May 8th, 2013 at 13:21 UTC by Richard Clayton
The Queen’s speech at today’s state opening of Parliament includes the prediction:
“In relation to the problem of matching Internet protocol addresses, my Government will bring forward proposals to enable the protection of the public and the investigation of crime in cyberspace”
This is all that remains of the Home Office’s ambition to bring forward a revised version of the Draft Communications Data Bill that two Parliamentary Select Committees were so unimpressed by, and which the Liberal Democrats have declined to support.
The sole issue on which there appears to be political consensus is that “something must be done” about the traceability failure that regularly occurs when the Internet is accessed from a smartphone. The shortage of IPv4 addresses means that the mobile companies cannot give each smartphone a unique IP address — so hundreds of users share the same IP address with only the TCP/UDP source port number distinguishing their traffic. Because this sharing is done very dynamically the mobile phone companies find it problematic to record the source port mapping, and they have argued that the way the EU Data Retention Directive is written they have no obligation to make and keep such records.
I wrote about this issue at some length on this blog in January 2010, although until very recently the Home Office considered it to be tantamount to a state secret and were extremely coy about discussing it in the public.
The Queen’s “bring forward proposals” phrase appears to cover a range of options:
- the mobile companies decide that they can manage to log the source port mapping data after all;
- the Home Office pays for new kit at the mobile companies that will allow source port mapping to be done;
- there is a short bill (or clause in another bill) that requires the logging to be done (this might avoid any question of payments being ultra vires, or would ensure compliance by companies (possibly broadband suppliers) that looked like becoming stragglers;
- there are discussions but nothing happens at all — perhaps because the tide turns against Data Retention as being a necessary and proportionate policy. A number of other EU countries have found it to be incompatible with fundamental human rights.
The Open Rights Group (ORG) have recently produced a pamphlet (available online here) setting out how surveillance might be better approached in this century. I contributed the chapter on the technical issues…
… if you don’t have time to read the whole thing then the New Statesman has an edited version of my chapter; and you can watch a short video of myself (and two other contributors) explaining the major issues.