Law Enforcement and Internet Governance: An Ounce of Prevention Is Worth a Pound of Cure Supervisory Special Agent Robert Flaim Federal Bureau of Investigation (FBI) Operational Technology Division
Global LE Objective To be actively involved in Internet Governance bodies to adopt proactive laws and regulations to prevent crime and enable LE to trace criminal activity and actors quickly
Big Issues 2010 Internationalized Domain Names (IDN) Greater IPv6 address allocation and lack of appropriate tracking of IPv6 Introduction of ~500 new generic Top Level Domains (gtld) Depletion of IPv4 addresses IPv6 carrier-grade NATs (IETF)
How will LE address these issues? Adopt polices at ICANN and RIRs RAA Amendments in 2009 IDN Briefings in 2010 Introduce/Oppose RIR policies 2010 Legislation to adopt sound regulatory policies Validation of WHOIS data
Prevention LE activities in Internet Governance ICANN Awareness - LE Sessions in Luxembourg, Paris, Mexico City, Seoul Proposals- ICANN Due Diligence and Registrar Accreditation Agreement (RAA) Proposal at ICANN Seoul Regional Internet Registries (RIR) LE/Government Working Groups in ARIN, RIPE NCC, developing Working Groups in APNIC, LACNIC, AfriNIC Advocated WHOIS IPv4 WHOIS Policies since 2005 IPv6 Legislation to record all IPv6 addresses
What is ICANN? Internet Corporation for Assigned Names and Numbers Founded in 1998 as a not-for-profit organization Coordinates the allocation and assignment of the three sets of unique identifiers for the Internet, which are: Domain names (forming a system referred to as "DNS"); Internet protocol ("IP") addresses and autonomous system ("AS") numbers; and Protocol port and parameter numbers Coordinates the operation and evolution of the DNS root name server system. Top Level Technical Coordination Body
ICANN Structure GNSO The reviews SSAC advises and develops the ICANN recommendations community and Board The The GAC s ASO The key CCNSO reviews role is is to and provide responsible develops matters on advice generic relating for to recommendations ICANN developing top-level on the issues security domains. and recommending and on Internet integrity of of public Protocol policy, global (IP) particularly policies address the relating Internet's as policy they relate to and naming country-code to advises the and concerns address the top-level ICANN allocation Board. domains systems. of governments, and national building laws, consensus and international across agreements. the censor's community. The mission of the IETF is to produce engineering documents that influence the way people design, use, and manage the Internet.
LE Proactive Initiatives: ICANN LE Sessions at ICANN to educate LE on ICANN s role and to ensure LE concerns are heard and addressed Issues WHOIS, LE needs public and accurate data New gtlds IDNs Sessions in Luxembourg 2005, Paris (2008), Mexico City (2009) and Seoul (2009)
LE Due Diligence and RAA Proposal for ICANN Recommendations to ICANN LE presented Due Diligence and RAA Improvement Proposal at ICANN Seoul Malicious Conduct Session to ICANN Board, the GAC and Community Drafters; Australia, Canada, New Zealand, UK, and USA Supported: G-8 High Tech Crime Group, Interpol Cyber Working Group, Korea, Switzerland, Thailand
LE Proposal to ICANN Three (3) Objectives: 1. Due Diligence 2. WHOIS 3. Transparency and Accountability
Due Diligence ICANN needs to vet potential registrars and registries, i.e., Dunn and Bradstreet Lexus Nexus Registrars need to validate data received at registration, i.e., Network Solutions (VeriSign) Solution Time-based algorithms, IP, BIN data, HTTP header information and device ID, blacklists, null values
WHOIS Accurate and public WHOIS Proxy/Privacy Registrations For private individuals for non-commercial purposes Companies providing services should be accredited by ICANN
Accountability and Transparency Domain name resellers and all third party beneficiaries to be held to the same terms and conditions ICANN should require all registrars, registries, proxy services, resellers and all third party beneficiaries of any contracts, policies of ICANN to publicly display ownership, parent companies, subsidiaries and business associations
Regional Internet Registries (RIR) RIRs allocate IP addresses and Autonomous System Numbers (ASN). RIRs receive their IP/AS Numbers from IANA (Internet Assigned Numbers Authority) which is administered by ICANN.
Regional Internet Registries (RIR)
Prevention-RIRs Creation of LE/Government Working Groups RIPE NCC started in 2006 ARIN established ARIN Government Working Group in February 2009 18 LE and Government agencies LACNIC had a discussion of Government Working Group at their last meeting in May 2009 LE from Brazil, Uruguay, Costa Rica and Nicaragua APNIC and Australian Federal Police in 2009 have begun negotiations for WG
Why LE/Government- RIR Working Groups? To go from reactive to proactive; LE coordinate with RIRs and private industry to develop policies that will enhance LE capabilities in crime-fighting for the safety and security of the Internet Issues addressed in RIPE NCC, ARIN: IP revocation WHOIS policies IPv4 Network Address Translation IPv6 WHOIS, allocation policies
Mission of AGWG To provide a forum for learning and discussing matters relating to ARIN with focus on cooperation between the public and private sector while adhering to all ARIN policies and procedures.
ARIN Criminal Issues IP address revocation ARIN can revoke IP address space if there is a definitive finding, pursuant to the ARIN Registration Service Agreement (RSA), paragraph 4(d). ARIN defines a definitive finding as: (1) any court adjudication resulting in a final order by the trial court. (2) any finding by an agency or tribunal that is authorized to make such judgments. WHOIS - Working with ARIN for open and accurate WHOIS, have persuaded ARIN to not limit WHOIS, despite several policy proposals and have successfully defeated such policies; Common-carrier Network Address Translation (NAT) - Coordinating with ARIN and authors of IETF proposal, i.e. ensuring proper logging.
Outstanding Issues RIRs and ICANN Ensure gtlds and cctlds are secure and transparent by exercising due diligence and mandating validated registrant data; ICANN standards through the Registrar Accreditation Agreement for gtlds and uniform national laws for cctlds Introduce new policies in RIRs to address voids in current IPv4 and IPv6 allocations Have new cooperative legal agreement to share information real-time, i.e., new 21 st Century MLAT?
2010 Agenda ICANN Meeting in Nairobi, Kenya, March 9, 2010 GAC will vote to pass resolution supporting LE RAA and Due Diligence Proposal London Global RIR Meeting, March 17 th, 2010 5 RIRs and 50 national LE representatives meet to discuss collective issues facing LE and RIRs ICANN Meeting in Brussels, Belgium, June 2010 LE convene to advocate passage of LE and Due Diligence Proposal to ICANN Board of Directors
Questions? Email rflaim@ic.fbi.gov Telephone - 1-571-437-3728