t byfield on Fri, 8 Oct 1999 02:23:17 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> (fwd) IPv6 standard to include unique identifier in all packets


<http://www.techweb.com/se/directlink.cgi?INW19991004S0052>

   Where's All The Outrage About The IPv6 Privacy Threat?
   Bill Frezza
   
   What happens when companies such as Intel or Microsoft are found to
   have embedded unique identifiers in their hardware or software that
   pose potential privacy problems for Internet users? As we know from
   experience with both the Pentium III Serial Number flap and the
   Microsoft Win98 Registration Wizard brouhaha, professional privacy
   advocates sound the alarm, the press launches a feeding frenzy, Wall
   Street shudders and the alleged corporate miscreants are flogged into
   backing off.
   
   Now, what happens when the Internet Engineering Task Force does the
   same thing, specifying an addressing structure in its next-generation
   Internet protocol, IPv6, such that every packet can be traced back to
   each user's unique network interface card ID? Apparently, nothing.
   
   It's a conundrum that makes one wonder about the motives of the
   reigning Internet digerati, who spend much of their time assuring us
   that they are protecting our interests as they quietly arrogate power
   in the new world order.
   
   IPv6 was initially proposed to solve the "problem" that IPv4 has with
   running out of addresses. You would think that the 32-bit address
   field of IPv4, supporting more than 4 billion unique addresses, would
   be sufficient to last quite some time. Unfortunately, the cabal that
   controlled the disposition of these addresses had a habit of handing
   out large blocks to their friends, who parlayed these into start-ups
   with multibillion-dollar market caps. Hence, the "shortage."
   
   IPv6, on the other hand, has 128 bits of address space, enough to
   provide a billion-billion addresses for each square meter of the
   earth's surface. How one could ever route that many addresses is an
   interesting question, but at least IPv6 will never run out.
   
   As you might expect, the address field is so huge that the IETF didn't
   know how to assign it. So, in a move to get buy-in from established
   industry standards bodies, the right-most 64 bits were designated to
   contain EUI-64 format information. This is used by the IEEE to assign
   Ethernet addresses, which are normally not transmitted outside a
   user's LAN.
   
   Included in EUI-64 are two interesting pieces of information: the
   registered manufacturer of your NIC card and your 48-bit Ethernet
   address. Surprise! Every packet you send out onto the public Internet
   using IPv6 has your fingerprints on it. And unlike your IP address
   under IPv4, which you can change, this address is embedded in your
   hardware. Permanently.
   
   The spooks and weirdos in Washington, ever eager to empower the
   surveillance state as they fight a rear-guard action against strong
   encryption, must be thrilled with such a gift. They appear so thrilled
   that the Institute for Information Sciences, heavily funded by the
   Defense Department, is writing a reference stack for IPv6 that it is
   quietly hoping to slip into Windows 2000.
   
   Where are the professional privacy advocates on this issue? Let's
   start with the Electronic Frontier Foundation (EFF), champions of
   freedom in cyberspace and cofounders of the TRUSTe initiative.
   TRUSTe's mission is to build "trust and confidence in the Internet"
   with a branded, online "trustmark" assuring users that their privacy
   will be respected. Go search EFF's site and see if you can find a
   single word about IPv6 and its privacy problems. The EFF's silence is
   matched by a similar lack of concern from the Center for Democracy and
   Technology and the Electronic Privacy Information Center, both of
   which are usually the first to man the barricades when Big Brother
   comes knocking.
   
   Could it be that this unusual averting of the collective gaze is just
   an embarrassing attempt to avoid airing the family's dirty laundry?
   With all the interlocking boards, directorates, subcommittees and
   associations that keep the digerati in sync, it's hard to know where
   responsibility for this snafu begins and ends.
   
   A new advocacy group called the IPv6 Forum, headed by honorary
   chairman Vint Cerf, is leading the charge for adoption, and the usual
   alphabet soup of geek groups appears to be falling into line. This may
   be the reason the press hasn't shown much interest. It's a lot more
   fun to kick Intel and Microsoft than to rail at the folk heroes
   credited with creating the Internet.
   
   It looks like the geeks screwed up this time, though. I hope they have
   the wisdom to fix things before it's too late.
   


   Bill Frezza is a general partner at Adams Capital Management. He can
   be reached at frezza@alum.MIT.EDU or www.acm.com.
   
   Copyright ® 1999 CMP Media Inc.
   

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net