Europol has urged internet service providers to up their game to "resolve" the issue of IP addresses being shared between multiple subscribers.
The European Union's law enforcement agency, which is based in The Hague, says police are facing major problems investigating terrorism, cybercrime, drug trafficking, online child sexual exploitation, facilitated illegal immigration, murder and fraud.
Professor David Stupples said the European Union and the United States needed to pass legislation which would force the internet service providers to take the action needed.
"Crime detection rates through the internet will probably get worse. But the real worry is terrorism. Is it going to get worse? Probably. We need to do something about it. It really is very serious," Professor Stupples told Sputnik.
Head of #EC3Europol now closing @Europol — @enisa_eu #IoT Security Conference. Great conclusions & ideas for further cooperation! #IoTSC2017 pic.twitter.com/lRYBlo6ut0
— EC3 (@EC3Europol) 19 October 2017
Limited Number of IP Addresses
Every device — be it a PC, laptop, cellphone, tablet or laptop — needs an IP address to access the internet.
Currently most use Internet Protocol Version 4 (IPv4), which is limited to 4.3 billion IP addresses and has been unable to meet the exploding demand for new addresses as a result of the boom in sales of smart phones and tablets.
A new version, IPv6 — can provide 34 undecillion (that is 34,000,000,000,000,000,000,000,000,000,000,000,000) — IP addresses.
Sharing the same IP address as a criminal? Law enforcement call for the end of CGN to increase accountability online https://t.co/MT8MNUzdIF pic.twitter.com/DysnM0zIhI
— Europol (@Europol) 17 October 2017
But transition from IPv4 to IPv6 requires internet access providers and content providers to update their software and hardware, which is expensive.
To get around this problem internet service providers have adopted Carrier Grade Network Address Translation (CGN) technologies, which allow thousands of individuals and companies to share IP addresses on IPv4.
Not So Temporary Solution
It was supposed to be a temporary solution, but Europol said some operators had used it as a substitute for the IPv6 transition.
Europol estimates 90 percent of mobile internet devices and 50 percent of fixed line devices are using CGN, instead of adopting the new standard.
Professor Stupples said the transition to IPv6 was very slow and he estimated that by 2025 around 30 percent of customers would still be sharing IP addresses with strangers, who may be terrorists or pedophiles.
I love how @ubnt swiftly patched KRACK, but when will @ubnt support IPv6? pic.twitter.com/OFoSAlAEW5
— Jan Ernsting (@janernsting) 18 October 2017
"It's not a good story. IPv6 has been available for four years but it's a business decision at the end of the day.
"We need legislation. We need the EU to say that everyone is going to be on IPv6 by 2021. That will give the impetus to move away from the sharing of IP addresses," Professor Stupples told Sputnik.
"It would be even better if China, Russia, the EU and the US all got together and insisted on IPv6. If it's left to free will it take forever," he told Sputnik.
'Degree of Anonymity'
"All this time we let the criminal organizations and the terrorists have a degree of anonymity. We can't tie IP addresses to the individual or an organization," Professor Stupples told Sputnik.
He said it was an obstacle to investigators trying to identify terrorist and pedophile networks.
"It's very time-consuming and we lose time and increase uncertainty," he added.
"CGN technology has created a serious online capability gap in law enforcement efforts to investigate and attribute crime," said Europol's Executive Director Rob Wainwright.
Hi Antony, you'll be able to keep it. We’ll keep using IPv4 with CGN using dual stack for some time while everything is being completed.
— Hyperoptic Support (@HyperopticCS) 19 October 2017
"It is particularly alarming that individuals who are using mobile phones to connect to the internet to facilitate criminal activities cannot be identified because 90 percent of mobile internet access providers have adopted a technology which prevents them from complying with their legal obligations to identify individual subscribers," he said.
Britain is not as badly affected as other European countries because of the introduction of the Investigatory Powers Act in 2016 (dubbed the Snoopers' Charter by critics), which allows them to unpick data, identify the guilty and clear the innocent.
Police in most European countries do not have such powers.
'Waste of Law Enforcement Resources'
"In some cases, the law enforcement authorities will be forced to investigate all the individuals using the same IP address in order to determine who is the suspect. This is not only a waste of law enforcement resources but also an unnecessary encroachment on the privacy of individuals," Europol spokesperson Jan Op Gen Oorth told Sputnik.
"There is a lot of margin for the ISPs to give IPv6 connectivity to their clients. But this has a cost and some are not willing to pay the price of modernity if they can rely on old technology, even if it's detrimental to public safety and privacy," he added.
The future is now:
— ˙Ↄ ʎǝsɐↃ (@squeed) 19 October 2017
— ISP is native IPv6
— IPv4 is via a garbage CGN box
— V4-only services are frequently broken
— GitHub and AWS especially
"CGN technology has the same impact that the dark web on criminal investigations: anonymity for wrongdoers and lack of accountability," Mr. Op Gen Oorth said.
"Ensuring EU law enforcement investigations are effective and result in the arrests of responsible parties is one of Europol's key functions. The issues relating to CGN, specifically the non-attribution of malicious groups and individuals, should be resolved," said Steven Wilson, Head of Europol's European Cybercrime Centre.
Sputnik tried to contact EuroISPA, which represents internet service providers in Europe, but they said they did not have an official position on IPv6 rollout or CGN.
Workshop Comes Up With Ideas
Earlier this month, the European Parliament expressed its concerns about CGN in a resolution and on Friday, October 13, Europol and the European Commission hosted a workshop to look at the issue.
Mr. Op Gen Oorth said various solutions were suggested at the workship, including requesting webmail services, social network platforms and websites to voluntarily log source port numbers — a piece of traffic data necessary to allow internet access providers to identify individual subscribers behind CGN.
But Professor Stupples said legislation was the only way of forcing the hand of internet service providers, many of whom are making billions of dollars in profits.