors and am still not entirely convinced the wording can be done such that it reasonably addresses the issues I've presented. I'll reserve judgement until version 2.0 is released for discussion. see last line

So you do agree that there is a -possibility- that a threat exists and that
it might, in theory, and under some appropriate circumstances, be diminished
or eliminated by the termination of the RIPE contract with certain well
proven and accurately identified "rogue" members, yes?
If a NCC member is actively and willfully, after having been notified and given ample opportunity to resolve the issue, engaged in widespread hijacking such that RIR/NIR members have complained about their ability to use their own resources, yes.

That case has nothing at all to do with the theft OF IP ADDRESSES, and thus,
it is rather entirely irrelevant to this discussion.
The case does deal with the slippery slope argument in that it demonstrates at least one instance of modern law where removing content from an online service (at all) resulted in an opening for legal liability. While not an issue specific to policy discussion, I do believe it is worth consideration when determining potential breadth of the policy. Action should be well backed with evidence. see last line
My apologies for not quoting the relevant section properly.

I disagree, and apparently, so does Cloudflare.  And they should know.
Cloudflare's blog post on the subject has comments on the matter. One of their staff members is known for stating "Is this the day the Internet dies?", a reference to the fact that they acknowledge they (at the time) were about to take content offline for what were non-required reasons.
https://blog.cloudflare.com/why-we-terminated-daily-stormer/
That isn't to say that I think this is an inherently bad option. I just think it needs to be balanced such that it is clearly justified when action is taken. see last line

The question is whether or not this proposal is a demonstrably bad way to -try- to begin
to address the problem, at least in part.  I remind you that right now there
is essentially -zero- disincentive to the act of deliberate hijacking.
Getting depeered by transits, losing IX memberships, and having gear seized by authorities all seem like potential disincentives. Having a bunch of NCC-allocated IP space doesn't matter when you are unable to use it.

Again, I am in agreement with you, but I do believe that this is a matter
of fine-tuning the procedural aspects of the propsal, rather than simply
opposing or abandoning it wholesale.
Agreed so far as being open to revisions. see last line

Given the number of references I've made to rev 2.0, I'll likely hold additional comments until it is released, as they are quite possibly irrelevant.

Jacob Slater

On Mon, Apr 1, 2019 at 11:24 PM Ronald F. Guilmette <rfg@tristatelogic.com> wrote:

In message <CAFV686cUaBmPiQ1e6oWD2oVwNA4X6otVbFxsHd0BjosMDLeT+Q@mail.gmail.com>,
Jacob Slater <jacob@rezero.org> wrote:

>In the case of IP addresses and ASNs, the "convicted individual" has been,
>under the current policy draft, convicted in the mind of one - perhaps two
>upon appeal - experts (a term which has yet to be defined in policy). Such
>an opinion, no matter how professional, is a very low bar to be taking as
>objective.

I agree, but to avoid throwing the baby out with the bathwater, I would
suggest to you that it would be best if you could suggest to the proposal's
author and sponsor some different language with respect to the procedure
for judging such matters... some different process that would address
your reasonable concerns about process... rather than just saying that
the whole proposal is unacceptable.

In short, it appears that yur objection here is about implementation
details, and that you do not object to the over-arching concept, assuming
of course that the process of adjudicating such matters may be made
substantially more reliable and fool-proof.

>Should the NCC be allocating them more addresses?
>It is justified (morally, ethically, and perhaps even legally) to continue
>treating all entities as equals by allocating resources for their use
>unless they have been determined to be a distinct threat by a trustworthy
>system, such as a board of peers (as in the case of a criminal conviction).

So you do agree that there is a -possibility- that a threat exists and that
it might, in theory, and under some appropriate circumstances, be diminished
or eliminated by the termination of the RIPE contract with certain well
proven and accurately identified "rogue" members, yes?

>Keeping to my earlier discussion of the gun store analogy, I do not believe
>that the opinion of a single expert (with the possibility of appeal) is
>enough

I agree.

>> The proposal on the table doesn't deal with any matters which are in
>> any way even remotely tied to mere offenses against any local or
>> localize sensibilities.  It doesn't even remotely have anything at
>> all to do with either (a) any actions or offenses in "meatspace" nor
>> (b) any actions or offenses having anything at all to do with -content-
>> in any sense.  The present proposal only has to do with the outright
>> THEFT of IP addresses, i.e. the very commodity which RIPE is supposed to
>> the responsible shepard of.
>
>
>Within your jurisdiction, I can think of several cases which show this to
>not be the case (ALS Scan, Inc. v. Cloudflare, Inc., et al. being one of
>them).

That case has nothing at all to do with the theft OF IP ADDRESSES, and thus,
it is rather entirely irrelevant to this discussion.  But I am glad that you
brough it up anyway, because one one the points made by the *defendant* in
that case, Cloudflare, actually underscores a point that I have tried to
make here, i.e. that the act of disiplining any one RIPE member, or even
several of them, as is contemplated by 2019-03, is quite clearly *not*
equivalent to some kind of totalitarian banning, from the entire Internet,
of any particular piece of content.  But I will let Cloudflare's own legal
argument make the point for me:

    https://torrentfreak.com/cloudflares-cache-can-substantially-assist-copyright-infringers-court-rules-180314/

      "One of Cloudflare's arguments was that it did not substantially assist
      copyright infringements because the sites would remain online even if
      they were terminated from the service. It can't end the infringements
      entirely on its own, the company argued."

So, as you see, even Cloudflare itself made the point that simply eliminating
any one (bad) provider does virtually nothing at all to remove from the
entire Internet any given piece of -content-.  And this certainly matches
up with my own experience.

>Blocking content distribution methods is effectively blocking the content

I disagree, and apparently, so does Cloudflare.  And they should know.

>I've still yet to be convinced that this would substantially cut down on
>hijacking;

Maybe it wouldn't.  The question isn't whether it would or not.  The question
is whether or not this proposal is a demonstrably bad way to -try- to begin
to address the problem, at least in part.  I remind you that right now there
is essentially -zero- disincentive to the act of deliberate hijacking.

Maybe it is time to try something different and see if it will help.  If it
doesn't, then it can be discarded, and then some other approach can be
tried instead.

>additionally, I've yet to be convinced that such a policy would
>not sweep up innocents due to its allowance of reports by the general
>public and incredibly low bar for labeling someone a hijacker.

Again, I am in agreement with you, but I do believe that this is a matter
of fine-tuning the procedural aspects of the propsal, rather than simply
opposing or abandoning it wholesale.


Regards,
rfg