Man Tracked Down and Arrested Via WoW

kabome writes with this excerpt from a story about an alleged drug dealer who was located by law enforcement thanks to World of Warcraft: "Roberson’s subpoena was nothing more than a politely worded request, considering the limits of his law enforcement jurisdiction and the ambiguity of the online world. 'They don’t have to respond to us, and I was under the assumption that they wouldn’t,' said Roberson. ... Blizzard did more than cooperate. It gave Roberson everything he needed to track down Hightower, including his IP address, his account information and history, his billing address, and even his online screen name and preferred server. From there it was a simple matter to zero in on the suspect's location."

obligatory

[phantomfive]

Penny Arcade did their thing about it.

It kind of sucks for that guy, but basically if you don't like laws, you'll usually be better off trying to change them than run away. There's generally nothing unethical about helping the police find someone who's accused of committing a crime.

Re:obligatory

[Jah-Wren+Ryel]

If the police wants you for X, for any value of X, do you really expect privacy?

I expect due process and that everybody get their ducks in a row - in this case that should have been a subpoena.
Its not like anyone was in any immediate danger from the suspect - there was no rush. If the guy was a legitimate suspect the cops should have no problem running it past the appropriate oversight (i.e. the judge who issues the subpoena).

Heh.

[headkase]

What's Blizzard going to do when someone posing as law enforcement gets some information and then goes and murders that person... Hmm?

Re:Impropriety

[MichaelSmith]

On a different note a guy who was fairly senior in a large ISP here told me that one of their subscribers send whattlooked like a suicide note over IRC. The person who spotted it got onto the ISP, who gave the billing address to the local police in that jurisdiction. They got there just in time.

Re:Impropriety

[houghi]

In Belgium that could mean that the data was obtained illegally and the case could be thrown out. You need a court order to get privacy data, even if you are a cop and walk into the building. Well, especially if you are a cop, as you should know what the procedure was.

Not only would it be possible to get the case thrown out, it would also be possible to sue the company for giving out personal information. There is a reason for this and even now it happens that in individual cases police abuse the knowledge they have for personal gain.

The positive part is that it should be clear to everybody involved what you can give out when and when you can't. "If you can't produce the correct papers, I can't give you anything. Now go away and leave the building." and yes, I have seen policemen escorted out of the building because they did not have the correct papers with them and if they would have stayed, we would have filed for trespassing and breaking and entering and what not.

They came back two hours later with the correct papers and got all the cooperation they needed. From that day on they came with a court order each time and each time got what they asked for in the warrent (nothing more and nothing less).

Re:strange

[canajin56]

If it has no info, it uses the registered address of your ISP. Otherwise, it's all data-mining. They have agreements with data-miners, who themselves have agreements with thousands upon thousands of websites. Go to Best Buy's websites, enter a zip/postal code to find the closest store to you? There, bam, the geo-locators have a zip code tied to an IP address. If you're not on an ISP that cycles frequently, they have you. I don't know how accurate USA zip codes are, but Canadian postal codes, they will get you a block, more or less. And if you enter an actual, real address anywhere ever, they have your real address tied to your IP address, too. But like I say, it doesn't just depend on your stupidity in giving out your address, it also depends on your ISP. My parents were on Shaw@Home internet. Our IP address never changed, ever. Not unless the modem lost power for more than 5 minutes. Now I'm on Sympatico DSL. Its IP address changes whenever its unplugged for even a second, and it also changes about once or twice a month, sometimes more. Even if I was dumb in giving out my address, it probably wouldn't be accurate for Sympatico customers, because they shuffle around a LOT, and the geo-location websites are never fully up to date, data-mining is time consuming! Also, some ISPs subnet a lot, so even if your IP address shuffles, it probably didn't stray very far from your real address, so they still would have at least your city, if not your neighborhood. Some ISPs don't subnet at all, so your IP address comes from a pool assigned to their entire service area. That's why some people will go in, and see that some websites report them in NYC, and some in San Fransisco. Because their ISP assigns its IP addresses wherever they fall, and if they're a national ISP, that could mean anywhere.

But anyways, yeah, if you're on an ISP that doesn't cycle its IP addresses around, and you're dumb enough to give your real address to websites at any point, it really could be CSI level magic. But the thing is, the IP Address to lat-long step, would really be IP Address to Address to Lat-Long, he must have just used a geo-locator site that does that conversion for you, and either doesn't give the base address it used for that computation, or the cop just didn't notice it.