Hi Farzaneh and all, Indeed, I gave a presentation on handling requests from Law Enforcement Agencies at RIPE 89 across two WGs: Security: https://ripe89.ripe.net/archives/video/1444/ Coop: https://ripe89.ripe.net/archives/video/1527/ Since then, the legal team made some amendments to the RIPE 675 document that I had referenced during my talk. You can find the changes here: https://www.ripe.net/publications/docs/ripe-675/diff/ripe-836/ The amendments were presented to the board, which approved them through Resolution EB#179-R-05. You can read more about this in the board meeting minutes under 9.5 "Update to sharing information with LEAs" https://www.ripe.net/about-us/executive-board/minutes/2024/179th-executive-b... As for your question about discussing the principles on the mailing list, we are still awaiting a legal impact analysis on e-evidence, which is scheduled for later this year. Once we have that we will be in a better position to have a more informed discussion with the community about the principles they would like to see. In the meantime, we have worked on some guidelines for Law Enforcement Agencies and Competent Authorities, which is planned to be published on our website ahead of the RIPE meeting. Cheers and hope to see you all at RIPE 90 Hisham On Wed, 2 Apr 2025 at 14:01, Farzaneh Badiei <farzaneh@digitalmedusa.org> wrote:

Thank you Theodoros

During the Prague meeting, if I am not mistaken, there were presentations on information sharing with governments and law enforcement and coming up with a framework. Has that idea moved forward? In general, does Ripe NCC have a framework that sets the principles on sharing information with the governments?

Best regards

On Wed, Apr 2, 2025 at 7:01 AM Theodoros Fyllaridis <tfyllaridis@ripe.net> wrote:

...

Dear colleagues,

We have published a transparency report that details the nature and number of requests we received from Law Enforcement Authorities in 2024.

You can find the report at: https://www.ripe.net/publications/docs/ripe-839/.

Kind regards,

Theodoros Fyllaridis Legal Counsel RIPE NCC ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/security-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/

----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/security-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/

Dick, Thank you, yes, we'll come back to you on timings. And the report did feature previously, for sure, but as it's an ongoing thing and of continued interest to the community, I feel it won't be the last time! Thanks again, Brian Co-Chair, RIPE Security WG Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network North Dock Two, 93-94 North Wall Quay, Dublin 1, D01 V8Y6 +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________ From: Dick Leaning <dleaning@ripe.net> Sent: Thursday 3 April 2025 12:51 To: Brian Nisbet <brian.nisbet@heanet.ie> Cc: Farzaneh Badiei <farzaneh@digitalmedusa.org>; HMI IMH <hibrahim@ripe.net>; Theodoros Fyllaridis <tfyllaridis@ripe.net>; security-wg@ripe.net <security-wg@ripe.net> Subject: Re: [Security-wg] Re: LEA Transparency Report 2024 CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. Hi Brian, Just catching up on this thread. Am happy to present to the security WG on the 'new' LEA guidelines - which is an enhanced version on what we already had on the website, but can why we have the new version and how they will be used etc and also can cover a little bit of the transparency report, which i understand we actually presented on a few meetings back. So a 10/15min slot would be great if there is room in the agenda. Cheers Dick On Wed, 2 Apr 2025 at 18:01, HMI IMH <hibrahim@ripe.net<mailto:hibrahim@ripe.net>> wrote: Hi Farzaneh and all, Indeed, I gave a presentation on handling requests from Law Enforcement Agencies at RIPE 89 across two WGs: Security: https://ripe89.ripe.net/archives/video/1444/ Coop: https://ripe89.ripe.net/archives/video/1527/ Since then, the legal team made some amendments to the RIPE 675 document that I had referenced during my talk. You can find the changes here: https://www.ripe.net/publications/docs/ripe-675/diff/ripe-836/ The amendments were presented to the board, which approved them through Resolution EB#179-R-05. You can read more about this in the board meeting minutes under 9.5 "Update to sharing information with LEAs" https://www.ripe.net/about-us/executive-board/minutes/2024/179th-executive-b... As for your question about discussing the principles on the mailing list, we are still awaiting a legal impact analysis on e-evidence, which is scheduled for later this year. Once we have that we will be in a better position to have a more informed discussion with the community about the principles they would like to see. In the meantime, we have worked on some guidelines for Law Enforcement Agencies and Competent Authorities, which is planned to be published on our website ahead of the RIPE meeting. Cheers and hope to see you all at RIPE 90 Hisham On Wed, 2 Apr 2025 at 14:01, Farzaneh Badiei <farzaneh@digitalmedusa.org<mailto:farzaneh@digitalmedusa.org>> wrote: Thank you Theodoros During the Prague meeting, if I am not mistaken, there were presentations on information sharing with governments and law enforcement and coming up with a framework. Has that idea moved forward? In general, does Ripe NCC have a framework that sets the principles on sharing information with the governments? Best regards On Wed, Apr 2, 2025 at 7:01 AM Theodoros Fyllaridis <tfyllaridis@ripe.net<mailto:tfyllaridis@ripe.net>> wrote: Dear colleagues, We have published a transparency report that details the nature and number of requests we received from Law Enforcement Authorities in 2024. You can find the report at: https://www.ripe.net/publications/docs/ripe-839/. Kind regards, Theodoros Fyllaridis Legal Counsel RIPE NCC ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/security-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/ ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/security-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/ ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/security-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/

I am not going to be there in person but I suggest we focus on the “new” guidelines. Dealing with law enforcement especially expanding “information sharing” to non-Dutch law enforcement needs to be done with care and a deep understanding of community needs and sensitivities and should be in line with fundamental rights and an open Internet. Something e-Evidence has also touched upon. And Hello Dick. On Thu, Apr 3, 2025 at 8:22 AM Brian Nisbet <brian.nisbet@heanet.ie> wrote:

Dick,

Thank you, yes, we'll come back to you on timings.

And the report did feature previously, for sure, but as it's an ongoing thing and of continued interest to the community, I feel it won't be the last time!

Thanks again,

Brian Co-Chair, RIPE Security WG

Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network North Dock Two, 93-94 North Wall Quay, Dublin 1, D01 V8Y6 <https://www.google.com/maps/search/93-94+North+Wall+Quay,+Dublin+1,+D01+V8Y6?entry=gmail&source=g> +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ------------------------------ *From:* Dick Leaning <dleaning@ripe.net> *Sent:* Thursday 3 April 2025 12:51 *To:* Brian Nisbet <brian.nisbet@heanet.ie> *Cc:* Farzaneh Badiei <farzaneh@digitalmedusa.org>; HMI IMH < hibrahim@ripe.net>; Theodoros Fyllaridis <tfyllaridis@ripe.net>; security-wg@ripe.net <security-wg@ripe.net> *Subject:* Re: [Security-wg] Re: LEA Transparency Report 2024

CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe.

Hi Brian,

Just catching up on this thread.

Am happy to present to the security WG on the 'new' LEA guidelines - which is an enhanced version on what we already had on the website, but can why we have the new version and how they will be used etc and also can cover a little bit of the transparency report, which i understand we actually presented on a few meetings back.

So a 10/15min slot would be great if there is room in the agenda.

Cheers

Dick

On Wed, 2 Apr 2025 at 18:01, HMI IMH <hibrahim@ripe.net> wrote:

Hi Farzaneh and all,

Indeed, I gave a presentation on handling requests from Law Enforcement Agencies at RIPE 89 across two WGs: Security: https://ripe89.ripe.net/archives/video/1444/ Coop: https://ripe89.ripe.net/archives/video/1527/

Since then, the legal team made some amendments to the RIPE 675 document that I had referenced during my talk. You can find the changes here: https://www.ripe.net/publications/docs/ripe-675/diff/ripe-836/

The amendments were presented to the board, which approved them through Resolution EB#179-R-05. You can read more about this in the board meeting minutes under 9.5 "Update to sharing information with LEAs"

https://www.ripe.net/about-us/executive-board/minutes/2024/179th-executive-b...

As for your question about discussing the principles on the mailing list, we are still awaiting a legal impact analysis on e-evidence, which is scheduled for later this year. Once we have that we will be in a better position to have a more informed discussion with the community about the principles they would like to see.

In the meantime, we have worked on some guidelines for Law Enforcement Agencies and Competent Authorities, which is planned to be published on our website ahead of the RIPE meeting.

Cheers and hope to see you all at RIPE 90 Hisham

On Wed, 2 Apr 2025 at 14:01, Farzaneh Badiei <farzaneh@digitalmedusa.org> wrote:

Thank you Theodoros

During the Prague meeting, if I am not mistaken, there were presentations on information sharing with governments and law enforcement and coming up with a framework. Has that idea moved forward? In general, does Ripe NCC have a framework that sets the principles on sharing information with the governments?

Best regards

On Wed, Apr 2, 2025 at 7:01 AM Theodoros Fyllaridis <tfyllaridis@ripe.net> wrote:

Dear colleagues,

We have published a transparency report that details the nature and number of requests we received from Law Enforcement Authorities in 2024.

You can find the report at: https://www.ripe.net/publications/docs/ripe-839/.

Kind regards,

Theodoros Fyllaridis Legal Counsel RIPE NCC ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/security-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/

----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/security-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/

----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/security-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/

Hi Hisham, Thanks for the detailed information. I suggest the community take a more proactive approach to this matter. The amendments you mentioned don't fully address the circumstances and principles under which RIPE NCC handles law enforcement requests, especially those from non-Dutch authorities. Perhaps the upcoming guidelines will cover these aspects? This is particularly important considering the significant increase in LEA requests since 2022. Furthermore, the request from a non-Dutch LEA for information related to a RIPE Atlas probe, which RIPE NCC did not comply with, highlights the need for clarity. I encourage the community, perhaps through the Security Working Group or another appropriate WG, to proactively discuss these principles rather than waiting for the impact assessment. Best regards, Farzaneh On Wed, Apr 2, 2025 at 8:48 AM Hisham Ibrahim <HMI@ripe.net> wrote:

Hi Farzaneh and all,

Indeed, I gave a presentation on handling requests from Law Enforcement Agencies at RIPE 89 across two WGs: Security: https://ripe89.ripe.net/archives/video/1444/ Coop: https://ripe89.ripe.net/archives/video/1527/

Since then, the legal team made some amendments to the RIPE 675 document that I had referenced during my talk. You can find the changes here: https://www.ripe.net/publications/docs/ripe-675/diff/ripe-836/

The amendments were presented to the board, which approved them through Resolution EB#179-R-05. You can read more about this in the board meeting minutes under 9.5 "Update to sharing information with LEAs"

https://www.ripe.net/about-us/executive-board/minutes/2024/179th-executive-b...

As for your question about discussing the principles on the mailing list, we are still awaiting a legal impact analysis on e-evidence, which is scheduled for later this year. Once we have that we will be in a better position to have a more informed discussion with the community about the principles they would like to see.

In the meantime, we have worked on some guidelines for Law Enforcement Agencies and Competent Authorities, which is planned to be published on our website ahead of the RIPE meeting.

Cheers and hope to see you all at RIPE 90 Hisham

On Wed, 2 Apr 2025 at 14:01, Farzaneh Badiei <farzaneh@digitalmedusa.org> wrote:

...

Thank you Theodoros

During the Prague meeting, if I am not mistaken, there were presentations on information sharing with governments and law enforcement and coming up with a framework. Has that idea moved forward? In general, does Ripe NCC have a framework that sets the principles on sharing information with the governments?

Best regards

On Wed, Apr 2, 2025 at 7:01 AM Theodoros Fyllaridis <tfyllaridis@ripe.net> wrote:

...

Dear colleagues,

We have published a transparency report that details the nature and number of requests we received from Law Enforcement Authorities in 2024.

You can find the report at: https://www.ripe.net/publications/docs/ripe-839/.

Kind regards,

Theodoros Fyllaridis Legal Counsel RIPE NCC ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/security-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/

----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/security-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/