Police put spotlight on IPv6

Police have drafted a plan to watch over the 340 trillion trillion trillion Internet addresses being issued under IPv6, the root and branch reform of addressing being done to stop the internet running out of space.

The proposal was presented to a closed international meeting of police officers and four of the world's five Regional Internet Registries (RIRs) in London on March 17th. It is among a clutch of policies police have suggested the Internet industry should adopt to help them catch cyber criminals.

Bobby Flaim, supervisory special agent at the US Federal Bureau of Investigations, told the Council of Europe conference on Cyber Crime last week that police planned to have finalised a policy for identifying people behind their IPv6 Internet addresses by the end of 2010.

"With IPV6, since we are dealing with enormous blocks of IP addresses, its going to be extremely hard to trace criminals who use IPv6 addresses," Flaim told the international audience of some 300 criminal justice professionals and civil servants in Strasbourg last Tuesday (Video).

"If we don't come in now and propose a policy in which IPv6 who-is is properly documented, it will be impossible for us to do our jobs," said Flaim, referring to the means by which the identity of website owners is verified.

Paul Hoare, head of e-Crime at the UK's Serious and Organised Crime Agency, told THINQ that the proposals were not ready to be shared with the public. They had been shared at the London meeting with 80 officers from 41 police forces around the world, and industry representatives from the RIRs for Europe, Africa, North America and Asia Pacific, all of whom have open management committees.


Roland Perry, public affairs officer for RIPE-NCC, which handles the allocation and registration of internet addresses across Europe, told the same meeting that IP addresses were not a silver bullet for cyber cops.

Large private networks of the sort operated by companies typically presented a single ip address for thousands of people. "It's a two stage forensic process," he said. "First there is the building with the machine in the cupboard. And then who was sat in each room? You are very unlikely to get an answer to that second question."

Perry said people who use their mobile phones or dongles to connect to the internet usually also appeared to the world as the same IP address. Criminals would spoof addresses so they were not identified even under a system in which the industry validated people's internet identities for police. But any little would help.

IPv6 is a system that will make it possible to allocate individual IP addresses to the numerous mobile phones and other devices that might presently connect under a shared identity.


RIPE-NCC and other RIR's are forming joint law enforcement working groups to consider the police plans. The RIPE Co-operation Working Group will sit for the first time in Prague from 3-7 May, where police will offically present the draft IPv6 proposals.

The IPv6 plan is one of a clutch of proposals for which the Hoare and Flaim have been lobbying at internet industry and cyber law meetings around the world. The other proposals, floated at the last international meeting of ICANN, the internet domain name registration council, in October 2009.

Hoare told THINQ a fortnight ago that those proposals were also not ready to be shared with the public. They had, however, already been published. Police were required to share the proposals with the internet industry, which operates an open policy and published the proposals as a matter of course.

They similarly seek to better identify people who own websites and were passed to the ICANN management board for consideration a fortnight ago. Hoare and Flaim antipipate that it will be even harder for police to identify website owners when there are multiply more trillions of addresses for criminals to hide behind.

IPv6's 340 trillion trillion trillion addresses are intended to relieve IPv4, the present system, which has already used up more than 90 per cent of its 4.3 billion addresses and is expected to have run dry in 12 to 36 months. Hoare and Flaim have yet to specify how they expect to verify people's identities under the present system.