Aimee Farr <aimee.farr@pobox.com> wrote:
I've seen predictions that by 2005-7, your IP will be biometrically associated. (I have nothing to back to that up, but the source was credible.)
I'm quite skeptical. As I see it, there would be two general ways of doing this: 1) Each person has his/her own static IP address that is inextricably linked to his/her biometric data. 2) One presents biometric credentials in order to use a particular IP address, and a system similar to DNS can be used to resolve IP addresses to biometric credentials (or perhaps, all network admins are required to keep logs of who was using what IP address at what time). (1) is clearly impossible, if only because all currently-used routing protocols would be broken. Imagine if I (18.243.0.246) went to visit a friend at CMU (128.2.11.43). How would packets to me be routed? Admittedly, there is Mobile IP, a protocol that allows me to roam with a static IP address, but it was never popularized because DHCP administration is easier and has fewer nasty, subtle problems. (2) is also not likely. It doesn't seem that the government could get away with requiring network admins to keep logs or run servers all the time any more than they could get away with running carnivore on every major ISP all the time. Perhaps in specific cases they could, with the aid of a warrant, force a certain provider to track all information pertaining to a specific IP address, but this is far from "your IP will be biometrically associated." Even if a few governments succeeded in forcing this sort of thing, there are several ways of getting around it. Perhaps the best is mixnets, but a simpler (albeit weaker) solution is to just get an offshore shell account and run an SSH tunnel to a proxy there. Hell, that's more or less the way that I get access to the internet at work, and I'm sure you'd have a hard time finding out what the IP address of the machine at which I'm currently sitting is without compromising my proxy machine. Perhaps I'm totally off-base with all of this. Are there already protocols out there for linking biometric data to IP address? A quick google search didn't turn anything up, but I might have missed something. -- Riad Wahby rsw@mit.edu MIT VI-2/A 2002 5105