IP address matching proposals

Proposals for the issue of IP address matching (by the police) were made in the Queen's speech in May 2013, in place of a revised Communications Data Bill.

“In relation to the problem of matching internet protocol addresses, my Government will bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace.”^[1]

We believe this involves getting the operators of "Carrier Grade NAT" (i.e. commercial wifi - eg. London Underground wifi - mobile broadband providers, and some BT customers^[2] ) to record the source ports assigned to users (a potentially large amount of data that is not normally recorded as it has no normal business use.) See NAT PAT.

Depending on what is being asked for, this may or may not require new primary legislation to be enacted.

At the Intelligence and Security Committee on 15 October 2014, Nick Clegg MP said that he expected legislation to be introduced in parliament "shortly". A bill is expected to be introduced on Wednesday 26 November.

Home Office briefing

"Proposals on the investigation of crime in cyberspace":

As the way in which we communicate changes, the data needed by the police is no longer always available. While they can, where necessary and proportionate to do so as part of a specific criminal investigation, identify who has made a telephone call (or sent an SMS text message), and when and where, they cannot always do the same for communications sent over the internet, such as email, internet telephony or instant messaging. This is because communications service providers do not retain all the relevant data.

When communicating over the Internet, people are allocated an Internet Protocol (IP) address. However, these addresses are generally shared between a number of people. In order to know who has actually sent an email or made a Skype call, the police need to know who used a certain IP address at a given point in time. Without this, if a suspect used the internet to communicate instead of making a phone call, it may not be possible for the police to identify them.

The Government is looking at ways of addressing this issue with CSPs. It may involve legislation.^[3]

Counter-Terrorism and Security Bill

In November 2014^[4][5] Theresa May MP announced that IP address matching would be included in a forthcoming Counter-Terrorism and Security Bill. The bill was introduced on Wednesday 26th November 2014.

Clause 17 of the bill contains 4 subsections that would amend the Data Retention and Investigatory Powers Act 2014 (as with DRIP, these would sunset at the end of 2016). This would oblige providers (e.g. mobile phone companies that use Carrier Grade NAT) to retain data such as MAC addresses and port numbers to be able to associate the use of an IP address (at any time) with an identified user.

• Home Office impact assessment: IP resolution, 2014-11-26
• Home office fact sheet, 2014-12-03

Parliament

Questions

Chi Onwurah MP 2013-05-16 (I presume this is related)

To ask the Minister for the Cabinet Office what discussions he has had with interested parties on IP address transparency.^[6] Answer: meetings with a variety of organisations and individuals

David Davis MP 2013-06-18

To ask the Secretary of State for the Home Department what assessment she has made of whether the logging of port address translation data relating to mobile telephone internet use and internet protocol address resolution is both technically and economically viable. ^[7] Answer: The Government is looking closely at this issue, and is consulting communications service providers and technical experts in order to ensure that our proposed solution will be both technically and economically viable. We will bring forward proposals in due course.

External links

• Traceability in the Queen’s Speech, Richard Clayton, 2013-05-08

See also

• NAT PAT
• Communications Data Bill / Communications Capabilities Development Programme

References