IETF Logo Mail Archive

Re: [v6ops] Google Alert - IPv6

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Wed, 01 November 2017 17:17 UTC

Return-Path: <prvs=1478feaab1=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3BA013F95D for <v6ops@ietfa.amsl.com>; Wed, 1 Nov 2017 10:17:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es; domainkeys=pass (1024-bit key) header.from=jordi.palet@consulintel.es header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jgAh1XDRcrp4 for <v6ops@ietfa.amsl.com>; Wed, 1 Nov 2017 10:17:05 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [217.126.185.215]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 948E713F96B for <v6ops@ietf.org>; Wed, 1 Nov 2017 10:17:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1509556621; x=1510161421; q=dns/txt; h=DomainKey-Signature: Received:User-Agent:Date:Subject:From:To:Message-ID:Thread-Topic: References:In-Reply-To:Mime-version:Content-type: Content-transfer-encoding:Reply-To; bh=UW+aA3kP5dZvqBWgU1csZbPME AvW+LqoKZEK9b6qe/E=; b=Cpea/exmc5JNVYRakBQTZ4oLisH4oPz7dgni0LOMe h10d/iHlfHCU6WKoOvAo26wpowHuhTLZmD5OVYPaAmGLsNgaY6hmC2iv7H7PU7IZ d3UfKSz2AIaFVqzTm8EzGLMxr0K55fvBEipcDZGDxRgUjzAaml3D54sS0ZwVEcCg ng=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=consulintel.es; c=simple; q=dns; h=from:message-id; b=TYWhaHDndO2s+dhHQ36Nyz9sXJ9j6+j9O3qRZXWiSr/XcGN2U4pZs1YRZvhm Z9bmpaxgaQrqw1xfhuuq6c6EvW1MC5CqAVUFJRWZliNi7EQrrQ5D3uDe5 e0OjpmDhnxvH2CggLBXoiTrTEKqQQmew9MU6LECPvbmCgBjg591mjo=;
X-MDAV-Processed: mail.consulintel.es, Wed, 01 Nov 2017 18:17:01 +0100
X-Spam-Processed: mail.consulintel.es, Wed, 01 Nov 2017 18:17:00 +0100
Received: from [10.10.10.134] by mail.consulintel.es (MDaemon PRO v11.0.3) with ESMTP id md50005612783.msg for <v6ops@ietf.org>; Wed, 01 Nov 2017 18:17:00 +0100
X-MDOP-RefID: re=0.000,fgs=0 (_st=1 _vt=0 _iwf=0)
X-Authenticated-Sender: jordi.palet@consulintel.es
X-HashCash: 1:20:171101:md50005612783::8FRPnkrBEcvBat91:00004XxA
X-Return-Path: prvs=1478feaab1=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: v6ops@ietf.org
User-Agent: Microsoft-MacOutlook/f.27.0.171010
Date: Wed, 01 Nov 2017 18:16:56 +0100
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: v6ops list <v6ops@ietf.org>
Message-ID: <C1461E71-8E2C-4215-BB60-9C736510E810@consulintel.es>
Thread-Topic: [v6ops] Google Alert - IPv6
References: <f403045ef57ac52962055bd88b84@google.com> <20395E98-DA55-447F-BEFE-CB581A88BB78@gmail.com> <alpine.DEB.2.20.1710190655260.31961@uplift.swm.pp.se> <20171019083506.6627a166@echo.ms.redpill-linpro.com> <alpine.DEB.2.20.1710190856530.31961@uplift.swm.pp.se> <787AE7BB302AE849A7480A190F8B93300A056EB5@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CAHw9_iLWAMexrfXwsdB8duGa5ueJMofqVRqNck6DeOzA=KChqA@mail.gmail.com> <C4E37677-A2FB-49F8-B362-C29B28DFD570@daveor.com> <CE4906A4-E0CC-4C3F-A1F8-D2B5BED294D7@employees.org> <EDC5E9C7-F193-40CE-B21C-8E1D91E9E7E3@daveor.com> <C71D6C23-2720-403F-B655-D8156898A137@employees.org> <CALx6S37E9TN9SyMQfk3CSx9vWzjBM3bmuhvsyN0tFXGYFz9Mjw@mail.gmail.com> <CAO42Z2yXH0sPJYXJ6Nrq0B=UaDK4mC1R2Tds1tFQeBhuVh5meg@mail.gmail.com> <F0990C2F-0626-4416-AA5D-1AAE41C24510@gmail.com> <A9FAF661-C5DB-4EE2-8175-56FF50792B27@gmail.com> <C01E3F52-46F8-4BDC-91C8-052310673E6E@consulintel.es> <20171101073231.653A48DDFD9C@rock.dv.isc.org> <2013D3DA-0366-41F2-A0E8-07F5563C5D07@consulintel.es> <CALx6S37D2ziwr39H3SXWYXY48+GgnMBeiVrvsqVmwYCBqwPDcg@mail.gmail.com>
In-Reply-To: <CALx6S37D2ziwr39H3SXWYXY48+GgnMBeiVrvsqVmwYCBqwPDcg@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Reply-To: jordi.palet@consulintel.es
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/3wiYrfgK7NRJ6SFGRuRXbcfvoEo>
Subject: Re: [v6ops] Google Alert - IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2017 17:17:08 -0000

Hi Tom,

Not sure to understand what is a garbage track … Anyway, yes, laws unfortunately differ and sometimes too much from country to country. What I said apply to Spain, and I believe to most of the EU countries.

I wrote it wrong, let me rephrase it: “I fully agree that considering an IP as personal data is broken”.

Regards,
Jordi
 

-----Mensaje original-----
De: Tom Herbert <tom@herbertland.com>
Responder a: <tom@herbertland.com>
Fecha: miércoles, 1 de noviembre de 2017, 16:09
Para: Jordi Palet Martinez <jordi.palet@consulintel.es>
CC: v6ops list <v6ops@ietf.org>
Asunto: Re: [v6ops] Google Alert - IPv6

    On Wed, Nov 1, 2017 at 12:53 AM, JORDI PALET MARTINEZ
    <jordi.palet@consulintel.es> wrote:
    > I’m not a lawyer, but I can tell this are the facts in EU, in general. I’m sure you can google for that.
    >
    > If the phone has been hacked or the car stolen, your lawyer will need to prove that it was the case. If you know who hacked your phone you lawyer need to prove that, police may believe you and do the investigation by themselves but it they don’t find a way to prove that … it is your problem, unless you have an irrefutable alibi.
    >
    > I’ve a case recently (and this happened many times in Spain). A company car drove by one employee was exceeding speed limit in 10 Km/h (100 euros fine). The fine comes to the company. Company has 10 days to identify the driver, and did that. The driver denies it. If you don’t have a way to prove that he is lying, you now pay the fine, plus 600 additional euros because the law assumes that you tried to cheat them. So, unless the driver voluntarily recognizes it, or you have a record signed by the person taking the car, you’re lost (because you made the mistake to provide the car to an employee, friend, thief, without actually having a record for that).
    >
    Jordi,
    
    In California there was a proposal to equip garbage tracks with
    cameras that would capture license plates and send them to law
    enforcement for tracking. The ostensible rationale was to only track
    criminals and that the information wouldn't be used to track otherwise
    law abiding citizens. This plan, not unexpectedly, cause a huge
    backlash because of privacy concerns. License plates are associated
    with vehicles which are associated with owners. Tracking license
    plates of personal vehicles is equivalent to tracking the whereabouts
    of the owner or at least someone in their family or friends. In the US
    at least, there's not a lot of trust in the government that it
    wouldn't use such information for widespread surveillance of citizens.
    
    > There are plenty of cases that a car is stolen to do something wrong, and unless you prove that you were at that time in another place, your lawyer need to defend you. Just consider if you were sleeping alone and the car was stolen during the night, and the bad thing happened during the night, but you only claim to the police for the stolen car in the next morning … How you prove that actually was not you?
    >
    > Note that I fully agree. IP is not personal data (and I tried to argue about that many times), but law says so in EU (not sure in other countries/regions).
    >
    I think this may contradict your example above. If a crime is
    committed and the IP address traces back to my device then it's clear
    that I'm going to be investigated at least as a person of interest if
    not a suspect. So I personally have been identified by authorities via
    IP address and it's now up to me to prove I didn't do anything wrong.
    In this case, the IP address is personally identifiable information
    because it was used to identify an individual.
    
    Again, it is not within the definition of an IP address that it
    doesn't identify individuals. Whether it does or not determined by how
    they are used and assigned.
    
    Tom
    
    > Regards,
    > Jordi
    >
    >
    > -----Mensaje original-----
    > De: Mark Andrews <marka@isc.org>
    > Responder a: <marka@isc.org>
    > Fecha: miércoles, 1 de noviembre de 2017, 8:32
    > Para: <jordi.palet@consulintel.es>
    > CC: v6ops list <v6ops@ietf.org>
    > Asunto: Re: [v6ops] Google Alert - IPv6
    >
    >
    >     In message <C01E3F52-46F8-4BDC-91C8-052310673E6E@consulintel.es>, JORDI PALET M
    >     ARTINEZ writes:
    >     > Totally agree, however there is a subtle situation here, when we
    >     > associate this to the origin of the thread  CGN
    >     >
    >     > If an unlawful action has been done with that phone, the phone owner will
    >     > be responsible in front of the law to identify the person who has go the
    >     > phone. Otherwise, the courts will judge you as the author of the unlawful
    >     > action.
    >
    >     Please cite the relevent law.  Phone are hacked all the time.  Phones
    >     are shared all the time.  There is only ever a strong correlation
    >     never absolute proof.  For proof you need other data.
    >
    >     > Same as if you are the owner of a car that has an accident and dont stop,
    >     > unless you identify in and undoubtable way a third person driving the
    >     > car, it will be your problem.
    >
    >     Cars get stolen all the time and sometimes the first you know about
    >     is a knock on the door.  The owner of the vehicle is just the first
    >     step in the investigation.  Things like a speeding fine may get
    >     lumbered on you but failure to stop requires more that you are the
    >     owner of the vechicle to be proven.
    >
    >     > So, and this is what I was trying to point to the EU article 29 working
    >     > party many years ago, even if you identify an IP address, it is almost
    >     > impossible to say this is personal data, you need to correlate that with
    >     > many many many other data, and even do, unless you have a live record of
    >     > he/she being in front of the keyboard at that specific time.
    >     >
    >     > However, the implications of CGN for the police is that, without a CGN,
    >     > the owner for the phone that done that unlawful act (in EU you need to
    >     > provide a legal ID to have a phone line) using that IP address, the
    >     > identification is direct, no further investigation is needed and is the
    >     > owner the responsible to identify a third party if that's the case. With
    >     > CGN, if the IP address is shared and there are no source ports records,
    >     > the investigation brings the police to a number of people, may be only
    >     > 16, may be hundreds, which is a big issue.
    >
    >     Only if you are looking at single events.  Multiple events will
    >     probably whittle the set down to a subscriber.  That doesn't
    >     necessarially identify a individual.
    >
    >     > Regards,
    >     > Jordi
    >
    >
    >     --
    >     Mark Andrews, ISC
    >     1 Seymour St., Dundas Valley, NSW 2117, Australia
    >     PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
    >
    >
    >
    >
    > **********************************************
    > IPv4 is over
    > Are you ready for the new Internet ?
    > http://www.consulintel.es
    > The IPv6 Company
    >
    > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
    >
    >
    >
    > _______________________________________________
    > v6ops mailing list
    > v6ops@ietf.org
    > https://www.ietf.org/mailman/listinfo/v6ops
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

v2.23.0 | Report a Bug | By Email