Home Secretary Theresa May is giving new powers to the police, which will enable them to clearly identify who is using a computer or mobile phone at a given time. Putting the politics of national security and counter-terrorism aside, the proposed act would force all internet data-providers to retain data, linking devices to users.
Due to be announced before Parliament on November 26, the legislation is in effect looking to track the Internet Protocol (IP) addresses of any suspects. This includes, organised crime, cyber-bullies, hackers, terror suspects, suspected child sex offenders and vulnerable people who may be at personal risk.
While this all looks good on paper and might seem like the right move, as someone who has been teaching network engineers for many years, I can see many flaws in this politically noble endeavour.
How does it work?
At the moment your computer, smartphone or tablet connects to the internet, it had to make a connection via a network communication and routing device. The routing device could have been the wireless device at home, 3G or the free wifi in the cafe. When the connection is made, you are issued with a temporary IP address, which temporarily ties down your device and is logged on the network.
With this knowledge, internet service providers can easily record who is using what device and when. This technology has been available for a long time. Corporate networks have been able to log staff computers and their IP addresses for many years. If you connect your laptop to the cafe wifi, it is not difficult to keep a log of each connection, where you visit, your devices MAC address and send this to a remote logging server.
MAC addresses are hard-wired into your devices, in this respect smartphones and computers are alike may have multiple addresses. Therefore each device is effectively unique and means that service providers can keep a track of who is using your home network. If it is insecure, it may result in an unexpected dawn visit.
Will it stop the criminals?
The stark reality is that the people who are the greatest danger are often the most capable, as recent news has proven. Often capable cyber-criminals and other undesirables will have taken the time to learn how to circumvent and avoid being easily spotted.
MAC addresses can be spoofed. Which means that I can trick a network server into thinking that I am using a completely different device. In addition, I could easily create my own proxy (a go-between server), hiding different devices behind another spoofed IP address. If someone was determined, there are many ways of hiding from those who are attempting to record the activities of millions of devices.
The measures announced by the UK government will go some way to help the police gather much needed evidence when they have a clear case. But in the cat and mouse game of keeping up with the more advanced criminals, sadly this measure is years behind the actual skills out there.