Dave Hartley
http://www.Asheville-Computer.com
http://www.ioa.com/~davehart
Internet protocol proposal
raises privacy concerns
By Courtney Macavinta
Staff Writer, CNET
News.com
October 14, 1999, 4:00 a.m. PT
Privacy groups are scrambling
to influence the outcome of a proposed new Internet protocol in the wake of
revelations that the standard could make it easier for companies and law
enforcement to monitor Net users.
Next month, the Internet Engineering Task
Force (IETF) will decide whether a new standard for assigning Internet
protocol numbers--which all devices need to hook into the Net--should improve
the ability of law enforcement to tap online communications, such as phone calls
carried over the global network. Another feature being proposed also could
improve the ability to track Net users through unique identifiers attached to
their computers' IP numbers.
This week's outcry resembles the one that surrounded protests against
serial numbers embedded in Intel "There is a basic concern about technologies that could create a sort of a
national ID number through the Net," said Ari Schwartz, a policy analyst for the
Center for Democracy and Technology, which is
reviewing the protocol.
A unique number known as an IP
address designates every device connected to the Internet. Unlike a person's
phone number, however, IP addresses are usually assigned to Net users every time
they access the network, which makes it difficult to track their online travels
from session to session. Under the new protocol, those numbers wouldn't change
as often. A Net user could have the same IP number for more than a year, for
example.
Already companies like Microsoft, Apple, Sun, MCI WorldCom, and IBM have
endorsed IPv6, and the Internet Assigned Numbers Authority, which is responsible
for allocating Internet addresses, issued numbers based on the new standard for
the first time in July. Some observers say the new protocol could be fully
implemented within four years.
IPv6 was developed in response to a potential shortage of IP numbers and
other infrastructure issues. There are 4 billion IP numbers, but the supply of
free numbers is expected to dwindle because of devices that require static IP
addresses, such as cable Net access.
Proponents of the proposed standard say it will increase the IP pool--the
same way adding a new area code increases the amount of phone numbers
available--and could provide for better security while supporting wireless
phones and other network devices.
Members of the IETF say that both issues--the government surveillance
question and the unique identification numbers--have yet to be decided. The IETF
has opened up the Net telephony wiretapping issue to the entire task force
through a mailing list.
The group usually bangs out policies in small working groups.
The debate involves whether a federal law that requires the telephone
infrastructure to support law enforcement wiretapping also applies to Net
telephony.
"The key questions are: Should the IETF develop new protocols or modify
existing protocols to support mechanisms whose primary purpose is to support
wiretapping or other law enforcement activities," the IETF stated in an
announcement sent out this week.
"If the companies who employ the IETF participants and deploy the IETF's
technology feel that having wiretap capability is a business necessity due to
the regulatory requirements in the countries where they want to sell their
products, would that make a difference to the IETF position on this subject?"
the announcement continued.
Scott Bradner, senior technical consultant at Harvard University, who is an
area director for the IETF, said that so far the discussion on the list has been
strongly opposed to Net telephony wiretapping. Of the approximately 50 posts
today, most didn't support any such plan.
"The result of that discussion on the mailing list and the plenary at next
month's meeting will be used to advise as to what the IETF position will be--my
guess is that there will be a clear consensus," he said today.
Other ways to track Net users A feature to simplify hooking up devices to the Net would also assign a
static, unique number to the device. The number would provide one more way to
track Net users. The tag could be used to collect marketing data or to build a
detailed user profile in conjunction with Web site registration forms, for
example.
"It certainly raises real concerns, because it will be embedded--like a
fingerprint or ID that can be traced to the Net user," said Evan Hendricks,
editor of the Privacy Times.
"We oppose that kind of capability because the potential for abuse is too
great," he added. "The law should say that there should be no identification
schemes built into communications technologies like this. "
The privacy concerns are not lost on the IETF. A working group explored the
IPv6 issue extensively in a draft
paper published in June.
"The use of a constant identifier within an address is of special concern
because addresses are a fundamental requirement of communication and cannot
easily be hidden from eavesdroppers and other parties," the paper states.
But this is not a new issue, the IETF contends.
"Although the topic of this document may at first appear to be an issue new
to IPv6, similar issues already exist in today's Internet already. That is,
addresses used in today's Internet are often constant in practice for extended
periods of time," the draft states.
The paper says Net users could still avoid being tracked via IPv6 if their
access providers continued to generate temporary IP numbers, or if the
autoconfiguration architecture were revamped to change the unique number
embedded in an IP address over time.
"This issue arises whenever you use an address over and over again," said
Thomas Narten, who works for IBM and is an IETF's area director.
"The IETF is aware of the concerns," he added. "This is only a proposal at
this time. The technical details are being worked out."
chips that consumer groups said could be used to trace Net users.
The same groups are waking up to the privacy implications of the new IP
standard--Internet protocol version 6 (IPv6)--which could eventually affect
every Net user if it is widely adopted.
Aside from the Net telephony
wiretapping issue, privacy groups are concerned that IPv6 will make it easier to
follow Net users.
