The industry has responded to the UK Government’s plans for matching IP addresses to illegal activities.
The Counter-Terrorism and Security Bill, due to be introduced in full later this week, is expected to fully outline plans of how suspects can be identified using IP – Internet Protocol – addresses.
It’s unclear how the Bill’s plans differ from what’s currently in place under the DRIP (Data Retention and Investigation Powers) Act 2014 and how exactly security services will be able to discern individual’s activities by monitoring an IP address.
This hasn’t stopped ISPA (Internet Service Provider’s Association) from issuing a statement, expressing its disappointment that Home Office officials haven’t even bothered to consult its members.
An ISPA spokesperson said: “ISPA is disappointed that the Home Office has not consulted with industry on proposals for IP matching, but we will work with our members to scrutinise and inform the legislation when it is published.
“IP addresses can generally only be used to identify a subscriber and not an individual. As we argued in our submission to the Anderson Review on future communications data laws, the Home Office needs to do more to consult with industry on its proposals, once again there has been a distinct lack of engagement with industry.”
The Anderson Review was a Government review of investigatory powers which was part of the DRIP Act (also known as ‘DRIPA’) passed earlier this year.
The statement from ISPA, the UK’s trade association for ISPs, suggests that no briefings between the Home Office or other government bodies and British ISPs have taken place.
We’ve contacted the UK’s biggest ISPs – BT, Sky, Virgin Media and TalkTalk – for responses and have yet to hear back.
Counter-Terrorism and Security Bill – How is it different from the DRIP Act?
So far the only ISP figure to put its head above the parapet is Adrian Kennard, boss of AAISP. Kennard states that you cannot tell who is using an Internet-connected device based on IP addresses alone and goes on to add that DRIP already requires fixed-line ISPs to log IP information.
“What is also odd is that there are already laws such as DRIPA requiring logging of IP when people connect to be held for a year; and allowing the authorities to get subscriber details under RIPA. If we are to assume they mean “subscriber” then that already exists, so what new laws are being suggested?”
It’s not clear from the government’s own press release how the Counter-Terrorism and Security Bill differs from DRIP.
It’s not clear exactly how this will differ from DRIP or how the government will be able to ascribe individual searches and actions from IP addresses alone.
ISPs will log the IP address used by a router, like a BT Home Hub or Virgin Media Super Hub. The problem is, five individuals sharing a house with an Internet connection will use the same IP address, making it virtually impossible to determine who is responsible for a set activity. IP addresses can also change
It’s also not clear from the proposals how the government intends to make use of data obtained by mobile networks. As phones connect to cell towers, its possible that customers will be sharing a public IP address with hundreds of other subscribers at the same time.
Factoring in an extra layer of complication posed by VPNs and services like Tor, it’s even less clear how the government plans to crack down on terrorism and online child abuse with this new bill.
The plans come in the wake of David Cameron announcing plans to force UK ISPs to introduce a ‘report terror’ feature, allowing subscribers to alert security services to extremist blogs and sites in a manner similar to how CEOP (Child Exploitation and Online Protection) features a ‘report child abuse’ tool.
Main Image: Flickr user nolifebeforecoffee licended under CC BY 2.0