IP address as ID

Many politician around the globe seem to think IP addresses are IDs which can be used to identify peoples responsible for crimes. For example the Prime Minister of Australia Tony Abbott mentions it in an interview. In part this is true. But at the best it identifies temporarily a computer. As the IPv4 address range is rather limited often public internet IPv4 addresses are shared between computers through network devices doing NAT (Network Address Translation). For example this is done in companies, at home, hot-spots, mobile network operators or web hosting.

Demanding access to metadata and its retention offers new ways for the police to combat crime. This is good, but there are also some not so nice side effects. History has shown that people will use available tools. For example Hitler spied on the opposition and imprisoned members of the parliament to get his "Ermächtigungsgesetz" through the parliament and to become a dictator. There is a small risk that something similar can happen in the far future. Other examples of misuses range from the NSA officer spying her husband, Watergate to the Stasi.

The metadata and its retention gives the police a easy "proof" of "who" did something. With the metadata it is possible to correlate the IP address with a name. Now instead of the police have to proof that somebody did something the owner of a computer need to proof that he hasn't done it. In some cases this may not be possible.

In order to work it must be possible to get the "owner" of an computer regardless how the computer is connected to the Internet. In Germany the draft to a change to the law (Telemediengesetz) owners of a private WiFi networks can't make it available without knowing all the names of the users. A similar rule will apply to commercial offers. Bye bye to free WLANs, Neelie Kroes will not be happy. Currently I'm trapped between a mobile network operator, which says my daughter doesn't yet earn enough to get a contract, and the goverment that says somebody must be registered for a SIM card, e.g. I'm responsible both for the payment and if something happens using the internet connectivity with this SIM. Looks like young adults like students don't have full rights. If I want to buy a watch with a build in Internet connectivity like LG's Watch Urbane LTE then I will need a ID card?

Usually a computer behind a firewall or router gets an private IPv4 address which is not directly accessible from the Internet. An address is only leased for some time and doesn't stay the same. So my home router gets at least once a day a new IPv4 address and my computers gets a private IPv4 address whenever they are started from the router. When a computer retrieves something from the Internet the request is going through the router which does replace the origin computer IP address with its own public IP address before forwarding the request to the Internet. It remembers the mapping of incoming IP address and port to the outgoing IP address and port. When a response is received addressed to the IP and port used to send the request out it will lookup the mapping, replace the destination address and port with what was received in the original request and forward the response. This means in the outside the only available address is the address of the router and not the address of the computer. The mapping of the IP address to an owner may already fail for the router. For example clocks may not be in synch or daylight saving time is not considered. For the computer itself there is usually no mapping recorded in order to do that. The number of IPv4 addresses is restricted to less than 4 billion the number of available addresses is lower than the number of people on earth. Some ISPs or mobile network operator don't have enough IP addresses for every customer so they do the same NAT as is happening in home routers.

With NAT the mapping of IP addresses to names becomes impossible. With some additional information like ports the mapping is possible, but as the mappings are short, for example 3 minutes, clock differences actually may prevent the usage.

Another trend is the Internet of Things (IoT). More and more devices connect to the internet like TVs, blue ray players, NAS, refrigerators, home automation services. Similar to smart phones the owner of the device has little control what the devices are doing. The user has no "root" access and it is the manufactorer which controls them. Nethertheless they can become hacked and part of a botnet. Criminals are misusing them for their own purposes. The owner of the device can do little to prevent it but is liable for it. The IP address will pave the way to find the owner.

Last but not least when someone gets write access to such a database it is easily possible to claim somebody did something wrong. For politicians which are accused to have views child pornography this could mean resignation even when they can proof that they are not guilty later.

Hope everybody is very careful with this powerful database!