EU Official: IP Is Personal

I dunno. I think I have a pretty good guess of who 192.159.10.227 is, or
at least who it was as of 14:35 -0800 today.

Well, let me ask you you think 171.70.120.60 is. I'll give you a hint;
at this instant, there are 72 of us.

Here's another question. Whom would you suspect 171.71.241.89 is? At
this point in time, I am in Barcelona; if I were home, that would be my
address as you would see it, but my address as I would see it would be
in 10.32.244.216/29. There might be several hundred people you would
see using 171.71.241.89;

One of the big issues with the Tsinghua SAVA proposal in the IETF is
specifically the confusion of the application layer with the IP layer.
They propose to embed personal identity into the IP address, and in
that there are a number of issues. Internet Address != application
layer identification.

What we can do with IP addresses is conclude that the user of the
machine with an address is likely to be one of its usual users. We
can't say that with 100% certainty, because there are any number of
ways people can get "unusual" access. But even so, if one can show a
pattern of usage, the usual suspects can probably figure out which of
them, or what other "unusual" user, might have done this or that.

That is the model forensic analysts follow. And the address is personal
information to the extent that it limits the set of usual suspects to a
set that includes you or I.

And oddly enough, license plates on cars act *exactly the same way* - but
nobody seems at all surprised when police can work backwards from a plate
and come up with a suspect (who, admittedly, may not have been involved if
the car was borrowed/stolen/etc).

You can work backwards from a phone number to a person, without a *guarantee*
that you have the right person - but I don't see anybody claiming that
phone numbers don't qualify as "personal information" under the EU definition.

So - if you can work backwards from license plate info, telephone numbers,
and IP addresses, and get a good idea of who the person is, and there's
general agreement that the first two are "personal information" that allows
(at least speculative) identification of the person, why are people having
trouble with the concept that the third is personally identifying information
as well?

What we can do with IP addresses is conclude that the user of the
machine with an address is likely to be one of its usual users. We
can't say that with 100% certainty, because there are any number of
ways people can get "unusual" access. But even so, if one can show a
pattern of usage, the usual suspects can probably figure out which of
them, or what other "unusual" user, might have done this or that.

And oddly enough, license plates on cars act *exactly the same way* - but
nobody seems at all surprised when police can work backwards from a plate
and come up with a suspect (who, admittedly, may not have been involved if
the car was borrowed/stolen/etc).

In order to be using the license plate, you had to be physically present in the car.

You can work backwards from a phone number to a person, without a *guarantee*
that you have the right person - but I don't see anybody claiming that
phone numbers don't qualify as "personal information" under the EU definition.

In order to be on the telephone number, you (almost always) need to be present
at the site where that phone number is terminated.

I don't know about your IP addresses, but, people can use my IP addresses
from a number of locations which are nowhere near the jurisdiction in which
my network operates, so, I don't really see the correlation here with license
plates or phone numbers.

Owen

"It wasn't me at the hit-and-run, my car was stolen last night"

"It wasn't me, my PC got zombied"

Like I said, they work *exactly the same way*.

But I'm giving up. We've got people here who work for companies that have
business models that boil down to "given an IP address, figure out who to
bill" - but although it identifies a person well enough to send them an
invoice, they think it isn't enough to identify them.

In order to be using the IP address, your packets (almost always) have to
pass through the device allocated that address.

- Matt

I wouldn't be suprised if in a few years some EU/US law mandates IP number portability, just like people have with their cellphones. Imagine what that will do to the routing tables. How many /32s can we get into the RIBs these days?

-Hank

That'd be a fun law to try and enforce, especially against the people who
refuse to accept such long routes (which is, after all, the only thing
that's stopping such long announcements from appearing already). Tunnels
all over the place seems like the only way it'd even be halfway practical.
It's more-or-less how phone number portability works anyway, from what
(little) I know.

- Matt

In article <2132.1201236938@turing-police.cc.vt.edu>, Valdis.Kletnieks@vt.edu writes

So - if you can work backwards from license plate info, telephone numbers,
and IP addresses, and get a good idea of who the person is, and there's
general agreement that the first two are "personal information" that allows
(at least speculative) identification of the person, why are people having
trouble with the concept that the third is personally identifying information
as well?

Because they are IP engineers and they have lots of anecdotes about how an IP Address *might* be misleading when identifying an individual.

If they worked in a car maintenance shop, they'd be able to tell you how licence plates *might* be misleading when identifying an individual.

But in both cases they are missing the point: which is that EU Data Protection law looks at things from the opposite point of view.

ie If an IP address might *sometimes* reliably identify an individual, then everyone has to err on the side of caution and treat *all* IP addresses as personal data.

In article <Pine.LNX.4.64.0801251047460.24403@efes.iucc.ac.il>, Hank Nussbacher <hank@efes.iucc.ac.il> writes

I wouldn't be suprised if in a few years some EU/US law mandates IP number portability, just like people have with their cellphones.

I doubt it. The portability of Internet Addressing arises from the use of DNS.

You wouldn't expect anyone to mandate that IMEI, rather than cellphone number, was made portable between handsets, would you?

Making analogies between phone numbers and IP addresses has its limits.

In order to be using the license plate, you had to be physically present
in the car.

Or in any car displaying the same identifier.

In order to be on the telephone number, you (almost always) need to be
present at the site where that phone number is terminated.

Or calling from any line that presents the same identifier. It's
generally true that if you're calling from a POTS line (or BRI, for the
most part), you'll either present correct CLI, or some flavour of
'unavailable' or 'witheld'.

Start buying PRI service, however, and there's not a shortage of telcos
where you can inject whatever CLI you like. BCP38 is no more universal in
the phone network than it is in the IP one.

I don't know about your IP addresses, but, people can use my IP addresses
from a number of locations which are nowhere near the jurisdiction in
which my network operates, so, I don't really see the correlation here
with license plates or phone numbers.

I'm not clear if you mean legitimately here, or not. If you've authorised
people to relay traffic through you in some way, you'd be the right first
contact. If you're talking about unauthorised spoofing, it's a lot like
the first two cases (I'd say a fair bit easier / cheaper than the second,
not substantially more so than the first).

Those looking to reach a person should be aware of the possibility that
any of these presented identifiers could be forged. That doesn't mean
that the owner of the identifier isn't a useful person to talk to in the
first instance - and hence they all, to a first approximation, function as
personal identifiers.

Regards,
Tim.

In article <20080125093035.GH17698@hezmatt.org>, Matt Palmer <mpalmer@hezmatt.org> writes

Tunnels all over the place seems like the only way it'd even be halfway practical. It's more-or-less how phone number portability works anyway, from what (little) I know.

I don't know about the USA, but in the UK it's done with something similar to DNS. The telephone system looks up the first N digits of the number to determine the operator it was first issued to. And places a query to them. That either causes the call to be accepted and routed, or they get an answer back saying "sorry, that number has been ported to operator FOO-TEL, go ask them instead".

Not quite, the simplistic overview is that operators have an obligation to offer porting wherever practical, so operate ports on a accept-then-forward principal. If I port my number from CarrierA to CarrierB, then my calls still pass through A's switch, who transits the call to B without charging the end user.

For the benefit of completeness, the regulator has mandated that this situation must change, as CarrierB's inward-port customers are not protected from the technical or commercial failure of CarrierA. The industry [www.ukporting.com] has responded and is building a framework to support all-call-query style lookups to handle number ports.

Best wishes,
Andy

In article <A9D8431B-02B4-4608-994A-78359D55B2D4@nosignal.org>, Andy Davidson <andy@nosignal.org> writes

Tunnels all over the place seems like the only way it'd even be halfway practical. It's more-or-less how phone number portability works anyway, from what (little) I know.

I don't know about the USA, but in the UK it's done with something similar to DNS. The telephone system looks up the first N digits of the number to determine the operator it was first issued to. And places a query to them. That either causes the call to be accepted and routed, or they get an answer back saying "sorry, that number has been ported to operator FOO-TEL, go ask them instead".

Not quite, the simplistic overview is that operators have an obligation to offer porting wherever practical, so operate ports on a accept-then-forward principal. If I port my number from CarrierA to CarrierB, then my calls still pass through A's switch, who transits the call to B without charging the end user.

For the benefit of completeness, the regulator has mandated that this situation must change, as CarrierB's inward-port customers are not protected from the technical or commercial failure of CarrierA. The industry [www.ukporting.com] has responded and is building a framework to support all-call-query style lookups to handle number ports.

Apologies, I should have made it clear that I was following up the remark about cellphone number portability. Described in 2002 (at the beginning of the discussion about migrating to the new system that's currently still being built):

"To deliver a call a routing enquiry is made to a Home Location Register (HLR) to determine where the subscriber is located and to obtain a routing number. The solution for mobile number portability, known as the Signalling Relay Function (SRF), is that the donor network sends the routing enquiry signal addressed to a ported number to the appropriate recipient network for treatment. In this way the recipient network can provide the routing number to complete the call."

Although that is also apparently known as "onward routing", even though the subsequent call traffic isn't routed onwards.

a message of 15 lines which said:

in the UK it [phone number portability] 's done with something
similar to DNS. The telephone system looks up the first N digits of
the number to determine the operator it was first issued to. And
places a query to them. That either causes the call to be accepted
and routed, or they get an answer back saying "sorry, that number
has been ported to operator FOO-TEL, go ask them instead".

What happens when a phone number is ported twice, from BAR-TEL to
FOO-TEL and then to WAZ-TEL? Does the call follows the list? What if
there is a loop?

The solution you describe does not look like the DNS to me. A solution
more DNS-like would be to have a root (which is not an operator)
somewhere and every call triggers a call to the root which then
replies, "send to WAS-TEL".

Hank Nussbacher wrote:

I wouldn't be suprised if in a few years some EU/US law mandates IP number portability, just like people have with their cellphones. Imagine what that will do to the routing tables. How many /32s can we get into the RIBs these days?

-Hank

That might work under IPv6 - at which point the question becomes "How many /64s can we put into the RIBs?" (or whatever number becomes standard for giving a residential customer)

I would argue however that equating Phone# to Domain Name would be a more proper alignment - and Domains are very portable. The IP address, since it is usually only used at the technical level, would be more equivalent to the switching center/line pair. I could carry on with the comparison, but I suspect most will get my point. Happily, you can already take your domain with you.

Oh - and within certain geographical constraints local number portability is also used on landline phones in the US, not just cellphones.

I don't know about your IP addresses, but, people can use my IP addresses
from a number of locations which are nowhere near the jurisdiction in
which my network operates, so, I don't really see the correlation here
with license plates or phone numbers.

I'm not clear if you mean legitimately here, or not. If you've authorised
people to relay traffic through you in some way, you'd be the right first
contact. If you're talking about unauthorised spoofing, it's a lot like
the first two cases (I'd say a fair bit easier / cheaper than the second,
not substantially more so than the first).

In my case, yes, 100% legitimately.

I can be contacted, but, the reality is that I don't track it. I am no longer
in direct contact with a number of people who have legitimate use of
my IP addresses. If I find them doing something I consider abuse, then,
I'll turn off the access. However, I don't maintain contact information or
the ability to personally identify the correlation between the person
and the access. So far, abuse has been rare enough that this has
not been an issue. I've had to turn off two services I used to provide
as a result of abuse in approximately 20 years of operating a network
here.

Owen

There is a shared root in the US SS7 system.

The security of said root follows a rather interesting model. At least until
fairly recently, any "trusted" carrier (LEC, ILEC, RBOC, or IEC) could put
pretty much whatever they wanted into the database.

Of course, the consequence of getting caught with your hand in the cookie
jar there was sufficient that it tended to prevent invalid entries other than
by accident, but, still, it was a remarkable trust model for such an industry.

Owen

In article <20080125140553.GA32299@nic.fr>, Stephane Bortzmeyer <bortzmeyer@nic.fr> writes

in the UK it [phone number portability] 's done with something
similar to DNS. The telephone system looks up the first N digits of
the number to determine the operator it was first issued to. And
places a query to them. That either causes the call to be accepted
and routed, or they get an answer back saying "sorry, that number
has been ported to operator FOO-TEL, go ask them instead".

What happens when a phone number is ported twice, from BAR-TEL to
FOO-TEL and then to WAZ-TEL? Does the call follows the list? What if
there is a loop?

In the UK, for landlines there are generally only two operators available: BT and Virgin (the now sole brand for cable phones). So WAZ doesn't exist, all you can do is go back to BAR.

For mobiles, I've never heard of a restriction so it's probably the case that the donor network stays the same, but the recipient records are updated to point to WAZ instead of FOO.

The solution you describe does not look like the DNS to me. A solution
more DNS-like would be to have a root (which is not an operator)
somewhere and every call triggers a call to the root which then
replies, "send to WAS-TEL".

That's the scheme which was proposed in 2002, and which I'm a bit surprised isn't yet deployed (watch the space called ukporting.com [1], apparently). However, the current mobile scheme isn't very far off that.

[1] Why not ukporting.org.uk ??

...

I wouldn't be suprised if in a few years some EU/US law mandates IP number
portability, just like people have with their cellphones. Imagine what
that will do to the routing tables. How many /32s can we get into the
RIBs these days?

And yet that is said to be one of the advantages of IPv6.

Folks, we'd like to ask that this thread die a quick and painful
death. It's gone off topic and it seems to have run whatever short
course that it tried. While what Europe does is interesting to us as
network operators, this is European policy and off topic for NANOG.

Best Regards,

Martin Hannigan
NANOG Mailing List Comittee