Is Mandatory IPv6 the new Snoopers Charter?

If you’re reading this you should know IPv4 is exhausted, and IPv6 has been in service amongst forward thinking ISPs for some time. Where properly implemented there is no noticeable difference to the end-user with most browsers and operating systems transparently supporting the two. So all is good?

Well, not exactly. Our larger brethren don’t consider there is a “killer app” to justify the investment in IPv6 yet. In some cases they are in the unique position of having many year’s supply of IPv4 left so their own perceived need is diminished, ignoring for one moment the IPv6-only end-points their customers won’t be able to access in due course. In others they are exploring alternatives such as Carrier Grade NAT and we know of one of the ‘big boys’ who has this in place already in order to use when required.

NAT is a technology most often seen in home routers, enabling multiple devices to share a single external address. It is evil and we loathe it from a technical perspective but this isn’t a technical post. C.G.NAT does exactly the same but with multiple customers sharing a single address, in practice after they’ve already NATted their own set of multiple devices. Technically this is even more horrible but, again, this isn’t a technical post!

C.G.NAT poses a number of operational challenges for those ISPs that do make one question why not just implement IPv6. Notably the recording of who was using a given address at any particular moment in time becomes more challenging and more a case of who was using which address and which ports at that time. This is important information to identify the perpetrator of any crime from an IP address.

IPv6 doesn’t need NAT at any level as even home users are allocated vast numbers of addresses, more than enough for every device to have its own. Instead traffic is routed and firewalls permitting, each device is externally addressable without the horrors of NAT.

So that is all wonderful and a real step forward for everyone involved. Or is it?

Until a few hours ago we thought so. We then heard Nick Clegg “killing off” (19 mins in) the Communications Data Bill. Whilst we’re encouraged by that there was one quote that piqued our interest:

We’ve all got more and more mobile devices but there aren’t enough IP addresses to go around and we need to straighten that out, and this is clearly something the Government will do and we’ll work with the Police and others to do so.

Making sure you have an IP address attached to every device, and the Police say that is a big issue and we need to continue to look at that.

Is that a hint at IPv6 being mandated in the UK? As technologists we think that would be an excellent step forwards, and under the current regime would put investigative powers back where they were/are under IPv4. However, we have two concerns:

  1. Under IPv4 ISPs serving large dynamic user bases had more users than were on-line at any one time. They therefore dynamically allocated addresses to on-line users, with only them knowing who was using what address and when unless compelled to disclose that information. With IPv6 that pressure no longer exists and it is perfectly feasible for an IPv6 assignment to be static, i.e. every user have their own pool of addresses and each device have its own address. That makes each device uniquely identifiable on the Internet over time, with the identity of its user being something that can be filled in and linked to its history at any point. We’ll be mindful to noises by the Government that suggest a move in this direction, i.e. proposals to publicly identify small IP address assignments or towards a central database.
  2. Commercially, it is fair to say that much of the cost of IPv6 has been borne by the smaller end of the industry – those of us who need to provide superior services to customers and innovate to grow. The larger providers in the most cases (as described above) have yet to implement IPv6. As the CCDB provided a pot of money to achieve the aims, we wonder if that pot of money remains to achieve those aims in a different way. Put more succinctly, are we looking at the Home Office funding our larger brethren to implement IPv6 because it suits them for it to be in place? We really hope not!

We’ll be keeping a keen eye on developments as we cannot accept that the will to intrude and track will simply go away and we fully expect it to resurface somewhere different. If that place is IPv6 our loyalties will be genuinely mixed, although simply forcing the use of IPv6 alone is a long way off the intrusion and technical challenge that the CCDB presented.