CHAPTER 4: TECHNOLOGY
will change and different customers will use the same external IP address, but
not at the same time.
(b)
Network Address Translation is a technique used by CSPs to allow a single IP
address to be shared by multiple customers simultaneously, sometimes
numbered in the thousands.15 It became necessary due to a shortage of IPv4
addresses, though things will change as IPv6 is increasingly adopted.
DRIPA 2014 mandated the retention of subscriber data for some categories of IP
addresses, namely, those which are static and those which are dynamically allocated
in sequence. The Counter Terrorism and Security Act 2015 [CTSA 2015] seeks to
address the difficulty which arises when IP addresses are shared by a number of users
simultaneously, by requiring the retention of “relevant internet data”16 in addition to the
shared IP address. However those data are not sufficient to resolve IP addresses in
all cases (see 9.51 below); and in any event, a CSP can usually only provide details of
the person who pays the internet subscription. This is not necessarily the person who
was using a device at a particular time.17
4.19.
One problem created by the variety of devices now commonly used was highlighted
by submissions to the Review. Smart phones and tablets are often shared by a
number of users, such as family members. Each of these users may be accessing
different applications. This pattern of usage differs from the traditional use of a mobile
phone by one person. In light of this, one service provider suggested that in the future
investigations will need to be much more user-specific. IP matching can only help with
this to a certain degree.
4.20.
A further problem for the attribution of communications is that an IP address can be
changed by the use of a proxy server so that a communication appears to come from
somewhere it does not. A proxy server acts as an intermediary between a device and
the internet, changing the IP address from that of the actual sender to that of the proxy
server. Many use proxy servers for perfectly legitimate reasons, such as to maintain
privacy online. However, some use proxy servers in order to carry out cyber attacks
so that the origin of the attack remains hidden. Often such attacks involve numerous
proxies.
4.21.
Virtual Private Networks [VPN] act in a similar way to proxy servers by changing the
IP address from that of the actual sender to one provided by the VPN. In the past,
VPNs were primarily used by companies to allow their employees to access resources
on the company’s network remotely. Increasingly, VPNs are used by individuals to
protect their privacy and security online. Unlike proxy servers, VPNs also provide
secure communications through encryption. Multi-hop VPNs offer significantly higher
degrees of privacy and anonymity online as they route traffic through two or more
VPNs.
15
16
17
Home Office, “Counter-Terrorism and Security Bill Factsheet – Part 3 – Internet Protocol (IP) address
resolution”, 2014.
The example given in the factsheet of such data is a port number.
See for a further example of the problems surrounding IP matching, “Police face new ethical dilemma in
increasingly digital world”, The Guardian, 12 January 2015.
53