Think Information. Think Security.
U.S. and Canadian law enforcement agencies are warning that a historic switch to the next-generation Internet protocol called IPv6 may imperil investigations by making it more difficult to trace who's using which electronic address. FBI, Drug Enforcement Administration, and Royal Canadian Mounted Police officials have told industry representatives that IPv6 traceability is necessary to identify people suspected of crimes. The FBI has even suggested that a new law may be necessary if the private sector doesn't do enough voluntarily.

This IPv6-related effort comes as the FBI is redoubling its efforts to combat what it calls the "Going Dark" problem, meaning that its surveillance capabilities may diminish as technology advances. CNET was the first to report last month that the bureau had formed a Domestic Communications Assistance Center to keep abreast of technological changes that may otherwise imperil government surveillance.

Accurate IPv6 record-keeping does more than help law enforcement. It's useful for combating abuse. It's useful for anti-spam measures. It's useful for figuring out what's going on with distributed denial of service attacks. And it's useful for civil litigants.

An FBI spokesman told CNET that the bureau is concerned about IPv6 because:

An issue may also arise around the amount of registration information that is maintained by providers and the amount of historical logging that exists. Today there are complete registries of what IPv4 addresses are "owned" by an operator. Depending on how the IPv6 system is rolled out, that registry may or may not be sufficient for law enforcement to identify what device is accessing the Internet.

Flaim, who works for the FBI's Operational Technology Division based in Quantico, Va., whichboasts of creating "the latest and greatest investigative technologies to catch terrorists and criminals," suggested during April's ARIN meeting that the industry has a strong incentive to keep accurate IPv6 address records.

Law enforcement has also warned about other problems relating to IPv4 address exhaustion, including greater use of carrier-grade Network Address Translation, or CGN, which means Internet providers that want to help with investigations would have to keep track of what port number a customer is assigned.

Another FBI priority is requiring Internet providers to keep records of what IP addresses their customers are assigned, also known as data retention; a House of Representatives committeeapproved those requirements last summer.

Cross posted from:CNET|News

Leave a Reply.