2 P.M.:

CHAIR: Good afternoon, it's two o'clock, so we're going to start the afternoon Plenary Session. Before we begin with the talks, I'd just like to remind you all to rate all of these talks as you go along because you can win prizes, and also, in other PC‑related matters, the nominations for the Programme Committee close at the end of this Plenary Session, so, if you would like to nominate yourself or if you would like to nominate someone for the RIPE Programme Committee, please do so in the next of an and a half by mailing a short bio expression of interest to

So, we're now going to begin the talks this afternoon and we have an introduction to community networks by Bart and Roger.

BART BRAEM: Introduction to community networks, I'll introduce to you this wonderful world and a wise man once said if you want to introduce something, give an overview, use an image, so I found this image. It's something about people connecting themselves to the Internet, but that's something we all do at home, we use this cable and we know where to plug it in. I found another picture and it's even better, because it comes with beer, that's always a good one. The idea of drinking beer with your CEO, what is this all about? The idea of community networks that people are their own ISP. What you see in the background is a community network actually located in Spain, where people themselves in non‑profit organisation of a non‑profit nature connect themselves to the Internet or to each other actually. The networks, community networks are focused on lost file access on connecting local people to each other and sometimes even not through the Internet, because we are spoiled actually, we know we want to have Internet all the time everywhere all day long, but actually, essentially it's not always necessary, and this is also what community networks cover to have access to the Internet or to even to your local community.

Although I'm an academic, during my day job, it's not at all experiment, community networks are operational around the world and I'll give you examples later on and they are doing quite well actually.

How do you start them? Community networks grow and they grow bottom‑up by adding networks, by adding people, by adding nodes but especially by adding local communities, and this is completely different from the traditional model from, let's say, commercial ISPs where people are buying their access from some company and then they just connect to it. In this case the people connect to the network, operate the network, build the network.

So, how do they do it then? How do they manage this in they do it with hardware and software, of course, and the hardware, I know some of you know this project which is at the upper right there, it's called the Cantenna, that's the idea of using a scan and connecting to the Internet, they used to to do it but they now have better things. They use hardware like open WRT routers, Mikrotik, Ubiquiti and sometimes even better machines if they can die them and they use wireless networks. You would be surprised the range of wireless networks can achieve in this case we know of links that are operational for 10 km, even 50, 60 km long, and this is surprising perhaps at first, regular people like you and me also deploy fibre in their spare time, not with special ‑‑ with of course the right equipment ‑‑ but not with special tricks or something, they do it themselves.

Also, for software, unexpectedly Linux is quite popular but there is also Mikrotik router OS, some people use Cisco, etc., etc. The main concept behind all of these solutions is that they are open source, or they are open to certain degree, and that they are maintained by community, not by some central more commercial organisation but they are open and maintained by a community.

But how do you do this from a practical point of view then?

Of course they use IP, our laptops use IP, and they use private pour space usually the 10 /8 range and they starting to use IPv6 but it's not really adopted because is there really a need? I'm preaching to the inquiry, of course, that this is of course there is a need, but the people in networks are not really convinced right now.

For routing protocols then, you would be surprised even in this case BGP is still used with relatively unstable wireless links people use BGP. Of course they also use special protocols, for example, OLSR, OLSRv2, or even symptom ones, all different protocols which are really towards the idea of working with wireless links County Council be relatively unstable. But most importantly are the people. These are people in the background here who are installing a node upon the roof in Barcelona and it's about meeting people, building network but it's also about joining them afterwards, about going for a beer and talking technical things during the evening and who doesn't want to do that?

Because the community is built and operated by people, it's strongly relies on volunteers actually and there is a strong social components there, this type of networks really works with by the people.

And it's also quite a creative community. There is people, because they don't always have the larger major budgets from commercial ISPs, they tend to build, for example, affordable optical links, they use crowd sourcing to upgrade certain links because they know if certain people in certain neighbour hoods all also this link in the network it's actually going quite badly, there is something going wrong, then they will crowdsource the budgets. In the end, this works, this really works. This model works and these are a number of networks around the world, and it works and this is really surprising but there is almost, in every country around the world, I know that there are traces of or operational community networks, going from South Africa, the USA, even in Tibet, in Spain, the Netherlands, even here in Amsterdam there is such a network. There are of course meetings, because it's a good way to meet other people and to learn from each other. And there is a large variety of approaches there.

You would be really surprised as to some people say well do it with a centralised organisation where we come together and we discuss things, a bit like us doing the same here today and this week. Other people say we really need a distributed approach, let's each do our own thing and, in the end, it will converge to a relatively stable network. Some people use public IP space, others resort to only local access in certain cases. In some countries like for example, Belgium where I come from, network ‑‑ is quite affordable, so it's complementary to the traditional offers. In other cases, for example, in Greece, for a large amount of people, it's the only way to access the Internet, a certain volunteer project is the only way for those people to access the Internet.

And although I tell you that this is all operational, there are some challenges. There are some challenges which are of course similar to the ones from a traditional ISP, for example, how do you scale? It's not a matter of just adding the hardware; it's a matter of talking to other people, of organising things. There is, of course, data retention and all kinds of law enforcement requirements. There is the other thing: everything is distributed. So, you need to, for example, agree on address assignments. We have the entire ten /8 range, but how do you decide who gets what? There are all kinds of software solutions there and, of course, talking is required. Another thing is funding, how can you make sure that you can keep funding this network because your hardware up on that roof will fail at a certain moment, how can you make sure that it keeps working?

Finally, there is, of course, liability. Volunteering is one thing, but what if things go wrong? There is techniques being used like forming a foundation and all kinds of other tricks.

So is this a threat now? A threat to traditional ISPs? I don't think so, in most cases, because you are connecting people where Internet access is not really possible, for example, because of the economic situation or because of the commercial situation, and also because there are certain different goals. A commercial ISP wants to offer commercial grade stability. While in the case of community networks it's not always a requirement. Also, there are complimentary offers, there are community networks cooperating with ISPs, for example, which, over the top services or where the community network organises the last mile access.

So, why am I telling you this today? Because, you are a researcher, because actually I do research on community networks in the scope of European project where we have tried to tackle a number of open challenges, we work together with a number of networks in Europe and there we studied the networks. It has resulted in a test bet, so this is a way where you can even today access the networks and do research inside the community networks. It's called Community Lab and it's open and free so even you sitting here today can apply for access.

So, this is the, let's say, the general introduction. But we thought it would be interesting to give you a more specific introduction. That's why Roger will join us and help us to explain the details of one specific network.

ROGER BAIG VINAS: Thank you very much, Bart. This is the story about my community network. I am also part of ‑‑ well, we are also part of confine consortium, but here I want to present is what we did until today.

We started in 2003, as a continuing the wireless community that was started by 2000, around Barcelona and so on. Then, in 2007, we established the foundation, because we were facing the need of a legal identity, for instance, to join the RIPE NCC, and then we started deploying optical fibre in 2009. Currently there are about 20 micro ISPs inside Guifi net operating. So at local level what do we do? We deploy infrastructure, this is how it is at the moment in the Iberian peninsula, but basically we are having fun and learning from each other, we are standard people, common people learning and deploying and operating our own networks.

This is the historic evolution over the years. At the moment we have about 30,000 working nodes and this is the backbone we are building, Barcelona is in the centre, at the moment it looks like a star, but we will see how this evolves. These are all fibre links.

This is the transit we have to the Internet, and the peaks, so at the moment we hang to aggregate about 2 gigs per second sometimes. And this is the revolution over the last year. Here we can see when new networks join the project. The network, just to give you an idea of the CAPEX, the capital expenditure we have estimated, it's about 7..5 millions, this is bottom‑up funds. People putting their money. And we estimate that every month we spend at least 200,000 euros in opex.

What has happened, what is the impact of Guifi net in the society? These are the counties in Catalonia and this is the county where Guifi was started. It's the only in terms of broadband access it's next to the average of the EU and we are far above Catalonia and Spain. We would be somewhere here if was not there. Who are the actors here? Well, basically, the people, but we need ‑‑ other people create SMEs and SMEs deliver their services over the network, the network is open and we need the public administrations to coordinate ‑‑ well, the access to the public good.

What is the difference between the traditional or the proprietary networks to what we call the common networks, the open networks, those that are built by the contributions of the people? Are they shared, the commons are always shared, and the country proprietary, everybody keeps the ownership and at most they resell the infrastructure to others. What is the mainstream business? Well, the traditional ISPs based their business on the infrastructures and the services they provide over the infrastructure. Here, the only business opportunity are the services delivered through the open network. And this is the main question: is it speculative? The business, I dare say that the proprietary business is most of them, they are, but we are not.

The question is, if this is sustainable? And where does the money come from? As I already said, it comes from the people. But if we look at the total cost of ownership over the 12 years, we see that this is movie star, this is the incumbent Spanish incumbent ISP, the total cost is above €10,000 and we are 40% below. Next to what happens in France, for instance.

Where is the key of how do we manage all these together? And the important thing is the commons concept. We have a licence, and this is something that I think it's a good contribution by community. We have a licence where people must ascribe to join the network and where it says what you can do and what you cannot do. So, for instance, an investor, when he or she puts the money there, knows in advance what he can expect. From the other perspective point of view, we can always choose who the provider is. We just need to check the infrastructure keeps the same, we just change providers.

So, where is the inspiration of all this? The commons concept was started by Professor Ostrom, she was given the Nobel Prize in economics in 2009 and the key concept is the commons, how this concept ‑‑ how the commons are ruled. She described eight principles and we have seen that maybe without knowing about her job, just we knew about her three or four years ago, we already realised that we were following these principles, and we have built tools to implement these principles, and here just to finish, I want to present a simple case. And this is how we ‑‑ we level up a compensation system for the ISPs participating in the network to balance their contributions and the traffic data.

Because, we have seen that without this system, the ISPs did not reinvest. They were using the network and the infrastructure deployed by the people to deliver their services, they were charging for the servers, they were making profits but they were not reinvesting. Through this system we managed and this was implemented about two years ago and at the moment we have about 15 of those 20 operators inside already inside this compensation system. We have seen that there is the investment has started and now we are growing and we are deploying fibre at the rate we expected.

How that works? This is to make it simple, we have four ISPs here, I have added the foundation, because the foundation as I said, was an institution we created to look after the network itself, and the foundation I'm a worker at the foundation, we do not know the network but we take care of the licence fulfillment, so, here are the expenses, for instance, one of the expenses we have is the Internet carriers. Just to make it simple, we say that the four players here make the same ‑‑ have the same costs, but the usage of the network is unbalanced. Here in the usage there is an up ‑‑ something of the foundation because they are a non‑profit and those who are making profit out of it must sustain us and this is the compensation system. Because, ISP one makes more usage contribution, he has to pay the difference. On the other side, operator ‑‑ yellow ISP receives 5% back. This is just in a single bill that is issued by the foundation. But this was just a small ‑‑ a taste of what we have developed. For instance, Bart already mentioned the software tool to set up the network to manage, monitor and all this, we will be happy to explain to you more, if you are interested.

And more or less, that's all. So if you have questions, I guess so ‑‑ I hope so... questions?

CHAIR: Just a reminder, come up to the mike and make sure you say your name and affiliation. Or not...


CHAIR: And for our next talk, Jim Cowie from Dyn is going to be speaking on issues in the IPv4 transfer market.

JIM COWIE: Hello everybody. I'm Jim Cowie, I am a chief scientist at Dyn.

For a long time, people have been saying why don't you come speak at RIPE and I have spoken quite a lot at NANOG, I have certainly spoke at the RIPE regional meetings likely nothing and MENOG, it's true until today I had never actually come to RIPE so thank you for the invitation to speak here today.

I always used to say I'm waiting for the right topic. We have to find a topic that will really be on target for the RIPE audience, and we did find one here. Of course, the IPv4 exhaustion situation, the development of the transfer market for IPv4 space led us to wonder whether we could find any evidence that transfers of IPv4 space were being handled particularly well, or particularly badly. When they finally hit the routing table. Wouldn't that be an interesting thing to look at. And this is sort of an extension of the things that we did before and now doing at Dyn, looking into the routing data over a long period of time and looking at these transition moments to find out how the parties involved are actually coordinating the transfer of this space.

So, as background of course I think I'm not a numbering policy specialist and I think you are going to have a lot of good discussion later this week about the issues behind IPv4 transfer. But, what everybody knows I think is that the pace is really picking up, right, because we have reached exhaustion, because there are basically no more v4 addresses to give out. Transfer has started. So, here is a graph of the number of blocks that are being transferred each month just within the RIPE region, just in PA space, so that's a very ‑‑ obviously a very limited subset of all the transfers that are taking place, there is legacy transfers that are probably dwarfing this. This is a nice subset because one, they are published and two, because we can dig in and find out what happened to they say blocks. So it's cool. This is a real market and markets are a great way to allocate scarce resources to people who need them the most.

So, we also note that these are still early days. If you look at this graph, which is subtly different, this is the total number of unique addresses which is different from the number of blocks. The block transfer rate goes up pretty smoothly. The count of addresses transferred supply and down, at least in PA space. Because there are some very large blocks that are moving. And you can think of these, I guess, the large blocks being transferred as being like old growth forest, people have moved to the new world and started cutting down the forest in enormous chunks and some of the old growth trees that you are never going to see again, that's what these are, and the feat here ultimately is going to be we start transferring smaller and smaller blocks and if we believe, you know, the story, that the routing table is going to fill up with tiny blocks.

Today, though, we're still in this initial regime.

So, where are all the transfers coming from? This was our first question, and this was really shocking when Dug and I dug into this. Usually when you graph the size of the Internet in a particular country, it has this nice up‑and‑to‑the‑right graph that is true across, basically, all countries, every country has an Internet economy that grows, every country allocates and puts into service new v4 space until this year, and last summer, as you can see, Romania, beginning to sell off its v4 assets, we actually see about 3,000, I believe, there is a huge decline, basically, in the amount of Romanian address space that's actually out there in the v4 routing table.

That's reasonably stung, right. Half of the PA space blocks transferred since January 2014 are coming from one country, due to the efforts of a couple of individuals and their companies. 44% of those blocks are from, who are disassembling Romanian address space and packaging it up and send it go overseas. So where is it going? So, again, this is kind of neat, the address space is ending up in the Middle East, to the extent that today, out of about 4,500 prefixes in the global v4 table for Saudi Arabia, roughly one third of those prefixs were in Romania last year. It's a wholesale shipment of content to Saudi Arabia, and a lot of those are being advertised as /24s. The trend is clear here, I was in Riyadh last week, the v6 forum, and this was very much on their mind, the fact that IPv6 not having quite taken off yet, there is some interim space allocation that has to be purchased in order to keep the Saudi Arabian economy growing and thriving, and, of course, nobody talks about how much money is being spent but at ‑‑ around $10 an IP, it's probably 15 million dollars that they have spent to get this space up and reallocated to Saudi Arabian companies.

It's not just the Saudis, of course; Iran and Syria and the UAE are all taking space as well from Romania.

So we wanted to find out what would happen, so, you know that we talk a lot about BGP hijacking, we talk about all of the terrible accidents that can happen when you reuse address space in two different places at once. How many of you watch top gear? So you know that the Dacia is a fantastic car, the Romanian cars, and if you export the Dacia, it has this nice property that if I sell you a Dacia and you take it to another country and drive it, I cannot also drive it in my own country. I give you the title, I hand over the keys, from that moment on you can be pretty sure you are the only person driving your car, and unfortunately IPv4 addresses are not like that, so the person who sells it can keep driving it simultaneously in a different part of the world. They can do anything they want with it, they can get traffic tickets, they can commit vehicular homicide. And it's your car. Right... pretty complex.

So we wanted to see, here is just an example. There are many, many of these, when we went digging through the PA transfer table we just wanted to find a couple, really egregious examples of things that can go wrong at handover.

Here is one from late October of last year. So, we're selling ‑‑ excuse me, we're transferring a /17 out of remain a, we are giving it to the mobile communication company of Iran, the primary mobile phone carrier, and over here on the right you can see a nice graph of the prefix coming up, the Y axis is percentage of Dyn peers that see this relationship in the table, so before the transfer, the space, the 17 was not being used. At transfer, it becomes a hundred percent visible. And originated by this nice 32‑bit AS belonging to the mobile communication company.

Great. Good sale, hand over the keys, drive it around a little bit. Oh, but nothing is every that simple. So, level 3 had been announcing some more specifics of that /17 since 2012, due to a relationship with the seller, okay, so here we have a set of /21s, more specifics within the /17. What happens when you have more specifics in the table that you don't control? Well that becomes little embedded black holes in the 17. And of course we don't talk to the Iranian mobile provider so we don't know what's going on, that's what I remember customer experience. But we can guess. Because any traffic that's on net with level 3, which is going to be a good chunk of the entire planet, is not going to be able to deliver traffic to Iran in a /17. Well, they will cross the 17 but not in these particular /21s, and you don't know why this is happening, and I'm sure that there was some consternation inside Iran because they may have figured, well we seem to be getting blocked from certain services, we seem not to be able to deliver traffic on this new network that we acquired. Maybe it's the embargo, who knows? It turns out, of course, it's not the embargo, it's simply BGP routing at work. So, the Iranian mobile provider are clever guys and they figure out by looking at the routing table what is the case is here, and so they start advertising still more specifics, and you can see here on the right, that the /22 more specific than one of these /21s POPs into existence towards the end of December, okay. So, they purchased something, they started using it, they noticed impairment and then it takes almost three months for them to get more specifics into the table. They are unable to communicate effectively with the advertisers of the less specifics to make them stop, so they simply have to turn around and reinject more specifics to try and get control back. This is really an untenable situation. You have to wonder, I guess, what we're going to do in terms of standard escrow agreements, when we transfer blocks the seller presumably has a responsibility to make sure that that block is not routed, that there are not unrelated more specifics still floating around in the table. You know, this is something that perhaps people are going to ask for in standard terms and conditions if they don't already get it.

And that's not as bad as it gets. So, another company in Romania has been advertising one of these /22s since 10 November, okay. And then the Iranians have to come back and re‑reannounce more and more specifics, so now they are down to /23s, because that's the only tool you have, right, so to try to be more specific to try to get the traffic back and where this bottoms out as you can guess is in /24, you can see one on the right here. This /24 is being announced simultaneously in Romania and in Iran, and because you can't plausibly go longer than /24 and still get it globally routed this is the stalemate we end up in. So half the world thinks the /24 is in Iran, the other half thinks it's in Romania. This is just not a tenable state of affairs.

Also, I mean, if any of you try to do tools based on geolocation, stuff like this turns out to confuse geolocation services woefully. Here is one of these blocks which is thought to be in Romania, it's location is Romania, but the ISP that published it is the mobile communication of Iran, so in inconsistencies like this pop up, as these transfer procedures continue.

Other things happen and I think one of the key things here is BGP hijacking, we have talked about for a long time, about methods to prevent it and avoid it. IPv4 transfers are going to be one of the probably largest contributors to the pool of hijacking behaviours that you are going to see in the wild, just because it's pretty likely, right. One company has been advertising this space for a long time, they have been using it for various functions, they are offering services at particular IPs in those blocks, and then they have to stop, and stopping doing something completely can be more difficult. The probability that there is going to be some sort of an accidental collision is much higher I think in the transfer scenario than in an unrelated hijacking scenario. So here is an example where somebody from here, A to B Internet had transferred a block and at some point then accidentally readvertised it, which you know you can happen, you can imagine an old config getting imported and something coming back so that for a number of hours there was a hijacking of this space by the seller attracting about 10% of the world's peers, of our peers, 90% still like the route published by the buyer, but 10% is a fairly substantial impairment.

It gets even worse. There's a case here where the more specific was in the Palestinian territories, and the man in the middle routing a man in the middle, a route hijacking scenario evolved where the traffic, in fact, was being brought back to the seller's home and then they realised that wait that's not our prefix, let's send it back on its way so the traffic went back to the Palestinian territories. So, you have the buyer in this case, through a complete accident, acting transiently as a man in the middle traffic interceptor potentially for traces in traffic that are flowing to the buyer's prefix.

I'm going to probably wrap this up because I think you get the picture. I think that it's interesting that so much can be summed up in 'buyer beware', and I think the fact that we now have commercial relationships with contracts between buyers and sellers actually gives us an interesting new place to stand when it comes time to think about how to reduce the likelihood that IPv4 blocks will be hijacked. The buyer, though, needs to exercise the due diligence. Take a look at the historical routing. So, you need to go back in time potentially for years and find out all the way the sellers have used this prefix and any nor specifics that they handed out to people to advertise and make sure that all of those come out of the table, that all of those are completely quiet before you take possession and have quiet enjoyment of your have you address space. It's important to think about dance perhaps. People have had important domain names pointed at your space for a long time and some those may still be out there and you are going to get the traffic for them if they are still in effect.

I think routing alarms are definitely to be called for. It doesn't matter who you get them from or if you roll it yourself. But you need to find out reasonably quickly whenever, even a small percentage of the world has decided that it likes a different route to your prefixes, because if it is a purchased prefix, the odds are it's going to have some involvement with where the prefix came from.

You can't ‑‑ I think you can't over emphasise the importance of participating in communities like RIPE and having technical relationships with the people from the sellers organisation. I know that a lot of the time we talk about blocks being traded off at arm's length, or almost anonymously. I think that in this case, being able to call up the people who have been routing this space, is going to be really critical protection to get these things, loops closed faster than otherwise.

And frankly, I'm going to be interested to see how these sorts of issues affect the contractual legalities of closing. Terms and conditions for sales or transfer of IP space are going to obviously need assertions about clean routability at transfer time, but because we see that these problems go on in an unrelated way for months or years, it may actually be necessary to start thinking about things like claw backs. After all you have a continuing commercial relationship with the transfer err, it may be possible to utilise that as an incentive for them to make sure that they implement good hygiene and don't accidentally put your purchased prefix back into the table in an inappropriate way or allow any of their customers to do the same.

All right. I'm going to wrap up there and take some questions, but again, I thank you very much for inviting me to RIPE.


CHAIR: Questions... Mirjam.

AUDIENCE SPEAKER: Just a data point ‑‑ Mirjam Kuehne, RIPE NCC. Just some additional data, some of my colleagues at the RIPE NCC, for those of you who missed that, have published a more in‑depth article on IPv4 transfers just recently on RIPE, it's on the home page there so if you are interested in some more details, not about the routing part of it but about the transfer part, just have a look there.

CHAIR: Okay. Let's go one to the other.

AUDIENCE SPEAKER: Hi. Leslie Carr, Cumulus Networks. Do you know if any of the people have had their routing space not hijacked but badly sold, have had any luck talking with the upstreams of the people legitimately advertising their space?

JIM COWIE: I don't know. That would seem to be a good way to go if you can't talk to the seller. We know that at least in the Iranian case it did not happen, so, anecdotally, I don't know.

AUDIENCE SPEAKER: Alain Durand, ICANN. You were mentioning at the beginning of your talk that at the moment this is just a beginning of process of few, an if you /22s or /24s, not a huge deal but at some point it will become a huge deal, so do you have any prediction this could become a problem and what kind of measurement can be made to actually monitor this and know ahead of time when this is going to be a problem.

JIM COWIE: So, monitoring ahead of time, this is going to be a problem. Again it is a matter of figuring out how the space has been historically routed. I think the best case for us all is where this is old growth forest has been cut down and where it has never been routed or never routed in many many years. I think that it's going to get worse before it gets better. I think that, in some sense, the transfer of PA space within the RIPE region between RIPE folks should be a best case. The database here is in pretty good shape. You all talk to each other. We have RIPE meetings. If we can't get it right in this particular constraint case, I'm really worried about what happens when we start doing inter‑continental transfers and we start dealing with people who are at much greater social distance from each other and who have databases that are not as well maintained and everything else. This is the time to get it right while it's still just among us friends in RIPE PA space land.

AUDIENCE SPEAKER: [] from Banen. Maybe you are not a right monitor to answer or maybe you are. But what I wonder is, will RPKI be the solution to this because if deployed it could just kill all the bad advertisements but then of course it still has to be deployed everywhere.

JIM COWIE: Yeah, I wish it could be deployed everywhere and it would solve all of this and all the rest of the BGP hijacking problems and then that would be great.

AUDIENCE SPEAKER: Wilfried Woeber, one of the old local registry manager hats, and for a network which has a large consistency using Legacy address space so I'm fully aware you are not looking particularly at the Legacy situations but some of that stuff I guess is pretty similar to the situation in the PA space, and you were correctly pointing to the forward DNS, but a while ago we put together a recommendation to our /STEUT /KWRAEPBS not to transfer addresses because of a long list of things, most of them you have laid out here in your presentation, but I am missing one thing and that's actually the question, whether you were looking at that topic or issue as well and that's reverse DNS, in particular, if you try to transfer subsets of, for example, a /B and a /16 because in most cases the primary DNS, reverse DNS delegation is happening on the basis of the /16, so, you either have to sell your soul in addition to the IP addresses and rely on the very verse DNS services of the original /16 holder or you have to deaggregate the whole thing and potentially do the right thing I'm wondering whether you had some sort of look at that issue on to much your list.

JIM COWIE: I have not looked at that issue but now I am fascinated so I'll go back and look at that right away. Thank you.

AUDIENCE SPEAKER: Elvis: We have had a few chats about this also in ‑‑ and I would like to add one more thing about it and that is that we, as a broker of IP addresses, we have tried as much as possible to do a due diligence and make sure that once the seller wants to sell, they stop the announcement before the buyer actually gets the address space. Now, we haven coward two problems with that, one of them is that once the seller stopped the announcement, someone did a hijacking and started selling millions of spams from the address block because it was no longer announced by the legitimate holder and the block got into Spamhaus, and then of course it got chopped into two to two parties had to talk to Spamhaus about it and blah, blah, blah. That was one of the things that I have noticed happening, and I have raised this concern with the RIPE community and with the Anti‑Abuse Working Group at the previous RIPE meeting. So, it is one of the ways of cleanly doing these transfers is for the seller to stop, for the buyer to start after the transfer has been completed, but then we end up with having hijacks. Another pretty good option would be the idea of using certification only, but not only, but primarily on the buyer side, once they got the block in their portal they can enable certification and then get alerts every single time someone announces any bits of that address space, at least use certification for the alerts if not for the traffic management. However, in this market, I think ‑‑ I don't know how to actually say it ‑‑ but I think that the best way would be for maybe the RIPE NCC to find a way to actually do the transition between the buyer and the seller so the seller stops announcing, the RIPE NCC marks it somehow, I don't know, and then once it's completely transferred, then the seller gets to start ‑‑ the buyer gets to start announcing it from their own IS and that might actually help with a lot of things not just with the anti‑hijacking method; it might also help with getting the address space cleaned if it has been somehow dirtied by the previous users, and some other things. I don't know if this would be even considered by the NCC, but I don't know, I know we have discussed this, and this might be an idea for these things.

JIM COWIE: It's a good topic, I think, for later in the week and clearly coordination has to improve, right, it would be better if, maybe even on the same day, we think by analogy to a house closing where you show up, you get the keys and you are the owner of the house: To close that window of uncertainty where it's no longer routed by A but not yet routed by B, if we could get it down to a time window where the spammers know this is not some vagrant space, 24 hours? I'm not sure if RIPE is the right party to bring in to make that happen because this has to scale all over the planet, I think that contractually it's nice that we have contracts now and you can put things in to say I get back money if this does not go smoothly, this is your responsibility, and you know, when money is at stake in a commercial trust anchors, people tend to be very serious about getting it right and doing it in a timely way.

AUDIENCE SPEAKER: A broker could also do the transitions part or the part in between, but then the space will get blacklisted by Spamhaus because they will think it's hijacked.

JIM COWIE: You can't win.

AUDIENCE SPEAKER: Sam Weiler. What would you guess is the proportion of these incidents that is in some way or will be in the future attributable to malice rather than incompetence?

JIM COWIE: Oh, interesting... I think the bulk of all BGP hijacking worldwide, speaking broadly about any prefix that stamps on any other prefix, is incompetence, its accident. There is a healthy percentage of those that is malicious. I think when in Bayesian sense, when we already know that the space is the subject of transfer, I think the probability that it is accidental goes up. I think that the malicious hijacking of transferred space is probably lower than the malicious hijacking of arbitrary prefixes that get hijacked, but I'm not ‑‑ I wouldn't put money on that.

AUDIENCE SPEAKER: Hello, thank you for the presentation, I just have another interesting data point. So, you showed that game of announcing more specifics to get over the problem, and last year we did an experiment because ARIN has a policy to allocate 26s and 28s in cases they are need and we ran an experiment with ARIN, so we started announcing a 24 after four days 92% of our reach peers globally were able to see them. 25, it was, about 20% of the global peers, and when it came to 28, it was only 15% of the global peers were able to see that. So, that game of announcing more specifics will end at 24 basically, because after 24 whatever you announce is in most cases not seen. And these figures were all with route objects created in the RIPE database, we also did it without objects and it's always about 6% less.

JIM COWIE: Got it. It's a good observation. I have suspected for a long time that the /24 limit, which is just culturally constructed among us, is going to soften as we get into exhaustion, deeper and deeper, and people start carving things up smaller and smaller so that's excellent data. I think that that tail will grow, and eventually people will say, well if I can get 18% propagation in the markets I care about, I'll do that. But we'll have to see.

AUDIENCE SPEAKER: Hi, I see some numbers coming up in millions of dollars for transactions etc. Do you have any idea when the amount of money being transferred is getting above reasonable amount of money to get IPv6 up and running because that would be...

JIM COWIE: There are two cost curves intersecting somewhere but where do they intersect? I'm not smart enough to say where that intersection is but the market will tell us, so in 2011, Microsoft pate 7 .5 million for the nor tell space. Now we see you know nations broadly paying tens of millions of dollars to get space. I don't know where that ends. But, I know that people would prefer not to spend that money, the fact that they are in fact spending that money means one of two things: Either they are broadly irrational, which is possible, right; or they are correct and that's a decent investment in space which is getting tighter and tighter. The fact that, in 2011, Nortel space was sold, was a huge wake‑up call to CFOs all over the world that you have a intangible asset on your books that you can no longer ignore, it's time to value it and we can't put that back in the bottle.

CHAIR: Okay. I think lots of questions, so thank you very much Jim.


So our last speaker in this session, and all of Jim's questions have brought us nicely back up to time so you are not getting an early coffee, so, it's Bendert Zevenbergen, Internet engineering meets philosophy, establishing ethical guidelines for networks systems research.

BENDERT ZEVENBERGEN: Thank you for inviting me, I am honoured to speak at this highly technical conference to present this project which is a lot softer from what you have been hearing and what you will hear.

The project is called Ethics in Networked Systems Research, Ethical, Legal and Policy Reasoning for Internet Engineering. Here is the website if you want to visit it. I'll quickly introduce myself. I'm not a computer scientist, I'm not a network engineer. It's a slightly ugly slide but I used to be a lawyer in Amsterdam working on Internet law cases and one of the things I did there was co‑write the network neutrality legislation, I went to the European Parliament, again Internet stuff, one of the things I focused on the axe a treaty and getting it on the table. Then I within the to the Oxford Internet Institute, studying all aspects of the Internet. A project I'm working on with the EU, the network of excellence on Internet science. These are really multi‑disciplinary and currently this project is being financed by the open technology fund in the US.

I have always been working in multi‑disciplinary teams to understand what Internet regulation and legislation is. I have always found that there are so many silos working together in this space, you have got the computer scientists and the engineers, then you have got the politicians and the judges and the lawyers and the academics and sociologists who study the impact of social media and none of them speak each other's language or very, very few and that leads to a lots of frustration and people simply not talking to each other any more because it's just not possible.

So, what we're trying to do in this project, and the first thing I'm trying to do, is set up a huge community of people who are interested in this work, so interested in the ethics of Internet technologies, research. But we're not prescribing policies, we are not prescribing technology design. We don't want to be the definitive ethics guide, but we want to create a platform so that all the different disciplines can actually talk to one another. The which we have done that before is in this project, which we set up for Google research, or the measurement lab, was how do you get engineers and lawyers to talk about the same thing, so we set up this document which is kind of like a privacy impact assessment or a privacy by design document focusing specifically on mobile phone measurements, and we just asked a whole bunch of questions that computer scientists would then explain in normal language, explaining it to his/her mother or kid, and then the lawyer and the ethical boards could ask questions based on what was being said. And slowly but surely you saw that we were actually creating a base for a conversation.

This was a first thing. We have never tried it before, it worked well, we organised a workshop, first thing we saw there was, you know, when the computer scientists were talking, the lawyers were confused about the acronyms and the numbers and the types of databases that you could create.

When the lawyers were talking, the computer scientists took out their Sudokus and just started working on numbers because they couldn't understand the grey areas that were being talked about.

So, it's really kind of this, we, this is very simplified of what we have seen in that process. But, engineers often, and I don't mean to general rise for all of you, often apply for consequentialist type of view of reasoning about the ethics of what they do, which is in the end, is the end justifies the means, so long as the goal that you are achieving is good, it doesn't really matter how you got there. You can often see that, you know, in being incentivised to create more efficiency or larger databases or you know quicker speeds on networks for example, it doesn't matter how you get there as long as you get it and then you get your promotion.

Whereas where I come from, the law and social science policy, even ethics and philosophy, or, you know, side of things, thinks more about the steps that you take to get to the goal. So, it's not necessary that you know if you have created the quicker system, then you have done a good job, it's about what's the social effect of the system that you are setting up. So with this project, I'm trying to inject some of this thinking into the consequentialist reasoning that you often see.

I'm working with the Internet measurement community mainly; I feel like I have been adopted as an ethicist there, which is great, there is really open community, they are really explaining to me how the technologies work, I have frequent calls with them, I go to many of their conferences but one of the first things this was shown to me, and it's a very simple graph, you know, if you want to do Internet research, often times you are breaking the law because there's these user privacy laws that no one understands. But this graph shows a few other interesting things as well. Because if you consider the engineers to be more consequentialist in their thinking and the lawyers a bit more deontologist and you see this huge space in the middle, that's where these ethics, reasoning styles conflict. If you are talking about ethics, you are often times not talking about the same thing if you are saying this project is ethical, what does it mean? What that shows is that Internet research is actually a human subject research a lot of time. People often claim that they are network measurements, it's technical data, even if there is some human behaviour in there, they are not going to use that part so lawyers and ethicists shouldn't be concerned. But in the end of the day, what you are doing is you are collecting huge databases of people's behaviour, often with identifiers in there, and if you then keep such database secure, that doesn't mean you're not breaching privacy because you are creating these databases and they can be used at some point.

So, what I thought I'd do is, we recently organised a workshop in Oxford with about 12 philosophers and about 12 computer scientists and we talked about a lot of cases and I thought I'd present some of these cases to you and show some of the reasoning that we kind of filtered out of these discussions.

This first one, you may have heard of it ‑‑ these are all fairly Internet measurement examples, they are not quite the ISP types but I think you'll recognise a few of them. This is the Internet census of 2012. I'm sure many of you heard it have, but just to quickly recap. This was a project where someone found a way into Linux machines. What he did, he built a botnet and just kept trying different machines and see whether he could get access. That's a simple way of saying and in the end after with six months of running this project he came into about half a million Linux systems, some of these were industry‑controlled systems, others were security doors, for example, or managing security doors, but also laptops and computers and business systems.

So, as you can see at the top, he already realised ‑‑ he published this anonymously ‑‑ or she ‑‑ but at the top he is saying we realised this was illegal, but you know, we are going to try and do it less illegal or hope to do it legally, he says. But then we got into the discussion at this workshop and the technologies reasoned like this; they said the best data set to understand the Internet network. Yes, with we created a huge map of the Internet through the illegal use of half a million devices. This is the consequentialist thinking here again. We have got this huge map and it's amazing, it's illegal, but you know... the design principle, this is from the paper, says "Be nice and don't break things." Which is, you know, it's a nice way of thinking about yourself. But, you may be setting standards for others.
And "All the data gathered during our research is released into the public domain for further study." Which is again, you know, it's really nice that you're doing that but still you have broken into or accessed half a million machines illegally.

Then, the ethicists started arguing back and saying, we are creating these precedents and these standards by doing certain research and creating huge dataset and they do stick for a very long time, it's really difficult to say, for example, no, you can't do that, we know that this person did it, but you are not allowed to do that same type of research. Also, if you are creating this huge botnet and you say we're not going to do bad, we're going to be nice, we're not going to break anything, still good bugs can be exploited, bad people can learn from how this botnet was set up. So that's an issue there. And the conclusion by the ethicists was, basically, this should not be encouraged, this type of data collection. You should do it differently. Another issue was you got into the, how were we going to define the risks and the harm in this? What do we know what happens when you infiltrate half a million machines? Are you actually compromising them, yes or no? Then, once you have kind of defined harm or what illegal access is, when is it actually a risk to the person that you have infiltrated? But then, on the other hand, others said, quite rightfully, because this is not a legal discussion but ethical. What is the ethical cost of not having this information? Here you see some variations on thinking on this consequentialist thinking before.

So, the dataset still hosted in lots of places. They are trying to redesign their methodologies to get to a more ethical way or more legal way of getting this data. But, so this kind of shows that they have realised that they need some more thinking in their design of this huge data collection, which is I guess it's a nice outcome that you are trying these two ethical strands are trying to find each other.

The next case, there is a few projects I'm putting into one example here but this is on censorship measurement. We had a few discussions, I am referring to another paper where people try to measure which websites were censored in certain jurisdictions. So, you can do that various ways, two ways of creating I‑frames on websites, so that people when they visit the web sites are also visiting another website and seeing whether they can access it or not and sending that data back to the central database. Another way of doing it is putting a device on the network, possibly at someone's home or at a company, and then you know, you can cover the costs for that if you are using a lot of electricity, but the very simple explanation again is you are pinging certain websites which you know are censored somewhere in the world.

The reasoning is, you know, this is fine to do, we're getting informed consent from the users. We get URL lists from respectable organisations, they may include sites but it's not our business what's on the URL list. Another argument is no one has yet been harmed by us doing this, we have had cases of this data being presented to users, you know, that they have been checking censorship in their own country, but still ‑‑ and then one thing that struck me is we will not know what governments think of these systems until someone ends up in jail, which you know you kind of need to ruin someone's life for your ethical test, so that's a bit far.

The ethicists started reasoning at such, basically saying, we have to understand the Internet, the infrastructure as we know it and the experiments that we're running on it are designed by a fairly homogeneous group. If I look around this room here, I see mainly males and from the western part of the world, but the access to the network has been completely democratised. I'm not sure how many people are currently on the network. I think it was 2 billion, I read a while ago, which is a third of the world's population. You know, this is people in India, in China, in Uganda, you name it. So, what was being argued is that, there is an inherent knowledge and power imbalance. It's the people like my mother, for example, who uses her mobile phone for WhatsApp and whatnot, versus people like you who know exactly how all these systems work. However, going back to this example here of Falun Gong, it is censored in China and you are running censorship tests in China and you are constantly pinging these websites from a certain phone or network or via an i‑frame on a website, you can guess that that person will end up on a Government watch list at some point, if you keep pinging it. And what you also need to understand is, you know, the rule of law may not exist in the same way as we know it over here, police may be a bit more aggressive, people may get put in jail for things that we don't get put in jail for in the US or Europe. Often times the social norms are not understood by the engineers designing these systems. Also, informed consent becomes meaningless if the users don't have an understanding of what happens to this kind of data. Often times, maybe not in research, but in business, often times aggregates of datasets are being sold or fused, I didn't know about this until several years ago and my parents and my brothers absolutely don't know about this, so I'm sure a lot of people have no clue what's happening not personal data that's being collected. Also we have very little technical understanding of our devices. So, I'll get into that in the next example.

And finally, if you pay participants to run these measurements for you on their network, that's a very nice thing to do, that you are compensating them, but if you don't understand the social norms, it could be that they're considered to be complicit in espionage. These kind of things do happen and these are things that you should think about. Often times researchers are not in direct with the data subject to we don't know what the problems have been so far.

So, the quick advice from the ethicists there was, you know, speak to local lawyers, call up the fellow engineers in that country and ask them about the situation and ask them about the ethical considerations they take when they run tests in those countries.

What I have seen, some of these papers ‑‑ a lot of censorship papers are perfectly fine and accepted, but some have been rejected on ethics grounds, but then recently, I got a message that they have actually been accepted because the data is so good, and you know, with a note of caution attached, don't duplicate these methodologies, because ethically it's not correct it's just for this conference this data was so relevant, which is very much this consequentialist thinking creeping in again, figure it out together that this is not how you should run these things. But still, the programme committees have decided that probably it's a good idea to still publish this paper.

And projects that have come to people like us recently, they have been heavily scrutinised also by other groups, by talking to us they are finding ways to operate ethically and not end up on the front page of the New York times for example, or ruin someone's life.

Last example, this is something I hear so often, it's about ‑‑ it's not quite network research but it's about collecting openly available data. Tweets are one example. But you know, wifi probes, Bluetooth probes, there are different examples, it's just data that is floating around and that you can basically, with an API or whatever you have, easily gather. So the reasoning there is this data is available, users do publish it openly. When I send a tweet, yes I realise I'm sending it to the rest of the world. Devices, mobile phones, they are constantly looking for the wifi network, so they are sending out lists of networks that they are trying to identify and see whether they are around. The argument is it's freely available, so we can use it, right?

No. Wrong. Often times these have fires in them, tweets will have my handle, if you can republish it in a different context using my personal data. It's a very legalistic explanation I'm giving, but it is the way it is. And another thing is, that came up in the conversation is that we need to think differently about what 'public' is. You have the physical plain where you can do observational research and social scientists do sit in city squares, for example, and count how many people were doing a certain action. But there is also the digital plain that is not quite understood by many of the users, so, we don't know that why the phones are sending out wifi signals, I learnt this at the workshop. We have heard that shops are following you based on your Bluetooth to find patterns and how you are spending money or how you are looking at things in the shop. So most people are not aware of this. And you know, tweets are the same example.

So, you do have a legal balancing test, but I guess you can also call it an ethical balancing test, it's where you think ‑‑ most of the time it will be illegal or unlawful to collect this data, but because the laws are quite old, aged, you can sort of justify these kind of data collections but you need to explain and consider why your collection of that data is worth breaching however many people's privacy for, and how serious is that privacy breach, what does this data show? These kind of things. What kind of tools are we applying to minimise the harm of this data? And so, one of these questions that these guidelines will be answering or guiding you into answering.

And the final thing that came up is, it goes along with a balancing test, sometimes you do unethical research but you try and do it for the right reasons, for example, to stop or counter unethical practices, then there are these trade‑offs that you need to do.

Just, to explain how this Twitter project was solved, is the lady realised that all the data she was collecting, she was doing it unlawfully, but, you know, so many people collect tweets, so much social research is done based on tweets that she decided to develop her own system where she had used tweets that didn't really say much. If there was some context or some personal information given in these tweets, she would send these people a message and say, you know, I will be using it for this and this research, you can opt out on this website. And if the tweets were a bit more serious, a bit more harmful potentially, she'd send them a message and ask them to opt into this research.

So, anyway, we have learnt lots of lessons so far, we're going to be lots more workshops over the next few months. I mean, some basic examples is that data minimisation and purpose limitation is principles out of data protection. There are important ethical and legal considerations for anyone doing a network systems research. We need to understand the social challenges and all the power and balances on a per case basis, so you can't say you know, Iran is a country like this and this, so, therefore, we can do such and such. If you want to justify what you are doing certain potentially harmful research, go and speak to people, really find out what the actual impact is of that research. And, you know, we need to develop more guidelines on what actually the harms are. How to identify them, and how we think about these.

So, again, if you want to join this project in any way, we have currently got a mailing list of about 50 people, and there are several more I'm speaking to often. Please go to this website, and over the next four months here is a list of the workshops, they are also on the website, there is a big one we're organising at the ACM
SIGCOMM in London, it's going to be a full day workshop where we try to hack as many ethical guidelines as possible, and here is a list of places that will be ‑‑ I'll be around over the next few days so if you are interested to talk about this or join this in some way, please come up to me.

Thank you.


CHAIR: Thank you very much. Any questions, please come to the mike.

AUDIENCE SPEAKER: Hi, George Michaelson, APNIC. You know, there is an element that the network we're all using and depending on in an operational sense is an experiment that was essentially released into the wider community without any adequate ethical review, we didn't start out on this journey with a concept clear in our minds that we were going to take 32‑bit numbers and turn them into identifying qualities and use them for their properties of uniqueness and route them globally. We had a fairly crude sense of what the world was going to look like and it was probably bound in funding models of academic research at the time. So if you say actions have consequences, which I think is quite a lot of the tone of what you are saying, I'd say hell, yeah. But the upside/downside measurement, I found very interesting. I thought it was quite nice that you were making a fairly clear statement, it's not that they can be no harms, there are always harms in things we do in life. You must understand the balance. You should make a considered decision about what you are doing and not a naive one or be blind. So, I like that quality very much in what you said.

Jon Postel was quite fond of doing interesting research when he was looking at qualities in addressing and naming and we have lived the consequences of some of that in ways that are very difficult for us collectively. He wasn't meaning to do harm. So, when people said let's have .com and didn't say we are all living the public policy consequence, that class of decision. So, I think what you say has very deep roots in the Internet and rings true. Thank you.

BENDERT ZEVENBERGEN: What I often find, speaking to engineers, is that there is very little understanding how, how much of a central nervous system for society the Internet has become. Especially some very hard core Internet engineers, I'll call them, I'm not calling you names, but they are only realising what the social impact is of what they are doing when their papers get rejected or, you know, when the newspapers start writing about what they are doing. Whereas actually most of the things that are being developed have a big social impact. It's just you know sometimes it does ‑‑ it isn't written about sometimes, you can lie to your ethical board and you know create those databases anyway.

Thanks for your comment.

AUDIENCE SPEAKER: Wilfried Woeber again. And just speaking for myself and with a tiny hat of security guy on top. It's more an observation than a question. And I think from your background and from your goal with this presentation it was obvious that you are addressing and focusing on this community, but in particular, when it comes to data protection, you have to be aware that, on a global scale, you cannot expect that you are acting within a uniform ethical or legal environment, and this is particularly interesting for those of the researchers maybe who obtain data which is or was collected in an area where there is a quite different mind set on personally identifiable information and importing that because as soon as that set of data, for example, ends up on a disc or on a desk in the European Union, you are not allowed to redistribute it because local law does not make any difference or distinction whether the data was obtained locally or was in a particular legal environment or in a different one. So that's one of the things that I just wanted to reinforce here sort of all of us, whether it's research, and I'm coming to the research again, research or other stuff, we are not working in a homogenous environment, neither ethically or legally.

BENDERT ZEVENBERGEN: Just a quick comment on this. This is a side project, I'm actually doing my Ph.D. on privacy, and a comparison between Netherlands, England and Germany, and I have chosen those three because they have the same base law, you know, the European directive, but their implementation or their way of reasoning by citizens and the media is completely different. A great example is Google Street View which is it was scrutinised a bit in the Netherlands, it wasn't really scrutinised at all in the UK and in Germany, there is basically no Street View and the law that should be covering this implementation is the same. So, yeah... we are aware of that.

AUDIENCE SPEAKER: [], as a person also. It's very interesting to listen about ethics in network research, but you are presenting Oxford Internet Institute from the country which is well known straying of using Internet data in recent project and you are going to New York whole, so, located in a country which doesn't preserve any ethics for at least not American citizens, so, what about ethics of our governments? Why we must comply any ethics rules or as engineers why our freshly elected governments or your freshly elected governments and American freshly elected governments and so‑called law enforcers doesn't preserve any ethics rules, do you have research on this point? Why you are not including these violations in your research?

BENDERT ZEVENBERGEN: With this research I'm really looking at Internet research and less so Government surveillance but I have presented this at GCHQ in November and I have been speaking to their Internet since, it's their research department but it's not the guys running Tempora and stuff like that, and we have written some papers and things about the British law, for example. I'm not going to make any political statements here but I agree with you that it's completely wrong what's happening and there should be more ethical considerations there. But that's the governments are outside of the scope of this work, but they are interested, they are looking ‑‑ I have sent that previous document with the mobile privacy collections, I have sent that to GCHQ and we have discussed that in depth. I'm not sure what they are doing with that, but at least it's on their radar.

AUDIENCE SPEAKER: Hi. Thanks, Meredith Whittaker from Google research, speaking on my own behalf. To the last comment I would just hope we don't set ourselves up for a race to the ethical bottom, you know, I would prefer to be good even if others are bad. So, moving on from there, I wanted to sort of build on a point that George made which I thought was really astute about intentionality and, you know, this, the Internet now is an agglomeration of ideas and thoughts and implementations that people had that may or may not have been intended to turn out the way it does and we now have that massively complex system where changing one thing can have you know a network effect at the other end that is completely unintended and I think a lot of time when we have these discussions with ethics and engineering it becomes touchy because a lot of times it is framed as sort of blaming these technical decisions on humans who should have known better because the intention should have been there to do better. And I think we are at a point where the complexity is so vast that we really just have to think of this as sort of how do we set up feedback that let's us know what this system is doing in relation to changes we try to make, so feedback looking at human‑centred design principles, other ways of looking at what are the actual impacts on people intended or not that we can then calibrate to, you know, improve, that we can calibrate to remain on ethical firm ground. I don't know exactly with what that looks like but I'm a huge fan of this work and I'm glad to see it presented here, so maybe that's a start. That's all.

AUDIENCE SPEAKER: With this comment about a real nice piece of work ‑‑ Wilfried again. I'd like to come back to the definition of research, because from a social sciencist's point of view and trying to find out usage patterns on the Internet, that's probably well understood. But looking back at some of the situations we had in the last calendar year where you wanted to find out whether certain situations do exist in the Internet globally not because of trying to find out who is surfing to which particular web page but whether they are vulnerabilities around, so this is going from research to scanning. My question is: Did you have any thoughts or did you do any thinking sort of about this, not borderline case, but a slightly different angle to doing research on the Internet? Because, most of these scans were done with a good intention and some of those were in some jurisdictions even done based on a sound legal background, but still there is some risk of doing harm with a scan and, in general, you are potentially ending up with a set of data where there is no possibility at all to get some indication of consent, but still, the feeling in the techie and in some other groups is you still have to do that to protect the integrity of the network. Any comments to that?

BENDERT ZEVENBERGEN: Yeah, so, we're just starting this project, it came out of this previous document on privacy on mobile phone connection, so there was no scans in that. But I think, what you are saying is, you know, that has already been addressed by the security community, I think about three, four, or five years ago, and I think definitely this will also be in the scope of what I'm doing, so, we will be inviting security engineers to these workshops to discuss these things. And I think this is part of what we're going to do, so it's not going to be the main focus, but it will definitely reflect on this. And just quickly explain that this website that we're trying to set up ‑‑ the previous guidelines were PDF, we now want to set is up on a website which is a lot more dynamic where you can add different problems or modules and show the different reasoning within certain problems where you can go left or right and where you can find the centre again, consider the balance. So this will definitely be something that maybe even if we don't include it in the first situation, by continuing this work, we can add these kind of things to it. And if you're really interested, if you have some good examples, I'd love to invite you to one of these workshops one day to discuss it, but we can talk about that outside.

AUDIENCE SPEAKER: Colin Anderson from measurement lab. Ben, what sort of incentives for adoption of higher /*ET /K‑LG norms will exist? How do you thinking this unfold and what do you think towards that incentives, what will be the disincentives for people who are not maybe behaving within those new norms? Do you think that people, for example, those in the room who are performing research might encounter greater resistance from programme committees for publications, you know, sort of informal ways of disincentives or criticisms or these sorts of things, do you think this is represent more scepticism towards research or critiques?

BENDERT ZEVENBERGEN: Great questions. I think, the incentive part, I think that the knowledge is growing ‑‑ what I'm seeing in the measurement community and what we have seen with the security community, so the real identification is there that ethics is becoming a huge part and you are actually affecting people's lives potentially, so you see papers getting rejected and papers being written about papers being rejected and then a computer scientist coming up with you know the four principles of ethics which aren't quite as thought through as I'm hoping this project will be. So, what we're trying to set up is to let programme committees, for example, at a conference, refer to these, or other guidelines, and say you know, if you are curious about whether you are on the right side of the ethical line, consult these guidelines and maybe we're also setting up a panel of international researchers who work in this space, I can talk about that another time, but ‑‑ and then to, before people submit their papers, to consult these guidelines and to see whether they are doing the right thing and then to actually refer to them as well in their ethics section, you know, you don't need to write a four‑page ethics section based on these guidelines, but you can say we have looked at them and, you know, we have taken this and this and this into consideration and this is how we explain it. And then the Programme Committee can feel a little bit more secure in accepting these papers, because we often times see that programme committees themselves have you know different ethical ways of reasoning or different values. So this could be more of a central point to get some acceptance from all sides.

Your other question, whether it is going to make people more wary, or more scared, was that what you said? Yeah... I think it will make people a lot more aware of what they are actually doing and if that is making people more afraid of what these things do, then maybe this is the start of a bigger discussion. I hope this will lead to actually engineers making the decisions that are right, the technical decisions, the legal decisions, organisational ones, but we'll see. We'll see what the effect is.

AUDIENCE SPEAKER: So, have you thought of any means of executing those decisions like of ethical, other than presenting users researches with 50 pages legal agreement, or a tick box, I promise I won't do anything nasty?

BENDERT ZEVENBERGEN: That's a major, major issue. That's one we are definitely working on and speaking about a lot. There is another project, it's called the meaningful consent project which is run at the University of Southampton, but also an international consortium and they are really focusing on this issue so we are working closely with them, we are not going to replicate their work, we are discussing what ‑‑ we are giving some input, but I think their the ones who are driving this question at the moment.

CHAIR: This will be the last question.

AUDIENCE SPEAKER: Are you saying that there's a public citation index where I can find the name of researchers who may potentially breach ethics? Isn't that a breach of their privacy? It's a joke, but there's a quality around any information‑gathering that has that recursive feel that, in the act of identifying the potential for people to unknowingly commit harms, in compiling the list, you are, in effect, creating a database that's a statement of these people are potentially not aware of the ethical implications of what they are doing.


AUDIENCE SPEAKER: All actions carry risks, right.

BENDERT ZEVENBERGEN: Exactly. So it's very much privacy by design that database.

CHAIR: Thank you very much, Ben.


And just a reminder you have about 30 seconds left to submit your Programme Committee nomination, at, type away right now, and we will see everyone in about half an hour.

(Coffee break)