IETF Logo Mail Archive

Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6

Dave O'Reilly <rfc@daveor.com> Thu, 02 November 2017 16:56 UTC

Return-Path: <rfc@daveor.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95EC013F74C for <v6ops@ietfa.amsl.com>; Thu, 2 Nov 2017 09:56:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=daveor.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E4c-Vgwxkc5E for <v6ops@ietfa.amsl.com>; Thu, 2 Nov 2017 09:56:47 -0700 (PDT)
Received: from vps.ftrsolutions.com (vps.ftrsolutions.com [5.77.39.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4290413F621 for <v6ops@ietf.org>; Thu, 2 Nov 2017 09:56:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=daveor.com; s=default; h=To:References:Message-Id:Content-Transfer-Encoding:Cc:Date: In-Reply-To:From:Subject:Mime-Version:Content-Type:Sender:Reply-To:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe :List-Post:List-Owner:List-Archive; bh=OqVM2cHjvfJZxUGq+puDQx7V2xN22ADvcX9DD+mQdwE=; b=lYxmv2ck7Ym+A7DgZD+k08ysEX /JT2euCAkOvJ8MNGemLCBQDm1ufZcWhQ2VV7qLNGqlbpu0t159FqOFmC+4/WZOSbPlTL6lQnrMZwk vQwSMOZMMRAjjAKwZK6xlP5F9SbwYfR0PXJaduKP+KK4aJAWNuPCLD1biDWKHg8DfT2A=;
Received: from [83.103.212.135] (port=62237 helo=[172.16.102.121]) by vps.ftrsolutions.com with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.89) (envelope-from <rfc@daveor.com>) id 1eAInN-0002bf-0u; Thu, 02 Nov 2017 16:56:45 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dave O'Reilly <rfc@daveor.com>
In-Reply-To: <1A0AE76A-FA3C-4BDE-B8D9-C8D2E060A8A8@gmail.com>
Date: Thu, 02 Nov 2017 16:56:46 +0000
Cc: Mark Smith <markzzzsmith@gmail.com>, Tore Anderson <tore@fud.no>, "v6ops@ietf.org" <v6ops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <81B18C7D-76F7-40BC-8252-D833DDF95254@daveor.com>
References: <f403045ef57ac52962055bd88b84@google.com> <20395E98-DA55-447F-BEFE-CB581A88BB78@gmail.com> <alpine.DEB.2.20.1710190655260.31961@uplift.swm.pp.se> <20171019083506.6627a166@echo.ms.redpill-linpro.com> <alpine.DEB.2.20.1710190856530.31961@uplift.swm.pp.se> <787AE7BB302AE849A7480A190F8B93300A056EB5@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CAHw9_iLWAMexrfXwsdB8duGa5ueJMofqVRqNck6DeOzA=KChqA@mail.gmail.com> <C4E37677-A2FB-49F8-B362-C29B28DFD570@daveor.com> <D618D79F.8AA1A%lee@asgard.org> <22C655A9-AE02-4885-98B5-7515C49E7F2B@employees.org> <B20ECDCB-1EFD-4265-BE13-5AE1E92335AE@gmail.com> <95274753-7241-47DE-B463-0341248FAE38@employees.org> <5FA44821-D6C2-4A9C-A1A5-59BECB65B4F4@gmail.com> <D4975FFD-0A2A-49C7-BF91-9EE18429E197@daveor.com> <CAO42Z2yW1SGhmcYQNgJk35_ua7nu9LRGLv0_ChC=EavwfydnQA@mail.gmail.com> <1A0AE76A-FA3C-4BDE-B8D9-C8D2E060A8A8@gmail.com>
To: Fred Baker <fredbaker.ietf@gmail.com>
X-Mailer: Apple Mail (2.3124)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.ftrsolutions.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - daveor.com
X-Get-Message-Sender-Via: vps.ftrsolutions.com: authenticated_id: dave@daveor.com
X-Authenticated-Sender: vps.ftrsolutions.com: dave@daveor.com
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/zdufX27BRuBcRQxhzeEyikhFk-U>
Subject: Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 16:56:49 -0000

Totally agree with your assessment of the value of IP data - it cannot alone be used to identify an individual, and I don’t think you’d find many law enforcement officers anywhere who would disagree with that assessment. As I mentioned in the email I just wrote, even if the IP address identifies a specific device/endpoint (which it almost always doesn’t) that in no way attributes the activity of that device to a specific individual. 

HOWEVER: taken in the broader context of an investigation, IP address can play an important role in either pointing the investigation in a particular direction or corroborating evidence gathered from other sources.

daveor


> On 30 Oct 2017, at 02:41, Fred Baker <fredbaker.ietf@gmail.com> wrote:
> 
> 
> 
>> On Oct 29, 2017, at 11:48 PM, Mark Smith <markzzzsmith@gmail.com> wrote:
>> 
>> Geoff Huston's article on
>> 
>> Metadata Retention and the Internet
>> 
>> https://telsoc.org/ajtde/2015-04-v3-n1/a4
>> 
>> might be of interest.
>> 
>> "The Metadata Retention measures being considered in Australia make some sweeping assumptions about the semantics of IP addresses and their association with individual subscribers to the Internet. But are these assumptions warranted?"
> 
> In that context, the European Data Retention Directive (which has now been struck down by the European Privacy Court) and the activities by the "Five Eyes" in that regard, notably the US NSA, have been very much about metadata. I asked a Dutch agency representative once what their reason for lawful intercept in general and metadata capture specifically was, and he indicated "mapping criminal networks". They wanted to determine who spoke with whom, with a view to identifying members of a community, presumably an evil community.
> 
> I note that the European Privacy Court has (apparently) specified that an IP address is "Individually Identifiable Information", the kind of thing that might be discussed in https://tools.ietf.org/html/rfc7721. I have asked repeatedly what privacy folks think might be an IID below the application layer, and that is the one thing they have come up with. On the point, I would argue that data of that type is not *identification*, but it might be possible to correlate it with other information due to operational practice. To my mind, stomping out correlations is a game of whack-a-mole; someone that desperately wants to find a correlation will probably find something that mostly works for their purposes, even if they have to discard spurious correlations to do so. In my view, that's what we see here: we might be able to correlate an IP address with a computer or subscriber, but we can't stop people in a business or family from using each other's computers. It is at best an investigative tool, not proof of something in particular.

v2.23.0 | Report a Bug | By Email