Well, I have been harping on about location data for emergency services for our VoIP services and fun and games with OFCOM.
What was interesting yesterday was learning more about where this is going over the next few years.
From a technical point of view, a VoIP provider cannot normally locate a customer as all they really have is the IP address details of the far end. The internet acts as a long extension cable connecting the end user to the VoIP provider. Expecting the VoIP provider to locate the caller is not practical.
So the plan is pretty simple - VoIP provider gives details of IP/session to the emergency services and they ask the ISP for details of the location, in real time. The ISP is technically in a much better position to provide location data.
There are a whole load of technical issues with this, and lots of edge cases (don't even mention TOR, or NAT64). However, for a lot of cases, even dynamic allocation with DSL, it is technically possible for an ISP to identify the endpoint for an IP in real time. After all they have to route packets in real time, so that makes sense.
The problem really is that this is a technical committee trying to find a technical solution. They do not have the remit of trying to work out how the hell this happens in practice from a legal point of view, or the policy implications. This sort of division of considerations is not uncommon, but it could mean some interesting times ahead for ISPs, especially small ISPs.
One of the big issues is that this is complicated for an ISP to do. A lot of ISPs, especially small ISPs, buy in the various kit to make it all happen and it all works well together as you would expect. But this sort of location lookup needs more than just BGP and RADIUS. It needs integration with ordering systems and billing systems, and much more. These are often home made or even manual systems in small ISPs and simply not set up for real time queries. The variation from ISP to ISP makes an off the shelf solution difficult. Oh, and the final catch is the 99.999% reliability requirement which is probably something that no ISP can really guarantee.
So, this really will only happen if there is regulation requiring it to happen - given how well OFCOM worded GC4, I can see that being a nightmare. As an ISP I don't like any new regulation, and it is clearly unfair on the ISP if they have to do the work for someone else's VoIP service. After all, the ISP is just passing packets. Why are they tied up with onerous voice regulation just because someone else is sending voice packets over their network, any more than they are tied up with banking regulations because on-line banking goes over their network. Though yes, like us, many ISPs also do VoIP, that is not always the case. At the moment ISPs can choose not to get involved in all this 999/112 hardship by not doing VoIP, but that seems likely to change.
Of course, one of the other issues is that, assuming it is regulated for and enforced, all ISPs will have a handy real-time IP to location lookup service. It is, of course, only for emergency services. But can you image that government departments will not want to get their hands on something so useful? How long before the copyright industry lobby for access (after all, the ISPs are already doing it at that point, so no extra cost)? Before you know it we will have councils using the interface to track kids playing truant from school.
And then, of course, what of ISPs that sell the service. It is bad enough geo-location services guessing you might want to meet girls in low earth orbit but what if they actually had your full address based on your IP? I am sure the DPA would have something to say, but some contracts already seem to allow crazy data sharing like this. Commercialy it may be the only way for the ISP to recover some of the money spent making such a system.
The only light at the end of the tunnel is that there is an idea for the next stage - where smarter VoIP devices find where they are (GPS for example). This could involve protocols for devices to ask their DHCP server or upstream servers for their own location, which is easier to do and clearly has less privacy issues. The device then sends the information with the call and that gets passed through to emergency services. I'd like to see us moving to that type of solution and not implementing a huge can of worms by imposing all sorts of new requirements on ISPs... We'll have to see what happens.
Interesting times ahead.