Minutes of RIPE Big Picture BoF

Monday, 20 May 18:00 – 19:00

Hans Petter Holen, RIPE Chair, said that the RIPE community was responsible for the Internet – and this was an integral part of society. They were used to being a bunch of techies in a room – but now they also had new people coming to the community: human rights activists, law enforcement, regulators, etc. Were they welcoming these new people, and were they in a good position to deal with the new requirements that were being placed on them as a community?

Hans Petter continued by saying his job as a security officer depended on the RIPE Database and the accuracy of the data in it. How could ensure people kept their part of the database up to date – the part the RIPE NCC was responsible for was pretty accurate – but the part the LIRs maintained often had issues. And more broadly – what was the appropriate infrastructure today to keep networks running and also provide sufficient data to law enforcement.

Axel Pawlik from the RIPE NCC noted that the community appeared to be under pressure as new people and groups (e.g. government, law enforcement) started to participate and attend meetings. Sometimes they were not made to feel welcome, and these interactions didn’t just stay in the room. Governments had big sticks, and while the community talked about the bottom-up process, governments might start to ask why they should bother with the PDP when they were treated like this.

Alexander Isavnin, Internet Protection Society, said that when he first joined the RIPE NCC, he’d been told that it trusted its members and was there to support them. He asked what had changed with its approach – he noted that Rob Blokzijl was no longer with them, and Nigel Titley was leaving as Chairman of the RIPE NCC Executive Board.

Randy Bush, IIJ, said of all the RIR meetings, he only attended RIPE. He thought this was because RIPE remembered that it was working for the Internet. They were not just geeks in the room anymore – and people were depending on the stuff they built. The operational culture still had some grip on them, and while they should be more civil, recently there were a number of topics that could have been messy but converged on a sensible approach – the RIPE Chair replacement procedure was a good example of this. The RIPE NCC did a lot more for the community than the other RIRs and was very valuable, so he was happy to contribute his money (he noted that he had recently joined as a member).

Niels ten Oever, University of Amsterdam, said the day after the technical community created concepts like end-to-end, it had started breaking them. However, even if they weren’t absolutes, these concepts still provided guidance. Maybe the community needed to converge on a set of values that could guide it in terms of its intent. This would not need to be a top-down process.

Denis Walker asked who the RIPE Meeting was – in terms of its leadership and in terms of the people contributing to decision-making processes. It was impossible to provide full representation. If a lot of people began to participate in the PDP, being a WG Chair would become a full-time job.

Jim Reid, RTFM llp, said that if people weren’t motivated to participate in a discussion, it was because they didn’t feel it was enough of a concern. the ones who were engaging with the discussion were those who cared or had skin in the game. So low participation wasn’t much of a concern. When they reached thousands of people in WG discussions, then RIPE could talk about what needed to change.

Responding to Niels’ point, Jim said that talking about morality was a very slippery slope – it was impossible to square the circle between different geographical areas/cultural boundaries. The RIPE community was there to move bits and should be focused on this, though maybe it could do more to educate governments.

Milton Mueller, Internet Governance Project, said RIPE had a very unique governance system. The Internet was a trans-national project built on voluntary cooperation (and to a certain extent contractual interactions). This was different to the traditional system of nation states operating within territories and with a monopoly on violence. Secondly, the technical community worked via rational deliberation rather than voting. He said RIPE should not try to accommodate its governance model to the rest of the world – the current model was an appropriate one. The overriding values of the RIPE community were not concerning human rights – they were about compatibility and connectivity, which was what drove the community. That being said, the community could always be more open and inclusive.

Nurani Nimpuno, Asteroid, said they were not a political organisation that was trying to save the world. Values could be framed in terms of how they made good decisions and how the community made sure that all voices were heard. They needed to be careful about defining consensus – it was not great if there were only three people in the room. Consensus-building was all about the *process* of developing something together.

Nurani continued by saying that just because the rest of the world changed didn’t mean RIPE had to change its values. But it was important to recognise that today their decisions had a greater impact than 20 years ago – they affected other people/businesses/stakeholders around the world and as a community they needed to be sure they were hearing their concerns. It was important that any values that were defined weren’t seen as something the community could beat newcomers with.

Ruediger Volk, Deutsche Telekom, said there should be space in the plenary that provided a sense of community and showed what the community was doing.

Ruediger continued by saying he wondered if WGs were still appropriate now that RIPE was a much larger and diverse community. Referencing the recent Anti-Abuse WG discussions, he thought people couldn’t be expected to keep up with the hundreds of emails and work out what the flow of discussion meant. There was a need to re-structure the process so that there were checkpoints where the discussion could be summarised. These should not just be the existing points in the PDP. This would require someone to dedicate time to writing summaries and work in this direction would definitely be needed.

Ruediger continued by saying that GDPR considerations a while back seemed sloppy. While there were plenty of cases where the LIR was the owner of the bad records, plenty were also owned by the RIPE NCC. Sometimes it was not clear which LIR was meant to be the owner of a particular PERSON object.

Niels said the RIPE NCC shouldn’t be the routing police, but on the other hand technology was not neutral and should accommodate different values.

Hans Petter said what he was hearing was that as they brought newcomers to the process, they needed to make sure their processes could accommodate a larger population and it could scale. Their policies directly affected 20,000+ RIPE NCC members and many more beyond this. They were seeing many more votes in the GM, but in the PDP it seemed that they had 20-100 participants at best. Were they getting the best minds together to discuss policies?

Regarding consensus, Hans Petter noted that they had essentially copied this over from the IETF. However, this was better suited to technical matters – RIPE policies often had more in common with debates about capitalism vs communism. He challenged the idea that they did not vote in the community, as +1s in mailing list discussions often functioned similar to votes, while -1s were not allowed and required explanation. He noted that the report published by the Accountability Task Force had covered some of this and he encouraged them to read this as a starting point.

Alexander said they should think about who these new actors were: governments (with special emphasis on law enforcement), human rights activists, and businesses that were using the Internet. He hoped they didn’t need the intellectual property constituency in there.

Maria Hall, RIPE NCC Executive Board, said while their decisions affected the wider society and vice versa, they needed to focus on their core role. Of course, governments and other groups were becoming more interested in the community – which meant that their interactions with these groups became more important – but that didn’t have to go all over the place as a community.

Daniel Karrenberg, RIPE NCC, said they needed to have a general re-think of what the RIPE Database was, rather than making further incremental changes to it. They could create a task force that understood the registry and the needs of the operational community along with participation from law enforcement and others. They should take a look at this and come up with a brief document on how they would design a database as if from scratch.

Daniel agreed with Ruediger that they needed a space for the community to come together and talk about things and communicate what it had achieved. He added that WGs were increasingly seen as an extension of the plenary programme and he didn’t think that was sustainable. He thought Hans Petter could start a community discussion on this so they could do something.

Peter Koch, DENIC, said they needed to think about the PDP and how decisions were made. Some policy proposals were essentially yes or no propositions with little space for compromise in the middle. They needed to agree on the purpose of this venue, which would help to establish jurisdiction. There was an increased willingness of people to use the PDP to legislate, and closing down LIRs was not the solution to every problem in the world.

Peter agreed they had many different stakeholders from all around the world – but that didn’t mean these groups got to hold wildcards. RIPE didn’t exist to make Law Enforcement “happy” (nor to make them “unhappy”). They didn’t want to repeat the ICANN model of the GAC. If a task force documented the requirements of a new database, it would be worth asking the degree to which it should to serve the purposes of law enforcement, as the purpose would steer its design and acceptable uses.

Jim agreed with Peter’s comments. They had only had one or two problems with the consensus-based process – getting outside voices in and addressing the +1 issue. He thought this was for Hans Petter and the WG Chairs to address.

Regarding Daniel’s point on WGs becoming part of the plenary, maybe they needed to look at this as well. Some WGs didn’t produce policies – maybe they were best as discussion forums and it was best for the decisions to be made elsewhere.

Randy said that ICANN had been built on a model of constituencies in opposition, and this had poisoned the well – they should avoid this. RIPE had a low barrier of entry for technical people, but the barriers were higher for those with more “social” backgrounds. He said you became your enemy. More and more, the IETF had become the ITU. They shouldn’t make the police their bogeyman, because otherwise they would become like them. They needed to take LEAs seriously – they were trying to do a job and they needed to respect that – but they should avoid throwing rocks at one another.