About lawyers and spoliation

Riad S. Wahby rsw at MIT.EDU
Fri Aug 3 12:20:46 PDT 2001 

Aimee Farr <aimee.farr at pobox.com> wrote:
> I've seen predictions that by 2005-7, your IP will be biometrically
> associated. (I have nothing to back to that up, but the source was
> credible.)

I'm quite skeptical.  As I see it, there would be two general ways of
doing this:

1) Each person has his/her own static IP address that is inextricably
linked to his/her biometric data.

2) One presents biometric credentials in order to use a particular IP
address, and a system similar to DNS can be used to resolve IP
addresses to biometric credentials (or perhaps, all network admins are
required to keep logs of who was using what IP address at what time).

(1) is clearly impossible, if only because all currently-used routing
protocols would be broken.  Imagine if I (18.243.0.246) went to visit
a friend at CMU (128.2.11.43).  How would packets to me be routed?
Admittedly, there is Mobile IP, a protocol that allows me to roam with
a static IP address, but it was never popularized because DHCP
administration is easier and has fewer nasty, subtle problems.

(2) is also not likely.  It doesn't seem that the government could get
away with requiring network admins to keep logs or run servers all the
time any more than they could get away with running carnivore on every
major ISP all the time.  Perhaps in specific cases they could, with
the aid of a warrant, force a certain provider to track all
information pertaining to a specific IP address, but this is far from
"your IP will be biometrically associated."

Even if a few governments succeeded in forcing this sort of thing,
there are several ways of getting around it.  Perhaps the best is
mixnets, but a simpler (albeit weaker) solution is to just get an
offshore shell account and run an SSH tunnel to a proxy there.  Hell,
that's more or less the way that I get access to the internet at work,
and I'm sure you'd have a hard time finding out what the IP address of
the machine at which I'm currently sitting is without compromising my
proxy machine.

Perhaps I'm totally off-base with all of this.  Are there already
protocols out there for linking biometric data to IP address?  A quick
google search didn't turn anything up, but I might have missed
something.

--
Riad Wahby
rsw at mit.edu
MIT VI-2/A 2002

5105

More information about the cypherpunks-legacy mailing list