Dear colleagues, Europol (the European Union’s law enforcement agency) last month sent a communication to the Council of the European Union (the group of government ministers from each EU country) regarding Carrier-Grade NAT (CGN), an issue of direct relevance to many RIPE NCC members and the RIPE community.
The communication is available online at: http://www.statewatch.org/news/2017/jan/eu-europol-cgn-tech-going-dark-data-retention-note-5127-17.pdf Specifically, it notes that: > With CGN, law enforcement has lost its ability to associate and link a > particular cyber criminal’s activity back to a particular IP address. The paper suggests greater regulatory coordination at the EU level regarding CGN, and also notes that: > On 31st January 2017 a European Network of law enforcement specialists in CGN > will be established, the secretariat of which will be established [/provided > by?] at Europol. The aim of this network is to: > > - document cases of non-attribution linked to CGN in EU, > - document existing best practices to overcome CGN-related attribution > problems currently in place in some Member States, > - raise awareness of European policy-makers about the problem of attribution > linked to CGN technologies, > - represent the voice of law enforcement developing a common narrative and > advocating for a voluntary scheme at EU level to improve traceability by > engaging in a coordinated fashion with ISPs and content providers. A press release was also issued by Europol regarding the formation of this new group: https://www.europol.europa.eu/newsroom/news/closing-online-crime-attribution-gap-european-law-enforcement-tackles-carrier-grade-nat-cgn LEA interest in reducing the use of CGN also came up for discussion at the recent RIPE NCC Roundtable Meeting for Governments and Regulators (held in Brussels on 24 January), where the strong uptake of IPv6 in Belgium was attributed (at least partially) to coordination between law enforcement, national regulators and operators to limit the number of customers that can concurrently share a single IPv4 address. As noted in a previous email, the RIPE NCC and Europol signed an MoU in December 2016 with a focus on sharing expertise in the areas of cybercrime and Internet security. We will be liaising with Europol on this topic, and would appreciate any feedback from the RIPE community on this or related issues. Best regards, Chris Buckridge External Relations Manager RIPE NCC
