... I hit send too early (and I'm still recovering from RIPE89 To complete the truncated section: The NCC has a large area of countries served under it, so the difference for, say as a example, a British person (hi!), and a Dutch person, I suspect there difference in view on what country/region you trust to look after data/privacy concerns On Mon, 4 Nov 2024 at 17:56, Ben Cartwright-Cox <ripencc@benjojo.co.uk> wrote:
Hey Timo,
The point is, who may get access to this data. Especially after the revelations of Edward Snowden and Wikileaks, i do not have much trust in U.S. law enforcement and intelligence services.
This is fair, however at the end of the day it's all a game of "whos security agency do you trust more or less" surely, I (and I understand if this is not the prevailing view amongst others) trust the Dutch security services less than the various Three Letter Agencies in the US (well, I guess if the CIA is interested in my emails with RIPE then something has horribly gone wrong for the CIA, or me)
The NCC has a large area of countries served under it, so the difference for, say as a example, a British person (hi!), and a Dutch person, I suspect
it sounds like you are asking why i care about my privacy (and the privacy of other members) when i have nothing to hide.
I suggest this because I believe that a company interacting with a company is very different in terms of privacy (I will conveniently gloss over the end-user LIRs, even though I am one of them) than say, my personal email and things that hold my personal correspondence, advertising patterns, etc.
The NCC holds a database full of personal data out in the public (as in the post GDPR years has proven at least some debate around this), and ultimately in my eyes is a B2B system. I suppose a lot of this boils down to "Do commercial entities deserve outright privacy?", I understand that people don't have a unanimous view here.
I may be missing something drastic, but as far as my data exposure to RIPE NCC I have boils to:
A) What I have in the database (something that is almost entirely public) B) Know Your Customer documentation that I submitted, though I'm unsure if RIPE even have copies of that anymore C) Mailing list conversations (again, mostly public conversations, other than in my case the working group co-chair duties I do) D) I guess I run a RIPE Atlas probe in various places, I suppose there is some argument I should not have something like that running in my home if I don't trust the infrastructure that controls that
I'm not really sure what else there is, as far as some of my other suppliers in business, the NCC holds relatively little data on my operations. (I will ignore the situation of what happens if a government agency forces something to be done, because I think that is not what we are arguing here, and also low risk)
I would say that if there was a *viable* EU based AWS competitor then I would ask why the NCC did not choose it, but as far as I can see things, that option simply does not exist.
So I think that RIPE NCC aiming to reduce costs by using said IaaS/SaaS providers is a good thing, but obviously only if it *really does turn out to be cheaper*. Don't get me wrong, I do have arguments against using IaaS services from hyperscalers, but the privacy angle is not a hugely compelling one for a B2B entity like RIPE that pretty only stores data about it's own customers (that are businesses)