What is IPDR / Internet Protocol Detail Records?
IPDR is a record of internet activity of an internet user, which is maintained by the ISP for purposes of billing and accounting, but it can also be used to track the internet usage of the user or subscriber. It is very useful for forensic investigation and tracking of suspects and can be helpful to Police or other investigating agencies.
Are my WhatsApp Voice Calls truly safe? Can the government tap into my WhatsApp Voice Calls?
Though the content of your WhatsApp calls are “End-to-End encrypted” and cannot be intercepted or tapped into, the fact of your calling someone can be determined by some educated guesswork by investigating agencies which use information like Call Detail Records and Internet Protocol Detail Records from both suspects’ cell phones to establish a link of possible communication between them. This information buttressed with circumstantial evidence can be a useful tool in the hands of investigating agencies to determine interaction and communication between suspects. Even if the actual content or information shared during the call or the text chat is not available, the fact of the call backed by some other facts can help determine a sequence of events surrounding an incident.
What does IPDR Contain?
IPDR logs contain many field which reveal alot about a user’s internet activity.
It includes fields like:
- Calling Mobile Number
- Called Mobile Number
- Duration of Session
- Start Time / End time of Session
- Amount of Data Transferred in that session
- Internal / External IP Address of user IPv4 or IPv6
- Port Number of the user
- Cell Tower ID / Location
- Azimuth Angle of the User’s Device from the Cell Tower
- Protocol Used
- Service Used
Field Name | Field Value |
---|---|
Record Type | IPDR Message Record |
Record Version | 4 |
Time Interval | 2022-03-09T10:00:00Z – 2022-03-09T10:05:00Z |
Service Class ID | 5 |
Service Category ID | 3 |
Sender ID | +123456789 |
Receiver ID | +987654321 |
Message ID | 1234567890 |
Message Type | Text |
Message Content | Hello, how are you? |
Message Timestamp | 2022-03-09T10:02:00Z |
Message Status | Delivered |
Bytes Sent | 256 |
Bytes Received | 512 |
Packets Sent | 2 |
Packets Received | 4 |
Under which law can the Police in India request for IPDR from the Service Provider?
Under section 91 and 92 of the Criminal Procedure Code, the police or Court can request the IPDR information from the service provider and get an officially certified copy of the same from the Nodal office of that ISP.
91. Summons to produce document or other thing.—(1) Whenever any Court or any officer in charge of a police station considers that the production of any document or other thing is necessary or desirable for the purposes of any investigation, inquiry, trial or other proceeding under this Code by or before such Court or officer, such Court may issue a summons, or such officer a written order, to the person in whose possession or power such document or thing is believed to be, requiring him to attend
and produce it, or to produce it, at the time and place stated in the summons or order.
(2) Any person required under this section merely to produce a document or other thing shall be deemed to have complied with the requisition if he causes such document or thing to be produced instead of attending personally to produce the same.
(3) Nothing in this section shall be deemed—
(a) to affect sections 123 and 124 of the Indian Evidence Act, 1872 (1 of 1872), or the Bankers’ Books Evidence Act, 1891 (13 of 1891), or
(b) to apply to a letter, postcard, telegram or other document or any parcel or thing in the custody of the postal or telegraph authority.92. Procedure as to letters and telegrams.—(1) If any document, parcel or thing in the custody of a postal or telegraph authority is, in the opinion of the District Magistrate, Chief Judicial Magistrate, Court of Session or High Court wanted for the purpose of any investigation, inquiry, trial or other proceeding under this Code, such Magistrate or Court may require the postal or telegraph authority, as the case may be, to deliver the document, parcel or thing to such person as the Magistrate or Court directs.
(2) If any such document, parcel or thing is, in the opinion of any other Magistrate, whether Executive or Judicial, or of any Commissioner of Police or District Superintendent of Police, wanted for any such purpose, he may require the postal or telegraph authority, as the case may be, to cause search to be made for and to detain such document, parcel or thing pending the order of a District Magistrate, Chief Judicial Magistrate or Court under sub-section (1).
Which laws, rules or guidelines govern and protect IPDR in India?
For how long does a service provider or intermediary need to store the IPDR information?
As per the old Circular No. 820-01/98-LR /Vol. (VII) Part-II issued by the Department of Telecommunications on 13-4-2021, all ISP’s needed to maintain all commercial records/ Call Detail Record (CDR) / Exchange Detail Record (EDR) / IP Detail Record (IPDR) with regard to the communications exchanged on their network for at least one year for
scrutiny by the government for security reasons and may be destroyed thereafter unless directed otherwise by the government.
In December 2021, the DoT amended the earlier guidelines and as per Circular No. 20-271/2010 AS-I Vol. (III) issued by the Department of Telecommunications on 21-12-2021, all ISP’s now need to maintain all commercial records/ Call Detail Record (CDR) / Exchange Detail Record (EDR) / IP Detail Record (IPDR) with regard to the communications exchanged on their network for at least two years for
scrutiny by the government for security reasons and may be destroyed thereafter unless directed otherwise by the government.
As per law, what information does the IPDR in India need to contain?
As per the DoT letter dated 1-10-2013 bearing No. 820-01/98-LR/Vol. (IX) Pt. I, the IPDR needs to contain atleast this information:
- Name of user / organization
- Address
- Contact No.s
- Email address
- Landline / MSISDN / MDN / Leased circuit ID
- Internet access User ID
- IP Address assigned
- Static / Dynamic IP Address allocation details
- Source port in case of NATing
- IP Allocation Start Date / Time in IST format
- IP Allocation End Date / Time in IST format
- Source MAC Address / Device ID No. / Virtual MAC Address
Common IP addresses / Port Number List for well-known services
Whatsapp:
TCP Ports: 4244, 5222, 5223, 5228,50318, 59234 & 5242
UDP Ports: 34784, 45395, 50318, 59234
Telegram:
This information is sourced from the Internet through Public and Private forums. This information may keep changing depending on the Service Provider / Intermediary.
How is IPDR Different from CDR?
Information which the IPDR contains but CDR does not contain
IPDR includes data about IP-based services: IPDR is designed to capture data from IP-based services such as internet browsing, email, chat, and VoIP (Voice over Internet Protocol) calls, whereas CDR is primarily used for traditional voice calls.
- IPDR contains more detailed information about sessions: IPDR captures more detailed information about sessions than CDR. This includes the start and end times of each session, the amount of data transferred during the session, the protocol used, and more.
- IPDR captures information about the type of device used: IPDR can capture information about the device used for the communication, such as the make and model of the phone or computer, and the type of browser or app used.
- IPDR captures information about the location of the communication: IPDR can capture information about the location of the device at the time of the communication, including the GPS coordinates, IP address, and cell tower ID.
- IPDR captures more granular data about communication patterns: IPDR can capture data about communication patterns between users, such as the frequency and duration of calls, and the types of services used.
- IPDR captures more detailed billing information: IPDR captures more detailed billing information than CDR. This includes the amount of data transferred, the time and duration of the communication, and the type of service used.
Overall, IPDR provides more detailed information about IP-based services and can capture a wider range of data than CDR.
Information which CDR contains but IPDR does not contain:
CDR includes data about traditional voice calls: CDR is designed to capture data about traditional voice calls, such as the start and end times of the call, the duration of the call, the phone numbers of the parties involved, and the location of the call.
CDR captures information about call setup: CDR records information about the call setup process, including the phone number that initiated the call, the phone number that received the call, and the time it took to set up the call.
CDR captures information about call termination: CDR records information about the termination of the call, including the reason for the call termination, such as whether it was a missed call or a hang-up, and the duration of the call.
CDR captures more detailed information about call quality: CDR can capture more detailed information about the quality of a voice call, such as the signal strength, noise level, and call drops.
CDR captures information about roaming: CDR records information about roaming, including the location of the caller when they initiated the call, and the location of the caller’s home network.
Sample IPDR data
Record | Version | Record Type | Timestamp | Source IP Address | Destination IP Address | Protocol | Source Port | Destination Port | Service Type | Session Duration | Bytes Transferred |
---|---|---|---|---|---|---|---|---|---|---|---|
1 | 10 | N/A | 2022-03-08T12:30:00Z | 192.168.1.10 | 8.8.8.8 | TCP | 54321 | 80 | Web Browsing | 00:10:00 | 1000000 |
2 | 10 | Start of Session | 2022-03-08T13:00:00Z | 192.168.2.20 | 10.0.0.2 | UDP | 12345 | 5000 | VoIP | 00:20:00 | 500000 |
3 | 10 | N/A | 2022-03-08T14:30:00Z | 192.168.3.30 | 172.16.1.1 | ICMP | N/A | N/A | Network Monitoring | 01:00:00 | 0 |
4 | 10 | N/A | 2022-03-08T15:45:00Z | 192.168.4.40 | 8.8.4.4 | TCP | 80 | 443 | Web Browsing (HTTPS) | 00:05:00 | 50000 |
5 | 10 | N/A | 2022-03-08T16:00:00Z | 192.168.5.50 | 10.1.1.1 | TCP | 8080 | 80 |
Sample IPDR entry of a WhatsApp Voice Call
Note: This is just a sample IPDR table and the values provided are for illustrative purposes only. Actual IPDR data may vary depending on the specific service provider and the technology used for the communication.
Field | Value |
---|---|
Call ID | 123456789 |
Source Number | +91 9876543210 |
Destination Number | +1 1234567890 |
Call Start Time | 2023-03-08 10:00:00 |
Call End Time | 2023-03-08 10:05:00 |
Call Duration | 00:05:00 |
Call Type | Voice |
Call Quality | Good |
Call Charges | N/A |
Call Location | Mumbai, India |
Connection Type | Wi-Fi |
Handset Manufacturer | Samsung |
Handset Model | Galaxy S21 Ultra |
OS | Android |
App Version | WhatsApp v2.22.5 |
Bytes Sent | 1,024,000 |
Bytes Received | 2,048,000 |
Encryption Status | Encrypted |
Call Direction | Outgoing |
Sample IPDR Entry of a WhatsApp Voice Call
Field Name | Value |
---|---|
Record Type | IPDR |
Protocol | |
Service | Video Call |
Call Start Time | 2023-03-09 10:30:00.000 GMT+5:30 |
Call End Time | 2023-03-09 10:32:00.000 GMT+5:30 |
Duration | 2 minutes |
Source IP | 192.168.0.10 |
Source Port | 57334 |
Destination IP | 142.250.64.14 |
Destination Port | 443 |
Bytes Sent | 3,427 KB |
Bytes Received | 2,239 KB |
Video Resolution | 720p |
Audio Codec | Opus |
Video Codec | VP9 |
Frames Per Sec | 30 |
Can the police hear my phone call recordings through the IPDR?
No. Just like Call Detail records (CDR) the IPDR only contains the meta data of your Internet activity. It does not store the actual content sent or received.
It does not have the audio recording of your call or the text messages that you have sent through services like WhatsApp, Telegram etc. but it has ancillary information about the call, which can reveal some facts about the nature of the call.
What are some of the limitations of IPDR information?
- IPDR and CDR both do not store your actual call recordings or the audio from your call.
- IPDR information has an element of guess work in determining who were the called and calling parties. Without external circumstantial evidence, IPDR maybe of little use.
- IPDR analysis is heavily dependent on publicly available information of the Service Providers or intermediaries. Not all intermediaries or service providers have their IP Addresses and Port Numbers publicly listed. This is sourced from public domain information on the Internet which may not be verified.
Is there any way to prevent being tracked through IPDR?
Trusted VPN Services are one way of avoiding IPDR Tracking. Although the VPN Provider maybe keeping logs of the traffic passing through, it will make it more difficult for law enforcement agencies to track traffic going through a VPN tunnel.
List of Resources which reference IPDR in India
- https://dot.gov.in/sites/default/files/Authentication and Maintenance.pdf?download=1
- https://dot.gov.in/sites/default/files/Compliance%20of%20IPDR.pdf?download=1
- https://dot.gov.in/sites/default/files/Revised%20IPDR%20fromat%2016-11-21.pdf?download=1
- https://dot.gov.in/sites/default/files/Letter%20and%20CDoT%20Booklet%20for%20IPDR%20options.pdf?download=1
- https://dot.gov.in/sites/default/files/DOT%20letter%20dated%2015-11-2022%20wrt%20Compliance%20of%20Revised%20IPDR%20format.pdf?download=1
- https://dot.gov.in/sites/default/files/ILDAmendment_2.pdf?download=1
- https://dot.gov.in/sites/default/files/21122021%20UL%20CDR%20two%20years.pdf
- https://dot.gov.in/sites/default/files/Amendment%20in%20Internet%20Service%20Provider%20.pdf?download=1
- https://dot.gov.in/sites/default/files/Amendment%20Commercial%20VSAT.pdf
- https://dot.gov.in/sites/default/files/Letter%20dated%2019-09-2022%20for%20compliance%20latest%20by%2031-10-2022.pdf?download=1
- https://dot.gov.in/sites/default/files/Amdmt.%20in%20VMS%20AT%20UMS%20dated%2027.01.2022.pdf