[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: My InternetWeek op-ed column on IPv6 privacy issues

Bill and all,

  Thank you for forwarding this.  It helps to underscore the problems
that will eventually become significant with respect to Privacy problems
with IPv6.  We [INEG Inc.] have been concerned with this problem
with IPv6 for some time and have passed this concern on to the IETF
as well as ICANN as ICANN seems to have a strong belief that
IPv6 is the future.  We respectfully are not in complete agreement
for the privacy concerns amongst others associated with
IPv6 and have decidedly moved towards a private effort towards
IPv8 as a result.  That effort in in deployment as I type this response.

Bill Frezza wrote:

> Gentle readers,
> Thank you for your feedback on my recent column "Where's All The Outrage
> About The IPv6 Privacy Threat"
> http://www.internetwk.com/columns/frezz100499.htm
> Normally I respond to every letter I receive, but the volume of mail on
> this one broke all records so I'm afraid I have to send out a group note.
> (It seems that peeved IETF geeks are even more vociferous than peeved
> Mac-heads. :)
> Let me, in particular, address some of the comments from the folks who
> insist that there is no privacy problem with IPv6 or that the problem is
> identical with IPv4 or that the problem has already been solved by the IETF
> or that the use of EUI-64 addressing is optional and not mandatory,
> therefore there's no problem. (I do not intend to reply to the folks who
> just plain don't care about privacy as this is a philosophical issue beyond
> the scope of this note. As for readers who don't like my inflammatory
> writing style, feel free not to read my column. I write op-eds, not news
> articles.)
> 1) Yes, IPv4 has its own privacy problems. In fact, any time one uses a
> static or long-lived IP address, the possibility exists for abusive
> systematic surveillance. The fact that a central registry of addresses does
> or does not exist has no bearing on the potential threat as such a data
> base can be built over time, particularly for individuals or groups that
> have been specifically targeted. In addition, countries like China or
> Singapore could easily require registration. Why give them the tools in the
> first place?
> 2) Yes, dynamic assignment of IP addresses for dial-up users as well as
> Network Address Translation (NAT) helps mitigate (though does not
> eliminate) the privacy problem. As we move towards an "always connected"
> Internet, with more and more users communicating via Cable Modems or DSL,
> more IP addresses will become long lived, hence the problem will get worse.
> 3) It's too late to change IPv4 while it is not too late to change IPv6. My
> column was intended as a call to action to get the IETF off it's duff. A
> fault in my column is that I did not specifically describe proposals being
> circulated to address the issue, one of which is attached below. Mea culpa,
> and my apologies to the good guys for ignoring their efforts. May the force
> be with you.
> 4) Be that as it may, draft-ietf-ipngwg-addrconf-privacy-00.txt is just a
> proposal. It has not been and may not be adopted. Absent further action, it
> will go away. If it is adopted, it may or may not be implemented by major
> vendors, especially if the final standard offers a Chinese menu of choices.
> 5) Note that the proposal ACKNOWLEDGES THE PROBLEM. In addition it points
> out that
> > The desires of protecting individual privacy vs. the desire to
> > effectively maintain and debug a network can conflict with each
> > other.
> The same can be said across the board for many aspects of law enforcement
> in a society that values liberty. Just think how much safer the streets
> would be if we all walked around with electronic radio ID collars
> registering our movements. Fortunately, we have chosen not to construct
> such a society (although if you follow the development of the CALEA laws,
> this is not for want of the FBI trying).
> 6) The solutions proposed in draft-ietf-ipngwg-addrconf-privacy-00.txt
> cause a a major problem with one of the other goals of IPv6
> >   The IPv6 addressing architecture goes to great lengths to ensure that
> >   interface identifiers are globally unique. During the IPng
> >   discussions of the GSE proposal [GSE], it was felt that keeping
> >   interface identifiers globally unique in practice might prove useful
> >   to future transport protocols. Usage of the algorithms in this
> >   document would eliminate that future flexibility.
> The random assignment algorithms look very promising. I hope they are
> adopted, but no one knows yet how this conflict is going to be resolved.
> 7) At the end of the day, what matters to the average netizen is not the
> menu of possible alternatives described in IETF standards, but the actual
> default implementation in popular products, e.g. Windows. Just because an
> educated and motivated geek can get into the plumbing of his machine and
> find a way to solve his own privacy problem doesn't mean the problem has
> been solved for the bulk of average users. If the folks at Microsoft don't
> properly address this in their future products, I can positively,
> absolutely guarantee that it will blow up in their face.
> 8) Readers who are interested in registering their concerns should contact
> the CDT at www.CDT.org. I got a very nice note from them indicating that
> they are now wading into the issue. One hopes that EPIC and the EFF will
> follow suit.
> Cheers,
> Bill Frezza
> InternetWeek
> frezza@alum.MIT.edu
> PS Special thanks to Scott Bradner and Mike O'Dell for helping me
> understand some of the technical nuances of this issue that I had
> previously misunderstood. Notwithstanding, I stand by my column and hope
> all you geeks do something about it. The opinions above are my own.


Jeffrey A. Williams
Spokesman INEGroup (Over 95k members strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number:  972-447-1894
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208