Queen’s Speech keeps the Communications Data Bill alive

When Nick Clegg (deputy prime minister and leader of the minority Lib-Dem coalition party) rejected the Communications Data Bill the idea was wounded but not destroyed; and yesterday’s Queen’s Speech to mark this year’s new session of parliament demonstrates that the government hasn’t given up yet.

What the government wants now is both a practical and legal way to associate the use of a particular IP address with an individual computer. This will satisfy both law enforcement/intelligence agencies – who will be able to track communications data using existing service providers’ records – and rightsholders who will be able to prosecute copyright infringers with legal certainty.

The current problem is the shortage of IPv4 addresses and the growth of smartphones. ISPs dynamically reallocate their stock of addresses as required while mobile phone companies share single addresses with hundreds of users – and have difficulty in recording the precise mapping. In both homes and offices the problem is aggravated by NAT routers/firewalls effectively hiding which individual device makes a particular connection.

Talking to the BBC, Prof Rahim Tafazolli, director of Surrey University's Centre for Communications Systems Research, commented: “One possible solution would be to find a way to associate a person's internet use with a fixed and unique number such as their mobile number or a device's MAC [media access control] address.

“But that would require changes in the way addresses are allocated on the internet and changes would need to be adopted internationally because we couldn't just change it in the UK.”

Unstated, but clearly providing a route to this end, is IPv6 and its effectively (for the foreseeable future at least) unlimited supply of unique IP addresses. The Queen’s announcement states “my Government will bring forward proposals...” This implies that the preferred route would be via agreement with service providers supported by the threat of legislation. All that is required is the use of IPv6 to be adopted, for the service providers to allocate a fixed IP address to individual users, and for them to retain data matching usage to allocated addresses.

Phone companies already retain masses of user data, including geolocation (gathered by the need to know the location of the nearest mast). Retained data also includes source, duration, and destination – for billing purposes. Email providers are required by European law to retain information on source, destination, time and size of communications. In both cases law enforcement regularly seeks and receives this data. 

With the addition of certainty in IP address information, the basis of the Communications Data Bill lives on – the only problem for law enforcement will be in joining the dots between the different sources and the absence real time data. However, a separate and later argument for simply improving what already exists – for ‘joining up’ existing capabilities – would be compelling. The result will still be the Communications Data Bill, but under a different name and over a longer period of time.

What’s hot on Infosecurity Magazine?