[LINK] IPv6 vs. Human Security [Was Re: smartphone privacy problems]

Roger Clarke Roger.Clarke at xamax.com.au
Tue Feb 1 08:14:43 AEDT 2011 

At 22:43 +1100 31/1/11, Paul Brooks wrote:
>Is it really the device that is important, or the user of the 
>device? - especially in
>the context of this thread subject on smartphones.

The ultimate concern is the individual.

Mobile devices of almost all kinds are largely personal devices, and 
hence monitoring of such devices is tantamount to monitoring of the 
individual.


>I was actually thinking more broadly beyond IPv4. There is no 
>natural protection for
>TXT messages or telephone calls - all can be trivially linked to the 
>phone device,
>through the phone number, and through the IMEI if the user thinks to 
>change SIMs.

Mobile telephony is inherently insecure and was designed as a spy in 
your pocket.

Are you suggesting that we should re-design the Internet to the same standards?


>There  is no natural protection when driving around - the 
>authorities can track your
>whereabouts from your number-plates. Unless you change your device, 
>you can be tracked
>and correlated over time.

There is no mass surveillance mechanism in place for number-plates in 
Australia.

The State police forces, urged on by Crimtrac on behalf of national 
security agencies, is trying to bring it about;  but they've been 
meeting opposition, and will meet much more.
See http://www.privacy.org.au/Papers/indexPolicies.html#TptANPR
and http://www.rogerclarke.com/DV/ANPR-Surv.html


>That IPv4 does change the source address when a user changes 
>location is an accidental
>byproduct of the way IPv4 works, and not a deliberately designed-in 
>feature that the
>original architects had as one of the design criteria. For a long 
>time this has been
>seen as a flaw because it causes ongoing sessions to drop while moving between
>networks, with many proposals for IPv4 mobility to "fix" the situation.
>It might be convenient for those wanting to not be correlated, but it wasn't
>deliberately made so.

That was intended as one of the implications of the expression 
'natural protections'.


>I'm not convinced its actually significant, because it doesn't 
>actually prevent the
>device, or the user of the device, from being correlated by the 
>authorities, for two
>reasons that spring to mind: ...

Agreed.  I'd already addressed that.  The point I made was not that 
it's not possible under IPv4 but rather that it requires powers and 
resources, and hence there are organisational and economic barriers, 
and it isn't done casually or in bulk.


-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list