FBI & DEA Warn That IPv6 May Be Too Damn Anonymous
from the they-just-woke-up? dept
IPv6 has been around for quite some time at this point, but as we get closer and closer to moving the internet over to the system, it appears that American and Canadian law enforcement has just noticed that it's not as easy to identify and track users, and they're frantically raising concerns.
FBI, Drug Enforcement Administration, and Royal Canadian Mounted Police officials have told industry representatives that IPv6 traceability is necessary to identify people suspected of crimes. The FBI has even suggested that a new law may be necessary if the private sector doesn't do enough voluntarily.The issue has more to do with record-keeping than technology. As Declan McCullagh explains at the link above:
ARIN and the other regional registries maintain public Whois databases for IP addresses, meaning that if you type in 22.214.171.124, you can see that it's registered to CNET's publisher. ARIN tries to ensure that Internet providers keep their segments of the Whois database updated, and because it's been handing out IPv4 addresses blocks every few months, it currently enjoys enough leverage to insist on it.Of course, some might see that as a feature, not a bug. Either way, I would imagine that most service providers will bend over backwards to make sure that law enforcement can, in fact, track people down if necessary. Too many service providers fold when the feds come knocking seeking information on people already. As long as this is presented as a way to protect children or stop terrorists or whatever the favorite of the day is, it seems likely that ISPs will get things in order themselves.
But for IPv6, ARIN will be handing out much larger Internet address blocks only every 10 to 15 years, meaning it loses much of its ability to convince Internet providers to keep their Whois entries up-to-date. That means it may take law enforcement agencies -- presumably armed with court orders -- longer to trace an IPv6 address such as 2001:4860:4860::8888 back to an Internet service provider's customer.