Hi Felipe, Thanks for your extensive reply to my concerns. I am aware of the efforts the RIPE NCC makes to store documents and registry information safely, and with the appropriate data retention policies. From what i can see, this has been implemented very well, and i have trust in the security of these applications. But as Rudolf has already pointed out, apart from attachments there is still a lot of sensitive information and meta data in both Zendesk tickets and staff e-mail. And this data is being stored under U.S. legislation. You mention that "the RIPE NCC applies a risk-based approach, paying close attention to the contracts we sign with these providers and ensuring that the obligations described in them give the highest possible level of privacy and security" That is what is called the "administrative firewall"; the legal, security and compliance teams go through these contracts and make sure that all risks and responsabilities have been covered. But in reality these contracts don't actually guarantee any level of privacy, security or reliability, they merely provide us with someone to point at when things go wrong. I consider the RIPE NCC to be a neutral and independent organisation that supplies critical services to a very large service area outside of the U.S., an organisation with a huge amount of highly skilled staff. And i find it very disappointing that such an organisation with the ~40M budget that it has, is not able to run its own, on-premise infrastructure for communication with its members. I have already mentioned it in a previous reply, but if you haven't done so already, please check out the RIPE Labs podcast with Bert Hubert, as it touches on several of these subjects: https://labs.ripe.net/author/alun_davies/bert-hubert-internet-privacy-and-th... Timo Hilbrink Freedom Internet On 05/11/2024 16:06, Felipe Silveira wrote:
Dear Timo, all,
First off, I want to let you know that documents containing potential confidential member information - company registration papers, network plans, any document sent to the NCC in order to justify additional resources, etc. - are stored on premises in our Document Management System (Alfresco).
Registry information - including the history of all Internet Number Resources, plus all current and historical information about our members (legal address, company registration number, etc.) - is stored on our in-house-developed software, running on premises.
Ticketed communication with members is stored in Zendesk, which runs in the cloud using AWS infrastructure. No documents are stored directly in Zendesk, and any documents sent as attachments are automatically removed and stored in Alfresco.
For copies of IDs and passports, we use a third party (iDenfy) to identify our members. We don’t store any copies of IDs as part of this process, and IDs are deleted after 14 days.
For staff email we do use Gmail, and I note that copies of some Zendesk tickets might end up on staff email accounts. This came from an internal decision to fully use Google Workspace, which we were already using for other productivity tools. We also recently stopped paying for licenses for Zoom and now use Google Meet for video conferencing. Using Gmail for staff brings several benefits for us, including better spam and malware filtering as well as integration for staff with the rest of the Google Workspace tools.
As has been noted here, these decisions are largely cost- and resource-driven. We have undertaken serious efforts to reduce costs on the technology side of the organisation over the past two years, and this has resulted in some of the compromises that have been noted on this thread. An example of this is our recent efforts to reduce our data centre footprint, which have focused on providing quality services in a cost-effective way [1].
However, it's important to note that for most email we do in fact run our email infrastructure, including MTAs, community and membership mailing lists, and the ASO and NRO email systems. We operate on-premise MX servers, which handle all emails directed to ripe.net <http://ripe.net> and route them accordingly. Emails sent to staff and role accounts are forwarded to Gmail, while those intended for support go to Zendesk. Emails directed to mailing lists are routed to our on-premise Mailman instances.
For outgoing emails, we use various services: Gmail for staff emails, Zendesk for support, AFAS for invoicing, and Brevo for some announcements. Any remaining emails, such as those from mailing lists and NCC services (like RIPE Database updates, RIPE Atlas, etc.), are sent through an on-premise mail server.
It is difficult to run our operations if we have to speculate on what governments can and cannot do. Instead, we apply a risk-based approach, paying close attention to the contracts we sign with these providers and ensuring that the obligations described in them give the highest possible level of privacy and security for our members.
Kind regards,
Felipe Victolla Silveira Chief Technology Officer RIPE NCC
[1] https://labs.ripe.net/author/felipe_victolla_silveira/reducing-the-ripe-nccs... <https://labs.ripe.net/author/felipe_victolla_silveira/reducing-the-ripe-nccs-data-centre-footprint/>
On Mon, 4 Nov 2024 at 13:33, Timo Hilbrink via members-discuss <members-discuss@ripe.net <mailto:members-discuss@ripe.net>> wrote:
Hi all,
As we have seen in the past several Information Services updates from Felipe, the RIPE NCC has been moving a lot of services to the cloud, this now also includes things like RIPE NCC email, calendars, chat and video conferencing. The follwoing page gives a helpful overview of these services and the relevant cloud platforms:
https://www.ripe.net/publications/documentation/cloud-technology-status/ <https://www.ripe.net/publications/documentation/cloud-technology-status/>
The page states that "all services pass an internal process of strict legal, information security, technology and privacy reviews". That all sounds very reassuring, doesn't it?
However..
Even though the "Data Residency" column states "EU" for all these services, these cloud providers are a U.S. legal entity (or a foreign entity with an office in the U.S.), so the data stored on these platforms completely falls under U.S. legislation, such as the CLOUD act and numerous related acts and laws. It is completely irrelevant where this data is stored geographically.
This also means that the data stored on these platforms can be subject to U.S. law enforcement warrants and subpoenas.
As a concerned and privacy aware citizen, i find it very worrying that basically all my interactions with the RIPE NCC in some way end up in the hands of U.S. based cloud providers. But i can imagine that these concerns are much more serious for RIPE members in countries that have a less favourable relation with the U.S. (there are quite a number of those countries within the RIPE service region)
What do other members think about this, and has the RIPE NCC taken these consequences into account when they decided to move all this data and services to U.S. based hyperscalers?
Thanks for your thoughts,
Timo Hilbrink Freedom Internet ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/members-discuss.ripe.net/ <https://mailman.ripe.net/mailman3/lists/members-discuss.ripe.net/> As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/ <https://www.ripe.net/membership/mail/mailman-3-migration/>