[minimaster]

Disclaimer: I work with this stuff and might be a little biased to certain vendor solutions.

A good CGNAT implementations have support for static blocks: the subscriber always ends up a a specific ipnumber+portblock combination. (Each subscriber is assigned a specific number of exit ports and this all just logged once during startup so you always know where each subscriber ends up).

Should they run out of their assigned portblock, there are pools which you can borrow from (these need then to be logged who borrowed at what time etc). So all in all there is less logging than when everything was dynamic.

[endre]

And law enforcement inquiries barely contain source port information, or precise time. Most of then go like: who had this IP in $this-two-weeks-window. No source port, no destination IP/port.

[t0mas88]

"We don't have the ability to determine a specific subscriber based on the information provided" and close the request.

[kazen44]

this is not how most of these laws works. As an ISP, you are required to have this bookkeeping, and are audited for it in (most) countries.

Usually, the law has specific procedures about how this information is requested, what responsibilities are with which party, and how long the response time should be for suchs a request.

When starting (or already being an ISP). You already know what kind of system you need to build that matches all these requirements by law. Simply saying, we do not have the required information wouldn't work because the law has very specific details about the requested information.*

* this is in a european country, so no clue if this is applicable to the US.

[t0mas88]

In my European country the law very specifically tells ISPs what to record. It doesn't require them to produce any conclusions or other data, so if you ask for a subscriber name without enough details (port and destination in this example) the response I gave is totally legal. I have in fact seen that kind of thing happen and compliance departments tend to favor exactly this, do what the letter of the law said, not a byte more unless a court orders them. The risk otherwise is that you're illegally violating the privacy of a customer just to please some law enforcement agency.

As a follow-up the agency, with the right court order, could get all the raw connection records and try to figure it out themselves. But if you don't know the exact time and (source IP, port, destination IP, port) combination you're not going to figure it out in a network with large scale NAT.

[philderbeast]

that will just lead to a whole lot of "we dont have that information" or alternativly, "all of these 10000 people used that, have fun!"

[floatboth]

And isn't that the privacy we all would really enjoy? :D

[IntelMiner]

The "I'm Spartacus!" of torrenting

(For those who haven't heard the reference https://www.youtube.com/watch?v=FKCmyiljKo0#t=0m40s )