On 13 October 2017, the Estonian Presidency of the Council of the EU and Europol held a workshop attended by 35 EU policy-makers and law enforcement officials, to address the increasing problem of non-crime attribution associated with the widespread use of Carrier Grade Network Address Translation (CGN) technologies by companies that provide access to the internet. The workshop was supported by experts from Europol’s partners: Proximus, CISCO, ISOC, the IPv6 Company, and the European Commission.
CGN technologies are used by internet service providers to share one single IP address among multiple subscribers at the same time. As the number of subscribers sharing a single IP has increased in recent years – in some cases several thousand – it has become technically impossible for internet service providers to comply with legal orders to identify individual subscribers. This is relevant as in criminal investigations an IP address is often the only information that can link a crime to an individual. It might mean that individuals cannot be distinguished by their IP addresses anymore, which may lead to innocent individuals being wrongly investigated by law enforcement because they share their IP address with several thousand others – potentially including criminals.The Estonian EU Presidency identified the issue of CGN and online crime attribution as one of its priorities and will table the results of the workshop on the agenda of the Standing Committee on Operational Cooperation on Internal Security (COSI) as a contribution to improving the EU´s cybersecurity.