Can You Really Be Traced From an IP Address?

Barence writes "Identifying individuals using nothing more than their IP address has become a key part of anti-piracy and criminal investigations. But a PC Pro investigation casts serious doubt on the validity of IP-based evidence. 'In general, the accuracy of IP address tracing varies depending on the type of user behind the IP address,' Tom Colvin, chief technology officer with security vendor Conseal told PC Pro. 'Whilst big businesses can be traceable right back to their datacenters, standard family broadband connections are often hard to locate, even to county-level accuracy.'"

Static & resolves?

If your address is static & your ISP is quite happy to cooperate...however, if you're like most people, on dynamic IP, or some behind proxy or on Tor etc then the "evidence" can be highly unreliable.

Re:Static & resolves?

I would say if your address is static OR you ISP is happy to cooperate; only takes one for you to be quite trackable. What worries me a bit is that this article seems to advocate for legal precedent to be based on this idea, which is quite short sighted. Yea, right now it might be a bit hard to authoritatively determine the end user of a dynamic IP, but IPv6 is coming and when it does, everything and everyone will have their own, easily traceable IP address. Privacy laws need to be based around that assumption now.

Re:Static & resolves?

[isopropanol]

My IP at home is dynamic but I've had the same one for over a year.

Re:Static & resolves?

[dogsbreath]

It also depends on the accuracy of the ISP dynamic IP records.

The IP records, if they keep them, are subject to a number of accuracy issues. So much of the ability to trace the given IP at a given time back to a particular subscriber line or dataset depends on accurate configuration of many devices and databases... and on the people that manage all of it.

eg1: Allocation of routable IP address ranges to DHCP servers changes more often than you might think, primarily due to the scarcity of IPV4 addresses. Depending on how the ISP handles these changes, you could easily have a situation where a subscriber endpoint is returned that is no longer correct.

eg2: Say we're talking about DSL. In all of the millions of pairs of wires that have been connected by hand, there are bound to be errors, either in the actual jumpering or in the record keeping about the jumpers and the end points. Believe me, this happens and it can go undetected for a long time.

eg3: Systemic errors in the provisioning software that manages the DHCP servers. As long as the billing records don't come into question and the subscribers get their service, it is unlikely that anyone is going to notice that there is a problem with the generation of the reverse lookup name. If the dynamic IP to dynamic name relationship is not always correct, who is going to notice? This one in particular can be a real bugger to find.

eg4: You would think that everything is kept straight by monolithic, standardized allocation software and methods that are tried and true, but all you need is one manual step in a process to throw everything into question. Excel spreadsheets crop up in the most unexpected places.

Basically, IP tracking by an ISP is an inventory management issue and even with relatively static warehouses it is nigh on impossible to get two counts to agree. The larger the inventory and the more dynamic the flow, the more likely there will be problems.

Re:Static & resolves?

With IPv6, people will have far more than just one address.

Re:Static & resolves?

[camperdave]

That's the way DHCP works. When the IP address lease is eligible for renewal, the client will ask the server if it can keep the existing IP address. If the server okays the request, the client keeps the same address. For continually connected networks, such as DSL and cable, you're typically not going to see a lot of change in the DHCP assigned IP address.

Re:Static & resolves?

[karnal]

You bring up excellent points. This also spiked me to think about my last interaction with my local Cable provider regarding an internet service outage. Each time I would call a Level 1 technician, they were always asking for my MAC address on the modem. Why wouldn't they just have this tied to the customer record? It's possible they were just verifying, but the tone of their voice made me feel otherwise....

Re:Static & resolves?

[dogsbreath]

Even MACs are dynamic. There are very few hard coded MAC addresses in devices anymore. Probably he wanted to make sure that he was looking at the same thing that you were.

The stuff I mentioned above are just on the ISP side. Unbelievably (tongue in cheek here), subscribers do all kinds of odd and unauthorized things. Neighbours and friends will swap, trade, loan and sell their set top boxes and modems. The curious sort will install custom firmware on the ISPs device, or they'll stick a transparent BSD box on the wire to see what fun they can have.

The IP allocation system will include a lot of devices that the end user may be surprised about. Of course there are the DHCP servers and the systems that mange them (set and query), but configuration of routers is often involved even to the provisioning of a single subscriber for access control, QoS, virtual circuits, etc etc. It is one big state machine and if someone monkeys with it (er... sets an illegal or unforseen state) then all bets are off as to how it operates.

This stuff is only simple on a small scale or from a distance.

Re:Static & resolves?

[TheLinuxSRC]

That is unless your DSL provider is Windstream. My IP changes almost daily with no service interruptions. It got so bad that I wrote a script that grabs my public IP every 5 minutes and scp's that to one of my servers every 5 minutes.

Re:Static & resolves?

[maxwell+demon]

Is there any reason why you don't just use dyndns?

Re:Static & resolves?

holy hell you know nothing about networking

Re:Static & resolves?

[Seumas]

Of course, when most ISPs have a very long DHCP lease, it might as well just be static. For example, if you have Comcast, chances are that your IP address hasn't changed since you first started your service.

Re:Static & resolves?

[TheLinuxSRC]

I don't need anything outside of the IP address so that I can SSH to my machines. I don't host sites or email or anything of that nature so name resolution is unimportant.

Re:Static & resolves?

[Cramer]

Everyone will have a static prefix. Privacy extentions randomly generate the rest of the address, and change it often (eg. 24hrs). And this assumes ISPs are going to assign static prefixes instead of DHCP6-PD -- which could be dynamic. You'll have the exact same issue as today... you cannot reliably trace an address to a specific machine and specific human being.

[Even in my house, where I'm the only perm. resident, it's never 100% assured that I'm the one generating traffic. There are dozens of people with devices that can access my wireless network. And 3 that have keys that can access the wired network. Plus the possiblity of remote users doing things -- with or without permission.]

Re:Static & resolves?

[Cramer]

Yes, it is. But if it's like any of the systems I've worked with over the years (and some I wrote myself), it's faster to ask the user than go dig it up. The first thing we asked for was "customer number and/or circuit id". Yes, we can find that from a company name, postal address, ip address, or the billing account name (which for a company can take several guesses.) (and at BTI, being a phone company... a phone number.)

What they need depends on what system they're using.

Re:Static & resolves?

So why don't you enlighten us?

Re:Static & resolves?

[dogsbreath]

I meant that you can clone MAC addresses (a common feature on home routers) or you can set them to whatever you want. You can't assume that a MAC address will be unique outside of a LAN segment. IP collisions are easy to create by setting a static IP on your machine, but so are MAC collisions. Some people like to try to get other people's service features by copying MACs. Doesn't usually work because of other issues but you still get people trying it.

It just goes back to the original point that identifying someone definitively by their IP and information from the ISP has lots of room for error. Even if the ISP has excellent record keeping and systems, other people can throw a monkey wrench into things. It should take a fair amount of effort to prove without a doubt that a given IP was actually provisioned to a given location at a given time. Even more to prove that a specific person was using that IP.

I was referring to big iron routers re: ACLs and so forth. Not your little DLINK home WAP.

Re:Static & resolves?

[ScrewMaster]

Of course, when most ISPs have a very long DHCP lease, it might as well just be static. For example, if you have Comcast, chances are that your IP address hasn't changed since you first started your service.

Yes. I had them for a few years, and you're right: it hardly ever changed. The only times that it did were when they were doing a major network upgrade (I lost service for an hour or so, and when it came back on I had a new IP) and when I upgraded my speed. I think they call it a "Permanent IP", meaning they can change it if they want, but usually leave it alone. Worked well for me: I could get to my machines from the outside and didn't need to bother with DynDNS or anything like that.

Re:Static & resolves?

[hairyfeet]

Not to mention how much oversight and protection is there from a MITM working on the inside of your local ISP? I had to clean up the mess at a law office once where one of the asshat IT guys had set up his own file sharing and Quake server on the backend, and frankly if he hadn't been caught surfing pron by having a PHB literally walk in on him he'd be there today and frankly I think he had more oversight than many of the contract guys at my local ISPs.

While we'd all like to think our ISP is at least run in a professional manner, especially when we are talking about shit like this that can drag you into court for years or even throw you in PMITA prison, actually having contact with some of the guys working local offices makes me believe this is about as far from the case as can be. Most of the ones I've dealt with are contract hires that frankly really don't give a fuck WHAT is going on, as long as they get their check.

Would it surprise me if one of these guys wanted to do something illegal and just set himself up a little box in the back? Not at all and it would probably be damned hard to prove where the IP address in question terminated 4 years ago last Tuesday and THAT I find scary as hell. How many times does your dynamic address change? Mine changes practically every time the wind blows and my local ISP wants ass raping prices for a static address.

But considering I've had to deal with these guys for some of my business clients and got told "And?" when I pointed out more than a dozen illegal splices in his line frankly I wouldn't trust these guys to give me an honest bill, much less hand over evidence that is supposed to stand up in a court of law. There is just too little oversight and too much lowest bidder going on, at least in my area.

I mean for the love of Pete I've had to deal with a WISP that saw nothing wrong in ALL PCs on a node showing up in network neighborhood and having all shares accessible and we are supposed to trust these people to give data that could cost you years of court and/or prison time?

Re:Static & resolves?

[johncandale]

I highly disagree. From everything I know about ISP's, they take VERY detailed logs. I highly doubt, if your ISP is willing to cooperate as in the GP, it will be hard to match you up.

Re:Static & resolves?

[dogsbreath]

ROTFL Thanks for that! You're bringing back painful memories of an ISP our company absorbed. Their servers were all compromised by their star sysadmin who had rooted and compromised all of the servers and firewalls for his own admin (and other) convenience. The bad ol' days.

Best defence against that kind of thing is promotion and maintenance of a high standard of professionalism. You can put in all of the monitoring systems you want but the shop culture often determines how vulnerable you are to an inside job. My 2 cents anyways.

Re:Static & resolves?

[dogsbreath]

Absolutely, they keep records and detailed logs. But having done the systems architecture for such a system I can say without reservation that although most of the information is accurate, there are erroneous records. And it is almost impossible to tell which records are correct and which are false without a lot of work.

So... if the law came to us and we gave them an IP record, and they asked about my confidence in it then I would say my confidence is high. If a defence attorney asked me if the records were ever wrong (ie: the subscriber to IP match is wrong) I would have to say yes. Then I could name at least a dozen issues that we have experienced that resulted in some erroneous records.

Also, I would have to attest that it is possible for someone to corrupt a lease record or even hijack a lease under certain conditions and within some limits.

That is all that the discussion is about. Not whether or not the ISP could trace back to you but whether the dynamic IP to subscriber record is certain and whether courts should take the IP to subscriber match at face value. Having worked with these systems I would say emphatically no, not without supporting evidence that the record is correct.

Usually it doesn't matter from an ISP point of view since most customers are on monthly billing plans and 98% of them never exceed their plan limits (what a change from dial-up!). So if no money is involved, what do we or the customer care if a few records are wrong? After all, we generate millions of DHCP log lines per day so what's misplaced IP, reverse lookup, or time event here or there? Point is, although in our system the records are very very accurate, they are not perfect.

Our original IP provisioning system was very bad. Sigh. Our records were terrible.

What's the lesson: the court should not assume that the records are accurate. Just because ISP xx has good records and systems doesn't mean ISP yy does. The ISP should have to show that the records are correct and also indicate how they could be wrong and what the likelyhood is. They should also have to show some kind of track record for the accuracy of the system. All of this is doable and is no more than you would expect from, say, a speed trap camera system in court. Police departments have to show that the device is calibrated, the operator is trained, the device has an accurate history, etc.

Re:Static & resolves?

It also depends on the accuracy of the ISP dynamic IP records.

The IP records, if they keep them, are subject to a number of accuracy issues. So much of the ability to trace the given IP at a given time back to a particular subscriber line or dataset depends on accurate configuration of many devices and databases... and on the people that manage all of it.

I can say from personal experience that the IP address records that ISPs (at least Comcast and Time Warner) keep are very accurate. I have personally used social engineering tactics to convince Comcast and Time Warner to just rattle off subscribers' entire list of personal information simply based on an IP address and date/time that I give them. They have since caught on and what I was doing no longer works, but their records are amazing and accessible by any bottom level first line tech support agent.

Re:Static & resolves?

[hairyfeet]

Oh that's why I don't work corporate anymore. All the Dilbert bullshit had me pounding my logical head against a wall too damned much. I don't make as much running my own little shop but I don't have the ulcers and headaches anymore either.

A perfect example of Dilbert bullshit was that law office. I told them I didn't have the time to manage their network and pointed them towards not one, not two, but THREE different IT guys, all with years of experience and know how, that could do a bang up job, so what do they do? Some bean counter decides actual IT guys are "a waste of the budget" and hires some ass clown his cousin knows that is a "whiz with computers". Let me tell you what I find when I'm called in a year or so later after they fire this joker, you'll LOL!

I get there and find the clown has thrown away ALL the PCs that I had purchased for them not two years ago as "too slow junk" (They were standard HP business machines, and NOT cheap ones I might add, just good quality office boxes) and replaced them with home built gaming rigs yes you read that right, home built Tigerdirect gaming rigs, with not a SINGLE part identical on ANY of them, so you can give up imaging or pushing updates. I had to shitcan the whole lot. Then to top it off he apparently didn't understand the standard corporate network setup I had left (Cisco Router hooked into standard switches, classic corporate setup) so he again shitcanned the whole thing and replaced the network with....get this shit.... over a dozen home ISP accounts and Dlink routers, you know, the shitty blue POS ones you'd get at Staples? Yeah those things. Over a DOZEN different ISP accounts with FOUR, count them four, different ISPs, as he'd run out of bandwidth he'd just add another Dlink and another ISP account. Dumbass!

So final damage? probably $50,000 worth of machines and hardware I'd originally setup GONE, just tossed in the trash, braintrust didn't even have enough sense to keep or sell any of it even though it was ALL still under warranty, and then another $50,000 to shitcan ALL of his gaming junk (which I kept and sold, after I explained how fucked they were they didn't want it nor did they want to pay me to auction it off (surprise) so into my truck it went) and rebuild the network. Did anyone besides the clown get fired? Nope, from what I understand the original beancounter got a raise for "savings on the budget" LOL and then they passed the costs of the TWO networks onto their clients. And before I left they were already bitching about how much a real IT manager cost so I wouldn't be surprised if they did the dance ALL over again!

It was shit like that that made me get out of corporate. I felt like the cave painter in "History of the World: Part 1" where he would paint this masterpiece and then some retard would come along and piss all over it. The levels of short sightedness, waste, and just mind numbing stupid were just too much for this logical brained IT guy to take anymore. Now I strictly fix boxes and deal with people that actually listen to me which while it don't pay as well is a hell of a lot less headache inducing.

Re:Static & resolves?

[dogsbreath]

I hear you. I was the only guy in the financial office of a large industrial firm. About $50 million / week of transactions. Customized Oracle Financials. Plus they had several projects on the go: automated invoice intake and they were big into real-time financial analysis. Not to mention generating database reports for the accountants. Oh and EDI (don't complain about XML until you deal with EDI).

I complained to my boss that it was just too much work... so he advanced the implementation date for the next project instead of spreading things out or hiring someone else.

I quit and they brought in a pair of expen$ive consultants to fill in while they spent two months hiring another fool.

Sigh.

Re:Static & resolves?

[hairyfeet]

See it is THAT, that right there, that made me have to quit corporate. They would have the thing running like a Swiss watch, have a guy that really knew his shit and had it running good, and what would they do? They would fire him or let him get away by not paying him decently and then have to bring in consultants at three times what it would have cost to simply pay the first guy and then waste just as much trying to bring another guy up to speed.

I knew it was time to get out when I just couldn't plaster a smile and lie my ass off anymore. I found myself saying things like "Is the point of this exercise to waste truckloads of cash? because if so you're doing a bang up job, bravo!" which needless to say didn't go over every well, but the endless mountains of stupid was just more than I could take.

And it wasn't like you had plan A, they had plan B, and both had their merits. Nope it was "We'll royally fuck the company by firing everyone with any experience, thus saving money on salaries!" and when you'd point out that the reason they got paid well is because they made money for the company and now that they were gone you had fuck all in the way of experienced workers and the place was quickly going to shit, you'd just get this blank fucking look on their face like the thought there was a day after today was too much of a concept for them to grasp. Un-fucking-believable.

And we've seen huge corps destroy the entire company with that same logic fault, like how Circuit City when faced with competition from Best Buy fired ALL the experienced sellers and thus saved money for a single quarter while giving all the business to Best Buy thanks to THEIR VERY OWN WORKERS which were simply snatched up by BB.

So if you are still in Dilbert land you have my sympathies my friend. But being cursed with an IQ of 156 and a severe case of logic made me just unsuitable for doing Dilbertisms. I couldn't just dig a hole on Mon to fill in back in on Tues because some PHB thought it would develop synergy or be 6 sigma or some other tripe, I just couldn't take it.

Re:Static & resolves?

I would have to say "sometimes" people will throw a monkey wrench into things. How many normal people are going to do half the things you're discussing? Remember, this is home internet we're talking about. People would rather set-and-forget and not worry about cloning/changing their MAC (no, your mom doesn't know how to do this) or setting ACLs on a cisco. Most people at home have a little DLINK home WAP. dur. And for the idiots that think they need something stronger for a home connection - well, I'm sure someone could figure that out too with enough time.

Sure. Don't be paranoid!

[Chas]

Depending on what data is being captured by the ISP for management purposes, this COULD be true.

But, if they can track you well enough to meter you (Comcast, AT&T, etc), they can track you down to your IP too.

WTF?

[YodasEvilTwin]

This is not the problem with IP tracking. In most instances the ISP will have logs linking IPs to customers, and people can be easily traced. The real problem is that AN IP IS NOT A PERSON. You cannot trace a person through an ISP (except through strong circumstantial evidence such as someone using their email account from that IP). If all the info you have is that someone/something at IP 12.34.56.78 downloaded kiddie porn, that's no evidence at all. Was it the suspect? Was it a family member or friend? Was it some random on the street who cracked the WEP key or accessed an open network? You have no idea and you never will unless you can find 1) evidence on a computer and 2) evidence that the suspect was using said computer at the time.

Re:WTF?

[MokuMokuRyoushi]

Interestingly, the article says much the same. If you're going to get pissed off about an article, shouldn't you at least read it first?

Re:WTF?

This is not the problem with IP tracking. In most instances the ISP will have logs linking IPs to customers, and people can be easily traced.

The real problem is that AN IP IS NOT A PERSON. You cannot trace a person through an ISP (except through strong circumstantial evidence such as someone using their email account from that IP). If all the info you have is that someone/something at IP 12.34.56.78 downloaded kiddie porn, that's no evidence at all. Was it the suspect? Was it a family member or friend? Was it some random on the street who cracked the WEP key or accessed an open network? You have no idea and you never will unless you can find 1) evidence on a computer and 2) evidence that the suspect was using said computer at the time.

strangely this doesn't seem to stop the authorities from charging many people and ruining their lives in the process before dropping the charges

Re:WTF?

[AHuxley]

Thats where a phone tap and sneak and peek can be so useful. A "plumber" at 12.03 on the afternoon you expected.
Just before they touch your tap something sets up a few lines about a mix up at the office.

Re:WTF?

you sound pretty mad, almost as if you're taking it personally. Or you have something (perhaps involve pictures of naked children) to hide.

Re:WTF?

[mark-t]

But an IP address (at any specific given time) does have a direct correspondence to a customer of the ISP, a specific person who has agreed to (often in writing) the ISP's terms of service, and would have already had to be prepared to assume accountability for how their connection to their ISP was utilized, even if it wasn't by them personally.

Re:WTF?

[VolciMaster]

If you're going to get pissed off about an article, shouldn't you at least read it first?

you must be new here...

Re:WTF?

[andrea.sartori]

You are right. The depressing thing in TFA is: "Unlike anti-piracy cases, however, IP tracking is only ever used as supporting, rather than primary, evidence in a criminal prosecution." (This said by a police detective constable.) That is, an IP address is apparently enough to bust you for downloading a song, but not enough to download CP... :/

Re:WTF?

[mijelh]

My fallacy detector just exploded. I *do* have many things to hide, but they are not illegal. I call that privacy.

Re:WTF?

[misexistentialist]

Whoever is upstream of the ISP must have earlier demanded that the ISP take full responsibility for data transmitted. Thoughtcrime: everyone is guilty, though punishment is at the discretion of the government.

Re:WTF?

But if they've tracked the IP to your household address, that is reasonable cause to get a search warrant and they'll take all the computers in the house and search them until they find something. The IP address may not give them indisputable proof, but it narrows the search down to just a few people, at a specific address in most cases.

Re:WTF?

[Wrath0fb0b]

You have no idea and you never will unless you can find 1) evidence on a computer and 2) evidence that the suspect was using said computer at the time.

No one is convicting based on IP addresses. But "the Comcast account at 215 Pine St was used to dl kiddie porn" is probable cause to get a warrant for the computers at that address. Probable cause is not proof beyond a reasonable doubt --- it's possible that it was a guy in a van in a laptop -- but there's still very good reason to believe that evidence will be found. See, e.g. http://en.wikipedia.org/wiki/Illinois_v._Gates. So the idea is that IP evidence is a good 'lead' to justify further searches for evidence to meet the criteria you were talking about even as it is insufficient by itself.

Re:WTF?

[Planesdragon]

If all the info you have is that someone/something at IP 12.34.56.78 downloaded kiddie porn, that's no evidence at all.

See:

1: Probable Cause
2: Personality Profiling
3: Jury trials.

A DA doesn't need to prove your kiddie porn habit to a geek-fandom level. He just needs to convince 12 more or less random strangers that it's very likely you traffic in child porn. And that's only if he wants to throw you in jail. If he just wants to harass you, he just needs to show a judge that IP address -- and he's got "probable cause" to bust down your door and take your PC from you. (Hell, if we're talking about a vice squad geek and not a DA, he can put off the judge until latter -- since you're so likely to alter your own logs or try and cover your tracks.)

Re:WTF?

[offsides]

Agreeing to an ISP's ToS means you have accountability to the ISP. In no way, shape or form does that accountability transfer to a third party with whom you have no such agreement. The ISP can take action to (for instance) terminate your account for violating the ToS regardless of who uses the connection to do so. Third parties cannot (and should not be able to) use that as "proof" that you (the account holder) are liable to them for anything.

Again - the infringer is a PERSON, not an IP ADDRESS, and there's often no good way to link the former to the latter. Police investigations do so as secondary evidence, meaning that they use other means to determine that the link is indeed valid. File-sharing lawsuits often have NO evidence other than the IP address, and without significant additional evidence there's no way to determine that an ISPs records (if any!) are actually valid, and even if they are and map the IP to a specific subscriber, there's again no way to prove that the subscriber was in fact the same PERSON as the infringer.

Re:WTF?

[alien9]

No. You are a newbie here, right?

Re:WTF?

[cheekyjohnson]

Who needs evidence!? If they were innocent, they'd be able to prove it! Being a civil suit changes everything and innocent until/unless proven guilty should no longer apply! That also goes for proof beyond a reasonable doubt. Forget them all!

Re:WTF?

[Score+Whore]

File-sharing lawsuits are typically civil actions, which has a completely different burden of proof. Preponderance of the evidence is the standard and that means >50%.

Re:WTF?

But an IP address (at any specific given time) does have a direct correspondence to a customer of the ISP, a specific person who has agreed to (often in writing) the ISP's terms of service, and would have already had to be prepared to assume accountability for how their connection to their ISP was utilized, even if it wasn't by them personally.

Hey Mark? Where do you park your car? Perhaps someone will steal it, commit a whole bunch of crimes with it, park where it where they found it (perhaps even top up the gas) and then let you have lots of fun "assuming accountability for how your car was utilized".

Re:WTF?

[anyGould]

strangely this doesn't seem to stop the authorities from charging many people and ruining their lives in the process before dropping the charges

That's because some areas score their law enforcement like they do sports teams - how many times did you "win"?

Re:WTF?

[TheSpoom]

Proof is not necessary in a civil suit, and the IP -> computer link is probably enough for the court to authorize seizure and examination of the computer in question.

Re:WTF?

[offsides]

That may be true, but there's the minor fact of having to find out a person's identity before you can sue them, and given the inability to map an IP address to a person, this is going to start impacting the initial discovery phase when "john doe" lawsuits are filed to determing who to actually sue. Yes, once they sue someone it may be possible to meet the burden of proof, but what if there's 3 equally plausible people who could have been responsible? If they sue one person, he can claim that there's only a 33% chance it was him, and 33%

The point is, unless you already KNOW who committed the infringement, and are just using the IP address as additional evidence against them, you're by definition taking a shot in the dark and hopefully suing the right person. And TFA is pointing out that some judges in Britain (at least) are starting to realize this. Large corporations have huge resources to put into going after people they sue, and yet they're firing buckshot into the crowd and seeing what they can bag, instead of using their resources to make sure they go after the right people. And judges HATE being used, which is what's going on, and once they realize what's happening they do things like this to put a stop to it.

Re:WTF?

[firewrought]

But an IP address (at any specific given time) does have a direct correspondence to a customer of the ISP, a specific person who has agreed to (often in writing) the ISP's terms of service, and would have already had to be prepared to assume accountability for how their connection to their ISP was utilized, even if it wasn't by them personally.

That's okay for billing purposes, but I hope you're not suggesting that we as a society should prosecute people for someone else's criminal actions. If person A is using person B's wifi to send bomb threats or conduct wire fraud, I sure hope our justice system is focused on finding person A. (Of course, this is ignoring your premise that a civil contract can be used to shift criminal liability...)

Re:WTF?

[mark-t]

I'm suggesting that a person be held civilly (not criminally) responsible for any illegal activities that occur on their own internet connection. If something happens that's not their own fault, then they might be able to plead a case for a repayment plan that won't bankrupt them, or, even better, cooperate with law enforcement to find the actual perpetrator, but to be frank, life sucks for pretty much most of the planet - if somebody even *HAS* a internet connection, they are already ahead of most of the curve. Meanwhile, they will hopefully take more precautions against it happening again in the future.

Re:WTF?

[mark-t]

I'll cross that bridge *IF* I ever come to it... which I'd be prepared to stake my life that it won't ever happen.

Re:WTF?

[mark-t]

You *CAN* map an IP address to the person who has the account with the ISP... and I have no problem whatsoever with people being civilly responsible (not criminally) for any illegal activities that occur on their internet connection. If they can provide reasonable evidence that they aren't likely to be personally responsible, then insurance could cover most of the costs involved.

Re:WTF?

[Snarfangel]

Interestingly, the article says much the same. If you're going to get pissed off about an article, shouldn't you at least read it first?

But I'm angry now!

Re:WTF?

[sjames]

There is a HUGE difference between contract law and AUP and criminal liability.

Re:WTF?

[ScrewMaster]

My fallacy detector just exploded. I *do* have many things to hide, but they are not illegal. I call that privacy.

Mine didn't explode but it chattered at me for a minute or so. That's the big problem with people who argue that we have nothing to fear from losing our privacy, and that only people who are criminals would be so concerned. We all have something to hide, for one reason or another, and law enforcement is often the least of our worries. But we don't want law enforcement pawing through our stuff and making it all public, or just going on fishing expeditions because they don't have any real work to do. The Founders understood that pretty clearly, I think.

Re:WTF?

[ScrewMaster]

You *CAN* map an IP address to the person who has the account with the ISP

Not reliably, which is what we've been discussing at some length, and given the consequences of error it's simply not acceptable to use an ISP's logs as the sole evidence in a trial. It simply is not.

and I have no problem whatsoever with people being civilly responsible (not criminally) for any illegal activities that occur on their internet connection. If they can provide reasonable evidence that they aren't likely to be personally responsible, then insurance could cover most of the costs involved.

You'll change your tune quick if the RIAA decides to go after you. And frankly, I don't know what kind of insurance the average person would have that would cover legal costs that can run into the hundreds of thousands of dollars or more over copyright infringement. My car insurance won't. My home insurance won't. My business insurance won't. What kind of insurance do you have against frivolous lawsuits by multimillion dollar law firms who can outspend you at every turn?

The Recording Industry Association of America has demonstrated, in some 30,000 copyright infringement lawsuits, that they simply do not care if they target the proper parties, or even if they have the legal right to sue for the supposedly infringing material! They don't care if the person has a computer, an Internet connection, or is even alive (yes, they've tried to sue dead people.) Your presumption is that the parties seeking this information are ethical, honest, and have any intention of playing fair, or obeying the law. They are not and do not, and given that fact, we need to be a little less cavalier about how we handle such privacy issues. Many lives have been destroyed so far, and with similar leech colonies eyeballing the same tactics, something should be done to make sure that these lawsuits are based upon fact, not conjured out of some sociopathic attorney's mind.

Furthermore, their usual tactic is to win a default judgment against in you in some venue far, far away from you. Then they come to you and say, "Well, see, we've already had our day in court (you didn't, ha ha, because we didn't even tell you that we were suing you, you stupid fool) and if you don't want us to come down on you like a ton of bricks, pay us several thousand dollars in juice money now so we'll go away. Oh, and we don't guarantee that we won't come after you later anyway, because, well, we're dicks."

It's comments like yours that convince me that big media is trolling Slashdot.

Re:WTF?

[ScrewMaster]

Proof is not necessary in a civil suit, and the IP -> computer link is probably enough for the court to authorize seizure and examination of the computer in question.

Quite probably true. So encrypt. And make sure your machine is always logged out if you're not using it. The last thing I heard from a Federal court ruling is that if your passwords are in your head, law enforcement cannot legitimately force them from you. If, however, you write them down, that's fair game. If they manage to crack your encryption on their own, that's okay too.

Re:WTF?

[mark-t]

First, yes an IP address can be tracked reliably to the account holder. The ISP knows which account is using a particular IP address at any given time, and the information can be obtained from them. If the ISP's records are not reliable, then they cannot accurately bill the customer, so it is in the ISP's own best interests to ensure that their records are accurate.

Secondly, there is no reason for the RIAA to come after me. I do not share or download movies or music online and I do not share my internet connectivity with anyone outside my home. As a computer professional, I ensure that all the computers in my household are secured, and nobody other than myself and my wife have administrator access on any system. My kids are all grown, only one still living with us, and none have ever shown any real interest in downloading or sharing movies or music while they were living with me.

Also, nobody has ever yet managed to guess the password on my wifi... and I routinely check my router's logs to ensure this, the only devices that I ever find connecting being machines that I can personally vouch for. There is no possibility that someone could erase records of a wireless intrusion because my router is configured to not allow administration activities at all except via my ethernet LAN. All of this I am in a quite solid position to prove, if necessary... Finally, and probably most importantly, I don't live in the USA... so the RIAA would not have anything to do with me. Although my country does have an approximate equivalent to it which, if they did try to come knocking on my door with such an accusation, they would find their evidence wholly baseless upon any actual facts, and my lawyer and I would be be quite willing and able to demonstrate that to a judge if they wanted to sue me for such activity.

Re:WTF?

[AmiMoJo]

The law has consistently shown that being the customer does not make you liable for crimes committed using the net connection you pay for. The same is true if someone is caught speeding in your car. They actually had to amend the law to force the car's owner to make reasonable efforts to determine who was driving at the time of the incident but ultimately if you can't remember and they can't prove otherwise you don't suddenly become guilty of speeding or liable for any accidents caused.

The same goes for civil copyright suits. You are not liable for the actions of others.

Re:WTF?

[Xest]

"But an IP address (at any specific given time) does have a direct correspondence to a customer of the ISP, a specific person who has agreed to (often in writing) the ISP's terms of service, and would have already had to be prepared to assume accountability for how their connection to their ISP was utilized, even if it wasn't by them personally."

No, it just means an ISP has grounds on which they can cancel their contract with you, and nothing more than that whatsoever.

Re:WTF?

That problem will be fixed in IPv6

reverse dns + office workers = trouble

[jaymz2k4]

I'm often having to remind users in the office that a simple reverse lookup on our IP and there's the company name sat right there, a few clicks and you've got the building address. Go onto linked in and you've probably got half the employees full names. A lot of people forget just how much information you can get from work IP's. It's not CSI style VB GUI interface level but if you're about to go make some stupid edits on wikipedia don't do it from your office connection.

Re:reverse dns + office workers = trouble

[Frosty+Piss]

if you're about to go make some stupid edits on wikipedia don't do it from your office connection.

Making stupid Wiki edits from work is far better for me than from y own IP. If our IT department was the recipient of some screed from some Wiki uber-Editor having a cow over some stupid edit, they would roll their eyes and hit the Delete key...

Re:reverse dns + office workers = trouble

[value_added]

I remember doing a reverse lookup on my ATT (then SBC) DSL account years ago. When I discovered my name was shown (for all the world to see), I called ATT to complain and they replaced my name with "Private Customer".

A year or so later, I upgraded to a 5 static IP account, had ATT delegate the /29 to me, and started hosting my own DNS, mail, web, etc. services. Now, a simple WHOIS not only listed my name, but my address and telephone number as well!

Somehow, the new setup made more sense, and felt more acceptable.

Re:reverse dns + office workers = trouble

[fezzzz]

Most people do not have a problem if the world knows what they do at work. Most of the time the publicity is more of a benefit than a drawback. This is what makes Facebook so popular.

Re:reverse dns + office workers = trouble

I'm often having to remind users in the office that a simple reverse lookup on our IP and there's the company name sat right there, a few clicks and you've got the building address. Go onto linked in and you've probably got half the employees full names. A lot of people forget just how much information you can get from work IP's. It's not CSI style VB GUI interface level but if you're about to go make some stupid edits on wikipedia don't do it from your office connection.

This is a big Duh!!! Unfortunately too many people do stupid stuff at work. My last office job had most of the web locked out to nearly everyone in the company. Companies are the easiest to trace, but most common folk don't know this.

Depends if someone...

[mario_grgic]

has written a Visual Basic application to track your IP.

Re:Depends if someone...

[danhuby]

I had no idea what you meant until I saw this: http://www.youtube.com/watch?v=hkDD03yeLnU

Made me cringe!

Re:Depends if someone...

Just make sure it has a GUI interface.

Re:Depends if someone...

[TheRaven64]

And, in spite of that, their portrayal of IT is still more accurate than their portrayal of forensics...

Re:Depends if someone...

[pyrr]

That...wow. I heard the words, but it was like she was speaking a different language.

I think some studio must have a random IT jargon generator.

Re:Depends if someone...

[danhuby]

No, it actually made sense, but it was just a very bizarre solution to the problem (to an IT professional).

An internet security expert will have several tools and methods at their disposal but I somehow doubt "developing a GUI in Visual Basic" would be one of them :)

Developing a GUI in Visual Basic isn't going to help you track an IP address (although it might make tracking an IP address look a bit prettier). Whatever "tracking an IP address" actually means anyway - possibly traceroute or some sort of geolocation - something for a which an existing tool would probably exist anyway.

It's just... wrong... and very cringeworthy.

Re:Depends if someone...

[L4t3r4lu5]

The problem is that the real thing is so much more time consuming and boring. You remember one of the Matrix movies showed Trinity using nmap? It was on screen for about 0.75 seconds, because using nmap is really, really tedious if you're not into that kind of thing.

How does this sound for action packed fun: "We need to get hold of his laptop and pull out the hard disk drive. We can then mount it as a slave and wait for 6 hours while it takes an image of the entire contents, then put it back in his laptops. From there, we can mount the image in a read only state and use a tool to brute force the encrypted partition key. It should take around 8 years."

Or "He has a 2048 bit encryption! We need to hack all of the code walls with a GUI worm!"

Re:Depends if someone...

[Tolkien]

Enhance!

Re:Depends if someone...

[Idbar]

Which is particularly easy when someone is using IP addresses in the 300 block.

Re:Depends if someone...

[N0Man74]

It doesn't take a full blown VB application... just a VB GUI.

Re:Depends if someone...

http://www.youtube.com/watch?v=gF_qQYrCcns ftw

Re:Depends if someone...

uncrop!

Re:Depends if someone...

[jkiller]

It would go something like this... like a tech madlib: Insert a programing language. Insert a Operating system. Insert word "back-trace" Insert secret NSA technology. Insert an action verb (e.g. "hacking").

Re:Depends if someone...

[maxwell+demon]

Well, apart from the encryption part, I can see how it could be used for dramatic effect: If the time is working against them, and they are of course doing other things while the disk gets imaged, and of course they constantly get to points where they really would need the information of the disk, and every time they look if it is ready, it isn't ... and then, in the last moment when everything seems lost, it's finally finished and they can look up the missing information (well, unrealistically the imaging process already decrypted that thing ...).

Re:Depends if someone...

[maxwell+demon]

It would go something like this... like a tech madlib:

Insert a programing language.
Insert a Operating system.
Insert word "back-trace"
Insert secret NSA technology.
Insert an action verb (e.g. "hacking").

INTERCAL Plan 9 from Bell Labs back-trace mind-control ray hacking? :-)

Re:Depends if someone...

[tnk1]

You're right about the tediousness of certain real-life tasks, but there's no reason that they can't tell someone to get to work on it, and then move to other scenes and then come back to the computer lab 8 hours later. I mean, they seem to be able to accept that it takes time for blood test results to come back, there's no reason that they can't assume that computer results will take just as long.

Additionally, despite the fact that it takes forever to use certain apps, like nmap, to do an analysis there can still be "eureka" moments at some point in the process. The problem isn't that computer work is dull and tedious, the problem is that no one knows what computer work actually looks like outside of the field so they don't know when the actual "Boom, Headshot!" moments are, and how they are arrived at.

Of course, they don't care. They're not documentaries, they are there to manipulate stereotypes to make people feel like they are being entertained. Most people probably assume that IT must be like video games, because it makes no sense to them that anyone would be interested in staring at a bunch of command line output all day long and because a lot of nerds like video games. Of course, we know that its interesting because we know what the command line output really represents and how it relates to things that matter. It's not the graphics that interest us, its the problem solving.

(Okay, well, the graphics interest us too, especially in the best, latest and prettiest games, but its not the only thing.)

Re:Depends if someone...

[Ster]

...
How does this sound for action packed fun: "We need to get hold of his laptop and pull out the hard disk drive. We can then mount it as a slave and wait for 6 hours while it takes an image of the entire contents, then put it back in his laptops. From there, we can mount the image in a read only state and use a tool to brute force the encrypted partition key. It should take around 8 years."
...

I was pleasantly surprised when I noticed that they started doing something like that on NCIS. Okay, the imaging probably took way shorter than it should have, and they were able to brute-force or otherwise deal with encryption, but they not only worked with an image and not the original drive, they even mentioned on screen that the original drive is evidence and shouldn't be messed with.

That having been said, some of their other IT-related babble has been painfully wrong. Still, at least they're trying. :-)

-Ster

Re:Depends if someone...

8 years? You're doing it wrong.
Just hit him with a wrench until he gives up the password.

Re:Depends if someone...

[Travelsonic]

Just PRINT the damn thing!

Re:Depends if someone...

[ScrewMaster]

has written a Visual Basic application to track your IP.

Does anyone remember the episode where they were trying to clean up a securicam image and the tech muttered something about doing a "reverse algorithmic."

Re:Depends if someone...

http://xkcd.com/538/

To a point you generally can

[cheeseandham]

In my experience you can generally trace an IP address back to a given location (using RIPE and then contacting the ISP and I presume using legal means to find out who was using that IP address at that particular time).
But of course after that you have no idea what happens, is it an open Wifi point? Is it a closed one but has been cracked? Has the wifi key been given out to a neighbour? All of these options cast doubt on the exact person who committed whatever criminal or civil act that is under investigation.

They need to learn from the ad muppets.

[EasyTarget]

standard family broadband connections are often hard to locate, even to county-level accuracy

Advertisers rarely seem to be affected by this; every time I plug my laptop in while abroad the adverts change to the current locale..

Re:They need to learn from the ad muppets.

[lennier1]

Sure you didn't misread "county" as "countRy"?

Re:They need to learn from the ad muppets.

[EasyTarget]

Fair point; it's the language that gets my attention.

Re:They need to learn from the ad muppets.

Well, for me, at least...

Every time I go to IMDb, the little section in the top right with movie times at local theatres shows me the current offerings...

In the city about 16 miles north of me. Apparently, the cable company moved some servers up there, and I'm now identified as being a resident. I can even remember back when they were doing some major upgrades (DOCSIS 3?), the IP showed up as being in another state, hundreds of miles away.

Hopefully, IPv6 will solve this problem, and when I go outside to water the plants, an ad will pop up on my screen asking if I want prices on Miracle-Gro (R).

Just sayin'

Re:They need to learn from the ad muppets.

[T.E.D.]

...which in my case is usually a completely different urban area about an hour and a half drive from the one I live in. At first I used to laugh at them, but now it is just downright annoying.

Sued

In 1997 a company threatened to sue me for breaking into their system (which I didn't do). Due to my good contacts with the ISP at the time I was able to get my hands on 6 months worth of packet logs related to my cable modem. This was a Dutch, but American owned, cable ISP. If they were logging things to that details at the time, I doubt it has gotten any less today. If you're with one of the bigger ISP's, rest assured, your packets are safely logged.

IP Geolocation is not your location

My DSL derrived Geolocaton is a good 50 miles from where I am physically located. As someone with a fairly common name then all I can say is good luck to using JUST the IP Geoloc to find me.
Now if the ISP was forced to release my details then fine, fair cop gov. Otherwise, yah boo sucks.

Then if people use things like vpn tunnels or 'tot' then 'ha ha' good luck...

Not me

[aAnaRchY]

They can track my IP, but not me! If "me" is connected to the net with something like Tor...

Re:Sure. Don't be paranoid!

[rolfwind]

Apparently they can't meter you too well.

http://www.digitaltrends.com/computing/att-vows-to-improve-inaccurate-broadband-metering/

As to the tracking, I'm sure it can be done, however, unlike DNA, spoofing is completely trivial, so I would never be comfortable having it as the only evidence in some type of trial.

We all have the same address!

It get's especially confusing to authorities when they realize we all have the same IP address anyways. (127.0.0.1)

Well Yes and No

[trollertron3000]

Well yes and no. In the case of someone like the RIAA claiming they traced it back to a user -yes there is some room to say it's not foolproof. Far from it. But with someone like the FBI? That's not going to work. They will catch you in the act using a "man in the middle" sniffer like Carnivore to ensure the evidence chain of custody can be proved correct in a court room. Considering almost every piece of networking equipment made has LEO intercept capabilities built in, it's not hard.

Alas! I agree with the premise

[bogaboga]

'In general, the accuracy of IP address tracing varies depending on the type of user behind the IP address...'

I whole heatedly agree with this statement. This is one of the few times this has happened with a Slashdot premise.

As a young graduate more than 10 years ago, I NATed a few of my employer's computer IPs, including the internal 192.168.X.X up to 3 levels and asked the then ISP support dude to find out what was going on. He could not, despite having the 'latest' software.

This gives defense lawyers one item they could use to challenge the DA. Trust me on this.

Quote in summary is misleading

[Coopjust]

RTFA and you see that, as many of us already know, you can get a court order to get the exact identity of the account holder, so the problem as described by the summary quote is not the real issue. Rather, just because you know the account holder does not mean that you can prove that the account holder, or whoever you have on the stand, is the one that infringed.

Despite rear-end covering clauses in the terms of most home ISPs that state that the account holder is liable for everything that goes across their connection, most courts won't accept that. I wouldn't be willing to test it, but it's a very valid point of defense. The number of people with open Wi-Fi is staggering, and even then there are attacks which work on WEP (a ton) and WPA (GPU accelerated attacks can get passphrases in under a minute on many routers), which is the maximum security many home routers in use are capable of. That makes this point even more valid.

Re:Quote in summary is misleading

[mark-t]

While you can't prove the account holder is the one who infringed, he can likely still be held accountable for how his own internet connection is utilized... in fact, he probably agreed to something along those lines when he signed up with the ISP.

Re:Quote in summary is misleading

[Combatso]

but that 'contract' the end user agrees to does not trump law. so there may be valid loop-holes and precedents. im not a lawyer or a criminal, so I havent got any references,

Re:Quote in summary is misleading

[rgviza]

If the acct holder is not responsible for the activity that happened over their wi-fi, eventually they'll be cleared. The burden of proof is still on the government and they need to prove you did something. Traffic to your IP only leads them to your cable modem. It doesn't prove you downloaded anything. They still need to prove you possess(ed) whatever they are looking to nail you for. Only problem is in the mean time the feds will have confiscated every electronic device in their possession to do forensics on it. Then it all may sit in an evidence room for an indeterminate amount of time (usually years) waiting for trial.

In the mean time the accused has had all of their equipment taken and may as well write it off. It'll be depreciated by the time they get it back.

So despite not having any criminal charges that will stick to them, they are out many thousands of dollars for the gear that's now sitting in an evidence room.

It pays to secure your wireless connection... Even if you simply get accused of something you didn't do, it's rough, can be very costly, and will ruin your life for a considerable amount of time.

It's much easier to set a damned wireless password.

Re:Quote in summary is misleading

[nordah]

but that 'contract' the end user agrees to does not trump law. so there may be valid loop-holes and precedents.

Well, certainly a contract to do something illegal is not a valid contract, and form contracts of adhesion that do not allow negotiation (the kind nearly everyone signs with their ISP) are looked at with increased scrutiny and some disfavor by courts.

But the law largely allows you to freedom to bind yourself to contracts and those contracts are enforced, by law.

im not a lawyer or a criminal, so I havent got any references,

Though our laws at the local, state, and federal levels are becoming increasingly complex, you do not need to be a lawyer, (or a criminal!) to be educated on the rules governing our society's behavior.

Re:Quote in summary is misleading

[corbettw]

Being responsible for billing purposes to your ISP is one thing; being responsible for all criminal activity that occurs on your network is quite another.

Re:Quote in summary is misleading

[Dainsanefh]

That is why anarchy is the best form of democracy. You take charge of your own destiny.

Re:Sure. Don't be paranoid!

[delinear]

It's not just that it's difficult to track the IP back to your household, but that that's not the full extent. What if it's a shared account in a student accomodation, or you're running your PC as a node on a TOR network (so in both cases the "infringing" traffic might look like it's coming from your IP but you aren't the one committing the act). With difficulty in ensuring the IP was assigned to you at the time it was used on one side, and then in proving that it was you downloading the file on the other (and that's assuming you don't have the right to do so, or that you initiated the act knowingly) it's an incredibly flaky way to "prove" anything.

yes, you can be, but not instantly.

[gl4ss]

if they're billed, authorities can get the information, provided that they go through the hoops necessary. it's not instant and movie like, of course. even pre-paids get tied to a name when they're charged(and cellinfo is logged, for a time). so it's mainly used to find a place of evidence and then to raid that place for said evidence. it's not evidence by itself but a clue about where to maybe get evidence. by itself it's just a phone number and about as useful as that.

of course if there's been proxying and such, it's a different matter. why do you think tor etc exist? same problems exist with a phone too.

and this is finland, but then again, here policemen can do a house search by hunch and cases often depend on confession(and in IT/piracy/data related matters especially, with often the questioning policemen not even knowing what they're asking about). it's a fiddly line here, really. and just a small number of cases, which is why they have no idea what they're questioning about. the main bread and butter of these guys is drug cases and violent drunks, home abuse and such. but if there's a suspected murder case then the mobile phone logs, ip-logs, etc get combed routinely.

but about ip-targeted ads.. ip-geolocationing is a fraud, it only sort of works per country.

Re:yes, you can be, but not instantly.

[moonbender]

Got any significant data to back up your claim that IP geolocating doesn't work? It doesn't have to be perfect to be useful for many applications. In my own experience, it works exceedingly well.

Re:yes, you can be, but not instantly.

[nanotik]

Accuracy varies a lot between countries, for an example in Finland geolocating ip to a city isn't reliable with home dsl users who live in smaller cities(they're usually shown as users from a bigger city nearby or Helsinki). You can probably get better accuracy from commercial geolocation db's but since i haven't worked with them i don't know how accurate they are in practice.

Re:yes, you can be, but not instantly.

My last connection had my ip-geo-location as being at the opposite side of the country due to some special network setup (student housing).

My current ip address apparently sometimes reads as being across the ocean...

Yet I would believe it if you said geo-ip is about 90% accurate, but I would doubt it if you said it was more accurate than that.

Re:yes, you can be, but not instantly.

[T-Bone-T]

My IP currently points to a city about 40 miles away from my actual location. A city of millions falls within that circle.

Re:yes, you can be, but not instantly.

[swilver]

even pre-paids get tied to a name when they're charged(and cellinfo is logged, for a time)

When what is charged? You just pay with cash, and of course, you donot fill in the form to get "double credits".

Re:yes, you can be, but not instantly.

[moonbender]

That's great. It's not significant data, though.

Relakks

[cerberusss]

You know what is even harder to identify: me sitting behind my Swedish Relakks> VPN connection.

Re:Relakks

It depends. If you are using PPTP, then the security is weak. And if your ISP really needs to know what you are doing, then your VPN is already missing the central "Private" letter...

Re:Relakks

Is there a way to pay for that Relakks service with some anonymous euro credit card? Are they any better than using TOR or the thingie from TPB?
Please, do tell!

Re:Relakks

[cerberusss]

That doesn't matter. Nor your credit card information, nor your traffic information is stored. Problem solved (for as long as you're not a specific target, which you aren't).

Re:Sure. Don't be paranoid!

[satch89450]

But, but, but...the meter is by account, not by "person". It's like a water meter: it doesn't matter who is using the water, all that the water company wants to know is how much is flowing out of its pipes to the customer of record. Take a WiFi access point: one IP address with NAT can be used by hundreds of people at the same time. (I know this because every year I run a WiFi network at a show with 300 people...and roughly 700 devices -- so tracing activity to just one device is a real needle in a haystack.) It gets worse if the ISP is monitoring ATM packets instead of IP traffic...

Yes and no...

[_Shad0w_]

It's unlikely you can trace an IP back to a single user. You can, however, almost certainly trace it back to who it was assigned to, either statically or dynamically. The problem is that can be anything from a single home user to a small to medium sized company behind a NAT. Hell it could even be a large company - although they're more likely to be behind a many-to-many NAT, rather than one-to-many.

The only place I can see you being able to track back a single user would probably be in cases where you actually have the IP address of a workstation and you can compare to the login/logoff audit logs. I suspect the number of places assigning world routable IP addresses to workstations is vanishingly small. I can't see many places keeping NAT translation logs for the workstations on private IP blocks.

I'd definitely be asking these questions...

[Eggplant62]

...which of the 4 people living here and on which of the 9 computers (7 physical, 2 virtual) behind my NAT firewall committed the act based on the evidence you have already? Which subnet of my internal network were they using (the virtual machines are subnetted away from the rest of the network)? Is it possible that someone outside my home cracked my wireless security, joined my network, and committed the act in question?

Re:I'd definitely be asking these questions...

[I3OI3]

For any investigating agency, the answer is simple: bust down the door and confiscate everything. We can sort out the rest during trial.

So far, the courts have upheld the scorched-earth approach, and an tying an IP address to a physical location has serviced as sufficient probably cause.

Does that leave you with a warm, fuzzy feeling about your open WiFi?

Unless someone hacks your WIFI

[2bfree]

An IP address only points to the person being billed for a service, it doesn't prove anything as far as who did what; especially if someone has cracked your WiFi.

Re:Unless someone hacks your WIFI

[pyrr]

Perhaps they couldn't earn a conviction on an IP address alone, but unless the courts stop granting the MAFIAA things like search warrants and subpoenas based on IP addresses, I'm thinking for the purposes of going on a fishing expedition, it would work well enough. As it seems to work now, just having their private investigators log an IP address allows them to get a subpoena to force the owner of that IP address to open-up its records (if they do any logging of customer/MAC against timestamp against assigned IP), and then taking that information to send the jack-booted record label thugs to bust down your door and take all your computer equipment to search for "potential infringement".

A better system might be to force the MAFIAA to get a unique identifier to seize a specific machine, but that would most likely be the MAC, which are easily-enough spoofed. Also, they like the current situation where they can get vague warrants and fish to their dear little hearts' content.

Of course no!

[VincenzoRomano]

You should have the exact IP assignment time table from the ISPs.
Then you need to be sure about the exact time drift among all the involved systems.
And finally you need to be sure about the person using that vey device using that very IP.
And even so, you still need to make sure about another dozen of constraints like NAT and open/broken WiFi access points.
So, of course you cannot. Apart of a very limited number of cases. Very, very limited.

Re:Of course no!

there is a lot of wrong assumptions here, yes the IP alone doesn't indicate the person but there is a good chance it indicates the account holder, if i lend my car to my friend and he has an accident,but he is not identified at the scene the Police would definitely wanna question me.
Which brings me to the next point, Criminal Justice for instance tend to weigh on "within a reasonable doubt", the law doesn't need to prove 100% it was you, they only need to prove it within a reasonable doubt.

I think when this get tested in courts of law, things like "my WIFI was open, my Neighbor uses my computer" i suspect it won't carry a lot of water, i think it will be more "you pay $10 a month for this connection, it's you name on it, the router is on your property, therefore it highly likely it was you".

Re:Of course no!

IPs are not cars. You are not required by any law to name who is using your IPs. Maybe not even ISPs can name who's.

Re:Of course no!

[Travelsonic]

But account owner does not automatically == infringer

Copyright law out of whack warning

[Mathinker]

> or that you initiated the act knowingly

IIRC, this is not a valid defense against the tort of copyright infringement. Neither is not knowing the true copyright status of the work.

Perhaps this was somewhat defensible in an era where distribution was for all practical purposes always funded by having to pay for works under restrictive copyrights. However, even since television began, long before the net, other models of distribution have become widespread. To me it's pretty amazing that this is still the law in the current reality.

Re:Copyright law out of whack warning

[zach_the_lizard]

It's not amazing to me. History is full of business models being propped up by legislation and cronyism, copyright laws being no exception. Benjamin Franklin lobbied for paper money so that he could get a job printing it (decades before the American Revolution), so it's a time honored tradition in this country.

Re:Copyright law out of whack warning

[pixelpusher220]

> or that you initiated the act knowingly

I think the poster's meaning was that you actively participated in the download; rather than a virus doing the downloading so to speak.

so monkeys NEVER had a hymen?

that's right. butt they/you can have one (re)installed in china, & in various other counties, now. revirginization. what a product/vocation.

we're betting on the advanced dna babys. we know where they came from, & what they can do, no apologies needed.

ISPs keep track of the IPs that they give out

[trparky]

Wheneven you connect to the Internet via your ISP and they give you an IP address, they record the time you connected and your account username (or cable modem's MAC address which can be traced back to your billing account). All, all someone needs is your IP address and the time the offense took place (has to be a specific time frame) and all the ISP needs to do is look in their database of addresses they gave out and they have you.

Yeah, you could have an open WiFi router but usually the company attempting to sue you (*cough* RIAA, MPAA *cough*) doesn't care. They want their own twisted version of justice and they want money now. They don't care if you have an open WiFi router and that the neighbor may have downloaded music on your network, they see that your account was responsible for the act and they want money!

Re:ISPs keep track of the IPs that they give out

You would think but apparently that is too hard for some IPS's *Cough*Comcast*cough*, which leads to such things as lawsuits being dropped because the person could prove that they where not a subscriber at the time of the infringement, even though the isp swears that they had that ip address at the time of the invringement.

Question

[ledow]

Can you trace the final connection endpoint (i.e. the part that contacted the observed target as the last link in the chain)? Yes. Even if they fake the IP you *could* in theory do work to discover where that connection originated from. This assumes greatly that the IP you recorded isn't forged, random or nonsense and that you haven't just been "given" a list of IP's from a third-party who didn't do the correct analysis to determine where those IP's are gathered from.

Can you get from an IP to a physical location? Almost certainly. Usually to the campus, home address or business telecoms line that the IP is associated with. But it will be the IP of the other endpoint of the connection, not necessarily the origin of the user's actions. E.g. proxies, hacked routers, etc. And even that can be extraordinarily tricky to arrange over international borders.

Can you trace back through proxies and other hindrances to get to an actual connection origin. Yes. Doubling the work necessary at each stage and if you can force physical access to each of those origins in order to trace back where the source came from.

Can you get from a confirmed IP-packets physical origin to an actual person? Depends. Not automatically, and probably not at all without an admission of guilt or other concrete evidence and almost certainly it would only be "coincidental" rather than anything else (otherwise it would be like arresting everyone who used an Acer laptop because the connection originated from an Acer laptop)

Can you do "hacker-work" to knock on the door of Hacker 1 who lives in an uncooperative country who was trying to hide their tracks (i.e. someone you actually WANT to trace using police resources and raiding datacentres)? Probably not.

Can you do some simple police investigations to get from an abusive IP address to a home address that you can raid for more evidence in a co-operative, or your own, country (i.e. someone stupid enough to do something incredibly illegal and traceable from their home Internet connection)? Yes.

Can you then prove it was them that used that IP? Not without taking their computer and ISP logs and all sorts of other evidence and doing a full "ordinary" investigation.

Can you determine who random user X was who piggybacked on a wifi connection that you *can't* prove the owner used himself but can only trace to that IP? Not without some other evidence (e.g. spotting the car that was sitting outside).

Can you tie an IP address on the general Internet to a single person unequivocally? Not to the standard of any court that I know, no.

Can you tie an IP address on the general Internet to a single person enough to make you suspicious. Usually - yes.

Will it stand up in court? Not without a shit-ton of other evidence that's much more convincing.

Re:Question

[elrous0]

Actually, with a good prosecutor, a shitty overloaded public defender, and a technically illiterate jury, (all quite likely) you could easily end up in prison on nothing more than IP address evidence. It's all in what the prosecutor can make the jury believe, and how well your defense lawyer is at countering him. People go to prison on circumstantial evidence all the time.

tech savy jurys

[softWare3ngineer]

anyone really believe that a jury would be able to make these types of distinctions? all they see is we tracked something back to your house without regard to how trustworthy the data is. it happens all the time with other forensic techniques increasing the number false convictions.

Not with any reliability...

With the proliferation of wireless networks and cheap broadband connections these days, it's not hard to crack a WEP key, spoof a MAC address (so they can't even find the real hardware used), and do pretty much whatever you want online without being reliably traceable. At that point, you pretty much have to be in the area, sniffing for the MAC address used. The only thing you really can narrow down is to the county level at that point, but they could really be anywhere within even so.

This says nothing of free wireless internet cafes and public libraries either.

An IP address doesn't point to a user. It never has. It's just a means to facilitate communications. Even a MAC address does not point to a user: it points to a machine. That's it. If you use a fake MAC address, well... Then it doesn't even point to a real machine.

No they can not

[Charliemopps]

Having worked for several large ISPs in their "Copyright infringement" department (ironic I know) I can tell you that no, tracing an IP address back to its original user is not likely and shouldn't be admissible in court.

The way the system works is this:
The ISP gets an email claiming copyright infringement on a certain date and time by a paticular IP.
It's important to note, the ISP has no way of verifying any of the following:
          The email came from the person it's claiming to come from
          That person is the copyright holder
          There is even a copyright on the file in question
          The person sending the email did anything to confirm what they were downloading was a copyrighted file (is batman.zip the new or fan fiction?)
          The ISP can not even confirm that anything at all was downloaded.
The ISP then takes the IP address provided and the time claimed and compares this to their DHCP server and looks for lease statements before and after the time the file was claimed to be downloaded. So if the complaint was at 10pm and we had that IP time stamps at 9:30pm and 11:00pm for Jim, then Jim gets a letter.

As you can imagine there are all kinds of holes in this. There are a zillion and one ways that could be inaccurate inside the ISP alone. This doesn't even include all the failures on the part of the copyright holders. We had one that was so inaccurate they were sending us multiple complaints on a daily basis against IPs we hadn't had leased out to anyone for days surrounding the times of their complaints. We made repeated inquiries with the "Company" to try and clarify their problem. But in the end just blacklisted their email accounts. We had other incidents in which the complaint was that the user downloaded a dozen or so movies... but a quick check of their usage logs showed they were using less than a couple hundred meg a month.

It was clear that the copyright holders were using automated scripting software to flood us with complaints with no real checks and balance on their part and then expected the ISP to do the heavy lifting when it came to investigation.

Re:No they can not

[TheDarkMaster]

Big thanks for the info.

Re:No they can not

I think the bigger issue is why the ISP is helping with this without some kind of court order.

Re:No they can not

[Charliemopps]

They are not "helping" the copyright holder, no information is returned to the copyright holder. In every case that I'm aware of they did not even acknowledge receipt of the emails.

OCILLA (part of the DMCA) gives ISPs safe harbor against litigation for copyright infringement if they take "some action" to prevent the copyright violations. What that "action" is, isn't really defined by the act. In most cases, ISPs send a letter to the customer informing them of the complaint, request that they desist and threaten to disconnect them if they do not. I think disconnections are ebcoming increasingly rare. Most companies do not want to lose customers over this. The entire process is a waste of resources and money to them... and they certainly don't want to be disconnecting paying customers when they really have very little proof that the customer had done anything that would put the ISP in legal jeopardy. Add to that the fact that no lawsuit has been filed against an ISP much less won... and you have a situation in which ISPs are doing the very bare minimum to comply with the law. I've seen this at 2 major ISPs and have a friend working at a 3rd that confirms the same things happen there. Yes, if you're using some antiquated service like limewire, are hosting 50 of the most popular movies in release atm, have a 20mb connection and are uploading gigs and gigs of data a night... Your ISP is probobly going to get a FLOOD of complaints about you and will likely have to do something. But that's your own dumb fault.

Re:Sure. Don't be paranoid!

[Ephemeriis]

Depending on what data is being captured by the ISP for management purposes, this COULD be true.

But, if they can track you well enough to meter you (Comcast, AT&T, etc), they can track you down to your IP too.

The problem is that Charter assigns one IP address to my router, and everything behind it is sharing that one IP.

So... Who generated that traffic you're interested in? Was it me? My wife? My kid? One of the few people I've given wireless access to? Somebody who cracked my wireless network?

will IPV6 make it better or worse?

What are the implications of an IPv6 world with universally identifiable endpoints and without NAT to hide behind? If it means what I think it might, I'm mystified that RIAA/MPAA and the DHS aren't pressing hard for IPV6 adoption.

Re:will IPV6 make it better or worse?

[magamiako1]

The RFC for IPv6 provides for temporarily assigned addresses. The original spec required a MAC to be used to generate the 64-bit host address, but that has since been sort of ditched. The best they could trace to is your network ID (either a /48, /56, or /64, or whatever they otherwise decide to do with host networks--right now Comcast provides /64's to their IPv6 testing customers).

That /64 should ideally never change, and will be assigned per customer. So while the specific device can not be found, the network address should make it easier for them to track you. There's nothing known about whether or not they'll rotate network IDs per customer, but I would imagine not.

The only reason it worked out previously was because customers were assigned individual host addresses via V4, which were typically picked up via DHCP just like any computer.

Re:Sure. Don't be paranoid!

[VolciMaster]

gets worse if the ISP is monitoring ATM packets instead of IP traffic...

Why is the ISP monitoring my banking?

You wouldn't like the answers....

[Dcnjoe60]

...which of the 4 people living here and on which of the 9 computers (7 physical, 2 virtual) behind my NAT firewall committed the act based on the evidence you have already? Which subnet of my internal network were they using (the virtual machines are subnetted away from the rest of the network)? Is it possible that someone outside my home cracked my wireless security, joined my network, and committed the act in question?

If you have 9 computers in your possession, the authorities really don't care which is infringing, they are still in your possession. Subnets don't really matter, nor does your NAT firewall, as all they have to do is show that the content in question was transmitted to whatever device you have that is connected to your ISP (usually a router). That is enough to give probable cause for a search warrant (at least in the US). From there, they can confiscate said computers and analyze them looking for signs of the data in question.

It may be possible that somebody outside your home cracked your security. You could try to use that as a defense, it wouldn't be up to the prosecutor to show that it didn't happen, anymore than they would need to show that somebody broke into your home or business and used your computer. That would be your burden to disprove the prosecutor's case. Besides, a good prosecutor would point out that if you have the smarts to create the network you have described, then you have the smarts to adequately protect it. Negligence usually is not a good defense at a trial.

Here is an analogy for you. If you loan your car to somebody and they commit a crime with it, the authorities are coming after you. If you have an alibi, that is great, otherwise, you'd better be ready and willing to turn over who borrowed your car. Even with an alibi, if you don't want to be an accomplace, you'd better be ready and willing to turn over who borrowed your car.

So, back to your 9 computers. If it wasn't you who did whatever, which of your family or users (depending on whether this is a home or work system) did? That is the information they will find out when they confiscate your equipment. Happens every day, all the time.

Re:You wouldn't like the answers....

[Provocateur]

Good to know. Are you a lawyer, or is it because you've seen it happen, or you've been through an incident like you described? It is an honest question...

Re:You wouldn't like the answers....

>That would be your burden to disprove the prosecutor's case.

In a criminal case, it would be your burden to introduce sufficient reasonable doubt that the prosecutor could not convince the Jury of their case beyond reasonable doubt.

Regarding you car analogy, what if you loan the car to someone, they commit a traffic violation and then deny ever borrowing the car? If neither you nor they can prove that the other is lying, who gets prosecuted? There was a semi-fanous case in the UK a few years ago where a car carrying two youths hit and killed a pensioner. They both claimed the other was driving and, as it couldn't be proven either way, neither was prosecuted.

Re:You wouldn't like the answers....

While I agree with you on many points, you have glossed over an important distinction with your argument. Saying, "... as all they have to do is show that the content in question was transmitted to whatever device you have that is connected to your ISP ..." is blatantly wrong when copyrights are involved. Fact is, it is what is coming FROM your IP/router that may or may not infringe someone's IP. Since you cannot sue a computer, proving who PROVIDED IP content from that IP/router becomes a whole different animal.

Re:You wouldn't like the answers....

[Dcnjoe60]

Good to know. Are you a lawyer, or is it because you've seen it happen, or you've been through an incident like you described? It is an honest question...

Let's just say strong ties to law enforcement. Really can't say much more than that.

Re:You wouldn't like the answers....

Besides, a good prosecutor would point out that if you have the smarts to create the network you have described, then you have the smarts to adequately protect it. Negligence usually is not a good defense at a trial.

Is there a law which says that a network needs to be protected? Is it unlawful or negligent to have an open network for all to use?

Re:You wouldn't like the answers....

[MooseTick]

"Let's just say strong ties to law enforcement. Really can't say much more than that."

Nothing projects confidence in law enforcement and those with "strong ties" like statements like above.

Re:You wouldn't like the answers....

[Dcnjoe60]

"Let's just say strong ties to law enforcement. Really can't say much more than that."

Nothing projects confidence in law enforcement and those with "strong ties" like statements like above.

Wish I could say more but there is an NDA in effect.

Re:You wouldn't like the answers....

[StikyPad]

Oh, I know! You ask them "Who would your friend say was driving?" and both the liar and truth-teller will give you the same answer (the non-driver), then you prosecute the other person!

Re:Sure. Don't be paranoid!

[ZonkerWilliam]

Throw in this that a lot of people have wireless routers, it would be impossible to tell, even if you track down the IP address to the physical address, that it was being used by you or your family. One could always say "I had an open wi-fi connection", and it would impossible to say who was behind that IP address.

Re:Sure. Don't be paranoid!

What makes you think DNA is a good evidence?

1 in a million match is a statistical measurement based on the assumption that markers are evenly spread - as far as I know they haven't actually proven that we as humans are as diverse as the DNA proponents propose.

Not with a reasonable doubt

[boxxa]

Ya in theory you could translate the IP back to the area and the MAC possibly on their switch of the router to the customer device if they kept that detailed of records of what modems they sent out to each location however you still would not get past the problem that if 5 people are using a internet connection, you can't pin down which one actually did the downloading by IP address alone which in a normal legal system is not enough to convict. If it was a murder trial and you have your suspect down to 5 people, you wont get a conviction so it shouldn't be any different for electronic crime.

Re:Sure. Don't be paranoid!

Will law enforcement treat this like the photo systems that capture speed/red light infractions eventually? The infraction is not associated to the user but rather the connected device. Having received a speed violation (sent to me, but my wife was the operator, given the location), I dislike the fault association with the owner, but it seems that someone would likely create it to stop people from using the "open wifi" defense.

Mij

Neither identifiable nor anonymous

[gordguide]

Users of standard home IPs (via ISPs) are neither completely, or even significantly, anonymous nor identifiable. The line is grey and moves, possibly by the minute.

However, the article refers to two legal situations, and doesn't discriminate between then sufficiently. With regard to a lawsuit, the test is often stated as "a preponderance of evidence" while when the article referred to a police investigation, it's often described as "beyond a reasonable doubt". The two are not interchangeable.

The copyright lawsuits that the article refers to are probably attempting to show "enough" evidence to get a settlement or a judgement. Taking the evidence collection to the point the police would want would certainly be an asset to the case and would probably be in the "lead pipe cinch" category, taking into account the lesser evidentiary need.

Without that ... well, they will certainly try to get the judge to agree with them. It may be enough in some cases ... we have a few examples where a Judge or Jury in a civil suit did accept it ... but at the same time by itself it's also probably grounds for appeal as well.

With regard to even national-level geolocation, occasionally at work, due to remoteness, I connect via a sat feed. When I'm on that feed I'm in the arctic; when I see certain ads while browsing and those ads include a city or region as part of the targeted ad, they think I'm in New York state (which is where the ground sat link is with the ISP we happen to use).

But, there are probably cases where there is strong evidence, similar to a corporate IP address ... for a few dollars a month, I could have a static IP at my ordinary (home) ISP as well (although it's dynamic currently). So, it's neither here nor there ... it will vary depending on the unique circumstances of the case.

Essentially, that's also what the judge quoted in the article says ... he's hinting that he would be willing to accept the IP as part of the evidence provided there was corroborating evidence to back it up; otherwise not good enough by itself.

Re:Sure. Don't be paranoid!

As someone using a public wifi I disagree

Re:Happy

[TaoPhoenix]

I'll conclusively say right now: the ISP is happy to cooperate. It's only When, not If. They get a cut of the resulting lawsuits.

Re:Sure. Don't be paranoid!

Most Cases involving IP addresses do not need "Beyond a Shadow of a doubt", but rather "More likely than not" to assume guilt.

In which case a open wifi connection would not protect the owner of such IP Address from a civil suit.

In a criminal case the IP would be combined with other evidence, such as alibi, motive, and witnesses.. etc.

Re:Sure. Don't be paranoid!

[Aqualung812]

I hope this was a lame attempt at a joke, but if not, read this: http://en.wikipedia.org/wiki/Asynchronous_Transfer_Mode

Depends

Next!

Don't be stupid - You are tracked

Ok folks, if you are using TCP successfully, then you are being traced, PERIOD.

TCP is used by almost all commonly used protocols, so you are being tracked. SMTP, HTTP, HTTPS, FTP, SFTP, bittorrent, NNTP, IMAP, POP3, etc all use TCP. With UDP, you can spoof your source IP, but not if you hope to get any replies.

ISPs have 3 types of records to ensure your traffic comes and goes to your modem/router. They have your login (PPOE on DSL), MAC for the WAN-side of your router for cable and commercial ISPs, and your gateway IP address for all of us. Inside your network, the tracking is up to you. If you are at home, it could be by MAC or IP or not at all. If you run a non-secured WiFi LAN, then anyone nearby could be "borrowing" your network.

If you are a corporation, your IT department probably tracks IP/MAC address pairs. This is how your IT guys know your specific PC has a virus.

So everyone ... don't be stupid - you are being tracked.

There are ways to hide your traffic and final destination, but traffic analysis is providing insights to the data inside those encrypted packages. It is also possible to make a tiny mistake in your setup and leak information that can help someone knowledgeable back to your location and IP.

Obligitory XKCD reference

[bLanark]

http://xkcd.com/713/

This is simply not true

[tom229]

All ISP's keep logs. Knowing the IP immediately identifies the ISP. From there it's just a petition away to find the account/modem MAC that was using that IP at that time.

Proving exactly who was on the computer at that time would be impossible. But you could easily narrow it down to the household.

Will IPV6 make it better or worse?

What are the implications of an IPV6 world with universally identifiable endpoints and without NAT to hide behind? If it means what I think it might, I'm mystified that RIAA/MPAA and DHS aren't pushing hard for IPV6 adoption.

Re:Sure. Don't be paranoid!

[Vanderhoth]

I'm under the impression this is already done. At least in Canada.

I've read that if a router has an open connection and someone out war driving connects to the unprotected router to look up child porn (CP). The owner is responsible because they negligently left the connection unprotected. In the city live in there are free connections all over the place. If you live in an apartment building guaranteed there is an open connection. I've only ever heard of one case where some one tried to use the, "But my router is unprotected. It could have been anyone." defense. The problem was the CP was found on their laptop. Then they tried to say some malware had been installed, which downloaded the CP so they weren't responsible. I didn't ever hear how the case turned out.

That being said, Someone COULD try to hack my router to do something illegal or they could park a house over and leach off the High schools free open wifi. I was talking to my neighbor one day when he told me he and at least the other six houses to the corner of our street just use the high schools connection. On a good day I can connect, but most of the time I'm just out of range so I'm stuck paying for the connection. If I had bought the house I was originally looking at, which is just on the other side of my neighbors house I could have gotten free internet. Everyday I see that one bar signal for the HS flashing on and off, I hear Nelson laughing at me because I could had it. Oh Well, I'm sure my neighbors will all get in shit for it some day.

Re:Sure. Don't be paranoid!

[poetmatt]

The "you" here is the wrong focus.

Can you be traced to an IP address? The answer is and will always be, no.

Can an IP address be traced to a MAC address and/or general geolocation? Yes. Is that data accurate? Not necessarily, and there's pretty much no guarantee of accuracy. Do ISP's give a shit who is using their cable modem as long as it's paid for? No.

Just because "I found an IP address accessed at X time and Y cable modem" does not mean that you can truly verify anything beyond the cable modem without far more info (and a violation of plenty of laws without a warrant).

Re:Sure. Don't be paranoid!

[Attila+Dimedici]

Actually, current DNA identification isn't all that good either. Most DNA identifications are "1 in 100,000", those that I have seen claiming higher reliability have proven to be hyperbole. This does not mean that higher reliability is not possible, just that current techniques that I have heard referenced are not very reliable identifiers.

Re:Sure. Don't be paranoid!

[rikkards]

Wouldn't surprise me if this is true but do you have a link that proves this?

Re:Sure. Don't be paranoid!

[pixelpusher220]

From a legal standpoint, only one person signed the contract. That person is liable for anything done with the connection. And yes, as the legally assigned person have to 'prove' it wasn't they who committed the act that was traced back to their 'address'.

and for the old world analogy:
If your car is seen and photographed robbing a bank and everybody in the house had access to keys, who do you think they are going to look at first?

Re:Happy

[__aagbwg300]

Agreed, however this should not come as a surprise. Your ISP is in the business of connecting the tubes to your house, not fiercely fighting for your civil liberties. Fighting for your privacy is your responsibility and you should never expect it to be done for you. Also, I am not sure about your last statement - it would be tantamount to bribing a witness, but nevertheless the ISPs want to be on good terms with the media companies.

Re:Sure. Don't be paranoid!

[SomePgmr]

I'd think that for the purposes of a file sharing case, ISP logs would be sufficient if they can compel them to turn over the relevant bits. No doubt they keep traffic details of some kind from the session layer on down, which would rule out a 4th party spoofing scenario. I could be overlooking something there. Seems to me the problem with tracking traffic back to a user is if you're required to do it blind from an IP in a server log. But if you can take that hint and get the information from the ISP-on-out, that seems pretty concrete (aside from cases of a compromised machine or AP).

How's this possible if the IP address is shared?

The IPv4 IP I am currently using is shared by 15 people. Sure, IP address tracing can tell that SOMEONE in this appartment building did something on the Internet. So what? That's supposed to be evidence against.. Who, exactly?

Re:Sure. Don't be paranoid!

[WankerWeasel]

When I worked for Time Warner, I'd often process abuse tickets while our Abuse Coordinator was out. It was pretty simple. You'd get the subpoena with the exact time and date of the incident along with the IP address. You'd enter the IP address along with the time and date into the abuse tool and it'd return the account that IP address was associated with at that specific time. It wasn't hard to locate them at all. The IP association data was stored for 2 years or more.

How do you prove a timestamp is correct anyway?

[Boss,+Pointy+Haired]

Surely the validity of any evidence citing party x having IP address a.b.c.d at time t comes down the accuracy of the clock on the server that logged the IP address allocation.

How do you prove in court that clock on a logging server was correct.

I don't think you can.

Re:How do you prove a timestamp is correct anyway?

[gknoy]

How often is the timestamp off by enough to matter? Wouldn't that mess up network traffic that those machines stamp, and thus have been already fixed by the ISP?

Re:Sure. Don't be paranoid!

True, but additional evidence could be used (if available) to indicate whether it was really you. For instance, if you are suspected of downloading an illegal torrent, your ISP might have logs of your computer sending an HTTP request for the .torrent file corresponding to a time shortly before the actual torrent traffic started. The HTTP request would contain your browser footprint. Even if your ISP doesn't remember, the website providing the torrent almost certainly does, so in a worst-case scenario, they could be required to provide that information to the court.

It's still not 100% irrefutable proof, but it does serve to narrow down the possibilities quite a bit, and with statistical analysis of browser footprints, it might be enough to convince a judge.

Re:Sure. Don't be paranoid!

[networkBoy]

cantenna

Re:Sure. Don't be paranoid!

Especially on a cable modem.....

The entire cable segment functions as a hub, so all you need is a hacked modem on the same "Ring" as the IP you want to spoof.

My ISP knows

[hawguy]

Even though I have a dynamic IP, it's effectively static since it hasn't changed in 9 months, so if someone asked Comcast who my IP belonged to, Comcast could say with quite some certainty that it was me.

But, I wonder what would happen if I was running a public access point (aside from facing the wrath of Comcast since I'm sure it violates their ToS) - could I blame any illegal activity on my "customers"? How can I shield myself from liability from actions by my users?

Re:Sure. Don't be paranoid!

[cheekyjohnson]

And yes, as the legally assigned person have to 'prove' it wasn't they who committed the act that was traced back to their 'address'.

Forget innocent until/unless proven guilty! You're guilty unless you can prove otherwise!

Dial-up and open wifi?

[antdude]

Isn't it harder with dial-up and open wifis?

Swear there's nothing interesting anyway

Hey, even to be geolocated or triaged or w/e would be worth a cigarette afterwards...

  Later, during our pillowtalk: Oh, those parking tickets? They're paid for, by the way...

Sure You Can

I worked IT for a cable company for many years. We were tracking users for nasty virus activity after a couple of Smurf attacks. It was fairly simple to track what accounts were using what IP's. This has been almost ten years ago.

Re:Sure. Don't be paranoid!

[pixelpusher220]

You're not convicted of anything until you're in court hence you're not guilty of anything. However, they *are* going to bring you into court if your car was seen robbing a bank and you can't reasonably explain who else might have been driving it.

Neotrace

[dadelbunts]

I remember using a program years ago called neotrace that traced IP's. Surely they have something even better now no?

Re:Sure. Don't be paranoid!

[JasterBobaMereel]

Most DNA tests are done to the 1:100,000 level because this is a) quick and b) cheap

DNA testing can be done reliably and accurately to 1:1 billion but this is very expensive and takes a long time ....

But if you are relying on DNA evidence alone then you have a very unsound case, if you test everyone you will find at least 6 matches even at 1:1billion ...

Same goes for IP tracking, you can do it quickly and cheaply and it is often inaccurate, or you can do it properly and it can be made very reliable but this is very expenside and time consuming and does not usually prove any more than the quick test ... the defense lawayer first question should laways be what other evidence do you have linking the person to the crime?

Re:Sure. Don't be paranoid!

[datapharmer]

DNA is better at proving people not guilty than guilty. Sure, it is used by prosecution along with other evidence, but DNA alone can't prove someone guilty (not to say someone won't be convicted by an uneducated jury, but you won't hear a properly trained forensic scientist claim proof, they will claim only a correlation usually by saying it is indistinguishable). On the other hand, if you analyze the DNA and find that the markers don't line up at all, it assures that the sample the lab was given doesn't match the defendant thereby demonstrating that if the sample is a valid representation of the perpetrator then the defendant is not guilty. IANAL YMMV.

Re:Sure. Don't be paranoid!

[JasterBobaMereel]

It is quite reasonable to ask you first .... but it is still up to them to prove it was you ...

Re:Sure. Don't be paranoid!

[anyGould]

Will law enforcement treat this like the photo systems that capture speed/red light infractions eventually? The infraction is not associated to the user but rather the connected device. Having received a speed violation (sent to me, but my wife was the operator, given the location), I dislike the fault association with the owner, but it seems that someone would likely create it to stop people from using the "open wifi" defense.

The flip side is that getting a photo-radar ticket is substantially less expensive than getting pulled over. Since you (as the driver) aren't charged, you don't get demerits, for instance. (At least up here where I am - they define photo radar speeding as a "non-moving violation". Yes, the irony is stunning.)

I think the current IP tracing does make a few assumptions, not the least of which is that there is only one user who is ever on that address - no roommates, visitors, people hacking your wireless, and so on. It's the equivalent of charging someone with theft because they traced the crime to the bus you were riding on that day - with no additional evidence. Realistically, I'd think an IP trace would be good enough for a warrant or other discovery document, but that's it.

Re:Sure. Don't be paranoid!

[pixelpusher220]

but it is still up to them to prove it was you ...

which happens in court. You don't have 'prove' anything to charge someone and hold a trial. There are some checks along the way but they don't require 'proof' of anything, just some semblance of reasonableness that you could be the guilty party.

Re:Sure. Don't be paranoid!

[tibit]

LOL. And the "abuse tool" works by magic and fairy dust, right? The "tool" was probably just a website front end to a database. If the database contained junk, you got junk, without knowing any better.

Re:Sure. Don't be paranoid!

>>if they can track you well enough to meter you (Comcast, AT&T, etc), they can track you down to your IP too.

I agree our computers were stolen, they used one computer in their home; I got their IP.

The State Attorney's office was able to Subpoena brighthouse but the State Attorney usually gives the ISP to 2 respond unless it is a life or death issue.

To try to expedite the Subpoena I called brighthouse myself and person who handles the request said they get 70 requests a day she was working on a backlog from the previous day. She said it could take 7-10 days for them to get the data the police needed.

For the commoner, yes, for the nerd, probably not.

[jpiratefish]

Tracing down something to an IP address can be a solid pointer for a courtroom - remember, if it's a jury trial, and it goes that far, you have to convince the jury, not the judge - this means a good lawyer and no smoking guns will get you off. If a common person has an IP that leads law enforcement to their doorstep, then that person is screwed. A good lawyer can make all the difference, but having a fairly diverse network with potential vulnerabilities could go a long way.

I've seen worse things - PenTeleData (ptd.net) puts their subscriber information into their reverse DNS. I'm just glad I don't use them. Does their doing this constitute a breech of their promise to not provide customer identifying information? I think yes, regardless of how you defend against being tagged with your IP, it can still give out a lot more than you'd want to share.

This block, 24.229.69.0/24 is owned by ptd.net – and this ISP, located in Eastern PA, puts their customers names in the reverse lookup of their IP address. Tell me that these folks don't get more than their fair share of P2P lawsuits and targeted advertising.

24.229.69.2 : cpe-static-jpjayassoc-rtr.cmts.all.ptd.net
24.229.69.3 : cpe-wifi-subwaytilghman-145.2.1-ap.cmts.all.ptd.net
24.229.69.4 : cpe-static-aestheticsurgery-rtr.cmts.all.ptd.net
24.229.69.7 : cpe-static-thecontigrpmdm2-rtr-cmts.all.ptd.net
24.229.69.8 : cpe-static-apa612wlindenst-rtr.cmts.all2.ptd.net
24.229.69.12 : cpe-static-ramadainnkiosk-rtr.cmts.all.ptd.net
24.229.69.15 : cpe-static-cntyoflehighgovtcntr-rtr.cmts.all.ptd.net
24.229.69.51 : cpe-static-westendpharmacy-rtr.cmts.all2.ptd.net
24.229.69.52 : cpe-static-bnaibrithapartments-rtr.cmts.all2.ptd.net
24.229.69.55 : cpe-static-adultmedgeriatics-rtr.cmts.all2.ptd.net
24.229.69.56 : cpe-static-cysticfibrosis-rtr.cmts.tv2.ptd.net
24.229.69.57 : cpe-static-stanleywest-rtr.cmts.all2.ptd.net
24.229.69.58 : cpe-static-panylentzengineering-rtr.cmts.all2.ptd.net
24.229.69.59 : cpe-static-drhabig-rtr.cmts.all2.ptd.net

Re:Sure. Don't be paranoid!

[Attila+Dimedici]

Absolutely, the way that IP and DNA evidence are used today, they are useful for two purposes. First, take a specific group of suspects and eliminate those that it could not be because of this evidence (more reliable for DNA,than for IP). Second, obtain a potential suspect or two who are worth more in depth investigation. Unfortunately, the press, TV shows and movies make it seem like both IP and DNA evidence identifies someone much more reliably than it actually does.

Re:Sure. Don't be paranoid!

[ymmy]

I am not sure if it is still like this, but with TWC used to work across the city with the same Cable Modem (MAC address?). For whatever reason I had moved my cable modem to a different part of the city and it worked just fine. Not that they couldn't look at the routing path, but that may be limited to knowing you are on this street/building, but I am sure almost every has their cable modem at the place on the bill.

Re:Sure. Don't be paranoid!

However, an IP address can be enough to get a warrant to confiscate your equipment. From there more conclusive evidence can be found (or planted).

Re:Sure. Don't be paranoid!

[DavidTC]

The owner is responsible because they negligently left the connection unprotected.

That is a misuse of the word 'negligent' if I've ever seen one.

It is negligent to do things that you should have knew people might get harmed by, like leaving a broken board on your front porch that people step through.

It is not negligent to leave things laying around that other people deliberately use to harm others. If an adult picks up a hammer I left on my porch, and attacks, someone, no, that is not negligence.

It's even less negligent, if that's possible, for someone to use them to commit a criminal action that does not, per se, harm someone. Like if I give an adult a beer, and they walk off with down the sidewalk in violation of 'public drunkenness'.

Re:Sure. Don't be paranoid!

The hitch is that many if not most ISPs have language in their service contracts effectively saying that are obligated to secure your connection and that you can be held responsible for any users of your connection and their activities. So "I had an open wifi router" isn't really a defense in this case.

How they're really traced...

1. Some 3-letter agency is granted a warrant and requests information about your IP address from your ISP (usually via snail mail)
2. Your ISP checks which MAC address(es) leased that IP address at any given time (most ISPs use a whitelist of MACs that are linked to your account directly)
3. The ISP then sends that information back to the agency that requested it (again via snail mail)
4. The 3-letter agency then compares the times that IP was leased to whatever logs they're using as evidence (you're fucked)

It's not that difficult, but it's not exactly instant either. The process usually takes up to 90 days.

Re:Sure. Don't be paranoid!

The flip side is that getting a photo-radar ticket is substantially less expensive than getting pulled over. Since you (as the driver) aren't charged, you don't get demerits, for instance.

I believe the cost is kept artificially low to keep people from protesting it. Over the last 6 years, we've received two photo enforcement tickets (both my wife's fault) so we just paid them. Since nothing goes on my record (at least no points) and the cost is low (versus losing a day to fight it), I have no incentive to correct their flawed accusation (not that I'd expect any better from a judge having fought a few tickets I have earned in the past and the judge completely disregarding any information presented).

Realistically, I'd think an IP trace would be good enough for a warrant or other discovery document, but that's it.

I agree completely, but I fear that the ISP subscriber will end up with the burden of determining the person at fault. Maybe I should list the broadband service in my wife's name :).

Mij

Re:Sure. Don't be paranoid!

[DavidTC]

Dude, you can't sign a private contract making you liable for other people's criminal activity. That simply is not possible under any sort of American law. You could sign one with the government, possibly, and that's sorta what it means be 'released into the care of...', although not to the extent of making a criminal out of anyone. But private actors can't just magically sign things making them liable for criminal actions by someone else.

Likewise, a contract between you and second party (your ISP) cannot make you civilly liable for the actions of the third party(an illegal downloader) against a fourth party(the copyright holder), allowing the fourth party to sue you. That doesn't make any sense either. They can't try to enforce some contract they aren't a party to. Either they could already sue you, or they couldn't.

And then there is

The fact that if you have more than one device in the house you're more than likely NAT'ing it. For example, in this house there are five devices that NAT off a single IP address from my ISP. Sure you can resolve down to the account holder (myself) but I want a warrant before I'll tell you WHAT devices downloaded the content. In essence I'll tell you to go and pound sand.

I wasn't found by my IP Addresss.

When I was a senior in high school I was "detained" by the police for the alleged hacking of a Website / FTP Server of a fellow classmate.

This particular loon was spouting off about how he had hacked the FBI, CIA, etc and he was an Uber 1337 haxor. Since we all used DynDNS when we played SC I could easily find his IP. Once connected to his FTP I determine he was running CuteFTP and found a published bug for his version and gained root access. From there I replaced his index.htm with my own created file to let him know he had been hacked.

Little did I know he called the cops and they came and picked me up. He provided them with FTP logs showing my IP address. They belittled me and said I was no Kevin Mitnick, etc (despite the fact that I never claimed I was). Finally my dad's lawyer comes in and asks how they know it was me. Other than my handle which this guy, who went by CheetahFlyer, had provided them they had no real way of knowing it was me. My Lawyer said they had to let me go unless they could prove the IP address in the logs where mine. They ended up letting me go but said when Bellsouth provided the IP address and it was linked to my DSL account they would issue a warrant.

To this day I have never been arrested for that crime.

Re:Sure. Don't be paranoid!

[pixelpusher220]

Dude yourself. If you make available the tools by which crimes can be committed, you damn well can be held liable for their use in such crimes.

If you allow someone access to your computer and they do something illegal with it, *you* are the one they are going to talk too since it was your computer and connection. They don't know anything about anybody else, nor frankly, do they care. You can explain your alibi, but if you say nothing, trust me, you are ending up in court.

There are certainly mitigating issues in many cases, but the 'facts' only show that your IP address committed the crimes. They are going to sue *you* and nobody else. If threats are made over a phone, they know the person to whom that number is assigned and will investigate them appropriately.

Now, IP crimes are generally not criminal which is both good and bad. Good, for you, that it doesn't rise to the same level as 'criminal' charges, bad, for you, that they don't need to adhere to the same level of proof. Hence, they'll sue *you* and let you have to explain in court.

Re:Sure. Don't be paranoid!

[DavidTC]

And nothing you said has anything to do with signing a contract, which is what my post was about.

Signing a contract with a private actor cannot impose additional criminal liabilities, or impose additional civil liabilities for actions between two other parties. You might already have criminal or civil liabilities, but they are irrelevant to any contract.

This is my job so... yes

[Aoet_325]

It's my job to trace IPs back to customer's accounts.
Big ISPs have nice record keeping and database systems setup to make it easy, but even the little guys can track you down with very little trouble.

It's not hard to trace an IP address back to a customer's internet account and (in many cases) a physical address.

Sure you can't tell exactly who was at the keyboard, but as far your ISP is concerned, who you allow to access your account is your problem. The account holder is responsible for what takes place over the service they signed up for.

When it comes to major legal issues, we are able to give police a very firm places to start looking (a physical address, a hostname, access logs etc) and from there they can check your hard drives, network, home router config, and decide how likely a suspect you are from that.

Re:Sure. Don't be paranoid!

[pixelpusher220]

If you don't think your contract holds *you* responsible for any criminal activity during the use of the contracted services, you are wildly naive. Not 'liable', 'responsible'. The latter they can do. The former is the justice department's job (or whoever was harmed).

"You hereby agree to not violate any laws when using the system." is blatant boilerplate legalese in every contract ever written by even a half competent lawyer.

Re:Sure. Don't be paranoid!

[SnarfQuest]

The IP address can appear on these records in many ways that don't ever involve your hardware even being used. These include numerous hardware and software intractions.

For example, hardware wise, someone could temporarily disconnect your modem and plug in their own (at any point between your home and the dslam). Done at the right time, you would probably never notice it. They could also sneak into your house and plus in a small wifi router, in order to steal your internet connection.

Software, what if your ISP doesn't handle daylight savings properly. That gives the "bad guy" an hour of IP usage that could appear to be you. Then there are numerous IP spoofing methods available. And, breaking into the ISP and changing data there is not impossible.

Then, there is the possibility of someone just finding an open wifi port into your network.

They should first need to prove that your hands were on they keyboard before being able to charge you. If someone placed a cardboard copy of your license plate on a car used in a bank robbery, should you be charged with the crime? If not, then why should you be charged when someone does the same thing with your IP address?

Don't be silly

Everyone knows the cyber police can backtrace ya.

Re:Sure. Don't be paranoid!

[pixelpusher220]

On the contrary, they don't have to 'prove' anything to charge you. Hence why it is 'charge' and not 'convict'.

They do have to offer evidence that it is 'reasonable' that you did the crime. And the ISP saying the IP in question is yours is plenty 'reasonable' for a court of law.

So yes, you can and will be charged based on that information.

In court, all of the things you mention are perfectly good defense arguments. But they are that, defense arguments. You need to be charged before you can bring them up. Of course playing nice with the investigation up front might keep you only at 'person of interest' levels and avoid the charge all together. But that requires the acknowledging that they have information that points to you and providing an explanation to point them somewhere else.

Re:Sure. Don't be paranoid!

[linux_geek_germany]

At least in Germany the owner is responsible for illegal actions taken via his open wi-fi connection as long as he cannot absolutely identify the real perpetrator.

Re:Sure. Don't be paranoid!

[uniquename72]

If you make available the tools by which crimes can be committed, you damn well can be held liable for their use in such crimes.

No, you can't. Unless you had knowledge of the crime, or could have reasonably expected the crime to occur.

If you allow someone access to your computer and they do something illegal with it, *you* are the one they are going to talk too since it was your computer and connection.

"Talk to" isn't the same as "held liable."

By your reasoning, the ISPs are responsible for all file sharing, since they "made the tools available."

Don't forget wifi routers log hardware addresses

[wdef]

Many (all?) home wifi routers log the physical hardware address of the connecting wifi device. While that hw code can be faked, most freeloaders on an open home wifi network or hacked WEP key wifi aren't going to bother obscuring that code in their wifi chipset. A smart lawyer/prosecutor would subpoena your router to see if your claim that "someone else hacked my network and downloaded that naughty file" is supported by the log in your router. Even if you've deleted that log (my router let's me clear it I think) maybe it can be recovered? Of course, if the log has been cleared then not recovering an attacker's hw address does not mean there was no attacker, so maybe this isn't so bad?

Re:Sure. Don't be paranoid!

[pixelpusher220]

Note I said 'can be' not 'will be'.

We can argue about semantics all you want. ISPs are 'common carriers' and are immune to such lawsuits as a general rule.

And yes 'talk too' is the first step. If you don't have a reasonable alibi or explanation, then yes you are going to be charged with said violation of the law.

Re:Sure. Don't be paranoid!

[ScrewMaster]

on my porch, and attacks, someone, no, that is not

Welcome back, Captain Kirk.

Re:Sure. Don't be paranoid!

[Vanderhoth]

negligent Adjective /negljnt/ listen
Synonyms:
* adjective: careless, neglectful, remiss, inadvertent, heedless, slack, inattentive, perfunctory, slovenly, nonchalant, slipshod
* Failing to take proper care in doing something
o directors have been negligent in the performance of their duties

I haven't read a definition that indicates they harm caused by a negligent action must be physical. If I leave the keys in my car and it's stolen my insurance company won't pay out because I was negligent. If I leave my router unprotected and someone uses it to break the law it was because I was negligent. I did not preform my duty to secure the connection.

Re:Sure. Don't be paranoid!

[ScrewMaster]

ISPs are 'common carriers' and are immune to such lawsuits as a general rule.

This bit of misinformation keeps popping up now and then. ISPs (even those who are also telephone companies) are exempt from common carrier regulation (and all that goes with it) for the purposes of their data services. They got an exception to that, somehow, because they'd rather pay for the occasional lawsuit rather than have to labor under universal service and quality-of-service standards that are part of being a common carrier.

Re:Sure. Don't be paranoid!

[hairyfeet]

Which is what I find seriously scary about TOR and Freenet. Has anyone even tried the "plausible deniability" defense that Freenet brags about? because from what I've seen of CP laws (IANAL of course) the problem is it doesn't say you have to have specifically viewed it to be distributing it. If they trace CP coming from your machine I haven't seen ANY statute that says you can't be charged if you didn't view it, you simply have to have facilitated its distribution.

So has anyone tested this in court? How much did the poor soul that got to be the test case end up out in lawyer fees? Because as much as I support freedom of speech I also have a family and while I probably have enough spare bandwidth at the shop to run it spending the next three years in a cell waiting on a court date or trying to come up with a couple of hundred thousand to get a decent lawyer while sitting in said cell doesn't seem like a good way to spend my time, thanks anyway.

To me this is the problem with relying on IP addresses as the laws and reality don't match when it comes to the tech, and while we all support helping those in oppressive regimes all it takes is one asshat or troll pushing CP with the current witchhunt climate to give you a seriously bad day. Hell I wouldn't trust the average jury to even understand what an IP address is, much less onion routing or distributed computing. And the fact that Freenet uses some of your HDD for data you have NO control over just makes this stuff even scarier IMHO, as you can't even honestly claim there is no CP on your PC, as you honestly don't know.

Good Luck!

[Dragon_Punch]

CCP Games helped me with a hacked account. Apparently i live in California not Australia. LOL

Been There Done That

I had no idea what you meant until I saw this: http://www.youtube.com/watch?v=hkDD03yeLnU

Made me cringe!

A GUI interface using Visual Basic to track an IP Address
http://guivbip.codeplex.com/

Re:Sure. Don't be paranoid!

[cheekyjohnson]

The point is that they're not following through with their "innocent until/unless proven guilty" ideal. They're the ones who have to prove their claims against you. And it's probably far easier and more common to use someone's wireless connection.

Re:Sure. Don't be paranoid!

[DavidTC]

If I leave the keys in my car and it's stolen my insurance company won't pay out because I was negligent.

That is between you and your insurance company. They can set up whatever rules they want regarding payment as long as you agree to them.

You are not negligent in the eyes of the law...if someone steals your car and uses it to commit criminal or civil offenses you are not negligent, and, hence, not liable.

If I leave my router unprotected and someone uses it to break the law it was because I was negligent. I did not preform my duty to secure the connection.

You would be if there was any such duty, but there is not. No one is required to secure connections, or police the ways in which people using their connections, any more than a gas station is required to make sure that people don't use their gas to commit arson.

Just ask anti-spammers, who have been trying for more than a decade to sue people who provided connections to spammers.

Re:Sure. Don't be paranoid!

[pixelpusher220]

You might want to read up on the law a bit. Charged != guilty. But charged is how they start the process. They don't need to 'prove' anything to charge you. Just a reasonable idea that it *might* be you. At that point you retain counsel and rebut their charges in...wait for it....court.

Since these are mostly civil cases the standard they have to meet to file charges is lower. Unfortunately so is the standard to 'prove' you guilty.

Re:Sure. Don't be paranoid!

[cheekyjohnson]

The point is that they're assuming he's guilty beforehand. Their assumption should be that he is innocent to begin with (not necessarily in their mind, but in the actual court case). Yes, in the actual court case, it is typically innocent until/unless proven guilty, but I am speaking of their mindset.

They don't need to 'prove' anything to charge you.

Yet another problem. It enables them to waste your time and money by making frivolous claims.

Since these are mostly civil cases the standard they have to meet to file charges is lower. Unfortunately so is the standard to 'prove' you guilty.

And that's exactly what I don't like. Neither of those make any sense. Just because it's money at stake instead of jail time, that does not mean that you should be able to get away with having less evidence.

Re:Sure. Don't be paranoid!

[Vanderhoth]

No one requires me to lock up my power tools either, but if a kid wonders over to my yard and cuts off a finger, I'm pretty sure I'd be sued and the key word in the case was because I was negligent.

Stop being a douche and go look the word up instead of arguing about something you don't understand. The only thing worse then a grammar and spelling natiz troll, is a wrong grammar and spelling natiz troll.

On second thought sorry, I just read you signature. This all makes sense now, you're obviously a tea bagger and the whole argument is because I said I was Canadian. I apologise for you ignorance.

Mod up

Mod this up. Anyone arguing that IPs can't be traced to accounts in a majority of cases is a moron who hasn't done their homework. As YodasEvilTwin says, the argument is usually between whether the account holder for the IP can be held accountable. As IT pros, we probably want accountability, but as IT pros aware of the issues, it's insane to argue that we can safely blame someone for everything that happens from their IP.

Fake IT to fill in a bad plot

How does this sound for action packed fun: "We need to get hold of his laptop and pull out the hard disk drive. We can then mount it as a slave and wait for 6 hours while it takes an image of the entire contents, then put it back in his laptops. From there, we can mount the image in a read only state and use a tool to brute force the encrypted partition key. It should take around 8 years."

Actually that would make a MUCH better story if they handled it right. Complexity and conflict is good in a story -- pretty much what makes or breaks it. To get around the 6 hour imaging etc., they have this wonderful thing called editing.

These shows aren't using fake procedures to be more fun, they're using them to fill in a VERY patchy plot. For example, when they "solve" a murder by zooming into the reflections on an eyeball in photoshop, they're just getting around the serious plot issue that the murder isn't really solvable with the events they're provided. It's like a story you might have written at 7, "They were off to the fair..." and then got bored, finishing with "...and then they all died."

In other words, it's laziness, nothing more.

ip tracking

The Declaration of Independence makes three claims in support of its right to separate the Colonial British Government from its claim and authority to govern the colonists residing in America in 1776. The 1776-DI claims each person has a lifetime of certain inalienable rights that supersede the rights of all governments. These are the LL&H rights (Life, Liberty and Pursuit of Happiness). The "so-called" endowed rights.

The same 1776-DI document claims that whenever any government is formed, it is formed to secure the [LL&H] rights (to mankind).
Further it claims the just powers of governments are derived from the humanity it governs and that if the government becomes destructive to these [LL&H] ends, it is the Right of the people [the governed] to alter or to abolish it, and to institute new Government ...

The IV Amendment ( part of the Bill of Rights) in the U. S. Constitution imposes on constitutional government the duty to secure to people the right to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures...and imposes the duty to prove probable cause to a judge in order to overcome that duty.. Does this constitutional clause mean that no law can be passed by Congress which breaches this duty?

So the question is: does failure of governments to protect IP privacy (and exploitation) of each individual conflict with the LL&H rights? In other words, must government prove probable cause before it can find or match people by IP? Must government prevent both themselves and those it governs from the matching of the IP address to the names and personal information of those it governs? Was or was it not the understanding of the states who refused to ratify the U. S. Constitution that: unless the Constitutional Federalist agreed to include this 4th amendment "right to privacy" in the constitution so that it could not be legislatively removed" that they would not vote to ratify it?
   

Re:Sure. Don't be paranoid!

[AmiMoJo]

Nonsense.

Even the best DNA testing methods cannot reliably tell identical twins apart. 1:1 billion was a theoretical maximum number dreamt up decades ago, in reality the ratio is much much lower. You also have to factor in the quality of the sample, as especially samples from crime scenes are rarely ideal.

IP addresses only identify an internet connection at best, assuming you could somehow be reasonably sure they there are not spoofed. Behind that connection there is probably a router/firewall and an unknown number of computers belonging to multiple people and probably with multiple users one each. The law in the UK has made it clear that in order to sue someone for copyright infringement you have to show that they were the infringer, not just the person who pays the bill for the net connection. For criminal cases the bar would be even higher.

Re:Sure. Don't be paranoid!

[pixelpusher220]

Preface question: Who is 'They' you keep referring too? the IP owner?

The point is that they're assuming he's guilty beforehand.

How? because they found their IP being shared from an IP address they take the IP address owner to court? That's called finding evidence of a crime and taking appropriate action. How is anyone 'assuming' guilt?

Their assumption should be that he is innocent to begin with ... in the actual court case. Yes, in the actual court case, it is typically innocent until/unless proven guilty

Well which is it? You say they should be innocent in the court case while rebutting that by saying they are innocent in the court case?

Yet another problem. It enables them to waste your time and money by making frivolous claims.

That's why they need to meet a 'reasonable' standard prior to filing charges. And there are frivolous lawsuit penalties should they do that.

And that's exactly what I don't like. Neither of those make any sense. Just because it's money at stake instead of jail time, that does not mean that you should be able to get away with having less evidence.

Really? you don't agree with having civil courts and criminal courts? You don't agree that jail time should require a higher standard than just a parking ticket? just wow.

YES THEY CAN!

I think many of those soon to be .xxx sites has absolutely wonderful tracking system. Everytime I visit one of those they use all sorts of bright colors and crazy animations to point me to the right female[emphasis] at my locale(yeah they know where I am).

Diclaimer: This experimentation is meant for educational purposes only. Any resemblance to real behaviour, traits of any living or dead is purely coincidental. Please read all instructions and warnings before replicating this experiment. Must be 18 years of age or older to proceed further. Experiment at your own risk.

Re:Sure. Don't be paranoid!

[DavidTC]

If you think I'm a teabagger you probably need to learn something about American politics, as my signature is pretty anti-conservative.

No one requires me to lock up my power tools either, but if a kid wonders over to my yard and cuts off a finger, I'm pretty sure I'd be sued and the key word in the case was because I was negligent.

Yes, because you do have a duty to lock up, or at least unplug, your power tools.

I have no idea why you're having trouble with this concept. Hell, you even mentioned 'duty' before I did.

Stop being a douche and go look the word up instead of arguing about something you don't understand. The only thing worse then a grammar and spelling natiz troll, is a wrong grammar and spelling natiz troll.

Instead of me looking up a word that I know full-well the meaning of, perhaps you should find ANY COURT CASE EVER that said people had a duty to lock up their computers and networks.

People are negligent if they don't do something they have a duty to do, and someone gets harmed because of it. They are not negligent if they do not have such a duty, even if someone gets harmed. (They can still end up liable for certain types of harm, but not very often.)

No such duty has ever existed for providing people internet access. People have actually sued under such a theory, and been shot down in court. The courts have, every time, said that people who sell other people an internet connection do not have a duty to monitor it for illegal behavior, do not have a duty to monitor it for harm caused to others, and hence are not negligent for failing to do so.

It's very very simple.

This decision is basically in line with all other services, BTW. You give someone a ride somewhere, you have no duty to make sure passengers aren't carrying drugs. You let someone use your phone, you have no duty to make sure people aren't plotting murder over it. You let someone use your internet connection, you have no duty to make sure they aren't downloading CP over it. You are not negligent if you fail to do check those things, because you have no duty to do so.

You, of course, might be in violation of a law or two, but that is not due to negligence. Perhaps it is illegal to transport drugs, even unknowingly. 'Negligence' and 'illegal' aren't anywhere near synonyms. Shooting someone in the head on purpose isn't negligent, it's just murder.

Or it might just look like you're in violation of the law. If your IP downloads CP the police will be all over you because they mistakenly think you're in violation of the law. But if you don't know about it, you're actually not. (Although have fun proving that in court.)

But that has fuck-all to do with 'negligence', which is a specific legal term that means you failed to do a duty you had, and then either criminal activity or harm was caused by your failure, which means either the police can charge you or you can civilly sued. And the most important part of that is you did have a duty in the first place. If there was no duty, you cannot be negligent in that duty, period.

And this is all a stupid argument in the first place because no one has ever been sued for letting other people access CP over their network anyway, and it's hard to see who the wronged party, who is suing, would be. It would have to be the minor whose pictures it was, they are the only 'wronged' person...but how the hell would they even know?

Re:Sure. Don't be paranoid!

[cheekyjohnson]

How? because they found their IP being shared from an IP address they take the IP address owner to court? That's called finding evidence of a crime and taking appropriate action. How is anyone 'assuming' guilt?

Is the owner of the IP not assumed guilty?

Well which is it? You say they should be innocent in the court case while rebutting that by saying they are innocent in the court case?

I already told you. In the minds of many, the person is already guilty, and they are ready to take action based on that assumption whether or not they have proof that it is true. Not all the time, but it happens.

And there are frivolous lawsuit penalties should they do that.

Really? I've heard of instances where big corporations were able to continually sue (and lose against) small businesses until they could not devote anymore time or money into the court cases. How is that possible, then?

Really? you don't agree with having civil courts and criminal courts? You don't agree that jail time should require a higher standard than just a parking ticket? just wow.

No. Everything should require the same standard of proof to minimize mistakes. In other words, proof beyond a reasonable doubt (which is the amount of proof needed for criminal courts, I believe).

Hairyfeet, please, cut the lies already

You're not good enough to work in corporate environs and you got fired hairyfeet.

Re:Sure. Don't be paranoid!

'too' means 'as well/also'.

Re:Sure. Don't be paranoid!

[JasterBobaMereel]

You will find that the Police are very good at not arresting people when they do not have enough evidence and are unlikely to find any ... ..they would be remiss however if they did not ask you as the obvious person, just as they always question the householder in a burglary, just in case it was an insurace scam ...

Re:Sure. Don't be paranoid!

[pixelpusher220]

As one of my other posts on this thread said. You can cooperate and avoid the hassle since you have an alibi or other information that says your property wasn't being operated by you. However, the general tone of the posts has been, 'fuck the cops, they have to prove it was me so I'm not listening'. If you pull that attitude with cops, they are *very* good at finding you a new place to sleep that night. :) of course we're mostly talking civil cases here anyway, but you get the point.