Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6

[Mark Smith <markzzzsmith@gmail.com>]

On 3 Nov. 2017 3:56 am, "Dave O'Reilly" <rfc@daveor.com> wrote:

Totally agree with your assessment of the value of IP data - it cannot
alone be used to identify an individual, and I don’t think you’d find many
law enforcement officers anywhere who would disagree with that assessment.
As I mentioned in the email I just wrote, even if the IP address identifies
a specific device/endpoint (which it almost always doesn’t) that in no way
attributes the activity of that device to a specific individual.

HOWEVER: taken in the broader context of an investigation, IP address can
play an important role in either pointing the investigation in a particular
direction or corroborating evidence gathered from other sources.


I doubt anybody here disagrees with that.

The concern I have is that LEAs adopt a view that because address sharing
is not necessary in IPv6, an IPv6 address becomes believed to be
indisputable and absolute evidence that a particular individual who owns
the device assigned that IPv6 address is the person responsible for all
actions committed using that IPv6 address. I think the fundamental human
desire for doing the least possible and making your evidence collecting job
as easy as clicking a mouse button a few times makes that a risk.

Regards,
Mark.


daveor


> On 30 Oct 2017, at 02:41, Fred Baker <fredbaker.ietf@gmail.com> wrote:
>
>
>
>> On Oct 29, 2017, at 11:48 PM, Mark Smith <markzzzsmith@gmail.com> wrote:
>>
>> Geoff Huston's article on
>>
>> Metadata Retention and the Internet
>>
>> https://telsoc.org/ajtde/2015-04-v3-n1/a4
>>
>> might be of interest.
>>
>> "The Metadata Retention measures being considered in Australia make some
sweeping assumptions about the semantics of IP addresses and their
association with individual subscribers to the Internet. But are these
assumptions warranted?"
>
> In that context, the European Data Retention Directive (which has now
been struck down by the European Privacy Court) and the activities by the
"Five Eyes" in that regard, notably the US NSA, have been very much about
metadata. I asked a Dutch agency representative once what their reason for
lawful intercept in general and metadata capture specifically was, and he
indicated "mapping criminal networks". They wanted to determine who spoke
with whom, with a view to identifying members of a community, presumably an
evil community.
>
> I note that the European Privacy Court has (apparently) specified that an
IP address is "Individually Identifiable Information", the kind of thing
that might be discussed in https://tools.ietf.org/html/rfc7721. I have
asked repeatedly what privacy folks think might be an IID below the
application layer, and that is the one thing they have come up with. On the
point, I would argue that data of that type is not *identification*, but it
might be possible to correlate it with other information due to operational
practice. To my mind, stomping out correlations is a game of whack-a-mole;
someone that desperately wants to find a correlation will probably find
something that mostly works for their purposes, even if they have to
discard spurious correlations to do so. In my view, that's what we see
here: we might be able to correlate an IP address with a computer or
subscriber, but we can't stop people in a business or family from using
each other's computers. It is at best an investigative tool, not proof of
something in particular.