ECTA - Notification and Takedown in Italy


Published on

A speech at ECTA 2012 in Bruxelles, about requests made to italian ISPs by italian law enforcement

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Enter srl is an italian ISP based in Milan and estabilished in 1996. Enter provides access and datacenter services to business customers. Access services are based on xDSL (Ethernet and ATM) connectivity on copper, radio link and fiber (FTTx), delivering national and international customers internet access, geographical MPLS VPN networks, telephony services (PSTN and IP). Datacenter services cover several architectures based on physical servers (hosting and housing), virtual servers and public cloud platforms. Enter datacenter is located in Milano Caldera and directly connected to the Milan Internet Exchange (MIX). The Associazione Italiana Internet Provider (“AIIP”) is an association of Italian communications operators established on 1995, with the aim to represent its associates before any public administration, independent authority, or any other public body, domestic or supranational, such as the European Commission on any issues relating to Internet and electronic communications, as well as cybercrime, data protection, e-commerce regulation, and safe use of the Internet, etc. AIIP represents more than 50 associated companies which offer to the public electronic communications services (Internet access, housing, hosting, IP based services such as VoIP, IPTV, video communications, videoconferences,).
  • Permanent blockings For two specific matters, the Internal Affairs Ministry has set up specific procedures: CNCPO (National Centre for Paedopornography Online Contrast) - a central list is kept up to date, ISPs and telcos have to mantain the DNS blocking filters updated AAMS (Autonomous State Monopolies Administration) - a 400+ foreign gambling site list has been blocked years ago and must be kept filtered
  • Recipients of the requests The recipient list, which is often attached, varies from time to time, and from police office to another. This means there is no shared procedure to retrieve the list. Many active providers are always left out the list. Some large hosting providers are always included even if they do not offer access, though Recipient of the request are always access providers, registered on the Authority Register ( ROC , Communication Operators Registry) or ISPs owning a Telecommunication Ministry ISP general license. The two are not necessarily overlapping. There are no controls over the execution of the request.
  • The suggested approach SLIDE 7 If a website blocking is needed, whether it is a single page or an entire site, the request should be addressed to the source, to obtain maximum effectiveness, therefore to: the owner of the domain (WHOIS tells you always who he/she is) (immediate takedown) the hoster (immediate takedown) the technical contacts of the domain registrar (immediate takedown plus some propagation delay) the internet breakout provider of the hoster (immediate takedown). No DNS blocking should be requested, as it is easy to work around No IP blocking should be requested, as with cloud technologies it would be much more easy to move a content from a server to another. No URL filtering should be requested, because it is unbearable both by small (costs) and large (huge data) internet providers. Privacy implications are "A-B-normal". Police offices should be trained about Internet crime issues and countermeasures. Requests should be more technically and lawfully correct. A standard request form should be defined. A single point of contact should be provided also for international issues, with shared procedures.
  • ECTA - Notification and Takedown in Italy

    1. 1. Notification and Takedownfrom an ISP standpoint Mariano Cunietti CTO, Enter Srl, Milano @mcunietti ECTA Conference Brussels, 26 November 2012
    2. 2. Enter Srl• Enter is an ISP operating in Italy and it is a member of AIIP, the Italian ISP association• Business consists in infrastructure services for enterprises (access, hosting, cloud, telephony)• Investments were done in developing proprietary access networks (ULL, Metroethernet), datacenter, cloud infrastructure (OpenStack)• Innovative products are related to connectivity (Metroethernet) and cloud computing (
    3. 3. Agenda• Police Notice and Takedown requests• Blocking technologies• Collateral damages• Suggestions for future approach
    4. 4. Police Takedown Request - Reasons • Illegal offer of goods and services (e.g. illegal arms, fake medicines, unauthorized gambling services etc.). • Illegal promotion of goods and services. • Content facilitating phishing, pharming or hacking. • Infringements of copyright and related rights, trademarks • Infringement of consumer protection rules. • Incitement to hatred or violence (on the basis of race, religion, gender, sexual orientation etc.) • Child abuse content • Terrorism related content (e.g. content inciting the commitment of terrorist offences and training material) • Defamation • Privacy infringements (Spamming included)
    5. 5. Police Takedown Request - Form• "In the scope of this criminal prosecution, please proceed immediately to the preventive seizure of this site by prohibiting access from Italy to the site [www.][/page] with IP 111.222.333.444 both via DNS and IP blocking.• Blocking shall be extended to related aliases linking to this site in the present and future, to IP address[es] actually bound to the aforementioned domain name[s] and any other additional statical IP address should be bound to, in the present and future.• You are strongly invited to forward this request to any other provider may be part of the same company group your company is member of.”
    6. 6. DNS Blocking
    7. 7. IP Blocking
    8. 8. Collateral damages• DNS blocking is easily worked around by users• IP blocking can be worked around by offenders• URL filtering has “A-B-Normal” impacts on privacy, costs, operations• Taking down entire domains or IPs means shutting down also legal services or websites.• Tracking down future DNS and IP aliases is a police task requested to ISPs
    9. 9. Suggested approach• Address the takedown N&A to the source: the hoster. One action rules them all.• Define standard police procedures to request takedown actions. Train police to use them.• Establish a single european and international point of contact for police requests to hosters
    10. 10. Questions?