What’s in an IP address?

943716_10153007365440107_483278094_nWhile the Communications Data Bill has scrapped, the one issue that remains live is the ‘resolution of IP addresses’ – particularly where mobile phone operators may have millions of customers using just a few hundred IP addresses. Deputy Director Emma Carr appeared on the Daily Politics yesterday to discuss the issue.

An IP address is (put simply) the address you access the internet through (although ways of masking this are nothing new nor particularly technically challenging). We think it reasonable that the issue is investigated so that where the police have an IP address from a service provider, they are able to trace that back to the person using the service. It may be possible to address this through small, technical changes to existing legislation, rather than a new Bill. Indeed, the draft Communications Data Bill went far, far beyond being a focused attempt to solve this problem.

If such a change is required, then it should be properly thought through before being subject to the widespread consultation and comprehensive scrutiny that has been sorely lacking to date with industry, civil society and the wider public. It should also include the safeguards and revisions to existing law recommended by the Joint Committee on the draft Communications Data Bill.

Indeed, in 2008, the Home Office published a response to it’s consultation on the transposition of the Data Retention Directive into UK law – which covered IP addresses. It included a recognition that “Some respondents from the public communications providers stated they had little or no dialogue with the Home Office concerning the complex issues surrounding internet related data and the DRD” – exactly the same criticisms that were regularly made of the draft Communications Data Bill.

The same consultation found that the implementation of the Regulations was inappropriate for Internet data due to “particular technical and resourcing issues” such as “increased difficulties in replicating the ‘end to end’ picture of communications data, the difference in the cost profile for storage and retrieval of Internet communications and the need for a strong business case, if the retention period for IP data is set at 12 months.” It is far from clear these challenges have been overcome.

The biggest challenge facing the police is making use of the huge volume of data that is already available, including data from services like Skype and Facebook. The Snoopers Charter would not have addressed this, while diverting billions from investing in skills and training for the police.

The legality of the Directive is still far from clear – with legal challenges now pending from Ireland and Austria, with several European countries deeming it incompatible with their constitutions. Equally, the United Kingdom’s statistics are ominously absent from the European Commission’s review of the Directive published in 2011.

So, if proposals are to be brought forward then they must be based on a full and frank discussion with industry, be technically workable and not introduce by the back door excessive or unwarranted obligations for data to be collected. We also hope the Home Office takes a far more proactive response than we have seen to date to engaging with Parliament, civil society and the public to explain their intent and to address legitimate concerns.


  1. Guest
    8th May 2013

    So it looks like BT is trialing ISP-wide NAT devices, this issue will only provoke either a solution to the problem by more in-depth logging, OR it may be the final push to IPv6 which is a much better more elegant solution.

  2. Mike Palmer
    8th May 2013

    How will this effect VPNs, Tor & free wi-fi hotspots? Would you get prosecuted for allowing your neighbour to use your wi-fi? Will everyone have to have unique ID numbers to log on to the internet? I’m not an expert so I don’t know if these are real issues.

  3. Dave Walker
    8th May 2013

    The relevant sentence spoken by Her Majesty today – “In relation to the problem of matching internet protocol addresses, my Government will bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace.” is enigmatic in many ways. There’s no presupposition stated, of there being a means of uniquely identifying a user from an IP address (which is just as well, since there are many circumstances where there is no such means, and not just involving NATting). While I am keen on the idea of static addressing, which IPv6 can afford (although routing mechanisms would need to be modified to facilitate static addressing for mobile devices), even this wouldn’t address the issue of users having individual simultaneous sessions on a single instance of a time-sharing OS, unless the way these OSes handle their networking is mandated to be rewritten. I look forward to seeing the draft legislation that this sentence relates to – and hope that it is more grounded in technical feasibility than CCDP was…

  4. Mike Palmer
    9th May 2013

    The Snoopers’ Charter isn’t dead. It’s like a horror movie murderer. It’ll keep coming back until it gets passed (probably under the next Labour government).

    • Guest
      9th May 2013

      That’s why we don’t vote Labour. Duh.

  5. Joe Bloggs
    9th May 2013

    “if the retention period for IP data is set at 12 months”

    Doesn’t current legislation mean that ISPs have to keep data about which subscriber was using an IP address for six years? This was implemented during the days of dial-up in the 1990s IIRC.