Dear all, We appreciate this input on our legal documents. I would like to assure you that the points raised will be evaluated by legal experts. This type of feedback is always appreciated and we will give it our full attention. However, I would caution against confusing opinion with legal expertise. Regards, Athina Fragkouli Chief Legal Officer RIPE NCC
On 31 Jan 2022, at 16:20, denis walker <ripedenis@gmail.com> wrote:
Colleagues
[I make no apologies for the length of this email. There are so many errors to discuss. For an overview you can stop reading at the line of '----'. Below that is the detailed review of all the errors.]
I have been reading lots of policies, procedures and agreements/contracts over the last couple of months to catch up with current and historical developments of address policy and it's application to allocating resources. It has been an eye opener. Right now I want to focus mainly on the 'RIPE NCC LIR Account Agreement'. Most of the documents I have read are poorly written. This is probably one of the worst. I will itemise below the details of what is wrong with this document. But firstly I will point out some of the serious mistakes.
In this agreement there is a definition in Article 1...
-RIPE NCC services The Membership Services provided through an LIR account as specified in the current version of the RIPE NCC Activity Plan.
In the 'RIPE NCC Standard Service Agreement" there is also this definition in Article 1...
-RIPE NCC services The Membership Services as specified in the current version of the RIPE NCC Activity Plan.
There are no Membership Services specified in the current version of the RIPE NCC Activity Plan. There hasn't been such a specification since the activity plan of 2017. So for the last 5 years all the active SSAs and LIR Agreements have been referring to an 'empty list'. As both these agreements revolve heavily around these services, I have no idea what the legal significance is of agreements based on an empty list of services.
Another serious issue is the absolute, total lack of any legal definition of an LIR (Local Internet Registry) and LIR account and the relationship between LIR and Member. I have not been able to find any such definitions anywhere on the ripe.net website. I fear they may be mentioned in some early RIPE document written 20 years ago that no one could reasonably be expected to find in relation to these agreements.
Then we have in Article 3 of the SSA: "the Member acknowledges and accepts that it has obtained the right to use the RIPE NCC services under the conditions outlined in this agreement."
And in Article 3 of the LIR Agreement: "the Member acknowledges and accepts that it has obtained the right to use the RIPE NCC services through this LIR account under the conditions outlined in this Agreement."
So under what conditions can a Member use these (undefined) services? -those in the SSA -those in the LIR Agreement -a superset of the two sets -the intersection of the two sets
********** I want to put forward a suggestion that the RIPE NCC engages the services of, or employs, a professional contract lawyer to review and if necessary re-write all of the agreements/contracts used by the RIPE NCC. Or at least someone with legal training and experience in the area of contract writing. **********
It was said in a zoom meeting last Wednesday (about reviewing the PDP) that we should keep to a minimum the legal terminology and rely on common sense. That was a valid mindset in the 1990s when the internet was mostly an 'old boys/girls club'. In 2022 this is a very different global, critical industry. The IPv4 market has also changed this industry. There is so much money invested in IPv4 addresses that one 'wrong' decision by the RIPE community could face a legal challenge. If the RIPE NCC has to go to court to defend such an action they would have a better defence based on rock solid, well written, legally watertight contracts than based on a set of poorly written, contradictory documents, common sense and a generally accepted view of how things work(ed).
Almost every document I have read has mistakes in it. Some have lots more than others. I wondered why people sign contracts with so many mistakes. Then I realised that most of the Members are not native English speakers, and neither are their lawyers. They almost certainly pass these documents through some translation app. Probably they accept some of the errors as translation errors. So if they go to court over these contracts it will be a case of an LIR arguing over what they think they signed, vs the RIPE NCC defending what they think they wrote. Neither will be a true reflection of reality.
I know some people will criticise me for pointing out 'trivial' grammar errors in this document. (Some people will just criticise me anyway.) They will say they are not important. There are much bigger issues to deal with. We don't want to get lawyers involved in this process. Common sense will always prevail. If it ain't broke don't fix it...etc etc. This LIR Agreement is a legal contract at the core of the RIRs business (and it is broken). The quality of this document should reflect the professionalism of the RIR. As a legal contract it should be rock solid, well written and legally watertight. If there is ever a legal dispute with a Member, this contract, along with the equally error ridden SSA, may take centre stage. Do you really want to gamble on a contract that looks like it was written as an undergraduate project? For a native English speaker reading these documents, the grammar errors just leap off the page. They are trivial to find and fix. (So why have they not already been fixed?) For the legal and other content errors, a contract lawyer would not be expected to make such basic, clumsy mistakes. It is the three 'C's that present the biggest problem - Consistency, Continuity and Contradiction. Someone needs to have a clear view in their mind of the entire document set. When a document is changed or a new document is written they should know where to look to ensure integrity is maintained across the whole set. That simply has not been the case up to now.
----------------------------------------------------
So let's look at this LIR agreement in more detail. I am basing my comments on this version: https://www.ripe.net/about-us/legal/ripe-ncc-lir-account-agreement
There is no definition of LIR or LIR account or any explanation of the relationship between a Member and an LIR (account).
Article 1 "The Membership Services provided through an LIR account as specified in the current version of the RIPE NCC Activity Plan." There is no list of services in the activity plan.
Article 2.2 "To enter into this Agreement for additional LIR accounts the Member must send to the RIPE NCC...one copy of the Agreement containing the handwritten signature of an authorised representative of the Member." This is ambiguous. It could suggest you sign one agreement for the initial LIR and one agreement for all additional LIR accounts, not one agreement for 'each' additional account. It should say: "To enter into this Agreement for each additional LIR account, the Member must..."
Is it possible for a Member to delegate operational control of an LIR account to another (anonymous) company or natural person in the same way some Members delegate management of their RIPE Database objects to a consultant? It is not clear if an LIR account is an administrative concept or something tangible that can be delegated. As the initial LIR account is not subject to any agreement (see below) that one can certainly be delegated.
Article 2.3 "The RIPE NCC reserves the right to amend this Agreement. The RIPE NCC shall notify the Member of such amendments at least one month before these amendments come into effect." This clause is almost certainly unenforceable. It is also ridiculous. It says the RIPE NCC can make any change it wants to this agreement at any time (after you have signed it) without any consultation with any individual, group or community and without any consensus, approval or acceptance and put the change into effect and expect all LIRs to comply with the change. If the NCC wants to fix the simple grammar errors, they would probably get away with it. Any substantive change would almost certainly be met with a legal challenge. They cannot impose a substantive change on 20k+ signatories.
The SSA says: "2.3 The Member acknowledges and accepts that the RIPE NCC Standard Service Agreement may be amended by a resolution of the General Meeting of the RIPE NCC according to the procedure outlined in the RIPE NCC Articles of Association. An amendment shall automatically become effective upon the date mentioned in the resolution or the date of first publication of the resolution of the General Meeting and the full text of the amended agreement on https://www.ripe.net, whichever is the latest, without the re-signing of the RIPE NCC Standard Service Agreement being necessary." The same conditions must apply to changing the LIR Agreement.
Article 3.3 "The Member acknowledges applicability of, and adheres to, the RIPE Policies and RIPE NCC procedural documents." Use of 'Member' and 'LIR' are interchanged throughout these documents. This agreement is about an LIR account. Do policies also apply to the LIR account or just to the Member? This is not clearly defined.
Article 3.4 "The Member shall provide the RIPE NCC with complete, updated and accurate information necessary for the provision of the RIPE NCC services and shall assist the RIPE NCC with audits and security checks as outlined in the RIPE NCC procedural documents, and in particular with the RIPE NCC procedural document “Due Diligence for the Quality of the RIPE NCC Registration Data”." Is this the same information required by Article 2.2 of the SSA? Articles 2, 3 and 6 of the SSA overlap considerably with Articles 2 and 3 of the LIR Agreement. Such overlaps encourage contradictions between separate contracts.
Article 3.6 refers to the document ‘Closure of Members, Deregistration of Internet Resources and Legacy Internet Resources' https://www.ripe.net/publications/docs/ripe-775 This document (ripe-775) was last updated on 30 Dec 2021, which is quite recent. Yet in Section B.1.b it says: "Internet number resources are allocated/assigned based on a specific need. When the original technical requirements or the business purpose for the use of the Internet number resources changes, the allocation/assignment becomes invalid. If the RIPE NCC notices any change in the original technical criteria or the original business purposes for using the Internet number resources, the RIPE NCC is authorised to deregister the relevant Internet number resources."
This conflicts with ripe-733 'IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region', Section 5.1 which says: "On application for IPv4 resources LIRs will receive IPv4 addresses according to the following:
- All allocation requests are placed on a first-come-first-served waiting list. No guarantees are given about the waiting time. - The size of the allocation made will be exactly one /24. - The sum of all allocations made to a single LIR by the RIPE NCC is limited to a maximum of 256 IPv4 addresses (a single /24). If this allocation limit has been reached or exceeded, an LIR cannot request an IPv4 allocation under this policy."
No mention of any 'need' based requirement. This has been the case at least since November 2019. This shows the lack of continuity and contradictions between these documents.
Article 3.7 says: "Unless otherwise specified in this Agreement, this Agreement is valid only for one specific LIR account. If the Member wishes to operate an additional LIR accounts, the Member shall sign an additional RIPE NCC LIR Account Agreement."
Note the plurality of "an additional LIR accounts". It may be a simple typo. But as written it supports my comment above on Article 2.2 that maybe only one agreement needs to be signed for all additional LIR accounts.
Article 4.2 "The Member's obligation to pay any fees corresponding for the LIR account of this Agreement" 'for' instead of 'to' - Another simple grammar error.
Article 4.3 "The Member shall make the payment to the RIPE NCC within 30 days of date of invoice" of 'the' date - Another simple grammar error. (Or perhaps even 'within 30 days of the date of the invoice')
Article 4.4 "without prejudice to any other of the RIPE NCC's rights which it may revoke against the Member in connection with the latter's failure to effect (timely) the payment." 'other' is in the wrong place, 'to any of the RIPE NCC's other rights' 'revoke' instead of 'invoke' '(timely) the payment' instead of 'the (timely) payment' More simple grammar errors.
Article 4.1 refers to the 'RIPE NCC Charging Scheme 2022' and Article 4.6 refers to the 'RIPE NCC Billing Procedure and Fee Schedule' document This takes us off into billing and fees documents. I have reviewed these documents at the end.
Article 5.2 "The Member shall be entitled to terminate this Agreement at any time." It doesn't say if the Member needs to give any notice period. Maybe: "The Member shall be entitled to terminate this Agreement at any time with immediate effect."
Article 6.1 "The Member shall also be liable for all aspects of its use and all that ensues from its use from the Internet number resources." It should say 'its use of the Internet...' This wording, 'its use', only puts liability onto the Member if they use the resources themselves. It does not put liability onto the Member if they allow someone else to use the resources by assigning them. The wording should be 'the use' or 'any use'. Then the Member accepts full liability for use of these resources by anyone.
Article 6.6 "The Member shall indemnify the RIPE NCC against any and all third party claims filed against the RIPE NCC in relation to the Member's use of the RIPE NCC services." Again the indemnity is limited to claims resulting from only the Member's use of the services. This article should say: "The Member shall indemnify the RIPE NCC against any and all third party claims filed against the RIPE NCC in relation to the any use of the RIPE NCC services provided to this Member through any of it's LIR accounts." Then it doesn't matter who is using the services.
Article 6.7 "In any event the RIPE NCC's liability shall be limited to a maximum amount equivalent to the Member's service fee of the relevant financial year" This may apply in the event of the Member filing a claim against the RIPE NCC. If a third party files a claim against the RIPE NCC, I don't think the RIPE NCC can set it's own limit on the claim within an agreement the third party has not signed.
Article 7.2 "The RIPE NCC's intellectual property (agreements, documents, software, databases, website, etc.) may only be used, reproduced and made available to third parties upon prior written authorisation from the RIPE NCC." If the Member has been allocated address space and they sub-allocate part of that space to another organisation, this is an acceptable use of the address space. By making assignments from the sub-allocation the second organisation will make use of the RIPE Database. This is an acceptable use of the RIPE NCC's intellectual property (database) without written authorisation needed.
Article 8.2 "Any disputes that may arise from this Agreement shall be settled in accordance with the RIPE NCC Conflict Arbitration Procedure." This highlights one of the base issues with this LIR Agreement. It clearly started life as a copy of the SSA which was then modified to create the LIR Agreement. If you replace 'this Agreement' with 'the RIPE NCC SSA' you have the basis of Article 11.2 of the SSA. The problem in this Article 8.2 is that the Conflict Arbitration Procedure (ripe-691) is specific to the SSA. Disputes arising from the LIR Agreement are not within scope, according to both the Introduction and Section A.1. of the Procedure. But even in Article 11.2 of the SSA "shall be settled" should be changed to "may be settled". There is always the option to take a dispute to a national court.
(Incidentally after a quick read, I only found one error in ripe-691. In Section C.1. "timeframe cannot not exceed".)
Article 2.2 "By signing the RIPE NCC Standard Service Agreement as instructed by the RIPE NCC the Member confirms that they have read, understood and agree to be bound by the terms of this agreement for an initial LIR account." After writing all of the above I was told by a Member that they don't sign an LIR Agreement for their initial LIR account. It is somehow implied by signing the SSA. The LIR Agreement is only signed for additional LIR accounts. Now I understand the intention of the wording of Article 2.2 but it is complete madness. You can NOT hold me to the terms of this agreement because I signed some other agreement that makes no mention of this one. IF the SSA included something like this "The LIR Agreement forms an integral part of this SSA. By signing the SSA the Member agrees to be bound by the terms of the LIR Agreement for their initial LIR account." then it would be valid. BUT the SSA makes no mention anywhere of the LIR Agreement. In fact the SSA only mentions 'LIR' 7 times and they are all links to the 'Closure of LIR...' procedure.
Article 6.1 of the SSA does say: The Member acknowledges applicability of, and adheres to, the RIPE Policies and RIPE NCC procedural documents. The RIPE Policies and the RIPE NCC procedural documents are publicly available from the RIPE NCC Document Store. These documents, which may be revised and updated from time to time, form an integral part of and apply fully to the RIPE NCC Standard Service Agreement. Each revised document will receive a new document number and can be found on https://www.ripe.net."
It then includes a non-exclusive list of these documents, which does not include the LIR Agreement. There are several key points in Article 6.1 that specifically EXCLUDE the LIR Agreement from being an integral part of the SSA. Although the term 'procedural documents' is not defined anywhere, just like LIR, it would be a considerable stretch of the imagination to include an agreement or contract in a commonly understood definition of a procedural document. It also specifically says in 6.1 that the 'procedural documents are publicly available from the RIPE NCC Document Store'. The LIR Agreement is not listed in the document store. It also says 'Each revised document will receive a new document number'. Unlike the SSA, the LIR Agreement does not have a document number.
The LIR Agreement is therefore NOT an integral part of the SSA. Signing the SSA does not bind a Member to the terms of the LIR Agreement. This opens an entire can of worms. None of the Member's initial LIR accounts are registered as LIR accounts. None of them are subject to any terms or conditions. As the charging scheme requires a service fee per (registered) LIR and these initial LIR accounts are not registered, technically Members do not need to pay a fee for their initial LIR accounts.
Another interesting point is that all RIPE NCC procedural documents are said to form an integral part of the SSA. These documents may be 'revised and updated'. Article 2.3 of the SSA says changes to the SSA need a resolution by the GM. Under what conditions can a procedural document be changed if it is an integral part of the SSA? How is a new procedural document implemented if it becomes an integral part of the SSA?
********** As I said at the start of this email, it will benefit the RIPE NCC to employ someone qualified or experienced in contract law to review and re-write all the NCC's contracts and agreements so they actually say what they were intended to mean. **********
Moving on to the billing docs referenced in the LIR Agreement, there seems to be 3 significant documents which contradict each other. One even contradicts itself. The referenced 'RIPE NCC Billing Procedure and Fee Schedule' document https://www.ripe.net/participate/member-support/payment is marked as last updated on 19 Dec 2018 but refers to the fees for 2022 and has probably been updated each year. What it says is confusing: "RIPE NCC members pay a membership fee every year. For 2022, this fee is €1,400. This is charged on a pro rata basis for new member. New members also pay a sign-up fee, which is currently €1,000. Members can have more than one LIR account, but they must pay the membership and sign-up fee for each LIR account." Again total confusion between Members and LIR accounts. The 'RIPE NCC Charging Scheme 2022' refers to this as a 'service fee' not a 'membership fee'. It doesn't make sense to refer to it as a membership fee and then say it is paid per LIR account. This wording also suggests that there is a sign-up and annual fee for being a member and also a sign-up and annual fee for each LIR account, including the initial LIR account. It makes no distinction between initial and additional LIR accounts. 'This is charged on a pro rata basis for new member.' should say 'new members' - Another simple grammar error.
In the 'RIPE NCC Charging Scheme 2022' document https://www.ripe.net/publications/docs/ripe-771 it says: "New members or additional LIR account registrations also pay an additional one-time sign-up fee alongside their annual contribution." Again this is grammatically totally wrong. It uses 'or' instead of 'and'. Also an 'LIR account' is not an entity that can pay anything. It should say: "An additional one-time sign-up fee is paid alongside the annual contribution for new members and when new LIR accounts are registered."
In the 'RIPE NCC Billing Procedure 2022' document https://www.ripe.net/participate/member-support/payment/ripe-ncc-billing-pro... it has the same incorrect sentence as the Charging Scheme document: "New members or additional LIR account registrations also pay an additional one-time sign-up fee alongside their annual contribution."
In 2.1 the image does not match the table immediately following the image. In Column A of the table it should show the one-time sign-up fee for New Members as 'per LIR account'. For Existing Members it should show the one-time sign-up fee for 'Additional LIR accounts' also in Column A.
In 3. it is not clear if the service fees for all LIR accounts set up by a new member will be applied pro rata. Also there is no mention if the service fees for an existing member who sets up additional LIR accounts during the year will pay a pro rata fee for the new LIR accounts.
It also says the 'pro rata for each quarter' will be based on 'the time of the year the membership application is submitted.' This has to be the time of year the SSA is concluded. You cannot reasonably charge for services before the period in which the services are made available.
In 3.1 it says "The annual invoices will be sent to members between the end of the first quarter and the beginning of the second quarter of 2022." This time period does not exist. It has to be either 'after the end of the first quarter' or 'before the start of the second quarter'.
In 3.2 it says "Members are responsible for providing and maintaining correct billing." It should be 'billing details'.
In 3.3 it suggests that payment for any Member LIR account can come from any source. There doesn't appear to be any requirement for the payment details to match up with the Member legal entity or natural person. Surely this is open to abuse, fraud or money laundering possibilities?
I have done an extensive review here of the LIR Agreement and touched on some of the errors in the SSA and billing documents. Almost every policy, procedure, agreement, contract, document I have read has one or more grammar and/or content errors. Maybe it is time for a full review....
cheers denis co-chair DB-WG
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/ripe-list