North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: EU Official: IP Is Personal

  • From: Fred Baker
  • Date: Wed Jan 23 23:21:31 2008
  • Authentication-results: ams-dkim-2; [email protected]; dkim=pass ( sig from cisco.com/amsdkim2001 verified; );
  • Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=2672; t=1201147367; x=1202011367; c=relaxed/simple; s=amsdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; [email protected]; z=From:=20Fred=20Baker=20<[email protected]> |Subject:=20Re=3A=20EU=20Official=3A=20IP=20Is=20Personal |Sender:=20; bh=vo3uF4B42bPwGaK57XRDJP2sMlDFzHEzetqrnVpUVBU=; b=FTaTBMebauJLjxYzxwq078q8fIAmQrV8+X5SRe2J4BWyjLL/tF1OIIVIIH IlmT6c+TPPkjkAkzr8f1f+TuP7SFru/GGzZaLwYUDmB1cBX+FSoMw2WNa/2Q qL9sYSbW7K;

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Jan 24, 2008, at 2:09 AM, Mikael Abrahamsson wrote:

The local antipiracy organization in Sweden needed a permit to collect/handle IP+timestamp and save it in their database, as this information was regarded as personal information. Since ISPs regularily save who has an IP at what time, IP+timestamp can be used to discern at least what access port a certain IP was at, or in case of PPPoE etc, what account was used to obtain the IP that that time.

I still think IP+timestamp doesn't imply what person did something

it doesn't, no any more than the association of your cell phone with a cell tower conclusively implies that the owner of a telephone used it to do something in particular. However, in forensic data retention and wiretap procedures, the assumption is made that the user of a telephone or a computer is *probably* a person who normally has access to it.

In the EU Data Retention model, I will argue that the only thing that makes sense to use as a "Session Detail Record" is an IPFIX/Netflow record correlated with with any knowledge the ISP might have of the person using the source and/or destination IP address at the time. When the address is temporarily or "permanently" assigned to a subscriber, such as a wireless address in a T-Mobile Hotspot (which one has to identify one's account when logging into, which presumptively identifies the subscriber) or the address assigned to a Cable Modem subscriber (home/SOHO), this tends to have a high degree of utility.

In the wiretap model, one similarly selects the traffic one intercepts on the presumption that a surveillance subject is probably the person using the computer.

For them, it's all about probability. It doesn't have to be "one" if it is reasonable to presume that it is in the neighborhood.

What I find interesting here is the Jekyll/Hyde nature of it. European ISPs are required to keep expensive logs of the behavior of subscribers for forensic data mining, accessible under subpoena, for extensive periods like 6-24 months (last I heard it was 7 years in Italy, but that may now be incorrect), but the information is deemed private and therefore inappropriate to keep under EU privacy rules. ISPs are required to keep inappropriate information at their own expense in case forensic authorities decide to pay an occasional pittance to access some small quantity of it.
-----BEGIN PGP SIGNATURE-----

iD8DBQFHmA3hbjEdbHIsm0MRAhsKAJ4+xXkJm/JM/lDL1YpufmUYZdhClACgrvxD
keX0Zsm+QtJG6RcCMrJcVqk=
=DpcR
-----END PGP SIGNATURE-----