Plenary session
23 October 2017
11 a.m..
CHAIR: Good morning. Welcome to the second session of this Monday. I hope you have been enjoying yourself. Before we get started, I have a few announcements to make.
Please rate all the talks you see. We really appreciate your feedback. Today at lunch, there will be the women in tech lunch, and to be clear, everybody is welcome there. There is a limited room, but everybody is welcome, including men.
And thirdly, also ‑‑ you want something to say?
AUDIENCE SPEAKER: I just wanted to say where that lunch is because I think there was some confusion, at least I was confused. It's in the tutorial room upstairs on the fourth floor where the tutorials used to be. Sorry to interrupt.
CHAIR: It's in the tutorial room on the fourth floor. And the third announcement is that at 3:30 today the nominations for the Programme Committee elections close, so, please nominate yourselves. We can always use the extra people there.
That out of the way, we can finally get started with the talks and the first one is by Uta Meier‑Hahn, called creating connectivity.
UTA MEIER‑HAHN: Hello everybody. It's great to be here. I will start right off. So how do networkers manufacture Internet connectivity? I have been wondering about this question for several years now. My research involved interviewing 50 network engineers, peering coordinators, and also observers from around the globe, some of whom are here at the RIPE meeting, I'd like to thank you for supporting this research. Also, I'd like to thank RIPE NCC, who for full disclosure has supported me as well. So now I'd like to give back to you by sharing a few of my reflections and I have to say that I feel very humble about this, because who am I to lecture you, the experts, about your field of expertise?
I am standing here, nevertheless, because of one of my learnings about the profession of the Internet engineer and that is that many networkers work autonomously in their companies by themselves. As far as I understand, some of you might be the only person who does what you do. So, in order to develop expertise and solve problems, networkers aren countering, they have to turn outside to get the know how, even to their competitors. So I will try to be part of that outside without being a competitor.
When I talk about the manufacturing of network connectivity I refer to the you'll plumbing and configuring of devices. My starting point is different. I start from uncertainties. And by that I mean ambiguities that networkers are confronted with when they arrange, maintain or shut down interconnection sessions and then I look at how networkers overcome these uncertainties and practice and make the Internet work as a result.
There are three types of uncertainty that particularly impact how Internet interconnection is being done. The first is what I will call architectural uncertainty and by this I'm referring to the water gateway protocol and fact that networkers up until today cannot be sure about the validity of routing announcements that they receive. I'll leave aside efforts at routing security because they are not fully commonplace yet.
The second type of uncertainty is of regulatory character. I will not spend much time on this. But it basically refers to the fact that Internet interconnection is largely unregulated. In many countries, deregulation was a precondition for Internet interconnection to evolve. But absence of regulation means there is little legal guidance how to interconnection, which may be for the good and for the bad.
And the third type of uncertainty is economic uncertainty. Back in 1995, the US National Science Foundation withdrew itself from financing the Internet backbone, the so‑called acceptable use policy was lifted. Only then commercial traffic would be fully allowed on the backbone, some of you might remember this. That added a challenge for Internet networking. The Internet had to be advanced not only technically but also economically. So the question became how to do that. How to go about commercialisation of Internet interconnection.
In the very early days interconnection networks had not involved the exchange of money. It was a proof of concept, settlement‑free peering was standard agreement. So, trying to establish a market regime posed a challenge to existing conventions.
But even if you leave aside the conventions and the habits, the process of commercialisation brought up another issue, and that is related to the specific architecture of the Internet.
As you all know better than I do and in much more detail than I do, the Internet is a packet switching network for transmission on the Internet, communication is being divided into packets, packets may be routed over the network on different paths and become reassembled at the receiving end. It is this particular feature of Internet design that posed the challenge, because when thing of commercialisation today, and also back then, we tend to think of market structures.
However, the idea of a market is commonly based on an assumption. And that assumption is that there are entities that will be evaluated, priced and traded, be they goods or services. Markets are about something, when you buy a tomato the offer is tangible, the buyer and seller may debate its quality, but both parties will establish a shared understanding of what the exchange is about. So, what could be this entity at the point of interconnection where networkers interact under the conditions of the architecture of the Internet?
Or in other words, what is the trust anchors about under the conditions of a transactionless packet switching protocol.
The Internet architecture does not offer a clear will he ever for evaluation for pricing or trading and the postal system you can count packets, weigh them, measure their dimensions and traditional telephony you could price the exclusive connection, airlines offer each other seats, but what is the unit of commerce in Internet interconnection? It's at least ambiguous, and I will come back to that.
So, for the lengths of uncertainties, it becomes clear there is aspects of Internet connection and the Internet in general that are difficult to measure, calculate or compute. They require specific coordinations. So, networkers come together online and offline, they share knowhow, they dispute meaning and they discuss best practices not only because it's fun and interesting, but because it's necessary in order to manufacture and maintain Internet connectivity.
Let me zoom in on this by two examples. One is trust in the context of operational uncertainty and the other is about Internet interconnection economics.
So, one of the most noble narratives about the Internet is that it's built on trust. And surely, one can manage that in the early days of the Internet the validation of BGP messages does not have to be the highest priority, people could trust each other, they knew each other. But in how far does the saying about trust still hold true today? The Internet may have been built on trust but what does it run on? Applying concepts from social psychologists, I found that networkers do trust each other, albeit in different ways. First, there is a broad notion of trust between networkers and that notion is based on calculation. When networks interconnect they become interdependent, the Internet is experienced as a shared system by most in which everybody suffers from disruptions in the routing system. So that is why networkers are confident that the interconnection partner will not intentionally cause irregularities.
This calculative trust increases with repeated and positive direction, think of maintenance, repair, getting updates done, and this calculative trust is not overly binding, but it explains a general confidence towards the routing system. But there is trust beyond calculation. Many networkers trust their colleagues because they identify with them. This identification can be based on several things, for instance, on the perceived expertise of the other, it's also based on a shared belief of the technical legacy, and trust is based on culture. Looking around, I feel like T‑shirts could be such a thing. So, when trust is based on identity, such trust relations can cut across company borders, and they do. It's important to know that these trust relationships among networkers provide the Internet with a company‑neutral scaffolding.
Further, it strengthens a specific interaction order among engineers and practice. This includes rules and expectations. I mean, rules such as do not share secretive information that you have learned about another network in a moment of trouble shooting or crisis, or, be available for your interconnection partners immediately when troubles occur.
So, when it comes to fire‑fighting a bulk, these networkers are on the same team. Some more information about this, you can get from a recent article I wrote on RIPE Labs.
So, the stories of trust are what we like to hear. But in the full picture, not all networkers report high levels of trust with each other. You don't trust or know each other. Some explicitly speak about distrust. For instance, distrust can arise when a networker repeatedly notices that the colleague, who may have best intentions, lacks the expertise to keep things in order.
In the identification‑based sense, the breach of these informal rules lets trust turn into distrust. Examples of this may be the hijacking of unused IP addresses, breaking up an important peering relationship without notice or abusing trusted information or intentionally shouting out the routing system, I am YouTube, when you're not.
So, the important point I'm trying to make here is that against conventional wisdom, distrust among Internet engineers is not necessarily bad. It may lead to individual protections, yes, more monitoring, rise of contracts for important peerings. But in the system, trust also fulfils an important function. It points to aspects that need attention from the community. It can serve as a corrective. Distrust can lead to improving Internet networking by driving forward collaborate solutions or even institutions that then can serve as collective trust anchors, again and for the future. Again so, trust and distrust co‑occur in Internet connection and in tandem they serve as resources for ordering processes to speak and social sciences language.
Now, in the second part, let's turn to the economic question that I raised. I will take a small detour here. In my interviews, I also wanted to learn about what many refer to as the community. So one of my questions read: who would you not like to see in this community?
And one answer recurred: sales people, sales people. So, here we are with an Internet that mostly consists of privately‑owned networks, networks that operate for profit, and the ones responsible for making this economic activity happen by interconnecting dislike sales people. Who do you mean by sales people, I asked. People who want to sell you something, paid peering or transit. So I found it puzzling, because the first thing everybody likes about peering is that it lowers transit costs; in other words, peering is an economic activity. So how does this go together that networkers engage in a commercial activity, but distance themselves from sales? Isn't that a contradiction? How does it make sense?
And I think that this goes back to this economic uncertainty. I spent a long time trying to understand Internet interconnection holistically as a one market, what is the product, what is the unit of commerce, how do market participants discover offers, how are all these offers being evaluated, how does pricing work, what does a transaction look like? And I have come to the understanding that there is not one market for Internet interconnection. There is a transit market. And then there is peering. Peering is an economic activity as well, but it is not a market relation. Peering, in my view, is a sophisticated form of barter. I'm not the first one to say this, and I have heard that people often dislike this notion because they equate it with primitive forms of interaction. I don't do that.
So let me elaborate. We can speak about a transit market because pricing occurs in monitoring currency and the unit of commerce is conventionally agreed upon, it's standardised more or less, it's comparable. Transit is wholesale Internet access, that means connectivity and reachability with any end point on the Internet. There is competition around this product. Transactions have a beginning and they have an end, which is the length of the contract. The provider needs the traffic and has a bill structure in place. Contract law and also the state hood behind it brings certainty. It's a switch role market, which means that sellers and buyers sometimes change roles, but the roles do exist.
Peering, on the other hand, is different. Peering is mutually beneficial. Peering partners achieve a common advantage together. It's not against each other. It is together. It's a reciprocal relationship. Peering is not free but the costs are shared and there's no money involved as an abstract medium of exchange. And importantly, the good that is traded is not standardised. Because, every network is as one networker beautifully said, its own unique snowflake. No peering relationship is the same. And that is also why comparison is not possible. Also, peering is not transactional, in the sense that it denotes an ongoing promissory activity that has no agreed upon end.
So, peering has many characteristics that make it look like barter, which is about the direct exchange of goods without money involved. And that poses the question, what is this good in peering? What are the relationships about? As every network has its own shape that makes every relationship between two networks unique. It's not possible to define a standard good in the way that it is possible to define it for transit. Finally, you can say that the goods are routed to the peering partner's network and its customers, but in peering, in fact this is meaningless without specific context.
And this would explain why I got really the widest variety of answers to my interview question, what is the good in peering? Here some of the answers I got.
The content itself. The service of transmitting it. Connectivity with specific end points for instance, regions. Connectivity with specific consumers, individuals, someone literally said, I sell Xs to golden credit standards, referring to the fact that the customers of the network are very wealthy. Then there is a special case when the peering relationship is being pushed into the background because it is bundled with contracts for other IP‑based products such as MPLS, Cloud services, content filtering and stuff. That's a special case.
What I'm trying to say is the good really defies a fixed definition. It is not a good, it is goods, because peering is a second‑order barter trade.
Second‑order, because networks do see themselves as market actors, but, except for transit networks, they see their identifying product outside of Internet interconnection. The benefit that people are trading is an advantage. Yes, an advantage in another market. Peering is a catalyser, it's not a product, it's an enabler.
So, in practice, peering negotiations imply explanations of how interconnection will allow the parties to create worth at a different market place. Some networkers will barter content for eyeballs, we have all heard that. Peering as a second order barter trade which has a side effect. The side effect is that it requires communication about what the parties are trying to achieve together. Some may call this inefficient. What the market is about, what is valuable about what they are doing. I'd like to posit the thesis that peering parties engage in a form of industry communication that is very important, because it's around innovation and it's about products. Sometimes it's also about legitimacy. You see this in net neutrality conflicts, for instance. These are important conversations to be had in the Internet at large.
For instance, referring to the idea that innovation in product is being discussed in peering relationships and, for instance, thinking of an interview with a gaming network engineer who said, I'd like to buy transit, they don't understand what I want to buy. I am here to educate others, in that sense your peering partners, about what we need. And these conversations, they are inherent in barter trade, and they are something that transit networks do not get. They don't get the benefit of those discussions because the conversation is about price.
So, let me conclude by summing up what I have been talking about, which was quite a bit.
My starting point was that we have these uncertainties, some of them are inherent in the Internet architecture, and they necessitate coordination. Coordination is happening. Two examples that I gave, there are more to be discovered, are about trust and the other side of it, distrust, and how they work in tandem, and how they are part of a basis for an informal global interaction order, that is also helped, for instance, by informal communication channels.
Then the second part of the talk was about how transit follows a market order and how I suggest you think of peering as a new form of barter.
And that becomes interesting, because when looking at peering as a barter, this reveals how integral the peering conversations are as a conduit for industry communication, for innovation and also for finding legitimacy around Internet interconnection and the practices, which is something that we all need to foster.
Thank you.
(Applause)
BRIAN NISBET: Thank you very much. So, are there any questions?
AUDIENCE SPEAKER: Hello, Nurani Nimpuno, Asteroid International. Very interesting, I think as always, I think it's interesting, you are like an anthropologist who goes and study and exotic tribe and then goes back to that tribe and say these are my observations.
So. If I understand you correctly, you are saying that the peering community and the peering negotiations kind of fill an important role in that it also kind of creates a venue for where people can discuss other things, innovation, and other shared common interests, and have you considered the opposite, that maybe the reason we can have these peering negotiations and the reason we can have this trust is because there is a shared interest the kind that provides a common ground that allows for people to come together to discuss things where they have shared interests?
UTA MEIER‑HAHN: That is a very good summary, I would say. I'm not sure if I can much elaborate about it, but I just can say that I agree, I'm not sure if there was a question or not, and if so, what the question was.
NURANI NIMPUNO: Well, I guess the question was: It's a chicken and egg problem, if you want. You could say that one enables the other or you can say that, I guess, because you have one, because you had sort of this community, because you had shared interests you had other things you needed to solve, that that kind of provided the basis for ‑‑ that enabled the community to sort of then having these peering negotiations or you could say it the other way round. I wanted to hear reflections.
UTA MEIER‑HAHN: Okay, I am getting it. Well, I would be stupid to say that, no, it's not a chicken and egg. It's a clear linearity. But I do think that, as I was trying to point out in the beginning of what I said, that there is some important framings inherent in the architecture and the protocol design of the Internet currently, and I haven't gone back and spoken to the very early Internet architects, some may be here and may dispute what I'm saying, I think they were very aware of what they were doing and they certainly had this sociality. I'm not sure if they envisioned how it would play out, but certainly the act of fully commercialising the Internet came after the invention. I mean, it was all disputed already at that time, many of you know much better than I about this, but so... I think there is a slight linearity, if you will.
AUDIENCE SPEAKER: Hello, so Samih Souissi from Arcep, French regulator. Thank very much for your presentation, can you go back to the slide 10. I just wanted to like remark here, there is like a binary approach between transit that is paying and peering that is like free. What do you think about like paid peering that is right now very existing, creating many problems and have most traffic in peering right now is between cabs and operators, that is fake peering, so...
UTA MEIER‑HAHN: I was afraid of that question, and I skipped the notes accidentally which said in the end, so I have been simplifying here, I have not been talking about paid peering. Of course, paid peering is is there and it probably marks the difficult relationship between a market order on the one side and a barter economy on the other side, and it certainly creates a more binding way of doing it. I really wouldn't like to put forward ‑‑ like, I wouldn't value it and say it's good or it's bad. But I would say it's a case for future research. I would say it's closer to the market order because the conversation probably is also less about the product than it is about the price. But that is a very slow attempt of answering this.
BRIAN NISBET: Okay. Two people.
AUDIENCE SPEAKER: Hello, my question is, how do you foresee this kind of relationship changing in the future?
UTA MEIER‑HAHN: Thank you. Well, of course they are really questions arising with regard to network automation, SDN, route server peerings already are an example for peering relationships that certainly do not require a lot of communication, it would simply be taken, you know, people just hook up to the route server and they don't know who the other 500 members are. At least at that point the types of conversation get lost a little bit. I'm not sure about the long‑term effect of that.
Also, I mean, when we see this ‑‑ I'm not so much of a technical expert, so, please, I'm happy to hear your input, but when we are seeing something the rise of this layer 2 peering and the rise of new types of peering platforms I think that that might lead to, if you will, information, intermediaries in this conversation about industry and product. So, these are some thoughts in the direction.
AUDIENCE SPEAKER: Geoff Huston, APNIC. You know, we built this on what is now the rubble of the telephone network, and the way the telephone network worked is the way many other multiprovider complex systems work. You came here by plane, you paid one party. They then took that money and distributed it to all kinds of folk, the folk who clean the aeroplane, do all kinds of things, your money was distributed to get you physically here. And the telephone network actually worked on the same principle: you paid your originating provider and they did financial accounting and balancing with all the other providers to create the telephone call. And the financial interconnection that the telephone system used was actually an abstraction of the retail model, you paid per call. Now, when we sort of looked at the Internet, we couldn't find a transaction. You don't pay by the byte. You don't pay by the TCP session. You pay for access. So all of a sudden, all these models the financial settlement went out the door. And there were big folk and there were little folk and we couldn't figure out who to pay whom. So you are liking this to animals meeting in the jungle at night. There were these two beady little eyes in front of you and you are never quite sure whether you should eat it or run and it becomes a game of bluff. And that's what peering has been. Because, what you are trying to sort out is unequal need. So, bizarrely, if you and I start a conversation about peering and I walk away and you stay in the room, you are a customer, and I am the transit provider. If you have more need than me for peering, you are not peering any more, you are a customer. And the same works in reverse. So what actually goes on, oddly enough, is that peering, when you are doing the same commodity, only ever becomes stable when neither of you need it more than the other. Because otherwise it becomes a transit relationship. So that is a way this industry constructed itself, and I'm not sure there was an awful lot of trust going on. It was an awful lot of bluff more than anything else, of saying, well, I'm the top dog, you have to pay me and that was the world all over the 1990s, even the thousands. What has changed lately? CDNs. They have changed everything about that argument. In some ways, it was a nice model but I think we have outgrown it.
UTA MEIER‑HAHN: I'm very thankful also for inspiring work you have done before that has also been reflected in my presentation, so I couldn't give credit where credit was due, it all points in the presenting. But what you are saying with the CDNs is exactly true and I think that is, that's part of why peering is about product more than about the price, because the hierarchical model has changed and the CDNs are more in a horizontal and more interconnected fashion and interacting and they changed what the conversation would be about.
GEOFF HUSTON: I'll talk about this in the afternoon with the death of transit, I think this conversation leads straight into this talk about where we have evolved to. So I'll leave it at that.
UTA MEIER‑HAHN: Thanks.
BRIAN NISBET: Thank you very much.
(Applause)
So, by the way, this is Uta, I am Brian. If you want to have the glory and honour spending large amounts of time on video conferences discussing the Plenary programme we have put together for you this week and other RIPE meetings, please do nominate yourself for the PC, at least one person will say thank you at some point, it might just be Benno. This is a risk you take.
So, our next speaker is Sara Solmone from the University of East London, and she is speaking about establishing jurisdiction online and the problem of access based jurisdictional principle.
SARA SOLMONE: Good morning everybody, my name is Sara Solmone and I am based at the University of East London. In this presentation today, I will talk about the concept of State jurisdictional line, and I will be looking at how the exercise of State jurisdiction can affect freedom of expression online. Now, what do I mean when I talk about State jurisdiction? According to international law, State jurisdiction can be defined as the ‑‑ well, State exercise jurisdiction when they make laws, when they apply the laws and when they adjudicate the laws in court. And I will be looking at the problem that has been ‑‑ which Internet regulators have really been confronting themselves for quite sometime now, and this is obviously defining the meaning of State jurisdictional line.
Now, why this is important, why should we care about how are State exercise jurisdictional line? Well, the reason why this is important is that with this presentation, it will be possible to illustrate the difficulties that arise when State apply all jurisdictional criteria to a relatively new and certainly always changing and expanding environment such as the Internet in general. Besides, State jurisdiction is the core of Internet governance, is at the centre really of Internet governance and the way State exercise jurisdiction online does have significant implications on the members of the wider Internet community, starting from Internet users to Internet service providers and the other members that belong to the Internet community as well. Besides, when we talk about freedom of expression online, we are talking about something that interests us as Internet users because it's always relevant to know whether our freedom of expression might be impacted, and in what way, by the actions of State over content that is published online, and ultimately when we talk about State jurisdiction online, what we are really defining is who shall comply with the laws of which State, when, and this is particularly relevant, especially with apparently borderless environment such as the Internet. So, why, though, is it so difficult to define the meaning of State jurisdiction online.
Well, this is because, traditionally, State jurisdiction has been defined by referring to mainly territorial criteria, meaning that a State has jurisdiction over acts that are committed in its territory or over those who are people who are located within its borders. But when acts are committed online, it is not always clearly possible to identify the person who, let's say, published content online, the place from where content was uploaded, or even the place where content produced adverse effects. This is because once content is published online, it becomes immediately accessible nearly worldwide, so on the territory of multiple states at the same time.
And so this explains why it is so difficult for regulators to determine which State has the right to apply its own laws to regulate acts that happen online. And because of this uncertainty, what is currently happening is that States are exercising jurisdiction over content that has been published online but that interestingly has been uploaded and is hosted in foreign countries, just because that content can be accessed from within their territory, and this phenomenon can be defined as the access‑based jurisdictional approach. Now, I will illustrate an example, a practical example of the access‑based approach in a second.
The aim of my presentation today is really to answer two main questions: what are the implications of the accessbased jurisdictional approach and the fulfillment of human rights online? Are there any negative implications, for example? And I will go through these, of course, throughout the presentation.
And the second question is, aside from the access‑based approach, are there other jurisdictional criteria that states could use to exercise their jurisdiction online which is a way that is perhaps more compatible with freedom of expression requirements? And I will conclude the presentation to introduce a highly controversial jurisdictional criterion, which is actually at the centre of a controversy that is still ongoing between Microsoft and the United States. It's jurisdiction based on data location.
So, the access‑based jurisdictional approach:
To recap, the two main characteristics are, this approach is used by national courts to establish jurisdiction over content that has been published online, but that was uploaded and is hosted in foreign countries. And the only reason why jurisdiction is exercised is that that content has been published online line and is therefore accessible within the territory of the country exercising jurisdiction.
And now a practical example of the access‑based approach. It's the Perrin v. The United Kingdom case. What happened to Mr. Perrin: Mr. Perrin lived in the United Kingdom and he was the owner of a company managing a website. So the company managed the website. The company was incorporated in the United States, it was established there, and Mr. Perrin alleged that the website was hosted on servers in the United States. Now, some pictures of a sexual nature were published on Mr. Perrin's website by his company. Those pictures were perfectly fine in the United States, where they were considered an expression of the right to freedom of expression, and were covered by the First Amendment.
However, in the United Kingdom, the very same pictures were illegal because they violated the Obscene Publications Act 1959, and so a policeman, during a criminal investigation, accessed those pictures from within the United Kingdom, and because Mr. Perrin lived there, Mr. Perrin was first arrested and he was later sentenced to 30 months' imprisonment. Now, the reason why the UK court found that those pictures were inside the UK jurisdiction, were published within the UK jurisdiction, was simply that the pictures had been published online and were therefore accessible within the territory of the United Kingdom.
Now, Mr. Perrin brought a claim to the European Court of Human Rights stating that his right to freedom of expression had been violated by the UK due to his conviction. But the Court, however, dismissed Mr. Perrin's claim because the Court stated that Mr. Perrin was a resident of the United Kingdom and therefore the UK laws were reasonably accessible to Mr. Perrin and he should have acted more cautiously than normally expected and should have sought legal advice in the exercise of his profession.
The Court, interestingly, also stated that the fact that those pictures were perfectly fine in the United States, were legal, did not mean that the United Kingdom had violated the European Convention on Human Rights by arresting Mr. Perrin, by proscribing really the circulation of those pictures within its territory.
So the Perrin case allows us to illustrate the main characteristic of the access‑based approach. Jurisdiction is exercised by the United Kingdom over pictures that had been uploaded from within the United States by a company incorporated there just because those pictures were accessible from within the UK territory. So, publishing content online, in other words, has been equated to having committed an act within the territory where those pictures are accessible, in this case within the territory of the UK, and the England and Wales Court of Appeal did find that, according to The Obscene Publications Act 1959, there is publication both where content is uploaded from within the United Kingdom but also, interestingly, when it is downloaded or merely accessed from within the territory of the United Kingdom. So what is the problem of the access‑based jurisdiction? What are the critiques that have been moved to this approach?
The first critique that has been moved is this this approach negatively affects freedom of expression of Internet users who are located in foreign countries and should therefore be subjected to foreign jurisdiction because as has been observed by many commentators, what Mr. Perrin's conviction meant was that publishing those pictures online is illegal in the United Kingdom; therefore, if a person managing the website similar to the website of Mr. Perrin were to enter the territory of the United Kingdom, it could be tried in English courts, again because by merely publishing those pictures online, he committed a crime within the United Kingdom.
And another criticality of the access‑based approach is that no thorough analysis has been conducted of the link between the country exercising jurisdiction, so in our example the UK, and the content over which jurisdiction has been exercised. And had such an analysis been conducted, it could perhaps have limited the exercise of State jurisdiction only to those cases where a genuine link could be found between the two, as has been observed by some commentators.
Now, is it really important to establish a clear and close nexus between the country exercising jurisdiction and content that has been published online? Well, an answer to this question can be found in the critique that have been moved to the access‑based jurisdictional approach by the Geneva Internet disputes resolution policy, for example, who openly rejects this approach, because the problem is that, and I quote, "It allows any country to enjoy jurisdiction over a website which do not make use of technological ways of filtering users."
And besides, between 2011 and 2014, some international authorities, and you will see them listed in the slides ‑‑ in the field of freedom of expression, so we're talking about the special rapporteur of the United Nations on freedom of opinion and expression and the special representatives of freedom of expression of international organisations issued some documents, some reports and declarations stating that, in order for freedom of expression to be fulfilled online, to be protected, indeed jurisdiction should be limited only to those cases that show, and I quote, "That have a real and substantial connection or are most closely associated with the country exercising jurisdiction."
So we have seen that the access‑based jurisdictional approach does have some negative implications on the fulfillment of human rights online. Therefore, my next question is: are there jurisdictional criteria that could perhaps be used and would be, in a way, better suited to comply with freedom of expression requirements? And an answer to this question can be found again in the documents and declarations that are issued by those international authorities that I mentioned. Because, in those documents some criteria as to the exercise of State jurisdiction online are mentioned and these are the place where the author of content established resides. The place from where the content is uploaded or published and the state or the public at which the content is specifically directed.
Now, it is particularly interesting to look at these criteria, because the first two criteria, so the place where the author of the content is established and the place from where the content is uploaded are territorial and therefore it could be observed that even in a borderless, seemingly borderless environment such as the Internet, territory is still seen as central in establishing jurisdiction. However, this is problematic and it is problematic, one of the reasons why it's problematic is that of course it's not really usable as a criterion when you cannot establish the place where the perpetrator of an act online is located or the place where the content was uploaded from.
So, looking at the third criterion, which is the State or the public at which the content is specifically directed. Now, this is what is called the targeting test. And could be perhaps better suited to establish jurisdiction in an online environment and this is because it allows to bypass the difficulties that are associated by the unknown location of the person who up loads content online or the place of uploading and this is simply because for the targeting test to be fulfilled, it's sufficient to show that content published online is targeting an audience located in a specific State, irrespective of where it was uploaded from and the person who did it. The target test does present another problem because there is no consensus at international level as to the criteria that can be used to establish when content published online is targeting an audience that is located in a specific State.
Now, moving on to the last part of my presentation. This is another jurisdictional criterion that I'm going to examine, and this is jurisdiction based on data location, which is highly controversial and, as I mentioned before, it's at the centre of a controversy that is still ongoing between Microsoft and the United States. So, what happened in the Microsoft case?
Microsoft was asked by the US government to seize the content of an e‑mail account that had been set up by one of Microsoft users. Now, the e‑mail account was believed to be used in conjunction with illegal drug trafficking in the United States. The identity of the person who set up the account, his location are unknown. Microsoft found that the majority of the content of that e‑mail account was stored on its data service in Dublin, and because the data service were in Ireland, Microsoft refused to comply with the order issued pursuant to the Stored Communications Act, because Microsoft stated that the data stored abroad, or stored outside the US, so US law does not apply. This is simplifying the case but this is just to give you an overview of the controversy. And indeed the controversy between Microsoft and the US is focused on geographical scope of the application of the Stored Communications Act. Because while Microsoft states that it does not apply to data that are stored outside the United States, the United States government argue that as long as data is stored on the facilities of US‑based Internet service providers, then the US‑based Internet service providers have to comply with the order, no matter where data is physically located.
Now, what did the courts say? Well, the US Court of Appeal for the second circuit found, in July 2016, that indeed the Stored Communication Act does not apply to data that is stored outside the United States, so Microsoft did not have to comply with the search and seizure warrant. And when I say that the dispute is still ongoing, is because as of July this year, July 2017, the United States filed a petition to the Supreme Court to bring the dispute there, so to review the decision of July 2016.
So, what are the criticalities of establishing jurisdiction based on data location? Well, many commentators have criticised these criterion. First of all, because it is an unstable ‑‑ Daskal, for example, says this is an unstable and arbitrary jurisdictional criterion, data are extremely mobile, change location frequently, are divided among different countries, so it does not make sense to talk about jurisdiction based on data location. Another criticality is that the owner of data has no control whatsoever over where data are located, which means that the owner of data could find themselves within the jurisdiction of a foreign country without being aware of it and without consciously having decided to act within that jurisdiction.
And finally, this leads to an unsatisfactory result. Again, this is because following the approach of the United States Second Circuit District Court, the United States cannot access data that are related to an act that happened entirely on their territory and that was related to an account that had been set up by one of its citizens, just because the data is located abroad. I suppose that there is a concern here regarding the fact that companies might perhaps circumvent the requirement of the law just, by just storing data broad or that could apply to users who could mislead the company into stating data abroad.
However, there are critiques that have been moved to the US government position as well, so the US government position as well; I, as a State, will access data of US based Internet service providers regardless of where the data is stored. Now, this approach has been criticised because it could lead to a violation of into a foreign State. So if Microsoft states that the data is in Ireland, the fact that the United States could access the data that is located in Ireland would indeed mean that Ireland would lose sovereignty over data that is stored on facilities located in its territory, and this is a problem so this could lead to a violation of a foreign State sovereignty. And another point is that the Internet service providers, for example, might be uncertain as to which laws they have to comply with.
Overall, a point that has been raised by both the critiques of Microsoft's position, so the critiques of jurisdictional‑based data location and who is critical of the US government position, is the risk of data localisation, for example, because I suppose that the certain is that governments would ‑‑ could impose a requirement on their citizens or on the companies that are located on their territory to store their data locally and this would compromise the functioning of the Internet. And another point that has been raised is related to previous concerns. Indeed again there is a privacy problem, there could be a privacy problem especially if we think about the fact that the privacy laws of Ireland in this case could easily be circumvented by the US accessing the data that is stored in its territory. On one end another point that has been made is that US law offer offers more guarantees against State surveillance, and therefore, if the data were found to be within the US jurisdiction, they could be better protected than within foreign jurisdictions.
So, just to conclude. Four main points can be drawn from the themes that we have seen today. The first is that due to the general uncertainty as to the meaning of State jurisdiction online, some national courts are exercising jurisdiction over content published online and uploaded from foreign countries just because that content can be accessed from within their territory, and this fact can have negative implications on the fulfillment of freedom of expression.
Some consensus at international level exists at least if we refer to those international authorities in the field of freedom of expression as to limiting the exercise of State jurisdiction only to those cases where a genuine link can be found between the State exercising jurisdiction and content upon which jurisdiction is exercised.
Targeting test seems to be better suited than the territorial criteria to exercise jurisdiction online, but there are problems with the targeting test as well because it cannot ‑‑ it's uncertain which criteria can be relied upon to define when a website is targeting an audience in a given State.
Finally, the data location jurisdictional principle is indeed highly controversial, has received many critiques and has many concerns on privacy and sovereignty.
That concludes my presentation. Thank you very much for your attention.
CHAIR: Any questions?
AUDIENCE SPEAKER: Jim Reid. Very thought‑provoking and very interesting presentation, Sara, thank you very much for that. I have got a couple of questions for you. The first one is this point of extraterritorial, my understanding of the law, and I don't play one on television, is that, certainly in the UK, certain things are considered crimes even if they are not committed in the UK. I am thinking particularly of things to do with child abuse. So how would that translate into this kind of legal environment you are talking about here, so potentially I think ‑‑ maybe for those things, the extra‑territoriatality doesn't quite always work out.
My second point is perhaps the more important one from my perspective. You seem to be focusing on the issue of illegal content for some definition of illegal. I'm much more worried about problems like the distributed of the service attacks and BotNets, things that are actually damaging the network. I don't particularly care all that much about people have got dirty pictures on the net or whatever, that's not my concern at all. And I was actually at a conference last week where there was a discussion about a case involving the German police where the bad guy was trying to take out the telecoms and infrastructure of an African State and the side effect of that, they were compromising the integrity of Deutsche Telekom's network. It turned out the guy that was responsible for this was launching his attacks from Cyprus using BotNets somewhere in eastern Europe which were then infecting laptops and computers all over the world that were then converging on the Deutsche Telekom network, and it turned out this guy was arrested and returned to the UK and then repatriated to Germany under European search warrant. What are the legal people thinking about those kinds of DDoS and, if you like, multinational dimensions to these kind of attacks rather than this one to one thing with content? Sorry to put too many questions in there.
SARA SOLMONE: I will start from your last question first. Absolutely, I agree with your observation, and certainly cyber crime and attacks that have launched via the Internet are amply investigated, I would say. However, I focus on, in my research I focus on Internet and the human rights with a specific focus on freedom of expression. That is why I focus on content and when content is legal or illegal in other States and what happens if State exercises their jurisdiction extra‑territorially. So this is the specific focus of my research, but I certainly agree with you that the concerns that you have raised are related to something that's important and is is being investigated by scholars, even legal scholars, but I'm afraid I'm not an expert in that specific field.
As to your first question, could you please remind me what it is.
JIM REID: It was the issue of things which are considered crimes irrespective of where they are committed. So, for example, child abuse, which I think in UK law can be prosecuted in the UK even if the offence took place in a foreign territory. Does that have any bearing on what's being discussed in this context of human rights and freedom of expression thing here?
SARA SOLMONE: Yes, absolutely. There are certain acts that are internationally recognised, there are international conventions that criminalise those acts, therefore when child abuse is committed online, it is likely that, irrespective of where data is hosted, who uploaded the data, there will be prosecution. But that is, in a way, related to the fact that those are acts that are internationally recognised as grave and illegal, so what happens is that with the pictures of sexual nature, so the difference is that when pictures of a sexual nature that were published on Mr. Perrin's website are indeed published online, it's a slightly different matter because it's not about content that is internationally recognised as illegal, so, there is a difference in that. That's where freedom of expression comes up.
JIM REID: Let me pose a hypothetical example here. Suppose I decide to pose something very derogatory about Robert Mugabe and the Zimbabwean government of parliament has passed a law that says anybody who says anything nasty about the president is guilty of offence, in that case I have broken Zimbabwean law, even though I have never set foot in the country. How would that apply in this context?
SARA SOLMONE: It depends on the specific laws that would be, let's say, hypothetically enacted in Zimbabwe and that would define the geographical sphere of application. If it says if anybody, wherever in the world they are located, that published content online that is derogatory or defamatory can be prosecuted certainly they would be applying the access‑based jurisdictional approach and you could find yourself within their jurisdiction if you were to enter their territory. But I suppose it would depend on the specific law that would be passed.
JIM REID: Thank you very much.
CHAIR: The European data protection regulation also does something like that. If it's about Europeans, then it will apply to everybody in the world.
SARA SOLMONE: Absolutely. Yes.
AUDIENCE SPEAKER: Alexander. Actually, more examples of how states try to establish jurisdictions and you just mentioned European regulation, but Russia, for example, have a law that personal data of Russian citizens must be stored in Russia, so they must know where the Russian citizen lives. It's another fine example and we are waiting for international ‑‑ for European regulations to get enforced because these laws clash against each other. And, for example, these kind of jurisdictions along with Russian State to completely LinkedIn because I say this linked to the personal data that is not stored in Russia. But we are still getting e‑mails spams from LinkedIn. So our State is not protecting us from this. So, let's wait what happens. The situation becomes much more interesting this time. Let's see.
SARA SOLMONE: Yes, thank you.
AUDIENCE SPEAKER: Thanks for a good presentation. And the question is: How do you assess the possibility to create a cyber poll, as Interpol?
SARA SOLMONE: Right. So an international...
AUDIENCE SPEAKER: Yes, because really, laws in some countries can really clash and in some cases can be a political reason and in some cases not. Actually, Interpol has some good practices to follow that cases.
SARA SOLMONE: And I'm sure that some practices have been put in place with regard to cyber crimes. But I suppose that the difficulty with regulation of content online is the fact that states are really reluctant on losing sovereignty on what they perceive as being on their territory and in a way there is physical infrastructure on their territory, there are data centres, there are cables that are physically located on the territory of states, and so I suppose that the difficulty with that is the fact that the state would be concerned about again losing sovereignty, but yeah, hopefully efforts can be made, and we will see what the situation, how this situation really develops, so, yeah, thank you.
CHAIR: Okay. Thank you. That was very, very good. Thanks.
(Applause)
Okay. And the final presentation of this session is by Thomas King, about data quality.
THOMAS KING: Thank you very much. So, I'm Thomas from DE‑CIX and I would like to talk about something that fits perfectly to what Uta just said; if you do peer, you want to make sure that both parties get most out of that, and I will show you how we at DE‑CIX take care of that and if we make sure that the data quality at our IXPs is great.
So, let's get a ‑‑ let's step back a bit and have a look on what is the purpose of an IXP from a customer point of view or mainly from how you look at IXPs. An IXP, the goal is that it connects ASNs, and it must maintain a balance between content networks and eyeballs so that it can attract ASNs and usually it looks at local ASNs as much as possible because the idea of an IXP is to keep local traffic local.
And on top of that, it's sets up a lot of tools that help settlement‑free peering, like a route server, that's technically true for that, but also meetings like RIPE meeting or more regional roundtables from IXPs are something that help setting up peerings.
And in the end, the main benefit of an IXP is that it allows traffic exchange as easy as possible so that you guys get rid of your traffic as easy as possible.
And I'm pretty sure you all agree on that, more or less. The thing is, not only are the legitimate users like IXPs very much, but also for spammers, and spammers are for me a place holder for all the malicious activities we see in the Internet. Spammers is a place holder for DDoS something or IP hijackers, it's malicious activities we do not want to see in an IXP.
I'll show you why an IXP is a nice place for them to play. The reason is that often BGP session at an IXP are not well filtered, we all know that. The filtering system has some issues, so, if it's via the route server and we at DE‑CIX make a lot of energy that filtering gets a lot, but even then there are limits which can easily be overtaken and so BGP sessions can be hijacked. And the same is true for bilateral peering as well. If you set up bilateral peering, it depends on the peer how well the filtering system is working and how strict they filter.
And this is a great playground for these spammers to do all nasty kind of BGP tricks to get rid of their ‑‑ to start their malicious activities.
So one is IP hijack, that's pretty easy, they take an unannounced IP space or renounce an already announced IP space and announce it via the IXP. It might be via the route server or via a direct bilateral pinging session.
If there is some filtering in place that doesn't allow IP hijacks because it filters it out, it detects it, then they start doing ASN and IP hijacks at the same time, so that even RPKI is not capable of detecting this kind of hijacks, and for that usually it makes sense to use a not‑operated ASN with an unannounced IP space and just start announcing this kind of hijacks.
And to hide activities like that, it's easy to add an artificial AS path in between so that it looks like, if there is any malicious activity like spam coming from this peer, then they can easily tell you, no, it's not me, it's a customer of my customer who is doing some bad things, and this customer might be saying don't blame me, go to this guy. And this is what we at DE‑CIX just saw, and we had a hard time to detect that activity, because usually, the idea of peering means that the routes you, as a peer, have learned, you do not propagate them upstream. What you do is, you propagate the route within your own network and you will propagate the routes down stream to your customers.
So if the routes are not propagated upstream, they do not end up in the global routing table, which means a lot of detection tools like RIPE RIS, BGPmon, Qrator, and the like, for them it's very hard to detect if an ASN and IP hijack.
Just to be clear, I'm saying it's hard, for them it's impossible. It depends on the vantage points these kind of tools have, if they've set up BGP sessions with some of the peers at an IXP, they might detect it. If they have this kind of visibility, they cannot see it.
And that's a really great playground for all kinds of malicious activity because if there is something going on for us as an IXP operator, it's quite hard to see that and detect that.
So it's not only a great playground from a technical point of view, but also from a business point of view it's great because IXPs love to give traffic out for free, because here that's an announcement I just took from an announcement of this IXP which is operated in Sweden, they give away parts for free for some time, and there is another one in the Netherlands that does the same thing, and DE‑CIX does it as well because if we start a new IXP or if we want to promote an IXP for sometime to attract for customers, we start usually giving away parts for free. And that's a perfect setup for these kind of customers, if you would like to say so, for this kind of malicious actors, because then they have a perfect playground, they can do nasty BGP tricks and they can get rid of the traffic for free. That's fine.
So, why do I stay here and tell you about that? The reason is, we learned all this the hard way, because in May this year, one of our members informed us that he was hit by massive DDoS and also he saw a lot of IP hijacks coming from a few members, and actually the trigger for us was that he told us I see a lot of IP hijacks because we are, as an IXP operator, operating a layer 2, layer 3 infrastructure, and they have contracts with our members saying you have to play to the rules if you want to be part of this infrastructure. And if you don't play to the rules, we can punish you for that. And so we started looking into the case, our goal was clearly to find activities or to see what's going on, what are the activities that are violating or DE‑CIX contracts, so mainly layer 2 and layer 3 activities, and if there is anything going on that looks fishy, we wanted to collect evidence so that we can have a clear discussion with the member about what is going on and what is the reason for that.
So, what we did, or what created the greatest results in this investigation was the BGP analysers, so we saw at least, it was more than 50 IP prefixes which looked quite fishy, so we started contacting the IP space holders asking them if what we saw in our infrastructure is something they intend, that it should look like that, or is it something they had nothing to do with. And six of them replied clearly that this IP space should either not be announced at all, or they have no business relationships with the the companies we just saw. And based on that we had a quite intention discussion within DE‑CIX how to go forward with that. But, as we have just learned that thee guys are doing really bad things and trying to break our infrastructure, we decided that we will suspend our services due to a violation of our DE‑CIX contracts, meaning IP hijacks are not allowed via our infrastructure.
And as they were on this large scale, we decided we have to act here. So we confronted the members with allegations and unfortunately, and that was a reason why we took the next step, there was no cooperative manner in resolving the issue. Actually they were saying that they will sue us because we ‑‑ we are saying they do bad things. And based on that, that we had clear evidence that there is something going on that shouldn't be going on, which is a clear violation of the DE‑CIX contracts and also the non‑cooperative manner of handling the issues we decided to cancel the contracts with these members due to the violations we saw.
So, we cut two of the members loose based on that, and that was in June 2017, so two months after we got first notified by that.
So for us it's very important that we take care of what's going on of our infrastructure, because we want that you guys, you, you, our customers and members, that you get the most benefits out of that. And unfortunately there is no Internet police out there that does all this sort stuff and it's hard to collect evidence and go to the police with this kind of stuff. But we already know that, that it is for years already, and we, as a community, have decided to work with blame and shame, and there is a lot of great websites out there that collect all this kind of information and publish it, just to name a few here, he has a very close covering of actually things that we have seen also. And also, Dune is providing quite an insight into that.
So ‑‑ and besides that, we have the more agile or faster kind of communication like mailing lists, here, it's an excerpt of the NANOG mailing list, we have DNOG and UKNOG where we have ‑‑ openly share information if we see something fishy is going on and we can act on that.
So we learned, from looking into this information, that usually the names of the companies change, but there is end numbers of the actors stick because usually use this ASN numbers to set up peerings, bilateral peerings so they cannot easily change the ASN numbers.
So there is a lot of information out there and I think it's our responsibility, our means here as a community and also as DE‑CIX to use this kind of information wisely and make sure that we do not support malicious activities which might break the Internet.
So, what are the lessons learned from DE‑CIX? Actually, we reviewed our abuse management processes, we defined a clear contact person and we told that to our members. If you are a member of DE‑CIX, you have received e‑mails about that, and we want you to openly speak up to us if you see fishy activities which you might think are worth investigating. It doesn't have to end up in shutting down customers or members, you know; it's just in resolving the issue, that's our main goal, we want to have a striving, robust IXP infrastructure where our members are connected, and if there is an issue we want to resolve it as fast as possible.
We also redefined our abuse process. And just to give an impression how it looks like, that's the process. I will not go into the details here. I just want to show you, it's somehow complex and it contains the decisions we have to take in order to resolve issues here.
And what we also implemented is a blacklist expelled members so that if we cut loose a member, if we decide to do that, and it's not an easy step for us to take, but if we decide to do that, we will never see this customer or member on our infrastructure again, because if that happens we are pretty sure there is something ‑‑ there is something definitely wrong, so this customer or this member will not bring value to all of you which are connected to our infrastructure.
So, and we also talked about this ASN /IP hijacks with our member base, and presentations like this make also sure that there is a clear message to the Internet community that we, as DE‑CIX, we will not support any of this ASN and IP hijacks, that we want to make sure that this is well‑fought.
So, let me summarise what I just have been talking about. So, we as an IXP operator, we have clear rules in our contracts, what is allowed on layer 2 and layer 3 and with layer 3 are mainly BGP. And we want to make sure that everybody has a clear understanding, if you do not play to the rules, the violations might be prosecuted, finally ending up in cancelling contracts. That's a final step. What ‑‑ that's nothing we are looking for. What we are looking for is resolving issues. So, please come to us if you see something fishy going on, so that we can work together and fix the issue.
And because we want to run a very stable and reliable place where you guys can easily exchange Internet traffic and ‑‑ yeah, that's safe for you.
This brings me to the end of my presentation and I have a few questions for you, because I would like to see how we, as a community, work on this, so did you ever encounter such cases? I was just showing a lot of IP hijacks and ASN hijacks, and if yes, how do you usually react to that? And do we have an abuse policy? And if yes, how does it look like, because it was very tough for us to come up with a really clear ‑‑ we had an abuse policy, but, you know, having an abuse policy and having a really workable clearly‑defined abuse policy is a completely different thing. So how does your policy look? And I would like to also know, how do you forward information if you have this kind of information about malicious activity, how do you forward them to your IXPs and also ISPs and to the police, how do you work with this kind of stuff? So that's pretty much it. I'm open for questions. I would love to have a discussion on these questions.
BRIAN NISBET: Thank you very much. So, questions...
AUDIENCE SPEAKER: Martin Levy, from Cloudflare. I actually have two very different questions. One is about the layers, if you go back a page, you don't have to, but it talks about being a layer 2 with obviously layer 3 capabilities BGP, that is the service that you offer. So, the simple question is, why are you even involved in a layer 7 issue such as spam? That's sort of one question and it's going to relate to the second question, because I don't think ‑‑
THOMAS KING: Let me first answer that. We do not care about layer 7 issues. If there is a malicious activity going on on layer 7, we don't care, because we are layer 2, layer 3 provider, and, by German law, we are only allowed to look into these layers because we are providing this kind of infrastructure so we cannot look into the layer 7 and do anything about that, and we won't. That's something we can't work on. We are, as I said, we are layer 2, layer 3 providers, so we can only look into these layers and if it's something going on that breaks our infrastructure, we will act.
MARTIN LEVY: You would have liked the second half of my question, to make it easier for you, you have gone this route, let's continue. Then why was there a set of slides about Spamhaus? Not that I'm supporting them, but this is not a layer 7 issue that you just said and yet you particularly picked a player in this area, and I'm worried that you are sitting there judging on something that is outside of the layers to which you are addressing. And when you hear my second question, you will realise why this actually would have saved your bacon, pardon my use of that word here, but you will ‑‑ you have gone down this path, please continue.
THOMAS KING: What I just presented has nothing to do with the issues we currently have with Spamhaus. What you are referring to is that Spamhaus is blackmailing us with shutting down certain customers they see as spammers.
MARTIN LEVY: You brought that up, not me.
THOMAS KING: You were talking about Spamhaus.
MARTIN LEVY: Let me ask my second question because it's much easier ‑‑ the second question is, that you mentioned, about a slide or so before, about not allowing BGP or IP ‑‑ ASN or IPs that are illegal; that are not owned, I presume, is what you meant. We all 100% agree with the announcement of an IP address that is not owned or does not have an LOA to be announced by a provider, and we have dealt with this issue for a long time. But you have brought in AS path ‑‑ basically, AS injection, which is a bad technique that has been used by many backbones over the years, but has never been said to be illegal or not allowed to be used, and I'm sort of intrigued as to are you suddenly bringing up a new filtering issue because this is one of those unwritten, sadly acceptable procedures within backbone operation.
THOMAS KING: So, clear answer ‑ no, we have no issues if you do whatever tricks with your S paths.
MARTIN LEVY: Good.
THOMAS KING: We have no issue with that, full stop.
MARTIN LEVY: At your level. I have an issue but I'm a network ‑‑
THOMAS KING: That's a different story. You asked me have I an issue. I have no problem. If you do magical stuff with your AS paths, that's fine.
MARTIN LEVY: I'd want to edit your presentation a little bit to clear that up. Because that was not what ‑‑
THOMAS KING: The point is, you are saying is it okay, or your question meaning is it okay if somebody is doing IP hijacks but isn't it okay if he is messing with AS paths?
MARTIN LEVY: At your level as an Internet exchange. In general, no, I hate the whole thing, but at your level as a presentation about an Internet Exchange, I'm just trying to understand scope.
THOMAS KING: The clear action where we have to do something is if an action of a member might break our infrastructure, and that's the motivation. So, with IP hijacks or ASN hijacks, that's a clear indication that might break our infrastructure. Right. If you mess with the AS path sets it's a little bit different story, because how do you detect that and how would it mess with an IXP? I don't see that clearly. I'm not saying that there might not be an attack that also might work on AS path messing, but that's not a clear ‑‑
MARTIN LEVY: So that's a much clearer statement and I think grounds for a second presentation about what effect that could have for an Internet Exchange, which includes a route server and other things. But less so to do with anything in the layer 7, which is superfluous to an IX conversation. So, I look forward to your next presentation on this.
THOMAS KING: We can work together on that, if you like.
BRIAN NISBET: So the person who is actually at the microphone.
AUDIENCE SPEAKER: Stefan from DENIC. I worked a little bit for DE‑CIX before so I know some insights and I'm looking at what the guys are doing and I like it. But I also have this kind of fear that they step over some sort of border. But currently I think it's on a ‑‑ in a good shape, so, from my point of view as a customer, I really like the customer portal and the flow tools and being able, especially if your infrastructure is, I would say, under attack, this might be spam, this might be DDoS, whatever, so people do nasty things against your auto‑num system or your customers and most of the time it's the old story long, it's IP spoofing, so the attackers they hide somewhere behind this big peering exchange and you want to grab them or maybe you want to accidentally punish them, but you have to make sure that you can get them, you need tools, and DE‑CIX have some tools to make it, to automatically detect those kinds of violations or BGP violations and so on. And this helps you on an operational point of view. But, of course, if you open the box, then there might be some day that it's too far, that is crossing a border which is not okay any more. But from my point of view it's a good start and a good direction and I think even other IXPs should push more, they should offer the customer base more insights, give them the opportunities to solve the layer 7 problems directly, but you have to make sure who is the other layer 7 or layer 8 guy on the other end. And most of the times, it's difficult to grab them, even if you have NetFlow, sFLow and Mac player base and so on. So I think this is some new value added service from the great IXP platform for me.
THOMAS KING: Just to be clear. We are only acting on violations on layer 2 and layer 3. I don't care what's going on on layer 7, I don't see it. I cannot do anything about it.
AUDIENCE SPEAKER: But you can give directions.
BRIAN NISBET: Quickly, please.
AUDIENCE SPEAKER: Peter Hessler from Hostserver. I just have a comment and a question. For Martin's question, I think an important clarification is the difference between a so‑called legitimate AS hijacking where there is a business relationship between the two entities, versus an illegitimate AS hijacking where you are pretending to be somebody that you don't have a relationship with. I think that's the clarification that is missing.
THOMAS KING: Okay. I thought it was on the slide, so probably I missed it in the question of Martin, but that's it exactly. So we were asking the IP space holders, where we were seeing IP hijacks, if there is any business relation with these kind of companies... so, that was the missing link. But let me stress that, we wanted to know is there a business relationship with them, that is important for us going forward.
AUDIENCE SPEAKER: My question is, as a member of an IXP, if we see a hijack come because we hear from other sources, from an e‑mail list or from Twitter or whatever, is it helpful for us to communicate with you, the IXP operator, that we also see it, or should we just assume the IXP has seen it if it's like on the NANOG list, for example.
THOMAS KING: Actually it helps us a lot if we get insights into what you see, because we have a clear ruling that we will only act if we have information from our members that they see something. We do not accept information from somebody outside saying there is something, start looking at that or start shutting down customers, we don't do that. So we want to have information first hand from our peers that there is something going on they are seeing as fishy. So, yes, please, forward it to us.
AUDIENCE SPEAKER: Thank you.
BRIAN NISBET: Okay. Thank you very much.
(Applause)
So, that's the end of our session this afternoon. Very quickly, remind you that the women in tech lunch is happening upstairs. Please rate all the talks you have seen and we will see you in the rest of the day and indeed up until 15:30 today you have a chance to nominate yourself or someone else, as some sort of present, for the RIPE PC. So thank you all very much.
LIVE CAPTIONING BY
MARY McKEON, RMR, CRR, CBC
DUBLIN, IRELAND.
