Hi Jørgen, On 11/11/2011 12:07 PM, Jørgen Hovland wrote:

If you don't mind, I have a question: First of all, did you receive any real reason why they requested this?

According to webwereld.nl (a Dutch tech-site), it was to disable a gang that runs rogue DNS services. A poorly translated article can be found via Google Translate: http://tinyurl.com/7jrmubc -- Mark Schouten | Tuxis Internet Engineering KvK: 09218193 | http://www.tuxis.nl/ T: 0318 200208 | info@tuxis.nl M: 06 53463918 | mark@tuxis.nl

issued to the Dutch authorities from the US authorities, in relation to massive malware distribution in the US and other countries. ... microsoft.com - the biggest malware distributer out there... can we just go ahead and nuke the usa... finally ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. & Co. KG ========================================================================= Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration: HRA 42834 B BERLIN Phone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE: CBSK1-RIPE e-Mail: sven@cb3rob.net ========================================================================= <penpen> C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob ========================================================================= Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 11 Nov 2011, Axel Pawlik wrote:

Jørgen, Sascha, all,

the order says it's done on the basis of several international requests of assistence, issued to the Dutch authorities from the US authorities, in relation to massive malware distribution in the US and other countries.

We will be preparing an article on the genesis of this order, background documents as publishable, legal opinions and the like.

Currently we are busy coordinating legal opinions, requesting further documentation and the like.

cheers, Axel

---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view

Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses.

The article on Webwereld states: (http://webwereld.nl/nieuws/108523/nederlandse-politie-bevriest-ip-toegang-d ns-bende.html ) Tegelijk met het oprollen van de bende heeft de Nederlandse politie vier blokken van ip-adressen laten 'bevriezen' bij het in Amsterdam gevestigde RIPE. Die Europese beheerder van ip-adressen, heeft op last van de politie vier blokken van IPv4-adressen geblokkeerd. Dit houdt in dat de eigenaar van de ip-adressen geen wijzigingen kan doorvoeren in de registratiegegevens bij RIPE. Which translates in English into: Together with the roll-up of the gang, the Dutch police had 4 subnets of IP addresses frozen at the in Amsterdam based RIPE. The European manager of IP addresses has based on a police order 4 subnets of IPv4 addresses locked. This means that the owner of the IP addresses couldn't make any changes in the registration information at RIPE. --- As far as I'm aware (but I'm not a lawyer) the international gratified ComputerCrime II ACT, provides the authority to ask for a freeze (secure) of administrative and technical (logging) information known to a certain database / website holder about someone, to prevent it from being purged. What RIPE did is just that, if I read this correctly. Comparing this to RPKI: The difference of a cert being revoked by RIPE in an RPKI situation, was that routing by itself wasn't changed. Nor that the assigned IP's where revoked or something similar. Perhaps someone from RIPE can provide some more insight beside the posting on the website (http://www.ripe.net/internet-coordination/news/about-ripe-ncc-and-ripe/ripe -ncc-blocks-registration-in-ripe-registry-following-order-from-dutch-police ) Regards, Erik Bais

For those that like to read up on the Convention on Cybercrime ( Budapest - 2001 ) : http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=8&DF=02/06/2010&CL=ENG (Overall start page for the Treaty) http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=8&DF=02/06/2010&CL=ENG (status page for the international ratification per country in the EU and none-European countries) http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm (actual text of the treaty) The part that I revered to in my previous email can be found under Title 2 - Article 16: --- Title 2 - Expedited preservation of stored computer data Article 16 - Expedited preservation of stored computer data 1 Each Party shall adopt such legislative and other measures as may be necessary to enable its competent authorities to order or similarly obtain the expeditious preservation of specified computer data, including traffic data, that has been stored by means of a computer system, in particular where there are grounds to believe that the computer data is particularly vulnerable to loss or modification. 2 Where a Party gives effect to paragraph 1 above by means of an order to a person to preserve specified stored computer data in the person's possession or control, the Party shall adopt such legislative and other measures as may be necessary to oblige that person to preserve and maintain the integrity of that computer data for a period of time as long as necessary, up to a maximum of ninety days, to enable the competent authorities to seek its disclosure. A Party may provide for such an order to be subsequently renewed. 3 Each Party shall adopt such legislative and other measures as may be necessary to oblige the custodian or other person who is to preserve the computer data to keep confidential the undertaking of such procedures for the period of time provided for by its domestic law. --- Regards, Erik Bais

On 11/11/11 13:27, Hank Nussbacher wrote:

I support RIPE NCC in its effort to make the Internet a safer place. A court order for RIPE NCC to do something would probably have needed a trial, and can sometimes take months and usually years until a decision is handed down. If the police lodged a formal request then RIPE NCC has to abide by it. Adjust the charter or procedures to comply with reality if necessary.

I believe that the current situation is unrelated to preservation of data, so I don't believe there's a treaty obligation involved. From what I've heard, the bad people have all been arrested so nobody is being kicked offline who isn't offline anyway. However, whilst I am not familiar with the legal situation in the Netherlands, (Is there an independent judicial element to any police "requests"?) I would be rather worried about any situation in which the police, based on their own particular policies, might be able to exert control over what they consider acceptable use of the Internet within the RIPE region. RIPE covers many countries and not all have the same set of ethical values and standards and we should be wary of any situation in which one nation exerts undue extra-judicial influence because a coordinating body happens to be based there. Zoë