18 October 2018, at 9 p.m.:

Good morning everybody and congratulations for surviving the whiskey BoF. So we have a rather tight agenda today so I am going to kick off straight away and get on with the programme. Of course, we have the point 0, intro administrivia, so the minutes of the last meeting have been posted. I am sure that nobody has read them but hopefully still agrees, you can see the agenda in front of you and I assume nobody has anything to add or change in the agenda but if you do please speak up. If not, I consider the agenda approved and move on with the agenda.

So our first speaker is Chris about ITU.

CHRIS BUCKRIDGE: Thank you. And thanks everyone for showing up first thing on a Thursday morning, to hear about the ITU. So, as some of you or most of you probably know, there is, starting in ten days, an event called the ITU Plenipotentiary 2018. My plan this morning is to give a bit of brief overview of what that is, why it's significant and what some of the issues are that will be discussed and that have caused the RIPE NCC to be there and participate.

Because time is a flat circle, I thought I would throw this up of four years ago, me presenting in possibly the same shirt, I am a simple man. That was actually not a whole presentation on the Plenipotentiary, it was a single slide in a presentation, I think we had bigger things on our agenda with the recently announced, at the time, IANA stewardship transition, so we only touched briefly on it. This year we don't have that luxury so you get an entire presentation on the Plenipotentiary.

So, for some background or overview for those of you not intimately familiar with the ITU. This is a bit of a structure, how the ITU looks. Basically, the international telecommunication union has three different bureaus. One deals with standardisation, one deals with development and one deals with radio communications. We, as the RIPE NCC, don't deal too much with the radio communications side of things, so we are not actually a member of what we call the R sector. We are, however, members of the T sector, the standardisation and the D sector, development and we have become members there because of issues where discussions in the ITU have touched on things very close to our heart, our organisational heart and so that's issues like IPv6. It's issues like IP addressing, IP address management. And so each of these sectors has its own high level meetings, these take place every four years, standardisation sector has the WTSA, the development has W TDC and also every four years, different years, there is the supreme organ of the ITU which is the Plenipotentiary, and so that's a three‑week meeting, you heard that right, three weeks, which essentially sets the direction for the ITU over the coming four years and so in that sense, it's a very significant event. It's also an event in which it essentially ....member States participate, so others like sector members and observers can attend, can talk to people in the corridors but the Plenipotentiary is an event for Member States. Like all of the other high level meetings of the ITU, the Plenipotentiary operates basically by discussing and agreeing on a number of resolutions and decisions, and so these are developed over time by either Member States individually or by regional groups, and I am not sure if I have a lacer pointer here. So you can see here we have some input coming to the Plenipotentiary directly from Member States, a lot going to there is region groups and to the Plenipotentiary and some input coming from the secretariat and the council.

We then as RIPE NCC participate in these regional groups for quite a while, particularly the Arab group which we have some relationship with, the CE P T which is the European group and the RCC and actually on the next slide ‑‑ well, sorry, I will point out in 2014 just to give you a sense of the scale here of the Plenipotentiary, they approved five decisions and 70 resolutions, so that is a fair bit of work, you can understand where the three weeks comes in.

But so these are the three regional groups at that we are participating in. As you can see, they cover a lot of countries, countries certainly in our service region and somewhat beyond. The CEPT is probably one we are closest involved with and that is most of the European countries and extending to the east so we have participants like Russia, Georgia, a few others. The RCC is the group that is basically former Soviet states and some of the other countries around that part. There is some overlap between the RCC and the CEPT which makes for some interesting discussions, but the CEPT in many ways is one of the most interesting regional groups because you see some of the bigger discussions and disagreements that occur later in the global conferences already playing out in that CEPT venue so that is why it's quite useful to have that mix there.

So CEPT we signed a letter of understanding three years ago, we have actually formalised our participation there and we have observer status along with a few of the other technical organisations, including ICANN. RCC we pay quite small membership fee, it's set up in a somewhat different way. Then the Arab group, which is the third group there, we actually don't have an official status there; we have good relationships with many of the members, we talk to them about what's going non‑those meetings but we are not actually part of the meetings or the discussions, so that's another different approach there.

So talking about RIPE NCC and the ITU, and I have put NCC in bracket here because the both the RIPE's commune's engagement with ITU and RIPE NCC as an organisation and sector member. We've ‑‑ we have a professional technical relationship with the ITU which goes back really quite a long way and includes most specifically our work on ENUM. So we manage the top level domain for ENUM and we do that in coordination with the ITU under instructions for the Internet architecture board. Since the early 2000s there has also been the aspect of our relationship with ITU that focuses a bit more on issues like Internet governance and this sprung out of that information on the world summit where the ITU began to take a much stronger interest, more active interest in issues like IPv6 addressing, IPv4 exhaustion and those kinds of issues.

And so our engagement there has been essentially following and engaging in discussions that involve those issues that are close to our remit, that is participating in study groups and going to the high level meetings and the informing you, our community, about what is going on there and how the community can get involved.

I have put a link here, you can either use the QR code or download and click it but that will give you information about the RIPE NCC and our involvement with ITU.

Most recently we have been quite involved in the iTouch's discussion of IoT and that is happy in study group 20 and I am sure many of you will recall only six months in Marseilles we had a presentation in the IPv6 Working Group where there was discussion of a draft resolution that had come through drafting IPv6 addressing in the IoT. And so as part of our engagement with that discussion, we had actually encouraged the study group to send that draft to the RIPE community saying the RIPE community is the policy‑making authority in this situation, this is where this should be discussed. If the ITU is going to look at these issues it should talk to the RIPE community. The feedback there was essentially if you were going to to something like this it should be done in RIPE and we passed that feedback on to the study group. The next meeting of the study group happens in December and so there will be further discussion and further reporting back to you on the outcome of that.

But yes, more recently we have also been following any other IP addressing related discussions in ITU and we have seen specifically a couple of points come through in study group 2, which is the operational aspects of service provision and telecommunications management. That is the study group. If you would like more information on that, I can ‑ dish probably direct you to my colleague Marco who has been involved there.

So PP 18, which takes place in Dubai and starts in ten days. I mentioned the last Plenipotentiary had approved 70 resolutions. In a very informal way, I will call these resolutions here the Internet resolutions, that is not an official title by any means but it's a collection of the resolutions approved that deal with the Internet, touch on Internet issues, and these are the ones basically that we are following, we are watching who is making proposals, what the discussions are and what the topics of interest are. 101 and 102 basically looking at IP based networks and public policy issues that might arise out of that. 130 deals with cybersecurity, strengthening cybersecurity. 133 deals with internationalised domain names. 140 looks at the WSIS and ITU's role following up on the WSIS so dealing with Internet governance there. 80 is facilitating the transition from IPv4 to IPv6, relatively uncontroversial one certainly at at this stage at least. And 197 facilitating the Internet of things to prepare for a globally connected world. That is one of the most recent so just coming from the 2014 Plenipotentiary. But which is also led to the formation of this new study group.

In addition, there are a number of new proposals coming in that different regions have put forward. There are actually four proposals on over the top services, O TTs. I think from, well, CEPT, RRC Arab group and A touch. And those actually go quite across the spectrum, some like from CEPT dealing much more with just promoting the idea that they have a place in this ecosystem, there needs ‑‑ we need to foster that for development, for better communication networks. Others pushing more towards okay what are the risks here, what is the need for regulation, is there a need for regulation of the OTT space? Artificial intelligence, probably not a great deal to do with RIPE NCC or the RIPE community but there are two proposals there which would see the ITU working more in the artificial intelligence space and in that sense broadening again that remit of the ITU to more Internet‑based technologies.

And then finally, there is a proposal that has come from CITEL which is the Americas regional group on participation of small and medium enterprises in the I touch. I mention that because the Arab group had their own but has since withdrawn that to support the CITEL one and it may affect people in this room, RIPE NCC members but it also, it's a step towards, well, opening up the ITU perhaps a little bit, getting more involvement there, and that's an interesting complicated question, I think. So I will come to that in a second.

And the other point of interest is 146 and this is about the ITRs, the international telecommunications regulations. This was the issue that in 2012 was ‑‑ was very controversial. There was a conference held to review the ITRs for the first time since 1988, the ITRs being an international treaty that governs telecommunication matters. And the ITU Member States were unable to come to a consensus agreement on that, and one of the major issues dividing the Member States there was issues to do with the Internet in the ITRs and including Internet related issues in the ITR. So this has been an ongoing issue, there has been an expert group, working for the last few years on what is to be done about the fact that one group of Member State have signed up to the new 2012 ITRs, others have non‑and are still bound by the 1988 document and the proposals that have come through from I think every region, actually, basically fall into two camps: One of which is we have looked at this, we can't work it out, the ITRs aren't that relevant any more anyway so let's just agree to disagree and move on. The other side is saying the ITRs are still a big deal, we really care about them, we need to work this out and let's spin up a working group and get ready for another conference in 2020 so we are not sure whichified that will fall on but we will certainly be following it closely because if it was to come to another WCIT Internet issues would be a point of contention and something relevant to us and to you.

So the key issues:

The caveat I would put out there is to say that we have proposals from all of these different regions, some of them you can read and you sort of would think that's crazy and nuts, why are they proposing that? So the caveat is Plenipotentiary is a three‑week negotiation. Most of the ‑‑ all of these proposals should be seen as starting positions, you put out everything you want, you are ready to sort of walk that back in the negotiation process, so a lot of what we see here that would be most sort of surprising or concerning is not necessarily what is going to come out at the other end. But the big issue for us obviously remains the role of the ITU in Internet governance and some of the specific points that come up there are, how the role of the council Working Group or Internet public policy issues evolve, this is one of the points that is particularly raised in resolution 102, and there are different perspective, some would say this Member State only Working Group should be opened up, we should have all stakeholders there and more multi‑stakeholder. Others say no, this is a place for governments to have their discussions but it should be more empowered and able to make public policies. What may end up is a ‑‑ somewhere the two, a compromise between the two. Our concern and, you know, being all for openness but the more open the ITU is, the more necessary it is for us to engage, the more legitimacy it has as a multi‑stakeholder environment or place for discussion, and that, well, with limited resources and the fact that I think everyone sort of sees as an ever proliferating number of venues for Internet discussions is perhaps a problem and an issue.

The other issue ‑‑ another point is where does the ITU fit into the broader scope of UN agencies who are doing this work? And what we have seen recently is really following the WSIS which set up the IGF and said we are going to move forward with multi‑stakeholder processes, we are seeing more recently the UN agencies flexing their muscles and saying maybe the ITU didn't achieve everything we need to, maybe cybersecurity is still a big issue maybe we need to do something more and one of the characteristics that seems to come through in a lot of the proposals from different regions at the moment is referencing, all of these other UN activities, that could be again one of two ways, it could be saying okay, we are referencing this because we don't want to duplicate work, the ITU shouldn't be duplicating this other work or it could be saying the U number of has prioritised this and you see, ITU needs to be there in the centre and take a more active role on Internet governance issues so how that discussion plays out will also be of interest. And then to what extent to Member States want to extend the ITU's remit and I mentioned proposals on OTT and I I so there is clearly an from some Member States, some groups to see the ITU taking a more expanded role.

For the RIPE NCC ‑‑ this is my last slide ‑‑ our question is, what do the outcomes at the end of date mean for our engagement and for you it means what do we have to do in terms of the resources we have to devote to this? How closely do we need to follow ITU discussions, are there new study groups that we need to be engaged in and what is the messages what are we actually wanting to say in those study groups and discussions. And what are we wanting to say to you, what ‑‑ how are you harnessing this community and the role of this community in our engagement with ITU? So like we is it for study group 20 bringing that discussion to the RIPE community and making sure there was that recognition of the role that RIPE and the RIPE PDP has in making policy, how are we going to do that going forward? That is what we are looking at in this PP.

If you want to learn more, I've ‑‑ there is an article that we posted on RIPE Labs just recently, that is the link there, QR code or go and download the slides and I also at the end, if you wanted to download the slides that is the actual titles of the new proposals but you can have a look at that if you are interested. So, with that, I will open to brief round of questions.

Alexander: Citizen of Russian Federation. Thank you very much for participating in this activity, a week of due Dubai is hard thing. I would like to ask you to inform us about such activities much ahead and one week of something going on. Cooperation Working Group list, yes and there are some announcements and you have shown a lot of topics to be discussed but unfortunately they are not ‑‑ they have not been discussed in community and as this discussion has not been ‑‑ so, as we have seen, I ask this question, as we seen from yesterday's presentation by Axel Pawlik ‑‑ so referencing to our community values, I ask you to be more open on these activities because for me as Russian citizen it's very difficult to get information about all these activities from Russian state employees or representatives in this organisation. Usually they say oh, no, it's taken over by United States or by ITU staff so we can do nothing. Something can be done and hope you could provide us much more information on these activities.

Also, as far as I remember, two‑and‑a‑half years ago in Copenhagen you were making presentations at RIPE NCC, a lot of seats on different international organisations, I think including this one, so but I do not see any follow‑up of that presentation so maybe you can involve community more active especially the, a lot of decisions ‑‑

CHAIR: Could you shorten your question.

ALEXANDER ISAVNIN: It's just a comment. Could RIPE NCC be more open and transparent and especially such activities like with ITU especially, ITU also wants to be open and transparent. Thanks.

CHRIS BUCKRIDGE: I will make a very quick response, and I fully take on board, yes, being open and communicating this to the community, that is certainly something we are very keen to do, I don't think we have any reason to hide anything we are doing here; the Plenipotentiary is certainly a difficult case in some ways, partly because a lot of these proposals have only come through very recently, the Arab group proposals I mentioned came through since I wrote the article that is on RIPE Labs, and most of them are not actually publicly accessible so we can't link you to here is the document. And the other point I think is that, as I say, a lot of proposals, their starting ‑‑ they are starting positions in a negotiation so I think sort of calling the troops to arms to say this crazy thing is happening, when actually whoever put that proposal forward is not actually thinking that's what they are going to get out of the conference is maybe not the most productive but I absolutely take the point and we are certainly trying to communicate this as best we can.

ALEXANDER ISAVNIN: Thank you very much. I hope you are bringing values of our community like open and transparency to ITU also.

NURANI NIMPUNO: I have a few ‑‑ I will try to keep it brief, I have a few quick points. Thanks for going, so the rest of us don't have doing. And being engaged in the ITU. I say this tongue in cheek but I do think it is incredibly important that we have people from the community there, and I think there are others like Malcolm, there are a few more people from the community there.

CHRIS BUCKRIDGE: Hans Petter, Patrik Faltstrom

NURANI NIMPUNO: Having been at an ITU Plenipotentiary I think it's do I have understand thousand all works if you haven't been there, and I have been there and I am not sure I understand how it works. I think it's good to know the RIPE NCC and is not going doing and present a position on anything, you have all these Internet‑related resolutions and and they will come up and discussed and it will be governments discussing it but having the RIPE NCC there, it both means that you get to hear the discussions, you can report back on them, and also that a lot of these negotiations, so they are the officials negotiations and you also have these little huddles where people go in the corner and discuss things and that is actually where organisations like the RIPE NCC and ISOC play an important role. Again not to kind of represent a particular position, but to educate the governments and explain this is how it actually works and IP addressing is distributed like this and these Internet Exchange points and there is an organisation that represents all the exchange points etc.. so I think even just those contributions are incredibly important.

And the also ‑‑ it is incredibly hard to report from these conferences because they are so much and like you say people throw out words in Internet resolution proposals simply to get their word in so they can reference back to it in a future resolution or negotiation. So, but giving these overviews and picking out the ones that related to this community I think is very helpful. And I think at a previous meeting I asked you when you gave an overview your regulation stuff, can you write this as an article or a blog post and I didn't just do that because I want to give you more work but did you that this time and I was in a meeting with my government last week and I said look at this article. So it is incredibly useful to have that, so that's for that, cheers.

CHAIR: We have to close at you, though. You have to react?

CHRIS BUCKRIDGE: I think the one point I would make and possibly I am making the same point here which comes back to Alexander's comment we are very careful to not say we are representing the community or representing the membership even. What we are representing there is the role of RIPE and the role of the RIPE NCC. I think our membership and our community are too diverse for us to have any pretence to say that we are representing you. But thank you.

PAUL RENDEK: Thanks very much Chris for that, because I think that lays out a nice path of what is going on there in a nutshell and it is hard to grasp it. As Chris stated we actually don't show up at this meetings with any kind of position or proposals that we put in there. Public policy is something that we do not actually do here, right? I mean, that's for the public sector to sort out. What we have done, yes, and our position and our position always remains that we think we can help them better public policy, how do we do that? By the ‑‑ by the engagement that we have with the various groups that Chris actually pointed out to you. We have made it very clear for the RIPE NCC service region, we have in each one of these different fora, we have said that the RIPE NCC is here to provide you with any kind of factual technical information that you need to prepare your proposals when you go to a meeting like this, and it's probably the biggest gift we can give actually inside of the ITU and that is what we spend most of our time on. We have been very clear on that and it's a position that will be taking here. In our round table meetings where we pull a lot of these different governments together we have made that clear, some of them have contacted us in the past, the reason why we have to be at the event for those three weeks is at any one given time a government from our service region can contact us and say, RIPE NCC, give us a paper on what is happening here that relate to our business, and we are there at their disposal to do this and we will do this. So thanks Chris for pointing all that out.

AUDIENCE SPEAKER: You mention public policy and the professional politician joining such meetings are career politicians so they always build ‑‑ at such meetings. What I care of, if Greece will become telecom minister of Australia and of Netherlands who will take care of this. So, that is very important to document what you are doing, and have more plans and information. So, please, not just do something, but report back to community. And membership.

HANS PETTER HOLEN: RIPE Chair, since it was mentioned that I am going to serve on the Norwegian delegation this time I thought I should add a couple of words with that regard. I want to compliment Chris and Marco for bringing the discussion to the meeting last time and that was well ahead so I think we are making really improvement there in getting the ITU to come to our community. I also want to compliment you for the article you published because I wanted to have a briefing session with you before I talked to Norwegian government but it's all in that article what I need so I think that's brilliant. The documents that I got from the Norwegian delegation it's easy to do so because they all refer to what is publicly on the website so that is the briefing that I have been given access to. When it comes to participating in the actual meeting since they allow me to be a full delegate I have to sign some papers saying if it's in a closed session I can't live tweet from it and please don't cause any international incidents while you are there. So, while I am sort of fully committed to open and transparent, I think I will probably have to leave the reporting after the meeting to Chris and RIPE NCC, while I will work it together with RIPE NCC and other friends on other delegations to make sure that knowledge which is basically what we have as a community is inserted into the bureaucrats and politicians who are the decision‑making here. So I don't think I will make any positions or statements there but it's all about building a network with technical clue into the process.

CHRIS BUCKRIDGE: Nobody needs to know where we got our report on the international incidents, Hans Petter.


CHAIR: A rare privilege to introduce my co‑chair who is going to talk about ICANN and the general protection regulation.

JULF HELSINGIUS: Thank you. Let me start ‑‑ I am on the E PDP and it is an interesting experience. So, I have to start with this disclaimer that there are probably people in this room who strongly disagree with what I am going to say and that is normal. We all know Whois is old and crap and and it should have been replaced long ago so I am not going to go much into that. The only point from this slide that you need to take away is that gTLD registries and registrars are contractually obliged to maintain Whois because of their contact with ICANN and this is a bit of a problem when maintaining that Whois breaks European law. So that he is the issue.

Country codes don't have the same rules so they can be much more free in what they do.

And we have of course many of us have been pointing out the privacy issues with Whois for the last ten years at least, and there has been agreement that something needs to be done, yeah.

Then of course GDPR happened and it didn't happen just recently it's actually been in force for a long time already and we all knew what was going to be in there when it became enforceable and you were threatened with fines it became interesting. So of course, ICANN formally reacted only after sort of every possible time period had expired, by coming up with something called a temporary specification which is a total duct tape solution to somehow deal with the situation, so you don't need to publish all that information and there is some measures need to be taken, you still need to collect it all, just don't publish it. The problem with this is, it can only go on for a year and it has to be re‑confirmed and reaffirmed by the ICANN board every 90 days. This is a temporary, as it says in the name, temporary solution. When it expires we are back to wild west unless there is a solution. And the solution is supposed to come from the EPDP, on the temporary specification for registration data which only started this summer. Interesting in that usually you have a small Working Group putting together a charter for a Working Group, in this case the whole council GNSO Council was part of the time that put together the charter because it was so controversial.

So there is a bunch of things that the group is supposed to look at, purposes for processing data, the legal basis for it, what activities are required, what do you publish, is there a differentiation between geographical regions and between legal and natural persons, responsibilities and so on on and very importantly, access to the data and a standardised universal access is an item that is in the charter very clearly stated shall only be discussed once we looked at all these other things first and there are is a number of things, specific answers to specific questions on the Earl yes ninths need to be answered first before we can go into discussing how we can access this data and who gets access to it.

Membership in EPDP is by stakeholder groups, this is unusual for ICANN groups, they usually tend to be open for everybody. Here the membership is very strictly defined so by stakeholder groups and there are members and observers, anybody can observe but they can't really contribute at all, and there are authorities that can only contribute when the full‑time is unable to. It's a very formal procedure for who can at each specific meeting be present or not.

And to actually reach anything the group has to get a consensus from all the stakeholder groups, and when people there, if there is a formal position it's a position of stakeholder group not a person, interesting, different from what the ICANN groups usually do. In the end 35 people in these.

So far we have been doing two two hour calls a week every week, long calls. Then we did a full three‑day face‑to‑face in Los Angeles and after that there is sub‑teams working on things having calls on the other days of the week. So yes, we spend a lot of time on phone conferences. There is professional mediators called in and a lot of discussion especially about the legal basis but I won't go into that.

So, the whole issue is that this is actually kind of becoming a test for the whole multi‑stakeholder model because there is very, very clear polarisation and these are not my words, they are actually some other members coined these terms, the privacy caucus and surveillance, people defend privacy for ‑‑ some of them for practical reasons because they don't want to be collecting that information or responsible for it and they are the ones who want to protect our children from fake copies of handbags. And somehow it seems the ISP ones are the only ones who aren't really aligned between these lines. And funny enough, remember that we weren't supposed to discuss access until we had answered all the questions, every question seems to somehow boil down to a question of access.

And interestingly, while the providing the answer, there are all these parallel things going on that ICANN as an organisation has this ongoing court case in Germany against registrar there. There was a formal letter from the business constituency and intellectual property constitute see that proposes a wonderful new access model. So while you are thinking about it, by the way here we have a solution you could use. And then there was this interesting blog posting by the ICANN CEO outlining the activities the organisation is doing by talking directly to Brussels by talking to the privacy commissioners and test different legal solutions to the problem. One of the more interesting ones is actually that they are testing out the idea of ICANN actually becoming the gateway into the Whois. And taking in a sense responsibility for. Whether that will fly or not remains to be seen. But these are a totally parallel activity going on independent of the EPDP.

Interestingly, there was just published the first NTIA report on ICANN activities that congress asked for, they actually asked for NTIA to actually report on what is going on and what the activities are there and it totally focused on Whois. That is the only thing they seem to be caring about. So where are we now? We are just about next week in ICANN 63 when the group is supposed to publish their first preliminary report. So, everybody is trying to line up their ducks to produce some sort of report and it's still very unclear what is going to be in that report because not much consensus at this point.

This, unfortunately, didn't survive the transfer from PowerPoint to PDF but red items are coming yellow and green because we agreed to agree to something, to have something to present. We will see what comes out. A lot are small groups that have reached some sort of proposal but the big group hasn't even discussed it yet so there will be lot of loose parts in that report.

And I will finish off with a quote from our face‑to‑face meeting that describes how a lot of us felt about that process:

"We went all the way down the deep, dark rabbit hole and what we found was not cute fluffy bunnies, but rabbit shit."

AUDIENCE SPEAKER: Thank you for your presentation but I still think it can consist only from the last slide. No, seriously, how it looks outside but ‑‑ to solve this, different forums, it looks now we have got a situation when we hear even from ICANN that national organisation, national laws are higher than any ICANN policy. And first of all, this seem initial initiative or sorry, European ‑‑ show us what means self‑regulation ‑‑. What do you expect, what we will get in the result? It will be very soon.

JULF HELSINGIUS: The one thing we know is whatever comes out has to comply with the GDPR at least in Europe. I mean, that's the only thing we know for sure. Beyond that, there is lots of different opinions of what should be the solution but they really diverge totally so there will be some sort of compromise I'm sure but I don't think any of us would really know yet how it's going to look like. As I said what we do know it will have to comply with the GDPR.

AUDIENCE SPEAKER: There are two simple key points because some governments and states now keep mouths closed, they simply ignore the process because they decide we will simply fall on national laws no matter what ICANN will say. And second point, it's about access models, absolutely any of these models unacceptable in the world? Because it's still polite discussions but what I expect now that it will raise more because absolute non‑workable ‑‑

AUDIENCE SPEAKER: Hi, Shane Kerr, speaking for myself. So, this is about the, ultimately this is going to be about the requirements ICANN is going to place on publishing information for some TLDs, so this is not going to affect ccTLDs, it may not affect all legacy TLD like gov and ‑‑


SHANE KERR: Today there is a lot of privacy preserving registrars, is there any intention to remove that functionality?

JULF HELSINGIUS: There is ‑‑ there is big pressure from a lot of different directions of unifying the whole structure so that everybody should collect the same kind of data and provide the same access to it. So, there might be things that is of, effects of ‑‑ well, there will definitely be registrars and registries who will be affected by which way we don't yet know. It will probably go both ways.

SHANE KERR: I guess the reason I ask is that if there is not going to be any, if there is not going to be a remove of the privacy removal service then I think this is irrelevant. People who want to hide their information or identity for whatever reason will still have the capability of doing it and whether or not law enforcement has a live stream of it, it doesn't matter, right? I mean...

JULF HELSINGIUS: Yes, if they actually preserve the possibility for some other registrars and registries to have not published the data but the problem is they are trying to go for universal model here.

SHANE KERR: Okay, okay thank you.

CHAIR: No more questions. Thank you very much, Julf.


And now EuroDIG, the European dialogue on Internet governance.

ARNOLD VAN RHIJN: Thank you RIPE for inviting me to this interesting meeting. I am from the ministry of the ‑‑ climate policy of the Netherlands, I am working in the division on the digital economy information, we are in the midst of a reorganisation and merging two separate divisions, one dealing with telecommunication policies and the other one with ICT application it's, so we are from the 1st January next year we hopefully have a new division really going forward on this digital economy policy.

I didn't prepare any slides so you have to do it it with this nice picture of the city of the Hague, in the forefront you see the houses of parliaments, the back some towers. This is where EuroDIG 2019 will take place from 19th until 20th June.

Where did it all start? Let's go back to where we are here. The name of this Working Group is the Cooperation Working Group, and I like the cooperation because, as you probably know, cooperation is in our genes, we are working together as a government with all interested stakeholders. The Plenipotentiary in '18 has been mentioned and I can tell you in one of these previous ITU meetings we were keen on having all kinds of stakeholders on board, not only by involving them with our policy making towards these ITU meetings but even taking them with them, taking on board, we had a representative for ISOC who was advisor added to the Dutch delegation to one of these ITU meetings which took place in Dubai again that was on the ITRs, and back home we are always reaching out to our stakeholders with respect to all kinds of policy making from scratch, dealing with human rights, with a new roadmap on safe hard and software and many other issues. So, we like to cooperate.

Now, back to EuroDIG, how did it all start? I will touch some issues with you, that is the first one. The next one is what motivated to bring EuroDIG to the Netherlands? Where do we stand? And what do we expect from you?

First of all, how did it all started. When we had this last meeting of the global IGF in Geneva that was in December 2017 in Geneva and that was ‑ difference approached by the secretary general of EuroDIG whether the Netherlands would be willing to host the EuroDIG 2019. Of course we had to think about this and I had to get the green light from my minister so I had to convince him, and that took a while, but at the end, we got the green light and so we are here. But what motivated us to bring EuroDIG to the Netherlands? As you all know, the multi‑stakeholder approach is in our genes, that is what I already expressed. We are full supporter of this approach, whether this is ICANN or other fora, and we also have big supporter of open free stable and secure Internet, wherever we be, wherever we will be in the international negotiations, we will put that across the table I have been involved in many international negotiations in Geneva and Brussels and Paris and we always stress this, it's very important issue to gain more supporters. We had last week two meetings in the Hague, one from the global Commission, the stability and in cyber space and the other one was on the national Internet governance forum. Those two meetings precisely touched upon a very political issue and that is, how can we secure a stable, secure and predictable cyber space in the 2020s? And as, you know, there is a proliferation going on with lot of similar platforms, with an increased influence of governments, autocratic states would like to push forward their ideas and that brings us to the points, if you are talking about the IGF, where to we have to improve this unique multi‑stakeholder global platform, and we had an interesting discussion, the main messages coming out from these two meetings was indeed we have to strengthen this, the improvement of this unique platform and I can tell you I am a member of the multi‑stakeholder advisory group of the IGF and we are having two separate working groups, precisely dealing with these improvements, apart from the funding issue because that is also important, to get more funding from the private sector, and these two working groups are dealing with a more strategic approach towards stabilising in this IGF with a very strong secretariat.

Another thing what motivated us to bring EuroDIG to the Netherlands and that is of course Netherlands is front runner, if we are talking about digitalisation, innovation and start‑ups. And also an important issue is that we want to be a European hub between IGFs, one coming up in Paris, the IGF 2018 there is 12th to 14th November, partly overlapping with the Paris Peace Forum, and the tech forum so I would say digital/cyber week in Paris in November. And it's partly overlapping with the ITU and that caused a lot of problems for the delegation to make a choice but I can tell you there are a lot of private entities, private sector who approached me and said, what do we have to do? I said the best way doing is to Dubai not only because of the weather but you heard from Chris there are resolutions going to be discussed and precisely this friction between openness and more closed approach of the Internet by having a more treaty Internet, that is going to be I think the issue again in Dubai.

So, that the European hub is very important to bring further this debate on the openness of the Internet and the strengthen of the IGF. And last point where ‑‑ why we brought ‑‑ are bringing this EuroDIG to the Netherlands, it is a nice place the Hague, it is close to the see, so bring your swimming suit with you because we are also living below sea level and you never know what the dykes are doing but we talked to the guys regarding these and they will order lots of sandbags in case those dykes break. Where do we misunderstand we have set up a project team and consists of the government, as RDN, .nl registry, the city of the Hague and we have a youth representative as well and last but not least, ECP, that is our national multi‑stakeholder platform on the information society and those people are forming the project team.

The venue, it's still not finalised. We are negotiating heavily to get the price lower, but in case we succeed that will be a nice venue, I can tell you that.

17th September we had a kick‑off with the EuroDIG secretariat and for you, I think the quite important to make use of this call for issues, not workshop proposals, issues, these issues should be aligned with eight pre selected categories from cybersecurity to human rights, and this call for issues started the 1st October and will go on until 30th November so make use of that. You can submit to maximum of three issues you would like to see discussed.

15th January we will have a public open public planning meeting where we will create this programme further together with our stakeholders. Information about registrations, visas and hotels are coming up soon.

What do we expect from you? As I mentioned, please make use of this call for ‑‑ and come to the Hague and here you are most welcome to come and you will be invited. Thank you very much, happy to answer any questions.


AUDIENCE SPEAKER: Alexander. I wanted to ask you some questions about telecommunication policy but I think I will do this during EuroDIG. The only thing I would like to thank you for your climate policy to bring such beautiful weather to us today.

PAUL RENDEK: Our paths cross at very many meetings and I wanted to welcome you very much to the RIPE meeting here. We have ‑‑ we very much value the cooperation between the RIPE NCC and your team, you and your team at the ministry, and we definitely plan on being a part of EuroDIG here. We are a part of that fabric, both from an organisational perspective we are involved in that, but also in the panels and the various workshops and we definitely plan on, you are on home turf, right, with this EuroDIG coming up and we will certainly be there and supporting you and your colleagues in making sure this is successful event so thank you very much, Arnold.

ARNOLD VAN RHIJN: Thank you. One last point on cooperation, perhaps you don't know that, but we are negotiating with the RIPE team on an MoU between the Netherlands government, that is my ministry, and RIPE NCC, to further strengthen the cooperation, and I'm really looking forward to it. The text is nearly finalised so we should seek a right moment to write down the signatures. Thank you.

CHAIR: Of course report about it at the next Cooperation Working Group meeting. Thank you very much, an old.


So 19th and 20th June just before the midsummer in the Hague. And now we will continue with the multi‑stakeholder model and we will have ETNO.

HERVE CLEMENT: I will speak about what I will call ETNO from one side and RIPE NCC from the other side. Of course, everybody knows RIPE, RIPE NCC so I won't present anything about that. ETNO, if you read to my badge and to be transparent you can see Orange on ETNO so my, ( ‑‑ I have a ‑‑ survey is Orange. ETNO is an organisation so I will speak about that and I am part ‑‑ of Working Group of ETNO because my company Orange is member of ETNO.

Okay. What is it ETNO. ETNO, so the meaning of that is European telecommunications network operators' association so you have the link to the website of ETNO. ETNO. So it represents and since 1992 Europe's leading telcos, so telcos, so within Europe ‑‑ what is ETNO, ETNO is composed of 32 members, it's European Telcos so on on next slide you will have the list to have an idea of the list of ETNO. It is composed also of 8 observers who can be US telcos, could be vendors, etc.. it just, it was a company who can be help to speak time to time to different meetings, you can be of Nokia, AT&T and so on. You have inside ETNO 18 working groups so I will present you the list of the different working groups and I will say ETNO on legal structure is only composed of 9 employees.

So, ETNO is composed of 32 members, tell could, and telco is in Europe (represent more than 60 percent of the total sector investment and so a lot of people within this community so can be connecting directly or indirectly with this organisation, this association, because so the set of Telcos, European telcos employ more than 600,000 people. The main focus of ETNO to this Working Group and so regards ‑‑ regard European Union policy but ETNO also engage, also in transatlantic relation, global community and investment community. If you see a newspaper you can see there are regularly different global meetings in which ETNO is engaged.

So I say that ETNO is composed of 32 telco organisations, telco companies, so there is a list. You can see some company like Deutsch Telecom, Orange, appear twice or ‑‑ that is because large company are composed of so different legal structure and so that can be two or three relationships regarding specific organisation of the group.

I spoke about working group, so the interest of the ETNO and to be engaged with, so I am part of Orange, Orange is a member of ETNO and so thanks to that, so we as member of Orange, of this company, can take part to a specific Working Group. So you have different set of Working Group, the digital infrastructure cluster 1 compose of digital infrastructure spectrum and the one in which I collaborate is naming addressing and numbering issues which is ‑‑ in this Working Group we speak and we deal with numbering aspect on elaborate position on numbering issues and I will say the only aspect we deal with addressing and numbering is that really, because we meet twice a year, I can give report of RIPE meeting and ICANN meeting also. There is no specific position on that but we can speak very freely of different subject about that.

You have also another cluster which is a digital economy, so I won't read so exhaustively, it's a different Working Group in it. The digital confidence cluster on the international strategy cluster, depending on your interest you can ask to belong, belong to each of one of these Working Group. You have three task force also, competition, stakeholder engagement and 5G, under benchmarking subgroup.

And it appears not to ‑‑ there is a problem during the transcription, but just to have an idea, what is typically discussed within ETNO. There each year of course priorities, priorities so this year was, so the work about the European Union electronic communication code. As I can remember, there was an approval of that in June 2018. Other priorities are ePrivacy regulation and copyright directive, artificial intelligence and the last one, so ‑‑ don't have it to read but I will try to perform more clear presentation. And the set of topics which can be discussed, so you can find of course IPv6, ITU as we recalled this morning, GDPR implementation, so that is particularly common topic.

And there is ‑‑ there are very common topics so between ETNO and between RIPE and the RIPE NCC also. So share a set of common issues and interests so that is the question. So you have on one part a structure which is I am completely know that which is European and telco but we can think about collaboration, and RIPE who deals so in European on this issue so we can think collaboration with it. So that is idea which is, so collaboration could be put in place. So, we have an ‑‑ I have no ideas of the nature of this collaboration, absolutely not. The idea even if no ‑‑ is find relationship useful to ETNO and to the RIPE NCC and almost for the community. It's completely clear that ETNO is Europe and operator‑focused. But I think interest for the entire community can be found and can be taken account around that. So and it's something we can discuss, if common interest. Can be fun. So that is the conclusion of my presentation. So if you find any interest about that, your opinion is welcome. And so last word: If you are interested and if your company ‑‑ don't hesitate to be part of the Working Group that could be interest for you.

MARCO HOGEWONING: From RIPE NCC. Not so much a question but to clarify, I would like to thank you, so last week we attended one of the ETNO Working Groups and gave similar presentation to the asking the same question, so as RIPE NCC and we have discussed this, it looks like both our organisations are willing to move forward but we really rely on feedback from our communities in saying like what that cooperation should be, like and what topics to discuss. So we welcome your input on this and thank you for hosting us last week in Brussels, thank you.

SHANE KERR: I work for Oracle but speaking for myself here as a member of the RIPE community. From the technical side we have a number of working groups here that are quite open. We don't really have from the RIPE Working Group side any formal mechanism of collaboration or anything like that, so however we are, I won't say completely open, 99% open and basically, I think if ETNO has a desire to work with us, the right way is to identify people within your organisation and the members who represent, who have interest in our specific topic areas, routing, DNS things like that, identify topics that you think we might be interested in commenting on or that you have interest in presenting to us and either approach Working Group chairs, members of the Working Group or if you are feeling very brave just send it to the mailing list and we can discuss it openly. So that's my recommendation

HERVE CLEMENT: Thank you very much.

CHAIR: Earlier this week was financial time ETNO submit in Brussels which is a big event every year and many interesting discussions there so the audience might like to have a look at this. Thank you very much, Herve.



CHAIR: For our last presentation Suzanne Taylor will talk about the latest EU developments, thank you.

SUZANNE TAYLOR: Thank you, and good morning. And I am part of the external relations team at the RIPE NCC. And I am not an EU policy expert, I don't think anyone at the RIPE NCC would claim that title. But following what is happening in the EU is something that we have been doing for quite some time and I think in recent years especially we have been paying a little bit more attention to what is happening there as we see more regulation coming out of the EU that has the potential to impact both us as an organisation and a large number of our members throughout a big part of our service region.

So, that's the first reason that we feel it's important to understand what is happening in the European Commission.

The second point is that we feel it's important to explain our position, who we are and what we do. And when I say we, I mean both the RIPE NCC and the RIPE community, and we need to explain to policy makers what our role is and what place we have in the larger Internet ecosystem.

And lastly, and this point hats has been covered before, while we don't promote specific policies or take specific positions, the RIPE NCC is a centre of technical expertise and so we are in a position where we are able to share the knowledge that we have with people who are making the policies, so that we end up hopefully with more informed and better policy.

Now, the EU is a very large machine, we can't possibly do this on our own and so we for the past couple of years have been working with an intelligence firm in Brussels that helps keep us to up to date with everything that is coming out of the EU and what I will be sharing with you today is largely drawn from regular updates we got from that so we hope sharing that information with you will be of value.

So what is currently taking place within the EU? Well, there are a number of different general trends that we see happening at the moment. The first as I have mentioned, is just more regulation in general, and I think if GDPR thought us anything it's the EU isn't afraid to pass regulation with far‑reaching implications so we are seeing more obligation on service providers and we see Member States taking an increasing interest in protecting their critical infrastructure. And that's been driven largely by concerns over cybersecurity. Intermediary liabilities so that comes down to who is responsible for the content online. We see a desire for more cooperation between law enforcement across Member States, and we also see a lot of focus on data economy so that has to do withe merging technologies like AI and IoT and big data.

So in terms of cybersecurity, the big thing happening at the moment is the cybersecurity act, the proposal for this was released in September and what it does is aims to create an EU wide certification framework for ICT products, services and processes which is actually a point that was just added recently. It also gives ENIS an expanded mandate as permanent EU agency. And at the moment it's in negotiations between the Commission and the parliament and the council and this is something that the Austrian presidency has put a focus on so it's a priority for it to come to agreement between Member States by the end of the year.

At the moment the main points of discussion are mandatory versus a voluntary approach so basically parliament would like to see a mandatory approach. For anyone who is considered an essential service operator in those services that are considered high risk whereas Member States would like to see more of a voluntary approach. And ENISA's role is being debated so parliament would like to see it take on more autonomy whereas the ‑‑ Member States see it as having more of a coordinating role so that is under discussion as well.

Also, following under cybersecurity is a proposal for 2021 the establishment of the European cybersecurity industrial, technology and research competence centre. And an EU network of cybersecurity centres so there is a big focus here on pulling together what is happening in all of the different Member States and really having more coordination and cooperation between all of those individual existing infrastructures.

So the other point of cybersecurity right now is the NIS, network and information systems directive, and this is something that came into force on 9th May but Member States have been given an extension until 9th November to define for themselves what is considered an essential service operator. And for a time, the RIPE NCC was being looked at by the Dutch regulator as potentially being considered an essential service operator in our role as K‑Root operator. And we had an opportunity to respond to the regulator and explain our position on that and why we don't think we should be considered an essential service operator and the definitive list of that hasn't yet been published but we believe that we won't be included on that list so we will have to wait and see once it is made public.

CcTLD operators are included but in general they tend to have their own provisions already in place that would satisfy the provisions of the directive.

One thing to point out here though is that even if you yourself are not considered an essential service operator, it's possible that you have a client who is, so we need to think about the entire chain here.

And the next topic is intermediary liability and there is two pieces to this; the first of which has to do with copyright. So there is a copyright directive reform that is currently under negotiation, and pieces of this have been really highly criticised, particularly the provisions for upload filters for copyrighted material so industry, civil society groups, academia have all really criticised this part of the reform.

In general, as I mentioned earlier under the general trends there is a move towards delegating more responsibility for online content to the Internet industry as a whole, and at the moment, there was a public consultation on fighting illegal content online in June that brought together different expert opinions on how to do that and on whether there are already enough measures in place to tackle that and the results that have consultation are going to be published in the next few months.

So the other part of intermediary liability is terrorism. And at the moment there is a proposal for regulating and preventing the dissemination of terrorist content online and this places a lot of responsibility on hosting service providers. So of particular interest is the one hour time frame that providers would have to respond to requests for from judicial to remove problematic content and introduces data preservation obligations and this does not just apply to the big hoster providers, this includes micro small and medium enterprises so affects a lot of different companies and there are very high sanctions for non‑compliance, up to 4% of global turnover so it's a pretty serious business.

So in terms it of the next topic, cooperation amongst law enforcement, the big thing here is the e‑evidence proposal that is currently under negotiation and this aims to make it easier for law enforcement agencies in different Member States to cooperate with one another so it would allow a judicial authority in one Member State to request directly from a service provider in another Member State, e‑evidence.

Realtime interception was a big topic that was being discussed in relation to this, and just recently it's actually been ruled out. Now, that doesn't mean it's been ruled out forever but it means it is not likely to make it into the current e‑evidence proposal. At the moment a notification system is now being discussed and there are a number of different proposals in place for how this would work between different Member States. Goes going to be a public hearing on this in parliament on 27th November and this is another big priority for the Austrian presidency so the hoping to reach agreement between Member States by the end of the year.

In terms of data economy, one big part of this is ePrivacy. The parliament is working on updated ePrivacy text and it atopped its position last November; however, Member States are having a lot of problems coming to agreement and reaching common position. In general, the text is taking a very restrictive approach towards metadata and content data processing as a result we believe that it would negatively impact AI, IoT and big data, just in how restrictive it is about what can be collected and processed and how that data can be used.

However, we understand this is not necessarily a big priority for the Austrian presidency so there is a good chance that this isn't something that we are going to see resolution on before the end of the year.

And last few points of interest that fall under data economy that I wanted to put out AI ethical guidelines are expected by the end of the year, working with the AI alliance and this is something that the European Commission is working together bringing together different centres and working on AI throughout the Union and having more of a sort of central cooperative structure in place to foster research.

As a result of that, the going to be increasing its funding into AI by 1.5 billion euros. And last little point of interest is that there is a proposal to update the dot EU TLD legal framework and there is no big surprised or changes there, that is just modernising the text at the moment.

So I am happy to take questions but I'd love to hear from you whether this information is useful, which of these different topics in particular are of concern to you, what you would like to hear more of from us as well as how you'd like to hear from the RIPE NCC about what we are hearing coming out of the EU, whether it's the presentations like this, blog posts, if you have other ideas about how we can get information that hopefully is valuable to you.

CHAIR: Thank you, Suzanne.

AUDIENCE SPEAKER: Martin Swissy from ‑‑ could you go back to slide 7, it's about the NIS directive. I'm a little bit surprised that you actually got too fast on that point which is not accurate for me. So you say that ccTLD operators have their own provisions in place already, as if it was oh, everything is okay. Everybody is ready. Keep going. Not, that depends on the country because it is a directive, not a regulation. So from country to country the law can be really enforced, for instance I can tell for France because this is public information, last month there was a legal document and published saying that there are 23 rules, security rules on which a ccTLD operator, guess who? Would have to comply in one year, two years, or three years' time, depending on the rule. So, I can't find any other country doing this, and by the way, of course provisions are already there when it comes to critical infrastructure, so if we say that okay, an essential operator could be sort of critical infrastructure light then everything is there, and the fact is that there are too many ways to interpret the directive into national law, so sorry, provisions are not there.

SUZANNE TAYLOR: Fair point, I understand your point that it is vague, a lot of the text is vague. I guess the point I'm trying to make there is that because of that vagueness there is a little bit of room in terms of interpretation and so that, a lot of this, you know, a lot of operators have already thought about some of these issues and how have some structure in place and certainly as you say it will be up to time to decide whether or not that satisfies the provision of the directive but fair point, I understand.

AUDIENCE SPEAKER: I work with the RIPE NCC, we have a question from a remote participant. A comment, rather. Paul Wilson of APNIC says: On intermediary liability you may be interested in the Manila principles which were developed during rights cony vanity few years ago, cover issues such as rule of law, transparency, due process, etc., etc. And filtering and take downs. Interesting in these principles were mostly developed by civil society, but they are of interest and useful in supporting the rights of intermediaries themselves, example ISPs, content providers, etc.. he recommends looking at www.Manila Thank you.

SUZANNE TAYLOR: Great point. Thank you.

PETER KOCH: DENIC, and maybe adding to that, there is also work that has been done I guess in the previous year within the auspices of the Council of Europe, probably mostly ignored in the results here.

Since mentioned ccTLDs and I know this is not the place to discuss this particular part but it would be I think helpful if you get information and I haven't really understood whether the RIPE NCC is trying either directly or through intelligence firm to be part of the negotiations, well you can't be part of the negotiations because that is trilaw but usually you can execute your influence informally, that we have some involvement of the community in one way or another, because a couple of us are fighting on the same fronts on the domestic frontline. I came up more or less to say that practitioners have understood this overarching security regulation is actually a security threat because I think we need to understand that this is putting at least to, to say void to say put it at danger, all the informal structures that are if place and have been working for the last decade, so to speak, are jeopardise because of increasing your regulator obligations and increased risk of compliance and that should be pointed out of course. And maybe that is something that the community should be able to voice and try to mitigate in that sense and of course the RIPE NCC but also others could play an important role that. But again, putting the various local actors and central actors like the RIPE NCC at the same table it would be very helpful, thank you.

HANS PETTER HOLEN: With my NIS hat on. We had a brief look at the NIS directly or one of my colleagues, there were two things that we haven't fully understood and this was in early hearings in Denmark where they said well if you are a DNS provider of more than 2, 300,000 domains, this applies to you so that could be something to look at for also non‑ccTLDs and also if you run large e‑commerce platforms and things like that. So they are going further than what is just critical infrastructure in this discussion, if you are big you may want to have a look at this. Thank you.

ARNOLD VAN RHIJN: Thank you very much for your excellent overview on the EU regulation. If you allow me I would like to add very important facts as well. One issue relates to the negotiations for a new multi annual framework programme within the EU dealing with research and innovation, and that is going to be discussed already and an important part of that programme will be innovation in relation to cybersecurity. Billions of euros are involved in that, so you must be aware of that perhaps, RIPE NCC can have their input as well in these talks.

Secondly is European elections are coming up next year, the 23rd May, the new European Parliament will be elected, and us, we will have a new European Commission and a new European Commission laugh new agenda. The time is right to have your input, I can tell you within the Netherlands government we have nearly finalised agenda but we would like to see coming back this new agenda. For example, we promoted in the road map for a security hard and software based on a PPP approach, not regulation, that's one issue we will come back in our paper which we will send to those in the building in Brussels writing currently on this new agenda for the new Commission, so focusing on PPS, regulation, if needed, but not a priority. So my call to RIPE NCC is start your thinking if it's not already done, and what would you like to see coming back in this new agenda from the new European Commission. Thank you.

AUDIENCE SPEAKER: Well, it is not only RIPE NCC but also RIPE community I think agenda. Thank you very much for this review, actually in response to your question should we do something? Yes, please do. Please do more open. It's easy for you to do such things because you are European Union resident but actually I volunteer to do something like this about ‑‑ in Russian Federation which I have already done. So, let's cooperate on these things and maybe show these flags that was going on in official regulations, thanks.

CHAIR: Thank you. Thank you, Suzanne. I think we have ton everything.

(Applause) (done)

JULF HELSINGIUS: Before you leave, there is one little thing I would like to remind you of this, this group has an e‑mail list, it's been very, very sort of quiet, so feel free to use it, please. Thank you, everybody.