Snoopers’ Charter: Up and downsides of IP - matching in helping fight terrorism

By Sam Agona

Currently, the UK government is working on passing a legislation to implement the concept of IP matching to help fight terrorist activities in the country. Such moves tend to spread over and may not end up in the UK alone.

In essence, each device uses an IP address to access the internet. It is assumed that an IP can be used to identify a person using a device. Currently, most ISPs are not required to store information about which individuals have used a particular IP address, many of which are shared between multiple users like it is in the UK. In Uganda, most internet users do not even have an idea what IP they are using. The author’s attention was drawn to this subject because of policy and technical implications such a development comes with.

An IP address is a unique numeric identifier that is needed by every device that connects to the Internet. The two versions include IPv4 and IPv6. IPs can be assigned manually or dynamically. However, in this era of wireless devices, nearly all addresses are assigned dynamically from a pool of IPs hosted by a delegated server. There are two versions of IP, including IPV4 and IPv6. IPv4 is not transparent due to NATing, public- private IP relationships, making it a challenge to associate with a single individual. IPv6 is transparent and can be less of a challenge to associate with an individual.

ISPs and mobile operators will be forced to retain information linking IP addresses to individuals for 12 months under U.K. government counter-terrorism plans. Users sit on various networks therefore the IPs they use keep changing, the only strength is that a MAC address (the hard coded 48-bit (6 byte) address of the network interface card or hardware address) is also sent. When a data packet is sent out to a station and the packet goes beyond its originating LAN segment, the packet goes through different networks and routers with the MAC and IP address of the sender. This pair of addresses is stored in the ARP (address resolution protocol) cache and according to the legislation; these two should help in identifying human being on a network. However, it can identify a device, its geo-location but not a human being.

Unlike in Uganda, in the UK people do not formally register phones or phone lines but as they use a mobile device, almost all services they access will need a subscriber’s details thus a mechanism for collecting data about a phone user. This however does not mean such devices cannot be stolen, spoofed and or masqueraded upon. In such cases, what happens on the device is out of control of the legal user?

The question of legacy system installs; when a network device is connected, it will send the MAC address however when an installation is on a hypervisor and the details given on the virtual machine are inaccurate, this can lead to wrong incrimination and blackmail. This aspect needs critical thinking.

There is a huge question in relation to storage and analysis of collected data; telecommunication companies across the world already have loads of data, they are challenged with making sense out of the data in warehouses. With this, data warehouses will grow bigger, better analysis methods are needed; deployment of mechanisms for deduplication of data, warehouse cleansing and offsite storage; putting in place tools with near - perfect intelligence to detect flags in messages sent out by suspicious IPs and MAC addresses. Deduplication products from such solutions by Quantum, HP, EMC, Asigra, Symantec, Atempo, Commvault or others out of this range.

In terms of privacy and framework, there needs to be a clear definition of what guidelines should be followed to monitor a given IP or a range of IP addresses. This can be based on some connotations based on military intelligence on what is used by terrorists; a set of keywords could be captured among others. Without such, this move can lead to massive abuse of privacy rights of individuals. 

In telecommunications, phones are tracked using their IMEI, and an IMEI does not have much to do with an owner. It only has to do with a Geo-location of the area where a call was placed, or BTS serving area and or the BTS that connected a call. This therefore does not definitely define the owner or the person using a device for a given purpose. Networks will probably have to become more intelligent to understand human characteristics.

Conclusively, very important and achievable developments with all the systems in place but needs a clear framework. There needs to be a clear way of relating a phone to what a user has/ is using it for. 

Please feel free to tweet me: @samagona