IPv6 Experts See Problems of Privacy, Traceability
TAIPEI -- IPv6 will mean no real changes regarding privacy, experts said at the Internet Engineering Task Force last week. The new generation of Internet addresses would be as traceable as the existing IPv4 addresses. Despite that, there is a feverish production of new draft Internet proposals for source address validation, many of them being produced by Chinese experts.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
There is haste to get IP address logging recommendations in place for so-called Carrier Grade NAT (CGN), which help to bridge times of IPv4 scarcity. At the same time, there is a loud call from the privacy community to solve the privacy issue of IPv6 always-on-addresses. There was a declaration on IPv6 privacy adopted by international privacy officers at their recent annual conference in Mexico City.
One issue in China, for example, is assuring the identity of the Internet user. Jun Bi of the Network Research Center of Tsinghua University said at IETF that it would be difficult to do that for the 1 million students using China’s academic and research network. Some observers told us a lack of the tracking option could delay the IPv6 rollout there, as could ongoing discussions on the how China’s extensive content filtering will work with the new protocol.
Others also have problems with transition. Traceability will also become an issue for all operators that deploy a carrier grade network address translation solution (CGN). Since many users will share addresses, logging becomes essential. Cisco Engineer Senthil Sivakumar said logging is necessary for legal requirements, traceability and data retention. But operators still have to come up with ways to do the logging, because otherwise they will collect over a petabyte of data in a year for just one CGN, said Chris Donley from CableLabs.
Data protection officials said such problems underline that precautions are needed for IPv6. Data officers from Germany, Mexico, Canada, Belgium, the U.K. and Ontario recently published a declaration saying end users could decide to have dynamic addresses, instead of the possible static addresses with IPv6 and that privacy extensions protocol would be used by default. “You have to ensure this, for example, for routed Android devices,” said Tahar Schaa, a German IPv6 expert.
The IETF is looking into the privacy issues, with a new privacy directorate in the making. IETF Chair Russ Housley said IPv6 offers more alternatives for addressing. “One choice is to use your 48-bit MAC address. This choice means that you have a unique identifier for your laptop, and it stays the same regardless of the network or hot spot being used. This has the worst privacy implications, but it has very simple network configuration.” The other choice, he said, “is to use a cryptographically generated address. This choice means that you get a new identifier each time you connect. This has the best privacy implications, but there is some overhead associated with generating the address and convincing the nearest router that it is okay.”