Media Information
Archived Press Releases
Proposed Internet Standard Will Reduce Privacy Risks
FOR IMMEDIATE RELEASE: 27 February 2001
Washington, DC -- It will be more difficult for anyone to identify web surfers and track their usage of the Internet when a new standard proposed for the Internet takes effect. Released by the Internet Engineering Task Force (IETF), the standard, specified in IETF document RFC 3041, lays out the details of how and when randomly generated information can be used in place of more identifiable fixed data.
The standard is designed for use with Internet Protocol Version 6 (IPv6), which was developed by the IETF to enhance network management, security, ease-of-configuration, and scalability of the Internet.
Every time someone connects to the Internet, a unique number (called an IP address) is assigned. Addresses are a fundamental requirement of communication and cannot easily be hidden from eavesdroppers and other parties. Part of the IPv6 design includes a larger address space capable of supporting the many billions of devices in the home and office that are expected to be connected to the Internet during the coming decades.
Market researchers use techniques (data-mining) that could track Internet usage and, if addresses didn't change, match them to individuals.
This is of particular concern with the expected proliferation of next-generation Internet-connected devices (e.g., PDAs, cell phones, etc.) that could be associated with individual users. With the growing use of "always-on" links (DSL, cable modems), users are increasingly subject to data mining that tracks their unchanging Internet address.
IPv6 pioneered a labor saving way for "interface identifiers" to be formed automatically in devices, as one of the various methods of setting up addresses. But, both this and the interface identifiers in "always-on" environments result in permanent numbers as part of the addresses and allow the same tracking as the current Internet Protocol (IPv4). Randomly generated numbers can be used in place of the permanent numbers, and the release of RFC 3041 will standardize how and when that will be done. It addresses methodologies to resolve the establishment of IPv6 addresses to assure anonymity. "We think this proposed standard is important for protecting the privacy of Internet users," said Jawad Khaki, VP of Windows Networking for Microsoft, "and we are supporting it in Windows XP."
IPv6 is expected to replace IPv4 over time, with the two co-existing for the near future. As is common for Internet standards, RFC 3041 will continue to be discussed by the world-wide membership of the IETF, further enhanced, and adopted by Internet vendors in the coming months.
RFC references:
The following RFC's can be located using http://www.ietf.org/rfc.html and typing in the RFC number in the box::
- RFC 3041 "Privacy Extensions for Stateless Address Autoconfiguration in IPv6 http://www.ietf.org/rfc/rfc3041.txt?number=3041
- RFC 2373 "IP Version 6 Addressing Architecture"
- RFC 2462 "IPv6 Address Autoconfiguration"
- RFC 2965 "HTTP State Management Mechanism" RFC 2131 "Dynamic Host Configuration Protocol"
- RFC 2136 "Dynamic Updates in the Domain Name System (DNS UPDATE)"
- RFC 2461 "Neighbor Discovery for IP Version 6 (IPv6)"
- RFC 2401 "Security Architecture for the Internet Protocol"
- RFC 2002 "IP Mobility Support"
- RFC 1750 "Randomness Recommendations for Security"
About the IETF
The Internet Engineering
Task Force (IETF) is the principal body engaged in the development of
new Internet standard specifications. It is a large open international
community of individuals who make technical and other contributions to
the evolution and smooth operation of the Internet. There is no formal
membership in the IETF. It is open to any interested person. Anyone may
register for and attend any meeting. The IETF is divided into eight functional
areas Applications, Internet, IP Next Generation, Network Management,
Operational Requirements, Routing, Security, Transport and User Services.
Each area has one or two area directors. Each area has several working
groups, which is where the actual technical work of the IETF is done.
Working groups operate under a charter to achieve a certain goal. That
goal may be the creation of an Informational document, the creation of
a protocol specification, or the resolution of problems in the Internet.
Many working groups disband once they have achieved their goal, so the
number and scope of working groups varies at any point in time. Much of
the work is handled via mailing lists. The IETF holds meetings three times
per year. http://www.ietf.org
About ISOC
The IETF is chartered
by the Internet Society (ISOC), http://www.isoc.org,
a non-profit, non-governmental international organization providing leadership
in the management of Internet related standards, educational, and policy
development issues. ISOC's more than 8,000 individual and 170 Organizational
members around the world make up a veritable who's who of the Internet.
Contact:
Thomas Narten
narten@raleigh.ibm.com
