[lir-wg] Static IP addresses

On Wed, Oct 02, 2002 at 08:05:22PM +0200, Bob Arnesen wrote:
> We live in Stockholm, Sweden and
> have the big government telephone company TELIA as our ISP. We have had
> internet services through their ADSL for a little over a year now and to my
> surprise I have recently found out that Telia has assigned us a fixed IP
> address. Every time we log on to the internet we start surfing with the
> same IP address every time.
This is how the Internet was designed over 30 years ago and how it is
supposed to work.

> From a security and personal integrity point of view we may as well be
> surfing with our Social Security Numbers if thats the case. Of course dealing
That is a ridiculous statement. You don't use your IP address to
formally or legally identify yourself like you do with Social Security
Numbers. From a security and personal integrity point of view it would
be much more appropriate for you to complain and protest about how
Social Security Numbers are (mis-)used nowadays in many countries for
purposes that they were not meant to (like authentication and
autorization in the private sector). Giving people a static IP
address is a *nice* thing to do. Dynamic addresses are a way to
multiplex a scarce resource, and *not* a way to protect your personal
integrity or privacy. Dynamic addresses basically provide you with a
one-way service while a static IP address makes you fully connected to
the Internet with a two-way service (just like a stable telephone
number does for your mobile).

> on the net we had a new IP address. Impossible to trace us and our surfing
> habits to a specific number. But not so with Telias ADSL.
Non-sense. It is very easy to trace you. That has little to nothing do with
static or dynamic allocation of IP addresses. Nobody uses IP addresses
to trace people or consumers behaviour, right now. There are much easier and
reliable ways, like cookies, invisible anchors in WWW-pages or other
similar techniques at the application level. Some comments:

1. Your service provider can always trace you (independent of the
technology used). Your protection should be legal or contractual, not
technical.

2. The only way to not be identified and be somewaht untraceable for
the other end of your surfing connection is by not talking to them
directly, but bury yourself in the noise of a big crowd (that is not
homogeneous). In practice this means you need to surf through an
anonymizing proxy that strips your connection/communication of all
(or most) of the bits that can identify you (this is actually
technically near impossible). Many people use regular proxies (even
without knowing it) because the ISP has set them up to save bandwith.
Very few use (or will use) proxies that have as main goal to anonimize
their clients. 

3. Anonymity is not a legal nor moral right in most (if not all)
civilizations and societies, including the Western democracies.
Anonymity is not the same as privacy or personal integrity, and
sometimes it is the opposite (e.g. when a marketing company calls
me I experience that as a violation of my privacy and an invasion into
my private sphere, while they typically use the `privacy-protecting'
feature of caller-ID blocking to hide their identity).

4. Your ISP is not responsible for your privacy *in general*. They are
legally and morally responsible for protecting the information they
have collected about you (for example personal info, billing info or
logs of their portal or servers).

> Is Telias current practice as I have described considered a breach of
> privacy for the private person/customer?
Surely not.

> Is Telia following agreed International and /or European standards
> regarding IP addresses?
Of course.

> Am I able to lodge a formal complaint against such practices, either at
> the Ripe 44 meeting in Amsterdam in January or somewhere else?
Are you able to do so for getting a telephone number that never
changes when you subscribe to a telephone service? I think not.

> I do hope that The LIR-WG will be able to provide me with some answers. Regards,

Feico Dillema.
 - Data Snekker
 - Department of Computer Science
 - University of Tromsø