Re: EU Official: IP Is Personal
I dunno. I think I have a pretty good guess of who 192.159.10.227 is, or at least who it was as of 14:35 -0800 today.
Well, let me ask you you think 171.70.120.60 is. I'll give you a hint; at this instant, there are 72 of us. Here's another question. Whom would you suspect 171.71.241.89 is? At this point in time, I am in Barcelona; if I were home, that would be my address as you would see it, but my address as I would see it would be in 10.32.244.216/29. There might be several hundred people you would see using 171.71.241.89; One of the big issues with the Tsinghua SAVA proposal in the IETF is specifically the confusion of the application layer with the IP layer. They propose to embed personal identity into the IP address, and in that there are a number of issues. Internet Address != application layer identification. What we can do with IP addresses is conclude that the user of the machine with an address is likely to be one of its usual users. We can't say that with 100% certainty, because there are any number of ways people can get "unusual" access. But even so, if one can show a pattern of usage, the usual suspects can probably figure out which of them, or what other "unusual" user, might have done this or that. That is the model forensic analysts follow. And the address is personal information to the extent that it limits the set of usual suspects to a set that includes you or I.
On Thu, 24 Jan 2008 20:39:53 PST, fred@cisco.com said:
What we can do with IP addresses is conclude that the user of the machine with an address is likely to be one of its usual users. We can't say that with 100% certainty, because there are any number of ways people can get "unusual" access. But even so, if one can show a pattern of usage, the usual suspects can probably figure out which of them, or what other "unusual" user, might have done this or that.
And oddly enough, license plates on cars act *exactly the same way* - but nobody seems at all surprised when police can work backwards from a plate and come up with a suspect (who, admittedly, may not have been involved if the car was borrowed/stolen/etc). You can work backwards from a phone number to a person, without a *guarantee* that you have the right person - but I don't see anybody claiming that phone numbers don't qualify as "personal information" under the EU definition. So - if you can work backwards from license plate info, telephone numbers, and IP addresses, and get a good idea of who the person is, and there's general agreement that the first two are "personal information" that allows (at least speculative) identification of the person, why are people having trouble with the concept that the third is personally identifying information as well?
On Jan 24, 2008, at 8:55 PM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 24 Jan 2008 20:39:53 PST, fred@cisco.com said:
What we can do with IP addresses is conclude that the user of the machine with an address is likely to be one of its usual users. We can't say that with 100% certainty, because there are any number of ways people can get "unusual" access. But even so, if one can show a pattern of usage, the usual suspects can probably figure out which of them, or what other "unusual" user, might have done this or that.
And oddly enough, license plates on cars act *exactly the same way* - but nobody seems at all surprised when police can work backwards from a plate and come up with a suspect (who, admittedly, may not have been involved if the car was borrowed/stolen/etc).
In order to be using the license plate, you had to be physically present in the car.
You can work backwards from a phone number to a person, without a *guarantee* that you have the right person - but I don't see anybody claiming that phone numbers don't qualify as "personal information" under the EU definition.
In order to be on the telephone number, you (almost always) need to be present at the site where that phone number is terminated. I don't know about your IP addresses, but, people can use my IP addresses from a number of locations which are nowhere near the jurisdiction in which my network operates, so, I don't really see the correlation here with license plates or phone numbers. Owen
On Thu, 24 Jan 2008 22:33:20 PST, Owen DeLong said:
And oddly enough, license plates on cars act *exactly the same way* - but nobody seems at all surprised when police can work backwards from a plate and come up with a suspect (who, admittedly, may not have been involved if the car was borrowed/stolen/etc).
In order to be using the license plate, you had to be physically present in the car.
"It wasn't me at the hit-and-run, my car was stolen last night" "It wasn't me, my PC got zombied" Like I said, they work *exactly the same way*. But I'm giving up. We've got people here who work for companies that have business models that boil down to "given an IP address, figure out who to bill" - but although it identifies a person well enough to send them an invoice, they think it isn't enough to identify them.
On Fri, 25 Jan 2008, Valdis.Kletnieks@vt.edu wrote:
On Thu, 24 Jan 2008 22:33:20 PST, Owen DeLong said:
And oddly enough, license plates on cars act *exactly the same way* - but nobody seems at all surprised when police can work backwards from a plate and come up with a suspect (who, admittedly, may not have been involved if the car was borrowed/stolen/etc).
In order to be using the license plate, you had to be physically present in the car.
"It wasn't me at the hit-and-run, my car was stolen last night"
"It wasn't me, my PC got zombied"
Like I said, they work *exactly the same way*.
But I'm giving up. We've got people here who work for companies that have business models that boil down to "given an IP address, figure out who to bill" - but although it identifies a person well enough to send them an invoice, they think it isn't enough to identify them.
I wouldn't be suprised if in a few years some EU/US law mandates IP number portability, just like people have with their cellphones. Imagine what that will do to the routing tables. How many /32s can we get into the RIBs these days? :-) -Hank
On Fri, Jan 25, 2008 at 10:49:48AM +0200, Hank Nussbacher wrote:
On Fri, 25 Jan 2008, Valdis.Kletnieks@vt.edu wrote:
On Thu, 24 Jan 2008 22:33:20 PST, Owen DeLong said:
And oddly enough, license plates on cars act *exactly the same way* - but nobody seems at all surprised when police can work backwards from a plate and come up with a suspect (who, admittedly, may not have been involved if the car was borrowed/stolen/etc).
In order to be using the license plate, you had to be physically present in the car.
"It wasn't me at the hit-and-run, my car was stolen last night"
"It wasn't me, my PC got zombied"
Like I said, they work *exactly the same way*.
But I'm giving up. We've got people here who work for companies that have business models that boil down to "given an IP address, figure out who to bill" - but although it identifies a person well enough to send them an invoice, they think it isn't enough to identify them.
I wouldn't be suprised if in a few years some EU/US law mandates IP number portability, just like people have with their cellphones. Imagine what that will do to the routing tables. How many /32s can we get into the RIBs these days? :-)
That'd be a fun law to try and enforce, especially against the people who refuse to accept such long routes (which is, after all, the only thing that's stopping such long announcements from appearing already). Tunnels all over the place seems like the only way it'd even be halfway practical. It's more-or-less how phone number portability works anyway, from what (little) I know. - Matt
In article <20080125093035.GH17698@hezmatt.org>, Matt Palmer <mpalmer@hezmatt.org> writes
Tunnels all over the place seems like the only way it'd even be halfway practical. It's more-or-less how phone number portability works anyway, from what (little) I know.
I don't know about the USA, but in the UK it's done with something similar to DNS. The telephone system looks up the first N digits of the number to determine the operator it was first issued to. And places a query to them. That either causes the call to be accepted and routed, or they get an answer back saying "sorry, that number has been ported to operator FOO-TEL, go ask them instead". -- Roland Perry
On 25 Jan 2008, at 10:42, Roland Perry wrote:
writes Tunnels all over the place seems like the only way it'd even be halfway practical. It's more-or-less how phone number portability works anyway, from what (little) I know. I don't know about the USA, but in the UK it's done with something similar to DNS. The telephone system looks up the first N digits of
In article <20080125093035.GH17698@hezmatt.org>, Matt Palmer <mpalmer@hezmatt.org the number to determine the operator it was first issued to. And places a query to them. That either causes the call to be accepted and routed, or they get an answer back saying "sorry, that number has been ported to operator FOO-TEL, go ask them instead".
Not quite, the simplistic overview is that operators have an obligation to offer porting wherever practical, so operate ports on a accept-then-forward principal. If I port my number from CarrierA to CarrierB, then my calls still pass through A's switch, who transits the call to B without charging the end user. For the benefit of completeness, the regulator has mandated that this situation must change, as CarrierB's inward-port customers are not protected from the technical or commercial failure of CarrierA. The industry [www.ukporting.com] has responded and is building a framework to support all-call-query style lookups to handle number ports. Best wishes, Andy
In article <A9D8431B-02B4-4608-994A-78359D55B2D4@nosignal.org>, Andy Davidson <andy@nosignal.org> writes
Tunnels all over the place seems like the only way it'd even be halfway practical. It's more-or-less how phone number portability works anyway, from what (little) I know. I don't know about the USA, but in the UK it's done with something similar to DNS. The telephone system looks up the first N digits of the number to determine the operator it was first issued to. And places a query to them. That either causes the call to be accepted and routed, or they get an answer back saying "sorry, that number has been ported to operator FOO-TEL, go ask them instead".
Not quite, the simplistic overview is that operators have an obligation to offer porting wherever practical, so operate ports on a accept-then-forward principal. If I port my number from CarrierA to CarrierB, then my calls still pass through A's switch, who transits the call to B without charging the end user.
For the benefit of completeness, the regulator has mandated that this situation must change, as CarrierB's inward-port customers are not protected from the technical or commercial failure of CarrierA. The industry [www.ukporting.com] has responded and is building a framework to support all-call-query style lookups to handle number ports.
Apologies, I should have made it clear that I was following up the remark about cellphone number portability. Described in 2002 (at the beginning of the discussion about migrating to the new system that's currently still being built): "To deliver a call a routing enquiry is made to a Home Location Register (HLR) to determine where the subscriber is located and to obtain a routing number. The solution for mobile number portability, known as the Signalling Relay Function (SRF), is that the donor network sends the routing enquiry signal addressed to a ported number to the appropriate recipient network for treatment. In this way the recipient network can provide the routing number to complete the call." Although that is also apparently known as "onward routing", even though the subsequent call traffic isn't routed onwards. -- Roland Perry
On Fri, Jan 25, 2008 at 10:42:44AM +0000, Roland Perry <lists@internetpolicyagency.com> wrote a message of 15 lines which said:
in the UK it [phone number portability] 's done with something similar to DNS. The telephone system looks up the first N digits of the number to determine the operator it was first issued to. And places a query to them. That either causes the call to be accepted and routed, or they get an answer back saying "sorry, that number has been ported to operator FOO-TEL, go ask them instead".
What happens when a phone number is ported twice, from BAR-TEL to FOO-TEL and then to WAZ-TEL? Does the call follows the list? What if there is a loop? The solution you describe does not look like the DNS to me. A solution more DNS-like would be to have a root (which is not an operator) somewhere and every call triggers a call to the root which then replies, "send to WAS-TEL".
On Jan 25, 2008, at 6:05 AM, Stephane Bortzmeyer wrote:
On Fri, Jan 25, 2008 at 10:42:44AM +0000, Roland Perry <lists@internetpolicyagency.com> wrote a message of 15 lines which said:
in the UK it [phone number portability] 's done with something similar to DNS. The telephone system looks up the first N digits of the number to determine the operator it was first issued to. And places a query to them. That either causes the call to be accepted and routed, or they get an answer back saying "sorry, that number has been ported to operator FOO-TEL, go ask them instead".
What happens when a phone number is ported twice, from BAR-TEL to FOO-TEL and then to WAZ-TEL? Does the call follows the list? What if there is a loop?
The solution you describe does not look like the DNS to me. A solution more DNS-like would be to have a root (which is not an operator) somewhere and every call triggers a call to the root which then replies, "send to WAS-TEL".
There is a shared root in the US SS7 system. The security of said root follows a rather interesting model. At least until fairly recently, any "trusted" carrier (LEC, ILEC, RBOC, or IEC) could put pretty much whatever they wanted into the database. Of course, the consequence of getting caught with your hand in the cookie jar there was sufficient that it tended to prevent invalid entries other than by accident, but, still, it was a remarkable trust model for such an industry. Owen
In article <20080125140553.GA32299@nic.fr>, Stephane Bortzmeyer <bortzmeyer@nic.fr> writes
in the UK it [phone number portability] 's done with something similar to DNS. The telephone system looks up the first N digits of the number to determine the operator it was first issued to. And places a query to them. That either causes the call to be accepted and routed, or they get an answer back saying "sorry, that number has been ported to operator FOO-TEL, go ask them instead".
What happens when a phone number is ported twice, from BAR-TEL to FOO-TEL and then to WAZ-TEL? Does the call follows the list? What if there is a loop?
In the UK, for landlines there are generally only two operators available: BT and Virgin (the now sole brand for cable phones). So WAZ doesn't exist, all you can do is go back to BAR. For mobiles, I've never heard of a restriction so it's probably the case that the donor network stays the same, but the recipient records are updated to point to WAZ instead of FOO.
The solution you describe does not look like the DNS to me. A solution more DNS-like would be to have a root (which is not an operator) somewhere and every call triggers a call to the root which then replies, "send to WAS-TEL".
That's the scheme which was proposed in 2002, and which I'm a bit surprised isn't yet deployed (watch the space called ukporting.com [1], apparently). However, the current mobile scheme isn't very far off that. [1] Why not ukporting.org.uk ?? -- Roland Perry
In article <Pine.LNX.4.64.0801251047460.24403@efes.iucc.ac.il>, Hank Nussbacher <hank@efes.iucc.ac.il> writes
I wouldn't be suprised if in a few years some EU/US law mandates IP number portability, just like people have with their cellphones.
I doubt it. The portability of Internet Addressing arises from the use of DNS. You wouldn't expect anyone to mandate that IMEI, rather than cellphone number, was made portable between handsets, would you? Making analogies between phone numbers and IP addresses has its limits. -- Roland Perry
Hank Nussbacher wrote:
I wouldn't be suprised if in a few years some EU/US law mandates IP number portability, just like people have with their cellphones. Imagine what that will do to the routing tables. How many /32s can we get into the RIBs these days? :-)
-Hank
That might work under IPv6 - at which point the question becomes "How many /64s can we put into the RIBs?" (or whatever number becomes standard for giving a residential customer) I would argue however that equating Phone# to Domain Name would be a more proper alignment - and Domains are very portable. The IP address, since it is usually only used at the technical level, would be more equivalent to the switching center/line pair. I could carry on with the comparison, but I suspect most will get my point. Happily, you can already take your domain with you. Oh - and within certain geographical constraints local number portability is also used on landline phones in the US, not just cellphones. -- Jeff Shultz
On Fri, Jan 25, 2008 at 10:49:48AM +0200, Hank Nussbacher wrote: ...
I wouldn't be suprised if in a few years some EU/US law mandates IP number portability, just like people have with their cellphones. Imagine what that will do to the routing tables. How many /32s can we get into the RIBs these days? :-)
And yet that is said to be one of the advantages of IPv6. -- Joe Yao Qinetiq NA / Analex Contractor
Folks, we'd like to ask that this thread die a quick and painful death. It's gone off topic and it seems to have run whatever short course that it tried. While what Europe does is interesting to us as network operators, this is European policy and off topic for NANOG. Best Regards, Martin Hannigan NANOG Mailing List Comittee On Jan 25, 2008 3:22 PM, Joseph S D Yao <jsdy@center.osis.gov> wrote:
On Fri, Jan 25, 2008 at 10:49:48AM +0200, Hank Nussbacher wrote: ...
I wouldn't be suprised if in a few years some EU/US law mandates IP number portability, just like people have with their cellphones. Imagine what that will do to the routing tables. How many /32s can we get into the RIBs these days? :-)
And yet that is said to be one of the advantages of IPv6.
-- Joe Yao Qinetiq NA / Analex Contractor
My note of yesterday didn't make it to the list, which happens from time to time, but as I'm not asking about automobile licenses or number portability, this might make it past the rather broad kill-this-thread administrative dicta. Hi, We (the P3P Spec WG circa pre-9/11) didn't specify what would reasonably render a v6 addr non-PII, and we didn't provide guidance on v4 addrs, other than the 7bit mask. Since I'm the only former contributor to that activity who gets NANOG mail, if any of you who have ideas on either of those two forms of endpoint identifiers and PII, if you send them to me, I'll summarize for the purpose of offering a specific update to our final work product, P3P 1.1 [1]. I'll extract the MAC-to-v4 comments for PII in a LAN environment, which we ignored in the P3P Spec WG. Eric [1] http://www.w3.org/TR/P3P11/
Folks, we'd like to ask that this thread die a quick and painful death. It's gone off topic and it seems to have run whatever short course that it tried.
I agree.
While what Europe does is interesting to us as network operators, this is European policy and off topic for NANOG.
Whoa there! You need to re-read the first line of the NANOG mission statement The purpose of NANOG is to provide forums in the North American region for education and the sharing of knowledge for the Internet operations community. In other words, the NA part of NANOG refers to the location of the forums, *NOT* the scope of the discussions. The Internet operations community is global in scope and it is natural for our discussions to also be global in scope. Since many North American network operators have infrastructure in Europe (PoPs, colocated servers) they have to be aware of uniquely European Internet issues. And when it comes to solving a domestic problem, nothing puts things in perspective more than comparing how others approach the problem. --Michael Dillon
On Thu, Jan 24, 2008 at 10:33:20PM -0800, Owen DeLong wrote:
On Jan 24, 2008, at 8:55 PM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 24 Jan 2008 20:39:53 PST, fred@cisco.com said:
What we can do with IP addresses is conclude that the user of the machine with an address is likely to be one of its usual users. We can't say that with 100% certainty, because there are any number of ways people can get "unusual" access. But even so, if one can show a pattern of usage, the usual suspects can probably figure out which of them, or what other "unusual" user, might have done this or that.
And oddly enough, license plates on cars act *exactly the same way* - but nobody seems at all surprised when police can work backwards from a plate and come up with a suspect (who, admittedly, may not have been involved if the car was borrowed/stolen/etc).
In order to be using the license plate, you had to be physically present in the car.
You can work backwards from a phone number to a person, without a *guarantee* that you have the right person - but I don't see anybody claiming that phone numbers don't qualify as "personal information" under the EU definition.
In order to be on the telephone number, you (almost always) need to be present at the site where that phone number is terminated.
I don't know about your IP addresses, but, people can use my IP addresses from a number of locations which are nowhere near the jurisdiction in which my network operates, so, I don't really see the correlation here with license plates or phone numbers.
In order to be using the IP address, your packets (almost always) have to pass through the device allocated that address. - Matt
On Fri, January 25, 2008 6:33 am, Owen DeLong wrote:
In order to be using the license plate, you had to be physically present in the car.
Or in any car displaying the same identifier.
In order to be on the telephone number, you (almost always) need to be present at the site where that phone number is terminated.
Or calling from any line that presents the same identifier. It's generally true that if you're calling from a POTS line (or BRI, for the most part), you'll either present correct CLI, or some flavour of 'unavailable' or 'witheld'. Start buying PRI service, however, and there's not a shortage of telcos where you can inject whatever CLI you like. BCP38 is no more universal in the phone network than it is in the IP one.
I don't know about your IP addresses, but, people can use my IP addresses from a number of locations which are nowhere near the jurisdiction in which my network operates, so, I don't really see the correlation here with license plates or phone numbers.
I'm not clear if you mean legitimately here, or not. If you've authorised people to relay traffic through you in some way, you'd be the right first contact. If you're talking about unauthorised spoofing, it's a lot like the first two cases (I'd say a fair bit easier / cheaper than the second, not substantially more so than the first). Those looking to reach a person should be aware of the possibility that any of these presented identifiers could be forged. That doesn't mean that the owner of the identifier isn't a useful person to talk to in the first instance - and hence they all, to a first approximation, function as personal identifiers. Regards, Tim.
I don't know about your IP addresses, but, people can use my IP addresses from a number of locations which are nowhere near the jurisdiction in which my network operates, so, I don't really see the correlation here with license plates or phone numbers.
I'm not clear if you mean legitimately here, or not. If you've authorised people to relay traffic through you in some way, you'd be the right first contact. If you're talking about unauthorised spoofing, it's a lot like the first two cases (I'd say a fair bit easier / cheaper than the second, not substantially more so than the first).
In my case, yes, 100% legitimately. I can be contacted, but, the reality is that I don't track it. I am no longer in direct contact with a number of people who have legitimate use of my IP addresses. If I find them doing something I consider abuse, then, I'll turn off the access. However, I don't maintain contact information or the ability to personally identify the correlation between the person and the access. So far, abuse has been rare enough that this has not been an issue. I've had to turn off two services I used to provide as a result of abuse in approximately 20 years of operating a network here. Owen
In article <2132.1201236938@turing-police.cc.vt.edu>, Valdis.Kletnieks@vt.edu writes
So - if you can work backwards from license plate info, telephone numbers, and IP addresses, and get a good idea of who the person is, and there's general agreement that the first two are "personal information" that allows (at least speculative) identification of the person, why are people having trouble with the concept that the third is personally identifying information as well?
Because they are IP engineers and they have lots of anecdotes about how an IP Address *might* be misleading when identifying an individual. If they worked in a car maintenance shop, they'd be able to tell you how licence plates *might* be misleading when identifying an individual. But in both cases they are missing the point: which is that EU Data Protection law looks at things from the opposite point of view. ie If an IP address might *sometimes* reliably identify an individual, then everyone has to err on the side of caution and treat *all* IP addresses as personal data. -- Roland Perry
participants (14)
-
Andy Davidson
-
Eric Brunner-Williams
-
fred@cisco.com
-
Hank Nussbacher
-
Jeff Shultz
-
Joseph S D Yao
-
Martin Hannigan
-
Matt Palmer
-
michael.dillon@bt.com
-
Owen DeLong
-
Roland Perry
-
Stephane Bortzmeyer
-
Tim Franklin
-
Valdis.Kletnieks@vt.edu