BRIAN NISBET: OK. Good afternoon to you all, welcome to shockingly the afternoon session of the second day of RIPE 71. We have two presentations, discussions things, this afternoon, which I think will be of great interest. They are substantially less technical than the morning's content, but no less important.
So, first off, speaking on the Internet as a field of modern warfare, I would like to introduce a group from Leiden University so we have Claerwan O'Hara, Lucy Turner, Louis Leonet and Anne Pluoy, so I am not sure which one is speaking first. Thank you.
LOUIS LEONET: Good afternoon together with my teammates we are going to talk to you about the Internet as a field of war, or more pre licely, about the applicability of international humanitarian war to cyber warfare. It is a very interesting topic and of particular interest to us because of the fact that international humanitarian law is really old, as that can be exampled by the fact that the Geneva conventions drafted in 1949. So while cyber warfare is a very recent issue, as some of you know about the virus, in Iran, for example.
So we are going to divide our presentation into four sections: First of all Claerwan is going to talk about and Lucy is going to explain to you the first principle of distinction, I am going to prove on to the principle of proportionality and Anne is going to talk about the principle of precaution. So, Claerwan.
CLAERWAN O'HARA: So, international humanitarian law is the regime governing conflict. This means when talking about the application of IHL cyber activities we are talking about cyber warfare, i.e. the conduct of military operations by cyber means. This is distinct from other cyber security issues such as terrorism or cyber crime or cyber espionage, these activities may reach the threshold of cyber warfare, most are governed by other areas of law. This is because IHL only applies to armed conflict.
Armed conflict as defined and discussed throughout the Geneva Conventions and the international criminal tribunal's jurisprudence essentially boils down to two main criteria: Whether there is some kind of armed force and depending on the type of conflict whether there is a requisite threshold. The second element is focused on the actor behind the force, namely whether it is a international or non‑international armed conflict. Cyber warfare poses complications for both of these criteria. With regard to the first, their main issue relates to the non‑physicality of cyber warfare. Physical ‑‑ armed force is generally seen as a physical notion. It's understood as violence that results in physical damage or injury. Some cyber operations clearly wall within this definition, a computer network attack causing down waters to flood or the misrouting of trains causing them to crash. However there is a range of psycher activities but have far‑reaching but non‑physical consequences. There are cypher operations that can disable a physical object and deprive of it functionality but they don't damage or destroy it. And for example, interference with an electrical grid, temporarily putting it out of order, experts are divided, it might have the same effects as kinetic force, is not having any permanent physical consequences and so it's add odds with had conventional understanding of warfare as it existing within this old legal regime. More difficult, cyber operations interfere with services or communications. Generally these are not seen as amounting to force because they have no physical ramifications. Although we haven't actually seen any cyber operations reach a threshold where IHL has tried to be allied to them, there is a minority of experts who say maybe if there was severe consequences flowing from such operations, swear /TPAOERPBS with the New York Stock Exchange causing the market to crash, maybe this could be considered warfare for the purposes.
In the second he will. The assessment of whether the conflict is international or non‑international, cyber warfare poses few issues. The reason we make this categorisation, there are different rules of IHL applying to civil wars and international wars and the way this is usually determined is by the actors behind the force, for example, a conflict between two states is generally seen as international armed conflict whereas between state or non‑state actor or two non‑state is seen as civil war. But cyber operations can actually complicate this because of the potential for anonymity, it's difficult to identify the actor behind a given operation. For example to return to the example, there is speculation it could have been perpetrated by the US and/or Israel, we can't confirm this which makes it difficult to classify the conflict. There is also some IHL commentators who maintain for the regime from non‑international armed con liquidity to apply, then the conflict needs to occur wholly within one Kerry, again cyber warfare makes this complicated, even if it is between two parties within one physical territory, an attack might transit several boundaries and this makes it difficult to work out which system to apply.
So, in brief, there is the issues relating to the application of the regime of IHL in general to cyber warfare and you are going to hear some of the concerns related to the specific rules and principles of IHL, starting with Lucy and the principle of distinction.
LUCY TURNER: Thank you very much. So, once we have decided that IHL applies to a given situation we can start applying some of the rules and principles that form a fundamental part of IHL to that situation. So, the principle of distinction is one of the fundamental principles of international humanitarian law and broadly speaking, it means that you have to make a distinction between military and civilian objects, so you can target military objects but not civilian. And it means that you can't have indiscriminate attacks so you need to ‑‑ you can't be reckless as to whether you target civilian objects, you need to make sure that you are differentiating between civilian and military targets and this entails a positive obligation to identify, so if you have military personnel you need to identify them as such, they need to be wearing insignia and uniforms and all the buildings and vehicles you may use may need to be identified as such. So this seems like a fairly straightforward principle, right? As you can see from the picture here, this shows the MSF hospital in Afghanistan that was targeted and it's likely that as a non‑military object being targeted, that this would fail to comply with the principle of distinction.
So this seems fairly straightforward. When we look at traditional kinetic armed conflict. But cyber warfare certain key problems emerge: When we look at the Internet and Internet architecture and infrastructure, we can broadly understand the Internet to be dual purpose. So, when we talk about dual purpose in international humanitarian law this means that it satisfies both military and civilian purposes, so it has these two functions, so we consider it to be dual purpose. So this means that there are some complications when we decide whether or not we can target the Internet infrastructure because we can't say that it is absolutely a military object, and that we need to consider some effects to civilians.
Secondly, there are complications when we look at viruses and worms so viruses are spreading and worms are self replicating and it can mean although you are targeting a military object or a military system, that you may have inadvertent effects on civilian citizens and objects so this is something we also need to be considering. So, for example, Stuxnet was supposed to target a particular system but there are reports of it affecting other systems and we also have an issue with accuracy of information about this, because it is likely that if other systems were compromised other organisations and other companies would not want to publicise their vulnerability so they are not going to concede they were affected and compromised so we have a problem with accuracy of data on this issue. Stuxnet took years to create and it may be an unreasonable burden to expect parties to an armed conflict to comply with such high standards in the accelerated pace of an armed conflict.
So some of ‑‑ so with DDoS attacks there are further problems so if you have a DDoS attack you may aim it at a specific object but you may find that neighbouring networks and systems are also affected and you may find that you inadvertently affect and compromise civilian objects when you were just intending to target a military object. So one of the solutions to this, to some of these problems, to ameliorate some of these problems, is to the idea of classifying IP addresses, so you have IP addresses and you say these are military and these are civilian so you can look at a source of an attack and say this is a military IP address, this is a military target, we can target this and that is civilian IP address so we can't target this. However, this has some problems because one of the issues with having these kind of attacks is that these IP addresses need to be unpredictable and you need to be able to get them from lots of different sources, so if you have them easily identifiable as military then you are compromising people's ability to perform these kind of attacks. You also make them vulnerable to other kinds of attacks from terrorists and vigil anti‑groups, because they are constantly identifying themselves as military. We have complications with regard to hackers as combatants, classifying people who are technically not part of an armed conflict but are participating perhaps from home in cyber attacks and we have an issue in saying at what point do we delineate had a they become military objects and thus we can target them, we are talking about civilian people who are otherwise in their homes, at what point can they become military targets and. So you can see there are some tensions arise in the applicability in what is a simple principle of distinction to cyber warfare. I am going to hand you over now to my colleague. Louis.
LOUIS LEONET: So, moving to the second principle of IHL, the principle of proportionality. This is about collateral damage. So even though you have this principle of distinction that Lucy just explained, just targeting a lawful major target is not sufficient to comply with IHL as a whole, you also need to put in balance the anticipated military advantage and weigh it against the expected collateral damage that an attack would cause. Therefore, collateral damage can be lawful as long as it is not excessive compared to the military advantage the attack will provide you with. So the key word here is really excessiveness.
Now, one of the challenges that cypher warfare raises against the principle of proportionality, first, I am going to briefly go over the notion of damage but she explained that really well so I am not going to stay too long on it. What is important to keep in mind is that if there is physical damage and in the physical realm this has to be considered within the equation of proportionality before launching an attack. Should we do the same regarding the loss of data, the provision of functionality. At this point law makers do not agree with that but we can only hope for development of law in that direction.
The second aspect which is the most complex, unexpected and direct consequences. First, with regarding directness, the US qualifies and I quote "as delayed and/or displaced second, third and high order consequences of action created through intermediate events or mechanisms". Stuxnet, a direct consequence would be the restriction of centrifuges caused by the virus. If you target power grid to shut it down in order to obtain some military advantage but create a repetition on a damn system which opens its gates and floods city, that would be indirect effect. The issue here is about expectedness, when you release a worm of virus, software in the Internet, there is no guarantee to know how it will behave exactly. So when we evaluate whether the attacker complied with, we have to take into account the information at the time, the circumstances at the time and put ourself in his shoes and see if he expected as far as he could to decide whether or not the attack would be lawful regarding proportionality.
Authors came up with a few solutions or suggestions as to how to see if we could comply with proportionality with cyber warfare. There may be expected standard which puts us in the shoes, like I said, of the attacker and see did he expect everything, did he think about everything that could happen after launching such an attack. If the reviewer considers that such consequences could not have been expected at the time of the attack, therefore we could not take into account when a single proportionality.
A second solution that has been talked about is evaluation with a reviewer that will see with all the consequences that has occurred, which he has knowledge of, and see if all these consequences can be factor as expectable or not by the attacker, for example to the use of a lock system that would cause everything that occurs done.
Finally I am going to talk about dual purpose that Lucy mentioned before. As we said, as long as target is used by the military, even a small percentage, it is a lawful target. With regard proportionality for dual purpose object like the Internet, how could we determine maybe the person that have use of the Internet on the one side by the civilians and on the other side by the military? Shouldn't we take into the account by attacking a portion of the Internet we would damage far too greatly the civilian use of the Internet and therefore, be in breach with the principle of proportionality? I will let you hang on that question and give the floor to Anne for the next presentation.
ANNE PLUOY: Thank you, Louis. So, I am going to end the presentation with the principle of precaution, which is defined as the measure that parties have to take in order to spare as far as possible the civilian population. So there is two types of measure: The proportion that can be taken in an attack and the one that should be taken against the effect of an attack. One of these measures is the careful choice of the weapon, so we are going to ask: what about cyber weapon. So interestingly, a cypher weapon can be beneficial for the civilian population because firstly, of the turn it off effect. This effect that the fact that cyber weapon can only not rise ‑‑ an object, it cannot just deprive the object of its functionality. For example, let's take example of electrical power grid that supplies both military base and civilian town. If we attack this during the night, for example, with a cypher weapon then we turn off its functionality, then we can attack the military base with weapons and the next morning everything is back to normal and the civilian population has power back.
The other advantage is the information needed in order to conduct a cyber attack, because if you want to target a specific network you have to know its vulnerabilities and in order to do so through mapping and technique that I don't really know, you can get the full knowledge of the network and in order ‑‑ and by doing so, you can get the information on the nature of the network, if a warning would be in order to spare the civilian population and other things like that.
However, there is main disadvantages on using a cyber weapon and the first one, and it's very important, you cannot really test a cyber weapon. You can test it in a closed environment but then you don't really know thousand would behave in the wide world, and if you test it in the wide world there is a high chance that anti‑virus or security object that can analyse it and build a defence weapon and then your cyber weapon becomes useless. And also, according you have to be able to suspend and cancel the attack at any time, if the civilian population may be too much affected by the attack. So you have to be able to monitor the attack for the whole duration of the attack, meaning that if a cyber attack lasts for two years you have to monitor it for two years, and also, if you use a worm or a virus you have to include in the coding, like self /TPHAOUTing system so to conquer the principle of, the best way to spare the civilian population would be to segregate the military from the civilian object, meaning to create a whole new military Internet, and you can ask that from the states but as collar ensaid you can conflict between two non‑state actors so it is very likely that you can ask a non‑state actor to build a whole new Internet in order to conduct its warfare.
So, thank you, Lucy is going to come.
LUCY TURNER: So, we have outlined numerous problems that we encounter in applying IHL to cyber warfare, we have enumerated problems in applying the distinctions and applying this very body of law to cyber warfare. But what solutions are there, are these problems intractable? Well, from what we have been able to see, the current tools of international humanitarian law are old. They are woe flee inadequate to be dealing with the challenges posed by contemporary weapons of warfare so it seems like we need to update and create specific legislation that is able to deal with these contemporary tools. So we have the Talin manual which was devised by international humanitarian lawyers and technical experts, but this again reflects the current tools that we have and tries to apply it to cyber warfare and it's not legally binding. But this is the best thing we have, so far.
There is also some potential, as my colleagues have identified, in perhaps trying to make cyber warfare apply to our current and conform to our current standards by perhaps developing this self‑neutralising system and developing and enhancing methods of distinguishing between civilian and military targets.
And lastly, the Internet and Internet infrastructure and architecture is, as we say, is inescapably, unavoidably both dual purpose both civilian and military, we need to construe this as a global commons of sorts, so we will suggest an absolute prohibition on targeting of Internet infrastructure and architecture. So thank you so much for listening to us. As we have said, we don't have a lot of technical knowledge so we are really interested to hear if you have any comments or questions for us. So thank you very much.
(Applause)
BRIAN NISBET: And so, the mics should be live in front of you. We have one question already
AUDIENCE SPEAKER: It's more ‑‑
BRIAN NISBET: Say who you are.
AUDIENCE SPEAKER: Alexander. Take a look at the Git had you been attack, who knows of GitHub attack last year? Nobody. OK. So what it was, it was a Chinese search engine that tracks users through the counter through some particular JavaScript that attacked Git had you been and it went down. After some research people figured out that there is a T K L matrix that signifies that traffic of the search engine was temperate and JavaScript was injected and gave a includes it's probably done on the great Chinese firewall. Then it raises the question: If this is ‑‑ this was government sanctioned action, if, yes, it's really bad answer. But if no, then was it some initiative of some of the employees that controls great Chinese firewall. If yes it's also bad answer but no even worse. If the Chinese, just for a second, lose control of their great firewall and it was tampered with and compromised and this constituted attack on Git had you been, so out of all the answers none of them are good enough, and it's not ‑‑
BRIAN NISBET: Sorry, there isn't time for another talk.
AUDIENCE SPEAKER: It's not about cyber weapons per se; it's about control of them, how we control them, because it can be used not by governments, by terrorists. Governments can be held responsible, terrorists cannot. So the idea is we should create a new kind of a network that could not be tampered with, no matter if it's governments, terrorists or some other entities. That's it.
BRIAN NISBET: I don't know if you have any comments on that.
LOUIS LEONET: Thank you for comment. First of all, we are not sure that such a situation would actually be within the realm of cyber warfare, as we said it mostly is situation of cyber criminality. Second of all, just a little correction: Terrorists can be held responsible in international law, if they commit a crime, war crime within cyber warfare or not, they will be held responsible before tribunal, once they have been found and can be tried before tribunal.
SHANE KERR: Speaking only for myself now, I had a question about the area of distinction that you guys were talking about. Because it seems to me that there is a strong analogy with all other kinds of infrastructure, like roads and electricity and things like that, and well of course, there are qualitative differences between the network and these other more physical infrastructures, it seems in the area of distinction it doesn't actually seem that much different so is this something that people have tried to to apply in the same way or what is the story there?
LUCY TURNER: Yes, so the analogy that you made is really appropriate and something that international humanitarian lawyers have look at as analogous to this situation. There is serious problems in targeting these dual purpose objects as well, and in the real physical world. We have a problem with some of the suggestions that some of the example that is my colleagues gave of power plants and water facilities, yeah, as you say also roads. There are problems with this and again, you then, once you have satisfied the principle of distinction you then have to say, is it proportionate, so this is Louis's principle of proportionality, so the effects on civilians, is it going to be proportionate, when you compare it to your military advantage, what advantage you are going to get and then in addition, you have to look Anne's principle, the principle of precaution, so are you taking sufficient precautions or recklessly targeting roads and things like that.
SHANE KERR: So I guess it sounds like this is, this is an area of general weakness in the law and not specific to the Internet or cypher warfare?
ANNE PLUOY: Just to add something what Lucy was saying. The dual purpose is not an issue per se because it's possible ‑‑ as soon as an object have a military purpose, then it can be targeted. So even if it's of dual use but then that is where the principle of proportionality comes, then you have to analyse, if it could affect the civilian population and how and it has to be collateral damage load, but not too much.
SHANE KERR: OK, I think it's clear then.
BRIAN NISBET: There is four people at the mics and that is going to be it because we don't have an infinite amount of time.
KEITH MITCHELL: Speaking for myself. Two of the things that contain and limit the extent of warfare in the real world are deterents and disarmament treaties. Do you think we have any element of that being applicable to the cyber warfare problem?
AUDIENCE SPEAKER: That was my question.
CLAERWAN O'HARA: I think that what we personally kind of agree on is that ideally, you would have a specific treaty for cyber warfare because it is so particular in some ways and it would make it much easier than applying these kind of archaic conventional warfare rules. Yes, at the same time as to whether you would get a blanket ban on using cyber weapons themselves like disarmament treaty, I don't think so, because as Anne did point out, cyber weapons in some ways can be less dangerous than other ones and maybe preferable because of their ability to kind of free something rather than permanently destroy it and in the end they actually might be the best way to protect civilians. And so I think if a treaty was going to be developed of that nature then ideally it would kind of more just change the rules and make them very specific to cyber warfare but not be a blanket ban.
AUDIENCE SPEAKER: Alexander ‑ from Russian Federation. Actually, many Russian media saying that Europe, including Netherlands which you represent I think, are already running war against Russia. And one of the war traits agains Russia is access to RIPE database. I don't know, they are just saying this, could you analyse for Russia or any other country through all this principle of humanitarian law. I hope you know what RIPE database is, if you are here.
BRIAN NISBET: I mean it's a very specific question so I suppose the question is, are you familiar enough with the RIPE database as a resource?
LOUIS LEONET: I think ‑‑
AUDIENCE SPEAKER: You are closing the page ‑‑
LOUIS LEONET: Well to be honest, we have very limited technical knowledge so we will say that we are not sure enough to tell you what RIPE database amounts to. However, again, like we said, IHL only applies in the context of warfare, either when we reach threshold of an attack that would trigger conflict and when already within a conflict so if you have, what actually the media call cyber attacks but in the law it's not considered an attack so let's say cyber operations that do not amount to international or non‑international armed conflict, the law of cyber ‑‑ of warfare does not apply so this is not a situation where the principles we just explain would apply. Then it would fall within the realm of international criminal law most likely. If that answers your question.
AUDIENCE SPEAKER: So Blake Willis, so my question follows up on Keith's question, he was asking about maybe a ban or something. My question was more do you think that there is any, perhaps, future potential or consensus between, say, governments, maybe in the ITU or the UN or; I don't know, for like a cyber Geneva convention or Hague convention and if so how far out do you think that is?
LUCY TURNER: So as I alluded to in the conclusion, we have the Talin manual but this isn't legally binding but this demonstrates a real interest in States and governments and also in international organisations for addressing the problem of cyber warfare and we can see States are investing increasing amounts of money in cyber warfare and defences and they are also currently drafting Talin 2, so the revised version of the manual, so as far as a treaty goes, a treaty is obviously very different, very much much more complicated and you need all the states involved to agree on it. So, it's difficult to kind of put an estimate on something like that, whereas the Talin manual is more like an academic exercise in evaluating the law and trying to apply it using the knowledge of international humanitarian lawyers and technical experts. I think definitely the interest and the will is there, but to devise a treaty, they have to agree on every tiny detail, I don't know how feasible that is for the foreseeable future.
CLAERWAN O'HARA: Just to add: I do think it would be within States' interests to do this. I think that sites are actually quite vulnerable in terms of cyber warfare and it is one of those areas where non‑state actors could end up being more powerful, and so seeing as it's states that make treaties to maybe regain control over this whole area would be to get together and write a treaty. So I don't think it's impossible like in other kind of areas that that happens at some point in the near future.
LUCY TURNER: This is also an extent to which as ‑‑ it's really in states' interest to be doing this because if states go ahead and carry on practising, and this applies to a lot of modern warfare technologies, it applies to drones and to robots and everything, if states go ahead and practice this is an extent to which their practice can become customary law so what they are doing actually just inevitably becomes the law and this is really something that we want to avoid because the standard for that will be very, very low.
AUDIENCE SPEAKER: It's not a question, it's a comment. States are not only actors, they are most likely victims, for example just this autumn one Eastern Europe state was disconnected from Internet for eight hours with critical infrastructure like payment and public transportation payment system is down. Who was held accountable for that? Reality is that we have so very little detainable situations that we can detain ‑‑ the attacking state. So in theory it's all good, but in practice there was ‑‑ even there was some communications with Twitter from the attacking site. Nobody got detained. That is the practice.
LUCY TURNER: This is, yeah, again, this is ‑‑ this is theoretical, this is the law. Those kind of issues are more enforcement issues and for that you need state cooperation. You are right, states will be the victims and the civilians and the military personnel will also be the victim but again, this is an enforcement issue, to detain the people, find them accountable and bring them before an international tribunal, you need heavy state cooperation and as we alluded to in the previous question, state operation can be pretty difficult to come by. We are done. Sorry. You can discuss this later in the coffee break but we have more to get through. Thank you very much for a very interesting presentation and discussion.
(Applause)
BRIAN NISBET: Speaking of treaties but far more violent and complicated nature ‑‑ no, so if Chris and Athina and other people ‑‑ a random group of people are going to come up on stage now to speak about the IANA transition, which is obviously ongoing and unfortunately, people partied too much in Dublin to get it sorted so there is more to talk about. Are there more people coming up?
CHRIS BUCKRIDGE: I will let the crew gather. I work for the RIPE NCC. And this is becoming a bit of a regular RIPE media event, the update on the IANA stewardship transition, hopefully not too many more but we wanted to give a good presentation to update you all on where things are at with this, what is going on in the number community, in the RIPE community and what we sort of expect over the coming months. We have got on the panel here our RIPE CRISP team representatives: Nurani, Paul Rendek, Andrei Robachevsky, and Athina Fragkouli, RIPE NCC counsel who is on the IANA Working Group on accountability all of which you will hear a bit more about shortly.
My job here initially is to give you a bit of background on where we are, what got us here, how it all fits together because even for people who are used to a sea of acronyms, there is a lot in this area, and a lot of people who have spent too much time talking about it and perhaps often forget that.
So, the NTIA announcement, this is my first slide. March 2014, the US Government, specifically the national telecommunications and information administration, made an announcement that they were going to ‑‑ they intended to transition away from their stewardship of the IANA functions. There is essentially a time line which goes along and yadda yadda yadda, and at the end of that you get fireworks and IANA 2.0. Sorry, it's getting hard to get excited about it at this point.
One of the first things that came out of that initial discussion was the formation of this IANA stewardship transition coordination group and so that is a large group joined from all of the different stakeholders which essentially was formed to drive this process of getting from point A to point B. And one of the most important things they initially did was issue this request for proposals and taking input from the IETF they broke it down into three specific operational communities who are affected by the IANA functions. And that's the ‑‑ those concerned with the protocol parameter registries, those concerned with the number registries, which is all of us in this room, and those concerned with the names or the DNS.
So, the request for proposals essentially said that each of those three communities should develop a proposal for what the future stewardship of the IANA, minus the US Government, would look like. And we are nearly back here. So, the IETF, as I mentioned, have actually been discussing this immediately after the NTIA made its announcement and that included the formation of the IANA plan mailing list, actually a non‑working mailing list for IETF discussion. Once this RFP came out the ‑‑ was able to continue that discussion, develop a proposal and input that proposal back into the ICG's time line. There actually a few days before the deadline that the ICG gave. The RIRs obviously had also been speaking about this ahead of the RFP. I think the May 2014 RIPE meeting was where we first discussed it in RIPE. But once the RFP was issued there was the formation of the CRISP team and that is the consolidated RIR ‑‑ three of whom are sitting on this stage. So with that in place, the numbers community discussed, formed a proposal, that proposal was fed back in actually on the deadline that was proposed.
So in the meantime, though, while that was fed back, the RIR communities were doing other work in parallel and so that included the development of a Service Level Agreement which is how we foresee in future having stewardship over the number functions, a review committee, which would be a community‑based committee for assisting in evaluating the performance of those IANA functions, and developing how we would manage the intellectual property resources associated with IANA.
So moving back to the names community. They hadn't had a lot of discussion about this and when the RFP came out they were in the position of forming a new group, the CWG stewardship or cross community Working Group. With that group leading the way they developed a proposal which went relatively slowly, and ended up feeding back into the process here of the /KREUFPLT C G significantly after the initial deadline had passed. I have left it not complete here because actually, that proposal relied on something else, for which we go back in the time line to earlier in the discussion. Essentially, earlier on, in ICANN discussions there had been stakeholders in ICANN identifying that ICANN as the current operator had the need for some improvement nits accountability to the community and so this Working Group was formed to develop suggestion on how to improve that. And the names community actually relied on the output of this community Working Group on accountability for its proposal to be complete. So you can see that.
It's called Work Stream 1 because Work Stream 2 was some other issues that the CCWG accountability was dealing with but that could be delayed until after the IANA stewardship transition. Now, unfortunately that connection there didn't happen. Essentially, the accountability group failed to reach consensus on that element of its proposal.
Leaving us hanging somewhat.
The ICG and the three communities decided to move ahead, compiling the three proposals that those communities had brought together into a single proposal which covers what IANA stewardship will like like going forward. That is where we are now. What we are waiting for now, and this is happening as we speak, is that the accountability group will finalise its proposal, agree to the condition ‑‑ to its, what it suggests for improving accountability, and this will finally join up and provide the final piece of the puzzle in this complete ICG proposal.
Now, there are still other things to be determined and the intellectual property rights is something that is being finalised now but once those are actually handled, this all moves on to there. We, as the RIR names ‑‑ numbers community, sorry, complete our final steps and we get our IANA 2.0. So what we have today is, from that, and there is a few of the acronyms in case you don't remember. A report from Nurani on the CRISP team, looking at some of those different elements that we have been producing as the number community, the review committee Service Level Agreement and a report from Athina on the work in the accountability Working Group. And how that affects what is going on now. And then we have others available here on the panel for any discussion that we want to have.
So with that, I will pass it over to Nurani.
NURANI NIMPUNO: Thank you, Chris. I am the vice Chair of the CRISP team. So the team responsible to develop this proposal. I don't have as many fascinating animations so I am going to have to try to keep my presentation a little bit more interesting.
So as you all know, the CRISP team consists of representatives from all the five regions, the RIPE region is the one in the middle and they are the ones sitting on the panel, together with me.
This is just a very quick sort of recap of what our priorities were. In many ways, when we developed the proposal it was a fairly straightforward process; I mean, there were a lot of discussions and the different regions had sort of developed their positions in various ways and it was the CRISP team's role to consolidate that into one proposal. So stability and reliability was obviously one of the important things for us, continuity of operations and security. Community empowerment but that is something that we really felt that the RIR communities had an excellent record in, with the principles of openness, transparency and bottom up policy development. A separation between operation and policy, and it was maybe not formulated in such a way because I think in our community we have such a clear separation, but I still thought it was important to put it up here because, for example, in the names community they do not have that separation so that is something that they really wanted to achieve. For us, it was more a matter of clarifying or actually not even clarifying it, just implementing it through having an SLA. And that the policy development just like now, happens in the various regional communities.
And obviously, quality of service was another thing. We said very early on that ‑‑ well the RIR communities said very early on we are happy with ICANN as the IANA numbering services operator and we see no reason to change that as part of this process.
So these are the components of the proposal. And I thought I will just dive into two of these bits that we have sort of had to spend a little bit more time on. I think the stability and reliability in ICANN to continue as operator was never really anything controversial in this community. The same with the community‑based review committee, it was a new element in this process but it was certainly something that was completely in line with this community's way of working.
Right. So, if we look at this RIR to establish an SLA with the IANA operator. And the IP Rs to stay with the community. There were two elements that we thought were really important: One was to have a termination clause and that was something that we had to have quite some discussion about. Again, not because we foresaw termination of the agreement with ICANN today or tomorrow, but as part of due diligence, it's something that you should have, to have a working contract. So either party can terminate the agreement. And we are very happy that something that we sort of post submission then had had to coordinate and speak to other relevant parties about and we are happy that that was something we succeeded with.
Another thing that was really important for us was that the SLA development should happen in public. We did not want ‑‑ we said, very early in the proposal, that it's not for the community or for us to develop the SLA text, we are not lawyers. That is something for the RIR lawyers. But we should ‑‑ this should happen in a transparent way so that the community and the CRISP team can see that it's consistent with the proposal. And I am really happy about that process, as well, and so when the ICANN board has commented on the SLA, they have done so in public, and we have consistently said that any other comments you have, please make them in public, so everyone who is affected by this can see them.
The IPR and I think in some ways it's it's a little bit ironic that the intellectual property rights and we are talking about IANA.org domain and the trademark IANA is rale tiny component in the number community's proposal. The IPR thing sort of took centre stage in this whole transition, and it's a tiny component but in some ways it's an important principle, because it was the principle that the community should be the ones owning, so to speak, be the custodians of this trademark and it should certainly not stay with ICANN, it should not be with the one who actually operates the IANA functions so that is another thing that we have had to have quite a few discussions with other operational communities with and also ICANN and other parties.
So, the first part is agreed and the second part is yet to be finalised and I will get back to that.
So, when I agreed to be on this team, they said, OK, so we want you to be on this team and develop this proposal and you will be done by mid‑January, so you know, it will be intense over Christmas and new year but then you will be done. He is smiling now. But we were not done in January. So why? Well, you know when you look at photos of yourself when you were young and you kind of go, oh I look so young and naive. Sometimes if you find letters to your friend from when you were a teenager, oh, that was a beautiful thought I had when I was 16, that is sort of how I feel when I look at this original type line, so the time line was OK, everyone will complete their proposal mid‑January, then there will be some review, we will have this coordination group called the ICG, they will review it, and ask some questions, we will clarify, we will be done and then by September, 2015, we will all be done and there will be Champagne, and I am still waiting for Champagne. I thought Chris did an excellent job in sort of showing the complexity of this whole process, that there is so many different components so what is important to understand is no, we didn't transition in September 2015. Basically because the names community and this accountability group said we need more time. So, the NTIA said we will ex ten the contract with ICANN for a year, so they extended it to September 2016, so I am told that this is when I will get my shame pain. So, September 2016 is now the deadline. So as Chris explained all the operational communities have completed their parts. We are still waiting for the accountability group and the task of the accountability group is to basically look at the accountability of ICANN and Athina will talk more about that and obviously we have an interest in an accountable ICANN but for the numbers community proposal it has no impact except for the fact that we are waiting for them to complete so we can all sort of complete.
And now, we are looking at ‑‑ they have published it, we are looking at a very tight time line when they were complete in end of January, and I will get back to that. But basically, there is shifting of the time line has meant a little bit more work for us as well post January. And I will talk about what we have done, why ‑‑ why we are not done in the numbers community.
So throughout this process and I have reported on this last time, you know, we sort sort of saw our role to be committed to the success of the transition and push for this, to make sure this all happens in a transparent way and that we respect the principles that were agreed in our proposal.
So what have we done since January 2015? Well, one obviously was to present and communicate and sort of champion the proposal. I think in this community, there were a lot of obvious things in that proposal, there was nothing ‑‑ it was all very logical to this community but you have to understand that outside of this community, there is another world, and there were a lot of questions; we have got questions from the G A O, which is the accountability office of the US Government, they interviewed us and asked us lots of questions, what is this RIR structure, how does that work, is that really accountable? Who are these Working Group chairs and other elected people, how is policy developed. So there was a lot of sort of explaining why we think this proposal would work and why it's OK to give the control of the IANA numbering services to these RIRs.
But also because we complete, so the IETF completed and we completed in January and then we were waiting for the names community to complete. And it kind of put us in a very funny position where we could see some of the discussions that were going on there, and we could see potential conflicts or potential a/HRAOEUPLTS with our proposal that was already on the table. So there were a lot of moving parts in the process, and we ‑‑ so we also saw that not only is it the CRISP's team role to make sure that the SLA that gets published and everything is sort of still in line with the proposal, but also that we ‑‑ had a it was important for us to give feedback to the other communities to say, hang on, please tonight go down that path, if you are you are creating a huge conflict here and given we don't have a lot of time we may not be able to resolve it, or yes, that is great, that is completely in line with us or this does not affect us. So, and then also to sort of participate in the overall process and to really actually push for the transition. It might seem like an obvious thing but not everyone is as passionate about this transition as we are.
So where are we now? Like I said, we have finished, all three communities finished our proposals so the ICG, which is this coordination group which has reviewed all the three community proposals, they have combined all this into this huge document, that I am sure you have all read. And they have basically said, we are done, we just waiting for this kind of accountability part to make sure that our proposal is complete, and we can submit it. Athina will talk more about this accountability group but they will end ‑‑ they will submit their proposal to the NTIA end of January. It is a very, very, very tight time line because they have to go through all these supporting organisations, approvals and I feel very sorry for them because they have to work over Christmas and new year, but I have heard that other communities have done the same. So, we still believe in this time line but it's incredibly tight so our message to them is to really, really keep that momentum and stay focused and really not delay this any further because if they delay it further, we might be jeopardising the whole sort of transition time line.
So, finalisation. So for us, we see that there are two parts and one is to finalise any parts that are not completely clear, so the only part there is that remains is the intellectual property rights so the IETF has published a high level description of how they think it should look, the CRISP team published some minimum requirements stemming from the proposal, and we are now waiting for the names community to sort of step up and complete it together with us, so to speak. And we really think ‑‑ we have waited now for almost a year, we have been very patient, we have been talking to them a lot, but we really think it's time now to finalise this across all three communities and we would really like this done before the submission to the NTIA so we can say we are done, we can maybe have a first champagne at least in January and then we will see.
The next part is the implementation and just to let, you know, we have started having talks with the other communities, with ICANN and obviously the RIRs. We think it's important in this process to identify the different parties have different roles. And the way we see the CRISP team's role and maybe we can have a discussion about this at the end, is to merely be sort of an auditor to, to follow the process and say, yeah, that looks good and that looks good but it's really the RIRs who will be driving the implementation.
So looking ahead, we hope that we will have a submitted proposal to the NTIA in January. They will then review this. Hopefully, that means that in April they will come out and say, yes, this meets the criteria that we set and we will start the implementation. So basically by RIPE 72, we will have an OK, that is what we are hoping for, an OK from the NTIA and we will be in the middle of our implementation phase. So, if we want to ‑‑ if we want to drink Champagne in January we can do that, May is another community but definitely in September when the NTIA contract expires, then the transition will be complete and the contract between the RIRs and the ICANN will come into effect, and the transition will be complete.
All right. That was it from me. And with that, I think I will hand over to Athina and then we will have questions at the end, right. Thank you.
ATHINA FRAGKOULI: Thank you, Nurani. I am from the RIPE NCC and I am going to give you an update on the ICANN accountability Working Group since last RIPE meeting.
So, before I do so, maybe it's important to take a step back and consider why are do we really care about ICANN accountability. Why were we involved in the first place before we ‑‑ before it was part of the actual transition plan and so on. We were there from the very beginning, why? When the whole discussion about the IANA transition started, that was a lot of focus on ICANN's role and on ICANN's accountability. And this we could see that had a reflection on the whole Internet governance structure. So, yes, it is important for us and it's for our benefit to have condition accountable ICANN, therefore we were there from the very beginning in these discussions.
What was our involvement from numbers community perspective? We were part of the discussions from the very beginning, that was ‑‑ it's been a year.
ALEXANDER AZIMOV: ASO representatives, supporting representatives within the ICANN structure for the numbers community. And representatives were myself, Fiona and Jorge Villa and Izumi, it has been very intensive work, no idea have a year we still talk about that. We have conference calls every week, sometimes more than once per week. We have face‑to‑face meetings. It's a lot of work, I can tell you that.
What are our goals as ASO representatives? We want to stay true to our community principles, including the CRISP principles. It was very important for us that this whole work will not cause any delays for the IANA transition. Also, we wanted to make sure that the outcome of this group will not have any interference with our contractual arrangements with ICANN, like the ASO MoU and the SLA that would come up after the CRISP proposal. And of course, it was very important for us to have an accountable ICANN, and ICANN that has sufficient community empowerment.
So now we are talking about a third draft proposal, there has been two more draft proposals which have been amended, some ideas were rejected and so on, but here is what the third draft proposal entails:
There is a revision of ICANN mission, commitments and core values, and here we made sure that the mission of ICANN with regards to number resources is clarified. There is a description already of this role in the ASO MoU so we made sure there is a clear reference to that. Another element of the proposal is the enhancement of independent review process and reconsideration process and this arbitration structures within ICANN. We made sure that conflicts about numbers are out of the scope, obvious arbitration structures, because we have already arbitration structures in place for number /TPHREUBGTS and these are detailed in MoU in the SLA. (Conflicts) furthermore the proposal introduce some community powers such as the power to reject the budget, reject by law changes, remove entire board, remove individual board members. And there has been a lot of discussion on the legal framework within which the community will be able to exercise these powers. There have been many ideas put forward in the previous draft proposals, there have been rejected, so the third draft proposal now introduces a new legal framework which is called the designated model. What is this whole designated model?
The sole designator will be the selective of SOs and ACs and I have to open a parentheses here for those who do not know what they are. Stay with me. So, SOs and ACs are supporting organisations and advisory committees within the ICANN structure that represent different groups, the interests of different groups. For example, ASO is the supporting organisation for numbers; there are such supporting organisation for top level domain names, ccTLDs, gTLDs and there are advisory committees for security issues, for technical issues, from the governments, representing also the civil society. So, all this, the collective of all of this SO and AC will be the sole designator, that is the idea. And how these will make decisions on whether they would exercose any of these powers here. They will make consensus‑based decisions for all the powers. For all the powers bar one removal of individual board members, this is something we insisted on. Such decision will be taken by the appointing ‑‑ in ICANN, in the board individual board members are appointed by each SO and AC, so it makes sense to us that those that appoint the individual board members will be the ones that will remove them afterwards, and actually the example of the ASO was a very clear one because we are appoint as ASO board members that have the numbers and expertise and we believe we are the ones to evaluate these and remove or not individual board member, we are happy that this point was taken into account and it's in the proposal now.
OK. Let's see the time lines. The third proposal, it's not ready yet, it's not published yet. What is published is a summary of recommendations, it was published last Sunday. Here is the link to it. The full draft proposal will be published by the end of November. And we will be up for comments until the 21st of December. And then the group will have the Christmas holidays and new year holiday to review these comments and come up with an amended proposal on the 7th of January, and this amended proposal will be sent to SOs and ACs for their final approval. And the final proposal will be ready and submitted to the ICANN board of 22nd of January. Has there been a delay? Yes, clearly there has been a delay. But there have been so many concerns in this discussions, it was very difficult to ignore them. So, what we did, we showed flexibility but we said, January is the furthest you can go, you cannot go further than that because if you go later than January, you are jeopardising the IANA transition and we cannot accept that, you have no right to do that. Yes, we were very serious. Which brings me to my last slide, and some remarks I would like to make for our role as ASO representatives.
We were one of the few representatives that reported frequently back to our communities, and we were managing for that. We had few interventions but they were very strong and therefore, they were taken into account. We had a very clear position and we stick to our principles. And I have to highlight how challenging the whole process was, and still is; it's a very highly controversial political discussion with strong interest with opposing views. On top of that, every week we had different speculations, we had different assumptions. And throughout this noise, really it was our goals and our principles that made us have a clear view and a clear direction. Having said that, we were ready to negotiate and be flexible ‑ well, without conflicting with our principles, clearly. But we applied a lot of pressure on the deliverables and on time lines, which made us sometimes very unpopular; however, it brought the discussion back to its track. And therefore, we were publically recognised by the CCWG Chairs on our positive contribution at the last ICANN meeting in Dublin, and with that, I think we can start the discussion.
CHRIS BUCKRIDGE: So, yes, a lot to digest there. Probably too much, really. But we do have time for some discussion, so I would like to encourage anyone with any comments or questions or needing clarifications, please come to the mic.
HANS PETTER HOLEN: Trying to speak as RIPE Chair and I hope I can speak on behalf of the whole room thanking you for the great effort you have done on behalf of our community.
(Applause)
I seem to remember convincing some of to you serve on this team, it would be four‑week assignment and it should be over by Christmas. I don't think we told them which Christmas. So, I sincerely hope that I have the community with me to say that yes we want you to see this through and we should definitely give you a bottle of champagne when you are done with this so I hope you are willing to see this process through, thank you.
RANDY BUSH: This definitely looks like the IANA game. And the other part of the IANA game, and the idea is to put you up against the wall and say you were delaying things. Don't believe that bull. Get it right and get the accountability right and get the approval right. Stick to your guns. I am impressed, you people have done a great job, stick to your guns. ICANN was used to the DNS people, chaos, back biting, fighting each other, etc., etc.. the IETF and the RIRs stood together, looked them in the eye and said, hell, no. And they didn't know what to do. Stick to your guns. Applause
SHANE KERR: Speaking for myself, of course. So I don't know, maybe I shouldn't ask, but so there does seem to be a bit of dissension between the different communities. I am wondering how much discussion there was of a kind of nuclear option of going without the names community and if that is still something that is being considered?
AUDIENCE SPEAKER: Support.
SHANE KERR: We are on the record here.
NURANI NIMPUNO: How should I answer that?
AUDIENCE SPEAKER:
JIM REID: The answer is you may well think that I couldn't possibly comment.
NURANI NIMPUNO: What I do want to say though is that I think for us, like I said, what guided us throughout the process were those kind of principles, that we knew what principles we needed to stick to, it wasn't about what we felt like particular day or what creative idea someone else on the team had. But I should say that I mean, for us, the transition compromising on the transition was not an option, and there were voices in the community saying forget about these other communities, you know, you should move ahead. Two comments on that: One is that we were very aware, throughout the process, that this community wanted this transition, and we were also very aware of sort of the bigger political contexts in which all this happens, right? If we believe in this model, the multi‑stakeholder model, if we believe in this structure we want successful transition for everyone and not just for us. The other thing that made it very simple was that the NTIA said we will not accept anything else than a complete proposal. So, it was not, for us, an option on the table. Yes, it's something they have clarified several times. But we have been very clear in our discussions with the other communities that our community wants to move ahead. We can accept a delay, we can accept ‑‑ whether it happens September 2015 or September 2016, doesn't really matter, but it needs to happen, so the reason we so ‑‑ the reason Athina looked so stunned when they talked about the time lines, if we push it further, if the accountability group doesn't complete in January and if they push it too far into the new year, then we are all screwed, basically, then the transition will not happen and that is not something we find acceptable.
SHANE KERR: Is that because of election politics in the US? Why is it screwed then, I am just wondering? I have another hard question after this, so this is good.
ATHINA FRAGKOULI: It's to do with the contract.
NURANI NIMPUNO: I should not have used such ‑‑ we are not all screwed. But the contract expires 2016, and then, yes, there will be an election, and the likelihood of this happening then is very low. It doesn't mean we are screwed, we are not screwed, not yet. But I would prefer to not have to consider the option of being screwed.
SHANE KERR: Sure. OK.
PAUL RENDEK: Yes it could be delayed and we wouldn't know, 2010 would come back on the table again. You have got the US Government playing here and the actual contract and be careful, you have got politics from other stakeholders, it's not just about ‑‑ we are here, we understand our community very well. There are communities out there that are not actually on our side and they carry a lot of weight, if not in some cases surprisingly enough a lot more weight than would you expect. So, there are a lot of moving parts again that would make this happen. Are we with afraid if it didn't go through? Probably not. I think we are quite strong in our position but it would be a big shame and I think that the delay would be, would just set us all back in the whole idea of this bottom up opening inclusive way that we like to work and we would like to see that this system works and we can actually get something done with it, it's very important.
SHANE KERR: I do have another question but it's not short. I will wait.
AUDIENCE SPEAKER: Maybe I want to generalise two previous questions and ask OK, we are here networking guys and only one network guys among you. We as network guys always have a backup, backup channel, backup configuration, equipment and so on, and we have not heard about any back‑ups from you. Because OK, Nurani answered my question ‑‑ that is not a backup. I try to improve this work to have a backup ‑‑ OK, as previously was said, name communities too slow and don't want, okay bye‑bye, and does not ‑‑ does not ‑‑ this is our database, have you looked for root zone files, go away. But addresses our our, RIPE database is our set. But question about backup and alternative ways of what you will do but OK, let's shift and have champagne in 2017 is not an answer.
NURANI NIMPUNO: I am not quite sure how to answer your question. I mean, in a transition, if you don't manage to transition you role back, right?
AUDIENCE SPEAKER: Why you work so much? Did you a lot of work and now, OK, we are rolling back now.
NURANI NIMPUNO: I guess, I mean, we are committed to the transition, we want the transition but we are not the only players here, right? So it is a game and we have to play nicely with everyone else, we still think that this is achievable, we still think that the accountability group will finalise their work in January and that we will have our transition in September. So, at the moment, we are focused on that.
AUDIENCE SPEAKER: Consider it as request to have plan B, at least at RIPE 72.
NURANI NIMPUNO: Well at RIPE 72 we will know if we have met the time lines or not.
ANDREI ROBACHEVSKY: I think another thing, it's not only about the transition, I think IANA transition, communities to recalibrate themselves, it allowed communities to talk to each other, that hasn't happened before to that extent. And the thing; it's about consensus and sometimes you can push, sometimes you can vote, you can push your way through, but not necessarily, I think this community understands it's very well that not necessarily that will be an optimal solution in the situation. So, I think yeah, there are constraints and maybe at some point we need to think about plan B, but I think right now reaching consensus and sorting out remaining issues and I think now we have a pretty clear idea what the issues are and I think trajectory is also more predictable now, I think right now it's very important that we sort them out and go all together.
DANIEL KARRENBERG: Speaking only for myself. I think we have to, before this gets too polarised, you know, a lot of things that are ‑‑ that have been said are true but we should remember as the numbers community and as RIPE community that actually, we have a working system, and we have already ‑‑ always said we are happy with what the IANA does. We are not particularly dependent on what the IANA does, let's remember that we are making the policies that are concerned for the global policies for number distribution, which are actually three of them, you have one for each kind of IP addresses, one for the autonomous system numbers and these these policies are about one page long, maybe one‑and‑a‑half. The IANA has, throughout its history, through various guises and as lately run by ICANN, always served us well. We have said that. We have no real concern whether this transition goes ahead or not in terms of operations; it all works. And the question why we have done so much work is basically to play along ‑‑ you know, the US Government said we want out of this, and the reason to actually cooperate in working on this and the CRISP team and participate in the ICG and the CCWG is just that we think that US Government gets out there is a good thing and we don't want to be in opposition to it by not cooperating. We actually did everything, the CRISP did really good work, finished in time, the ICG is finished, so we have actually a proposal as far as the workings are concerned, there is a proposal on the table and whether it goes through is more or less out of our hands. The best we can do as Athina has said is participate in the accountability work, stick to our guns in the sense of making fee but important interventions whenever our interests are concerned, but, frankly, personally, I think whether this goes through or not, at this point is not life ‑‑ of life importance to us. You know, it can wait, maybe another year, maybe another two years, maybe another three years, it will not affect us operationally. Two years ago when this all started I said in this room, I am concerned about the negative effect, if it doesn't work, because people who are antagonistic who do not like the bottom up open transparent way we are doing things in RIPE, would use a failure of this process against us and basically say we are not able to work constructively and evolve things constructively, I think that danger has passed. As people have reported, both Nurani and Athina, is we are commended for our way of dealing with this and we are recognised for actually doing our homework. So quite frankly, to sum up, there is no reason to polarise, to say we are against the names or whatever, because that is not true. In the ICG we all work together and I think we can now, the work is done we can sit back and actually have champagne and just wait until the other stuff sorts itself out. There is no reason for panic or plan B, we should be proud of what we did and continue a little bit of the work in the CCWG, but in essence, we are done.
CHRIS BUCKRIDGE: We are a bit pressed for time, up against the end of the session here. Keep comments as brief as possible.
AUDIENCE SPEAKER: Dimitry. I would ask all to not rage a war on a territory where we cannot win. If you have ever been to ICANN meeting as I have done eight times out of nine over last three years, it's a big group, they outnumber us by about five to one. That is not the way it works. I would say, US government is very strict about following to the letter, they are not our enemy, more like a friend, if you want to have a friend somewhere else. Our development policy, nobody is going to take our IP address space away. Now then a function indeed can properly be done by three or four staff members as it pertains to number community. That is into the lot of work to do because IPv4 and address blocks, reallocation phase but that is not important thing to say. There are a few things to point out that are maybe less known. These are global Trust Anchor management function, and also DNS support. They are kind of obvious to us but they may fall through the cracks, and do not forget that the ‑‑ for one years but if I am not wrong format least four so the US Government has plenty of time in regards which president would be elected or in ICANN, the press could go and we have enough power in ICANN board to ensure and commit to ensure that things go our way. So yes, we should maybe not stick to our guns, stick to our principles and not be afraid and don't ‑‑ don't hurry, do it right. We have all the time. So, that's pretty much it and I will pass ‑‑ and one last thing: The ‑‑ not one contract but three between the numbers community protocol registry and DNS, yes, it is a possible option, it is still part of the final proposal, just set up different time lines for each part of the transition, I still agree there must be one to replace the current contract, maybe subdivided to specify different relationships between different stakeholders. That does not contradict single point of transition taking place. Thank you.
SHANE KERR: I think Jim was before me.
JIM REID: Thanks very much. A comment on the question. First of all I would like to amplify that both Randy and Hans Petter said, you have been doing a great job and we owe a great deal of thanks. My comment was about this question about a backup plan and that really can be amplified what Daniel just said, the reality is we can sit on our hands at this stage. Obviously continue to engage with all the rest of the circus that is going on at ICANN but from our point of view. The numbers community, we are done here, and the reality is no matter what happens in this overall ICANN ‑‑ of the IANA governance are concerned, from an operational perspective nothing is going to change any time soon, it's business as such. If at some point in the future, the NCC runs out of some numbering resources they can continue to go to IANA and request another chunk of AS numbers or if there is depletion of v4 still coming around that will continue to happen as it did in the past and for the foreseeable future. So I don't think we have to worry too much about a backup plan at this stage. I think it will be ‑‑ if this drags on and on at some point you people are going to say you have had enough and sit down and get some other stuckies to do it. My question: To do with this SLA that will take place between the RIRs and whatever will be the new enty that is doing the IANA bit of that. Is that something that each individual RIR will execute or collectively or do we need some kind of legal entity, incorporate the NRO to have that with the IANA ‑‑
ATHINA FRAGKOULI: Well, it's ‑‑ yeah, it's a good question. The SLA will be signed on one hand by the five RIRs, individually.
JIM REID: Thank you.
NURANI NIMPUNO: Can I ‑‑ sorry.
PAUL RENDEK: I wanted to actually ‑‑ I wanted to actually touch on a point that you have made, Jim. I am not sure if any of you in the room or many of you are aware that the US Government accountability office actually published a document where they haled the RIR system and the way our community functions as a model that people need to look at and take very seriously, and that document was very strong and rang through all the different communities and all the different government bodies. I think this community needs to be very proud of that, that that was actually referenced in the document. That is the kind of work that goes on in the RIRs. We are happy about that, we probably take this for granted and we have been doing this for quite some time and I think we have to be patient as everyone is saying, other communities are probably not as far in how they are dealing with their model or how they are dealing with their governance as we are. So, sometimes we do take these things for granted but we have been cited by that authority, which is a brilliant thing and on top that have from the RIPE community area, from the RIPE service region area we deal with a lot of governments as well, a lot of us that sit here play in that Internet governance arena, and I can say that we have actually had a lot of feedback from even the European Commission and the likes of all these different governments who have said, wow, RIPE, perfect, when they look at the whole ICANN bit they see the numbers and saying we are happy you are sorted, it's done, documented and transparent and we know how to cooperate with you. Again that is something that you probably don't hear all the time and we don't know that, as a technical community when we do our deliberations but it's there and I think we need to keep that momentum going and that is in relation to what Jim was saying there.
CHRIS BUCKRIDGE: We have negotiated another five minutes so please keep comments very brief, the lines are most certainlily closed.
SHANE KERR: I have a question which is mostly probably because of my ignorance of the way things work at ICANN. There was a long list of powers that were going to be given to the accountability area, and I have seen occasional traffic and heard discussions that it seems like the ICANN board is basically happy to reject all of these ideas. How does this go forward? And it sounds very much to me like the ICANN board basically can just say no, we don't like ‑‑ the oversight on this us that way, is that the way it's going to work?
ATHINA FRAGKOULI: OK. So, it's true that ICANN board has a very special role, it's not just another stakeholder. Is the body that will approve all these changes so it is very important that they are on board and they have been on board from the very beginning, and they have commented, sometimes a bit later stage, which well was not really appreciated; however, I really ‑‑ well, I really think that after we have come to a final proposal, and they have been engaged in this whole discussion, it will be a bit difficult for them to reject it or if they do so, I think it will be ‑‑ it should have a very good reason why they didn't bring this, or the concerns they had beforehand. Also, I really, throughout this process, I decided to stop thinking, stop speculating, stop ‑‑ let's see what happens, because many, many times I have heard voices and concerns and oh, this will happen and they will say no and they will say yes ‑‑ no. Let's see, let's have an official position and let's discuss this.
SHANE KERR: I will make some popcorn. Fantastic.
AUDIENCE SPEAKER: Andrew Dul from ARIN, but I am not speaking for ARIN at this point. The one thing I would like people to remember is that we tonight have ‑‑ the numbers community today doesn't have a formal agreement with IANA and that is what the SLA is about, and that is currently in the process of being negotiated in an open manner and I am really pleased to see that that is occurring in an open manner. But as the document changes and it gets longer, I think it's easy for to us kind of check out and say, you know, it's going pretty good binge we need to have the stamina to continue to review the document even though it does get longer as time goes on, and continue to contribute feedback publically, affirming that as our agreement if that is really what we want because it's really important, in my opinion, that we have the positive feedback from the community that this is the agreement that we all agreed to, this meets our principles, because having the positive feedback loop is important, in my opinion, to confirming that this is the direction we want to go for the long‑term.
NURANI NIMPUNO: Hear hear.
ATHINA FRAGKOULI: Maybe it's worth mentioning that the third draft SLA is also published, along with changes from the previous draft and along with a matrix with individual comments and in the way we have handled these individual comments. Now, it's time for ICANN lawyers to give their feedback and we are looking forward to that.
CHRIS BUCKRIDGE: Those documents are on NRO.net.
AUDIENCE SPEAKER ‑ Martin Seebe: RIPE ‑‑ co‑chair of the accountability group but I am speaking only for myself. Very short and clear reminder: Before the NTIA announcement, RIPE ‑‑ the numbers community and the IETF and protocols community didn't ask for any transition at the ‑‑ but the numbers community, part of it at least, did ask for transition before even having that announcement, maybe thanks no Snowden or anybody else the NTIA announcement came and the main community sees that community and the numbers community and the protocols community had a choice, either to jump on the train or to leave the seat empty. I think that that was the good choice to jump in the train and I personally proud of the numbers community work and the protocol but come on, let's not complain; that is the easiest work. And in terms of accountability now, you said it many times: there is little impact on the whole work of accountability on the numbers community. That means whatever, the outcome is bad, it's little impact for you, so my question is: Why are you repeating, we would compromise, jeopardise, etc., etc.? What is the worst case for the numbers community besides waste of time, energy, disappointment, so if the if says you are too late, I withdraw my ‑‑ is comfortable for you so I can't understand why are you pushing a ‑‑ push this CCWG to deliver but I can't understand is there any rationale behind really pushing in that way? Of course you deserve champagne but I don't think ‑‑ understand what is the greatest risk for the numbers community and what is the really ‑‑ what is compromised for you?
CHRIS BUCKERIDGE: A very quick answer for that.
NURANI NIMPUNO: I actually think Daniel answered it. I think he said it really well. When this whole thing started, there was the concern also about well, what if we fail with this, you know? We believe in this bottom up transparent sort of self‑governing structure. What if we fail? If we fail it will have other bigger political implications, we will be sending a signal to, I am talking about the world outside of this community, this bigger kind of Internet governance context but we will be sending a signal where we say that this model doesn't work, and I think, like Daniel said, I think we have actually proven throughout this process that this model works and the ‑‑ like Paul said, the RIR structures and the decision‑making process and all these things that we do here, they have actually been haled as models of good governance structures, and we have spent 15, 20 years developing these structures, our work was easy but that was not a random thing, it was because of something we have built over many, many years. I think to answer your question, apart from the fact that I don't want to go home and say it was all in vain, I do think it's a big win not ‑‑ not necessarily ‑‑ or not at all practically for the numbers community, but because of the broader political context. I think it's good to show that this works, but, you know, like Jim said, like Daniel said, if it all fails it will have very, very little impact on you in this room. I hope that answers your question.
CHRIS BUCKRIDGE: I hope so, too. We have two very short comments.
AUDIENCE SPEAKER: So I have a couple of thanks and one learning from this process, so thanks ‑‑ my name is ‑‑ IETF, so I would be very happy working with the CRISP team and the RIRs on this so not just from this community's perspective but also from the other communities, it's been very good process, you really stick to your principles but that is appreciated, thank you.
I want top thank the ICANN community and I know it looks like it takes a long time and it has, but they had a bigger problem than the rest of us did so they have dob done a lot of work so thanks for that. I want to thank the ICANN IANA department, very good work while the rest of the world is trying to figure out how do oversight and there is nothing to oversight really because it all works. Thank you. I was very happy to see that this is a community‑driven process, that it's split into the different communities and they figure out what to do. That has been a good decision. But the one learning that I see here is that we sort of let our project manager hats, you know, be forgotten in the corner and not look at this from a project management perspective so we are doing a big bang decision, everything at the same time, I know these pieces fit together and that is not an issue that I have, it's just the whole project is one as one decision point. And that I think has been the wrong way. I know why that is the case, the US Government wants it but if I had to do everything again I would spend far more time at the beginning to convince the US Government it would have been in their best interests to do incremental like most big projects.
Vesna: From RIPE NCC reading the comment from Elvis ‑ from V4 escrow. He said while I appreciate the work done by CRISP and the rest of the community I am wondering whether while waiting for the names ‑‑ could have a look at the RIPE NCC's operations or operational versus policy documentation. I am a bit concerned seeing the changes that are being made without any appropriate feedback to the community or members, to the documents and procedures that related to NCC operations. I am talking about documents like RIPE 640.
CHRIS BUCKRIDGE: We might take that under advisement. I think for these ‑‑ certainly trying to kick us all off the stage, stay signature. I know Filiz has a couple of more announcements.
FILIZ YILMAZ: Thanks a lot to our panel speakers. Great...
(Applause)
I know that everybody is longing for coffee right now, especially that we run out of sometime after this important topic but there is one final announcement we would like to make and I will hand over to Remco.
REMCO VAN MOOK: The other guy is called Marco. Nigel, could you come up, there is a concern that I would like to raise in front of this group. Quickly, please. And the concern is that the hotel just delivered this mighty big cake with 60 on it. And somebody needs to eat it.
(Applause)
So happy birthday, Nigel. I have one question for you: Would you like a song?
NIGEL TITLEY: No, no.
REMCO VAN MOOK: He doesn't want a song...
Happy birthday, dear Nigel.
(Applause)
AUDIENCE SPEAKER: Remote participants are wishing you happy birthday. The cake will be rolled back outside and will be available with the coffee. Thank you all for your attention, enjoy the coffee break.
(Applause)
NIGEL TITLEY: You are absolutely pants at singing.
