[gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical

Richard Leaning rleaning at ripe.net
Mon Aug 8 05:15:39 UTC 2016 

Hi Rob,

You make some very valid points. Which the WG will spend many a sleepless night worrying about i suspect.

I am of course fully aware that an RIR database has it faults, which we are all working very hard to resolve and you know that takes time. But as has been mentioned before, comparing an RIR database and an DNS database is sometimes confusing - they don’t really do the same thing.

Am always up for a beer - its in my DNA as a (x) cop ;-) I spend half my time when not on the road between London and Brussels - so name the date, time and city and ill be there ;-)

Stephanie - Maybe we could find sometime during the next f2f meeting in India. In the meantime i will try to summarise quickly the main difference in the context of this WG. The caveat is, this is my way of explaining it from a European, mainly UK perspective.

LEA are mostly reactive - a crime has been committed and they investigate to ID the individuals involved and bring them to justice. To do so they need evidence that will stand up to cross examination and prove without doubt that an individual(s) is guilty of the crime they are accused of. This evidence is collected under a legal frame work - information/intelligence/hearsay is not evidence - (its a bit more complicated than that but hopefully you get the point). LEA do exchange of course information/intelligence/evidence with each other but under a strict legal frame work - MLATs for example.

Intelligence services are pro-active. Preventing a criminal act for example. They rarely, if ever attend a court of law in any type of criminal prosecution so they are more focussed on information and intelligence. But they still gather this under a legal frame work. They, no matter what 007 or Jason Bourne would like you to believe, don’t have a free rein to do what ever they want. I know some will find that hard to believe but trust me its true.

So in the context of this WG - a LE officer will look at the database to see what information it holds that will lead to ID an individual involved in a criminal act and then evidence it. We also need to remember that LEAs have many investigative methods to ID individuals, there is not one method that works every time, each investigation is different. The DNS database in one investigation may be useless but on another will be extremely important. 

Not sure this has helped but its properly lead to my questions then answers ;-)

Maybe if the other LEA guys and cyber investigators - (Terri and Ade) would like to add their perspective?

Cheers

Dick

Richard Leaning
External Relations
RIPE NCC




> On 5 Aug 2016, at 19:25, Rob Golding <rob.golding at astutium.com> wrote:
> 
> Hi Richard
> 
>> retired last year
> 
> Congrats :)
> 
>> to explain the
>> difference between the Intelligence services and LEA.
> 
> Because many in the WG have not yet met each-other face-to-face, I do of course accept that there will be instances where we are all unable to determine the attitude / involvement / education / skill-level / whatever of other participants.
> 
> For the avoidance of doubt, and because several on and off-list replies have brought this up, I am well aware of the differences between those 'roles'.
> 
> Whilst never considered as "smartest person in the room" (and wouldn't want to be, how else will I learn anything) I would place myself slightly to the right of "crazy" but squarely in the middle of "not actually stupid".
> 
> That I also find myself in the position of reminding to a learned group of individuals on an Internet Policy mailing list how to interpret tone and intent from a text-based medium (which is primarily done through the use of the use of a "smiley") shouldn't, but somehow does, astound me - so for those that missed it, the comment was clearly marked by the :wink: at the end of the line.
> 
>> Also as am now be working for RIPE NCC (a RIR) as a Consultant am also
>> happy at the same time, explain to you about the RIPE Database.
> 
> Having been a RIPE LIR for more than 10 years before you started being an LEA Rep for them, feel I have a reasonably good understanding of the DB, but thank you for the offer.
> 
> When opportunity arises, and I sincerely hope it does (assuming Brits are still allowed to travel to Belgium after Brexit) I'd love to sit down with you for beers and a chat about RIPE and, far more interesting to me, your other roles/experience.
> 
> But, the fact remains, however well maintained and managed the RIPE-DB is, "hole-punching" has been a common practice for 20 years (and not all RIRs follow the same practices in the same way as the RIPE NCC) and it is extremely prevalent now, and sub-allocation/assignment are industry norms.
> 
> So we need to dispell any attempt at creating/perpetuating a myth that any RIR DB could be a 1-stop-shop for finding out who is "behind" an IP address and it's obvious parallel that any RDAP-DB will be a 1-stop-shop for finding out who is "behind" a domain name
> 
> As to the possible criminality of a domain name - as opposed to the possible criminality of something accessed over the public internet which may or may not involve a domain name at somepoint during an access method - whole different discussion.
> 
> 
> ? Can the current WHOIS data provide insight/help/whatever to (insert-group-with-agenda-here) ?
> Probably, correctly interpreted _data_ can be used for a purpose.
> 
> ? Should (insert-group-with-agenda-here) have free, unrestricted access to the data ?
> Debatable, depends on the 'group' and the viewpoint of the data subject.
> 
> ? Are there parallels of other 'ownership' databases being public ?
> Not sure, I'm not aware of any supplier who makes a complete list of all their customers private/location/purchase details public.
> 
> Consider :
> 
> ? Why doesn't every Gov't make a complete list of all its' citizens and their private/location details public ?
> Because ...
> a. they don't know
> b. what they do know would only be accurate as at compilation time
> c. someone knows keeping such data private inherrently makes the people more secure
> etc
> 
> That's before adding that through interpretation/extrapolation it would ultimately allow the use of that list by anyone to ensure it becomes ultimately trivial to find out any other piece of information about that citizen.
> 
> Rob
> --
> Rob Golding   rob.golding at astutium.com
> Astutium Ltd, Number One Poultry, London. EC2R 8JR
> * domains * hosting * vps * servers * cloud * backups *

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160808/d4332e37/attachment.html>

More information about the gnso-rds-pdp-wg mailing list