IETF Logo Mail Archive

Re: [Int-area] WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 24 April 2018 22:42 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DE9412DA69 for <int-area@ietfa.amsl.com>; Tue, 24 Apr 2018 15:42:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IZY7Fc2uuDXB for <int-area@ietfa.amsl.com>; Tue, 24 Apr 2018 15:41:58 -0700 (PDT)
Received: from mail-pg0-x22f.google.com (mail-pg0-x22f.google.com [IPv6:2607:f8b0:400e:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F06FA12D9FF for <int-area@ietf.org>; Tue, 24 Apr 2018 15:41:57 -0700 (PDT)
Received: by mail-pg0-x22f.google.com with SMTP id i29so10389694pgn.12 for <int-area@ietf.org>; Tue, 24 Apr 2018 15:41:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=R6xRxmb5lv1opQn8Ld2J54oAOPEutfXbGTrPDQeK74c=; b=nZh2vDs4WfBl4Fg14oKn2mVmKbdpIuGUt/Kga891Y8boJTgD0C0nZQ5Xv9XWFQxiKu b73NIHcwohbCMFVN0E+NRuD5KrTQk+tlwPMBd3IH26j/GhoNrb8r0mF3oPzZyYYe4mUc ceL/AcBjzcATYq+8kHZ+doTtyTC+Cej+bZK3eHfZ7Voo+a91iEAnr3hKd8GemkF/QmKT KPAK7bPO35mIRdXzyJJGFXCOkArHUgrD4LJNrGrBaSp/hRkEAwap8LReLZGzJHI6BM9/ //Qk/c0v5ElZMLvxUbKaQw+D2tVhk71JTFeJJtk7aWwFkWAOkqY6dv6q93n77Ggc7547 CUug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=R6xRxmb5lv1opQn8Ld2J54oAOPEutfXbGTrPDQeK74c=; b=Pj1S0obFGeriKc7S03YApiqlmF8seJROKxWxZYNoDpmbCfu+UYi/dnznLwiHxQZQEH 2nNlpnoOl+t4gBnY78EN8avDs9OR7MIYLiBFxvjCtoNap1lo3UJdg0Pq1NVK6/BtAhUb f8KcEXVMt/GOVIBHZwxwsulEjKm1PNGcddQ19aWXkk0OUEP+9EJhFsVkINeQshCPh948 tnB3u48Yn1SLkKmhVSO51pQEpGvlAQNBRjozAC+w+AVgdnTivhHUJWZ9DiL6AkpVfdFf 9EEyZ05xpO+HdN4Skx0+HxgfQYSG4RIahMQNiipCS4x6K1kX274b5xUqs5Lii+HlAl2+ yI4w==
X-Gm-Message-State: ALQs6tBe96qBoo1/4Jf1S4DdgE1UDbjGVE4+dJOhsK/pB1hYb0g1TLNt NSAygjG+AfZLMvFyshggvUKpEQ==
X-Google-Smtp-Source: AIpwx49pVTTs3kSWHFTTz4muXUESOBiWd7H+5wV2ognHmWHBNfzrAReE7WbelV3m5ajIdcHRDNhcwQ==
X-Received: by 10.101.85.140 with SMTP id j12mr22191284pgs.262.1524609717109; Tue, 24 Apr 2018 15:41:57 -0700 (PDT)
Received: from [192.168.178.26] ([118.149.104.73]) by smtp.gmail.com with ESMTPSA id p6sm26273060pfn.140.2018.04.24.15.41.54 for <int-area@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Apr 2018 15:41:55 -0700 (PDT)
To: int-area@ietf.org
References: <a231b336-7e6d-bef1-92ab-001ae05eef0c@cs.tcd.ie> <34138484-94cc-9de8-0221-dfd05f4c05a5@gmail.com> <492a4225-60d3-a3fe-18d7-f44d8deb2825@cs.tcd.ie> <2A16E034-009F-40AD-BF3A-A8DF16456366@fugue.com> <CC5D38CE-5AB8-4273-B4AD-8A8372F918D4@daveor.com> <c8006066-e013-c838-219e-5d809c5bc4c7@cs.tcd.ie> <744bb330-5a56-f675-3814-6b7d20faca0d@article19.org> <AA580018-6A56-4D13-AAC4-3DDABA2AFCC5@daveor.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <515d1397-10d4-db5d-b33e-59ec7f36862b@gmail.com>
Date: Wed, 25 Apr 2018 10:41:57 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <AA580018-6A56-4D13-AAC4-3DDABA2AFCC5@daveor.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/OY9oe5CcV4-n9aM3BBtWVT7QKCw>
Subject: Re: [Int-area] WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 22:42:00 -0000

On 25/04/2018 00:49, Dave O'Reilly wrote:
> Amelia,
> 
> I have read this draft now and, once again, it seems there has been no consideration of the implications for law enforcement of these recommendations. A further example of the "privacy is good, more privacy is better" philosophy. 
> 
> I also reviewed RFC6973 and the exact same problem is present there. The privacy threats highlighted in RFC6973 are reasonable from a privacy advocate’s perspective and worthy of consideration, and the mitigants listed also make sense in the context of the listed threats. However, to intimate that the representations of RFC6973 are the only possible perspective, or in some objective sense the “right” perspective, or indeed in any way a complete perspective, misses out important societal issues such as those that are being discussed in this thread.
> 
> The considerations that appear to be foremost in RFC6973 are the issues relating to the collection and use of personal data for commercial purposes and the impact of data breaches

These days we would add "political purposes", and that is interesting because
it has both societal and possible criminal implications. But those issues are
much wider than IP addresses and ports. 

> - the crime attribution characteristics are hardly considered at all. Only surveillance is mentioned and this category, crime attribution per se is not considered at all.

For a reason. A tool that can be used by the authorities for tracing crime to its
source can be used by authorities for tracing political activity to its source,
which in many countries is considered to be abuse of power. And if the tool itself
is vulnerable, it can be mis-used by non-government actors for bad purposes.
This is the argument behind RFC 2804 of course, and I don't see this discussion
as anything different in principle.

RFC 6302 is a bit different. Server logs are sometimes essential for problem
debugging, rather than for penetrating privacy.

   Brian

> It is also sort of implied that surveillance is always a bad thing (it is, after all, listed in the privacy threats section with no consideration of if, or why, there might be a legitimate use for surveillance, subject to appropriate legal safeguards of course) - another point that should be debated and not automatically accepted.
> 
> The only trade-offs that are suggested for consideration are (ref. section 4.a)  "privacy and usability, privacy and efficiency, privacy and implementability, or privacy and other design goals”. What about, for example, privacy and potential for misuse, privacy and potential for concealing criminal activity, etc. etc.?
> 
> Coming back to the Internet Draft for a moment, there are other points that I could raise but I only want to draw out one rather glaring misrepresentation for now:
> 
> "Earlier recommendations contained in [RFC6302] relied heavily on observations made in Section 12 of [RFC6269] that regulatory requirements could imply a broad obligation to log identifiers.”
> 
> RFC6302 has nothing to do with regulatory requirements to log anything. RFC6302 relates to recommendations that Internet-facing servers log source port information alongside IP address. The overwhelming majority of Internet-facing servers are subject to no form of regulation at all. The fact that RFC6269 highlights a regulatory requirement to maintain subscriber identity, and the subsequent striking down of the data retention directive, is immaterial to the substance of RFC6302 and RFC6302 does not rely on it in any way. Attempting to throw out the existing recommendations in RFC6302 because of the ECJ ruling on data retention directive is disingenuous. 
> 
> daveor
> 
>> On 23 Apr 2018, at 09:10, Amelia Andersdotter <amelia@article19.org> wrote:
>>
>> I've tabled a similar draft but with a different scope. Happy to discuss
>> with members on the list:
>>
>> https://datatracker.ietf.org/doc/draft-andersdotter-intarea-update-to-rfc6302/
>>
>> -- 
>>
>> Amelia Andersdotter
>> Technical Consultant, Digital Programme
>>
>> ARTICLE19
>> www.article19.org
>>
>> PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55
>>
> 
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area
>

v2.23.0 | Report a Bug | By Email