What’s in an IP address?

943716_10153007365440107_483278094_nWhile the Communications Data Bill has scrapped, the one issue that remains live is the ‘resolution of IP addresses’ – particularly where mobile phone operators may have millions of customers using just a few hundred IP addresses. Deputy Director Emma Carr appeared on the Daily Politics yesterday to discuss the issue.

An IP address is (put simply) the address you access the internet through (although ways of masking this are nothing new nor particularly technically challenging). We think it reasonable that the issue is investigated so that where the police have an IP address from a service provider, they are able to trace that back to the person using the service. It may be possible to address this through small, technical changes to existing legislation, rather than a new Bill. Indeed, the draft Communications Data Bill went far, far beyond being a focused attempt to solve this problem.

If such a change is required, then it should be properly thought through before being subject to the widespread consultation and comprehensive scrutiny that has been sorely lacking to date with industry, civil society and the wider public. It should also include the safeguards and revisions to existing law recommended by the Joint Committee on the draft Communications Data Bill.

Indeed, in 2008, the Home Office published a response to it’s consultation on the transposition of the Data Retention Directive into UK law – which covered IP addresses. It included a recognition that “Some respondents from the public communications providers stated they had little or no dialogue with the Home Office concerning the complex issues surrounding internet related data and the DRD” – exactly the same criticisms that were regularly made of the draft Communications Data Bill.

The same consultation found that the implementation of the Regulations was inappropriate for Internet data due to “particular technical and resourcing issues” such as “increased difficulties in replicating the ‘end to end’ picture of communications data, the difference in the cost profile for storage and retrieval of Internet communications and the need for a strong business case, if the retention period for IP data is set at 12 months.” It is far from clear these challenges have been overcome.

The biggest challenge facing the police is making use of the huge volume of data that is already available, including data from services like Skype and Facebook. The Snoopers Charter would not have addressed this, while diverting billions from investing in skills and training for the police.

The legality of the Directive is still far from clear – with legal challenges now pending from Ireland and Austria, with several European countries deeming it incompatible with their constitutions. Equally, the United Kingdom’s statistics are ominously absent from the European Commission’s review of the Directive published in 2011.

So, if proposals are to be brought forward then they must be based on a full and frank discussion with industry, be technically workable and not introduce by the back door excessive or unwarranted obligations for data to be collected. We also hope the Home Office takes a far more proactive response than we have seen to date to engaging with Parliament, civil society and the public to explain their intent and to address legitimate concerns.