The basic problem for law enforcement and copyright holders is the increasing shortage of IPv4 addresses. This has led both home and business users to employ NAT routers, allowing one address to be shared among multiple users behind the router. Under such circumstances, an ISP is able to provide law enforcement with the name and address of the account holder, but no details on the precise computer and its user accessing the internet at any particular time.
The easy solution is to wait for universal adoption of IPv6, which has no foreseeable address shortage. Each individual user can have his or her own IP address, and ISPs can say with certainty exactly which computer was using its services. The problem here is a distinct reluctance by the market to make that shift to IPv6.
BT has now launched a trial with a technology known as Carrier Grade NAT (CGNAT) which has the potential to delay a shift to IPv6 even further. CGNAT is like the NAT in a home router writ large. While NAT in the home allows a single IP to be used by all four of the home computers, CGNAT in the ISP allows a single address to be shared among thousands of account holders - theoretically, 60,000+ accounts could use a single IP, each differentiated by a specific port.
Privacy watchdogs are concerned that such wide address sharing will increase the danger of guilt by association; that is, an innocent person will become 'watched' simply because he or she shares the same IP address as the guilty person. But BT told the Out-Law blog, "The technology does still allow individual customers to be identified if they are sharing the same IP address, as long as the port the customer is using is also known."
The problem then becomes one of data retention by the ISP to be able to provide the information. Geoff Huston, in his ISP Column blog, has done some arithmetic. He notes one report suggesting some 33,000 connections per day per customer - which could lead to 17 Mb of log data per customer per day. If the legal regime requires data retention for 7 years, then that would be more than 1 million terrabytes of log data for each customer; plus back-up.
The question then, is who is going to pay for this? It's far too costly to be absorbed within the existing broadband cost structure - which means that the cost will have to be passed on to the customer (and the ISPs on't want to to this); or paid for by government (and governments won't want to do it either).
"No wonder," concludes Huston, "the UK is now contemplating legislation to enforce such record keeping requirements in the light of the forthcoming CGN deployments in large scale service provider networks in that part of the world. Without such a regulatory impost its unlikely that any service provider would, of their own volition, embark on such a massive data collection and long term storage exercise."