IETF Logo Mail Archive

Re: [Int-area] WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies

Dave O'Reilly <rfc@daveor.com> Sun, 22 April 2018 19:19 UTC

Return-Path: <rfc@daveor.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04AA7126CBF for <int-area@ietfa.amsl.com>; Sun, 22 Apr 2018 12:19:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=daveor.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PdMe14tt6BKW for <int-area@ietfa.amsl.com>; Sun, 22 Apr 2018 12:18:59 -0700 (PDT)
Received: from vps.ftrsolutions.com (vps.ftrsolutions.com [5.77.39.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77D6E126CB6 for <int-area@ietf.org>; Sun, 22 Apr 2018 12:18:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=daveor.com; s=default; h=To:References:Message-Id:Content-Transfer-Encoding:Cc:Date: In-Reply-To:From:Subject:Mime-Version:Content-Type:Sender:Reply-To:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe :List-Post:List-Owner:List-Archive; bh=ZsP1GN2ODFB+AA/8otjTdDZO5hN9GMwxAanQvxuUtlU=; b=X1uAwN2byP0E2R91bcLNSG4zkL KGTR+HzgfEWB7J3AA0gL96jeHgxFtVrp0wsE+nVIcgKf96y2rtmwYOSxlFpuW6X+I+PeZpnqqtiGW GZeuWFx2W4lxwoG7fFSx+oU8IyR/8SagCEiiGl6/g9WjS0gv2f2Qm+ZU8B7LBJjOpgIA=;
Received: from 86-44-56-31-dynamic.agg7.bsn.cld-dbn.eircom.net ([86.44.56.31]:58974 helo=[192.168.1.26]) by vps.ftrsolutions.com with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.89_1) (envelope-from <rfc@daveor.com>) id 1fAKVl-000GLh-9K; Sun, 22 Apr 2018 20:18:57 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dave O'Reilly <rfc@daveor.com>
In-Reply-To: <2A16E034-009F-40AD-BF3A-A8DF16456366@fugue.com>
Date: Sun, 22 Apr 2018 20:18:40 +0100
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "int-area@ietf.org" <int-area@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CC5D38CE-5AB8-4273-B4AD-8A8372F918D4@daveor.com>
References: <a231b336-7e6d-bef1-92ab-001ae05eef0c@cs.tcd.ie> <34138484-94cc-9de8-0221-dfd05f4c05a5@gmail.com> <492a4225-60d3-a3fe-18d7-f44d8deb2825@cs.tcd.ie> <2A16E034-009F-40AD-BF3A-A8DF16456366@fugue.com>
To: Ted Lemon <mellon@fugue.com>
X-Mailer: Apple Mail (2.3124)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.ftrsolutions.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - daveor.com
X-Get-Message-Sender-Via: vps.ftrsolutions.com: authenticated_id: dave@daveor.com
X-Authenticated-Sender: vps.ftrsolutions.com: dave@daveor.com
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/oiEBR6AF7_47tgGeXsWrW2j1Vko>
Subject: Re: [Int-area] WG adoption call: Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Apr 2018 19:19:02 -0000

Dear all,

I hope it’s not inappropriate for me to step into this discussion, but I would like to respond to a few of the points that have been raised so far. For brevity I will incorporate my responses to the various emails into a single email.

The main point people are making:
———————————————————————

There are several objections to the document scope (by Stephen Farrell, Brian E Carpenter and Ted Lemon - quotations are not necessary, I trust). 

In response I only point out that the intarea working group has already adopted a document making recommendations that logging of source port should be done (RFC6302/BCP162). The point I’m making in this document is that:

1. source port logging is not routine, despite publication of RFC6302 in 2011 - in other words the document has not had the hoped for impact
2. what are the reasons for this
3. what additional recommendations can be made to move this along

Therefore I’m a little surprised by this response to a relatively minor movement in an already published intarea position. 

However, if people are irreconcilably opposed to the scope of the current document, then I propose as follows:

a. Reject the call for adoption by the working group and move the document back to the independent submission stream. I believe the conflict review comments have already been adequately addressed in draft -04 and publication will hopefully be possible there.
b. Begin a discussion here (or in whatever forum might be more appropriate) on what would be an appropriate scope for a separate document to consider the broader issues that are being raised by the various commenters and see what sort of consensus can be reached. I offer to contribute my opinion to that discussion. 

Other additional points:
———————————————

From Stephen Farrell:

> I do support consideration of how law enforcement investigations can be carried out, but not without a similar level of consideration of the real trade-offs between assisting law enforcement and commercial or other surveillance. At present, the draft is nowhere near sufficient in this respect. (Despite saying that "Clearly a balance needs to be struck between individual right to privacy and law enforcement access to data during criminal investigations" the draft is anything but balanced in that respect.)

The document is not supposed to be an analysis of the privacy implications of law enforcement access to data in general and, by the way, nobody is talking about “assisting law enforcement and commercial or other surveillance” - that’s a straw man. I do address in section 9 the privacy implications of the specific proposal (source port logging) as a solution to a specific problem (carrier grade NAT and similar technologies) - a proposal that has already been accepted by the intarea group in RFC6302/BCP162. 

However, I agree with you that a broader discussion within the IETF of the balance between privacy and the societal need for law enforcement access to data is certainly required. From what I can see in my research so far, the philosophy within the IETF appears to heavily favour privacy over other issues (such as societal rights or rights of victims of crime - represented in this case by law enforcement access to data). I cite as just two examples of this (and believe me I can provide many more):

- RFC4941 (Privacy extensions for stateless address auto configuration in IPv6) - “by design” obfuscation of the source of network traffic with no consideration of the crime attribution implications
- RFC6742 (Default address selection for Internet Protocol version 6 (IPv6)) - recommending selection of temporary addresses generated using RFC4941 over other options

I think a discussion of the broader issue requires robust and vocal representation of both sides and I am willing to adopt for the purposes of such a discussion the, apparently unpopular, position that while the right to privacy is very important it is not the only right and a more nuanced consideration of the situation might be worthwhile.

From Brian E Carpenter:

> I do have another comment about adoption. This is an IPv4 technology. Do we really want to spent IETF cycles on it? I'd prefer that we adopt https://tools.ietf.org/html/draft-george-ipv6-support-03 .

I agree with you that this is an IPv4 problem. I mention in the document (last paragraph of section 1) that migration to IPv6 would make this problem go away but also I would like to emphasise that this is a real problem being faced right now and it is something that can’t be put off until IPv6 migration is complete. Whether or not the IETF is the correct forum is not for me to say - all I’m trying to do is make sure that at least the conversation takes place.

Regards,
daveor

v2.23.0 | Report a Bug | By Email