On Wed, Feb 21, 2018 at 5:08 AM, Lorenzo Colitti <lore...@google.com> wrote: > On Tue, Feb 20, 2018 at 4:15 AM, Tom Herbert <t...@quantonium.net> wrote: >> >> This draft discusses issue of privacy in IPv6 network prefix >> assignment. Specifically the privacy problems of an assigned network >> prefix becoming a persistent identifier for devices (e.g. /64 >> assignment to devices in mobile networks). The use of >> identifier/locator split is suggested as a solution. > > > The draft should state that like any IP address assignment scheme, the > addresses used by the host are visible to the network operator and anyone > with access to the network operator logs or power to compel the network > operator. Thus, randomizing IP addresses does not protect against > large-scale surveillance, it can only protect against tracking by third > parties.
Lorenzo, AFAICT, the legal requirements for providers to store and provide logs varies by jurisdication. The EU seems to be pretty far along in specifying this. In 2016 an EU court ruled that IP addresses are personally identifiable information (PII) when combined with other information that can reveal identity. A network provider in it's normal operations will know the identity of nodes to which it assign addresses and so must safeguard the information since it is PII. Providers are required to log addressing mappings (like NAT mappings) and must release individual records per legal request. However, I don't think under these rules providers are compelled to blindly provide all logs to authorities for the purposes of data mining (if someone else knows otherwise please interject here). Tom _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
