Slashdot Mirror
Can You Really Be Traced From an IP Address?
Barence writes "Identifying individuals using nothing more than their IP address has become a key part of anti-piracy and criminal investigations. But a PC Pro investigation casts serious doubt on the validity of IP-based evidence. 'In general, the accuracy of IP address tracing varies depending on the type of user behind the IP address,' Tom Colvin, chief technology officer with security vendor Conseal told PC Pro. 'Whilst big businesses can be traceable right back to their datacenters, standard family broadband connections are often hard to locate, even to county-level accuracy.'"
Depending on what data is being captured by the ISP for management purposes, this COULD be true.
But, if they can track you well enough to meter you (Comcast, AT&T, etc), they can track you down to your IP too.
Chas - The one, the only.
THANK GOD!!!
This is not the problem with IP tracking. In most instances the ISP will have logs linking IPs to customers, and people can be easily traced. The real problem is that AN IP IS NOT A PERSON. You cannot trace a person through an ISP (except through strong circumstantial evidence such as someone using their email account from that IP). If all the info you have is that someone/something at IP 12.34.56.78 downloaded kiddie porn, that's no evidence at all. Was it the suspect? Was it a family member or friend? Was it some random on the street who cracked the WEP key or accessed an open network? You have no idea and you never will unless you can find 1) evidence on a computer and 2) evidence that the suspect was using said computer at the time.
I'm often having to remind users in the office that a simple reverse lookup on our IP and there's the company name sat right there, a few clicks and you've got the building address. Go onto linked in and you've probably got half the employees full names. A lot of people forget just how much information you can get from work IP's. It's not CSI style VB GUI interface level but if you're about to go make some stupid edits on wikipedia don't do it from your office connection.
jaymz
has written a Visual Basic application to track your IP.
As the island of our knowledge grows, so does the shore of our ignorance.
In my experience you can generally trace an IP address back to a given location (using RIPE and then contacting the ISP and I presume using legal means to find out who was using that IP address at that particular time).
But of course after that you have no idea what happens, is it an open Wifi point? Is it a closed one but has been cracked? Has the wifi key been given out to a neighbour? All of these options cast doubt on the exact person who committed whatever criminal or civil act that is under investigation.
standard family broadband connections are often hard to locate, even to county-level accuracy
Advertisers rarely seem to be affected by this; every time I plug my laptop in while abroad the adverts change to the current locale..
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
In 1997 a company threatened to sue me for breaking into their system (which I didn't do). Due to my good contacts with the ISP at the time I was able to get my hands on 6 months worth of packet logs related to my cable modem. This was a Dutch, but American owned, cable ISP. If they were logging things to that details at the time, I doubt it has gotten any less today. If you're with one of the bigger ISP's, rest assured, your packets are safely logged.
They can track my IP, but not me! If "me" is connected to the net with something like Tor...
Apparently they can't meter you too well.
http://www.digitaltrends.com/computing/att-vows-to-improve-inaccurate-broadband-metering/
As to the tracking, I'm sure it can be done, however, unlike DNA, spoofing is completely trivial, so I would never be comfortable having it as the only evidence in some type of trial.
I would say if your address is static OR you ISP is happy to cooperate; only takes one for you to be quite trackable. What worries me a bit is that this article seems to advocate for legal precedent to be based on this idea, which is quite short sighted. Yea, right now it might be a bit hard to authoritatively determine the end user of a dynamic IP, but IPv6 is coming and when it does, everything and everyone will have their own, easily traceable IP address. Privacy laws need to be based around that assumption now.
Well yes and no. In the case of someone like the RIAA claiming they traced it back to a user -yes there is some room to say it's not foolproof. Far from it. But with someone like the FBI? That's not going to work. They will catch you in the act using a "man in the middle" sniffer like Carnivore to ensure the evidence chain of custody can be proved correct in a court room. Considering almost every piece of networking equipment made has LEO intercept capabilities built in, it's not hard.
Tiger Blooded Bi-Winning Machine
'In general, the accuracy of IP address tracing varies depending on the type of user behind the IP address...'
I whole heatedly agree with this statement. This is one of the few times this has happened with a Slashdot premise.
As a young graduate more than 10 years ago, I NATed a few of my employer's computer IPs, including the internal 192.168.X.X up to 3 levels and asked the then ISP support dude to find out what was going on. He could not, despite having the 'latest' software.
This gives defense lawyers one item they could use to challenge the DA. Trust me on this.
RTFA and you see that, as many of us already know, you can get a court order to get the exact identity of the account holder, so the problem as described by the summary quote is not the real issue. Rather, just because you know the account holder does not mean that you can prove that the account holder, or whoever you have on the stand, is the one that infringed.
Despite rear-end covering clauses in the terms of most home ISPs that state that the account holder is liable for everything that goes across their connection, most courts won't accept that. I wouldn't be willing to test it, but it's a very valid point of defense. The number of people with open Wi-Fi is staggering, and even then there are attacks which work on WEP (a ton) and WPA (GPU accelerated attacks can get passphrases in under a minute on many routers), which is the maximum security many home routers in use are capable of. That makes this point even more valid.
It's not just that it's difficult to track the IP back to your household, but that that's not the full extent. What if it's a shared account in a student accomodation, or you're running your PC as a node on a TOR network (so in both cases the "infringing" traffic might look like it's coming from your IP but you aren't the one committing the act). With difficulty in ensuring the IP was assigned to you at the time it was used on one side, and then in proving that it was you downloading the file on the other (and that's assuming you don't have the right to do so, or that you initiated the act knowingly) it's an incredibly flaky way to "prove" anything.
if they're billed, authorities can get the information, provided that they go through the hoops necessary. it's not instant and movie like, of course. even pre-paids get tied to a name when they're charged(and cellinfo is logged, for a time). so it's mainly used to find a place of evidence and then to raid that place for said evidence. it's not evidence by itself but a clue about where to maybe get evidence. by itself it's just a phone number and about as useful as that.
of course if there's been proxying and such, it's a different matter. why do you think tor etc exist? same problems exist with a phone too.
and this is finland, but then again, here policemen can do a house search by hunch and cases often depend on confession(and in IT/piracy/data related matters especially, with often the questioning policemen not even knowing what they're asking about). it's a fiddly line here, really. and just a small number of cases, which is why they have no idea what they're questioning about. the main bread and butter of these guys is drug cases and violent drunks, home abuse and such. but if there's a suspected murder case then the mobile phone logs, ip-logs, etc get combed routinely.
but about ip-targeted ads.. ip-geolocationing is a fraud, it only sort of works per country.
world was created 5 seconds before this post as it is.
You know what is even harder to identify: me sitting behind my Swedish Relakks> VPN connection.
8 of 13 people found this answer helpful. Did you?
But, but, but...the meter is by account, not by "person". It's like a water meter: it doesn't matter who is using the water, all that the water company wants to know is how much is flowing out of its pipes to the customer of record. Take a WiFi access point: one IP address with NAT can be used by hundreds of people at the same time. (I know this because every year I run a WiFi network at a show with 300 people...and roughly 700 devices -- so tracing activity to just one device is a real needle in a haystack.) It gets worse if the ISP is monitoring ATM packets instead of IP traffic...
It's unlikely you can trace an IP back to a single user. You can, however, almost certainly trace it back to who it was assigned to, either statically or dynamically. The problem is that can be anything from a single home user to a small to medium sized company behind a NAT. Hell it could even be a large company - although they're more likely to be behind a many-to-many NAT, rather than one-to-many.
The only place I can see you being able to track back a single user would probably be in cases where you actually have the IP address of a workstation and you can compare to the login/logoff audit logs. I suspect the number of places assigning world routable IP addresses to workstations is vanishingly small. I can't see many places keeping NAT translation logs for the workstations on private IP blocks.
Yeah, I had a sig once; I got bored of it.
...which of the 4 people living here and on which of the 9 computers (7 physical, 2 virtual) behind my NAT firewall committed the act based on the evidence you have already? Which subnet of my internal network were they using (the virtual machines are subnetted away from the rest of the network)? Is it possible that someone outside my home cracked my wireless security, joined my network, and committed the act in question?
An IP address only points to the person being billed for a service, it doesn't prove anything as far as who did what; especially if someone has cracked your WiFi.
You should have the exact IP assignment time table from the ISPs.
Then you need to be sure about the exact time drift among all the involved systems.
And finally you need to be sure about the person using that vey device using that very IP.
And even so, you still need to make sure about another dozen of constraints like NAT and open/broken WiFi access points.
So, of course you cannot. Apart of a very limited number of cases. Very, very limited.
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
> or that you initiated the act knowingly
IIRC, this is not a valid defense against the tort of copyright infringement. Neither is not knowing the true copyright status of the work.
Perhaps this was somewhat defensible in an era where distribution was for all practical purposes always funded by having to pay for works under restrictive copyrights. However, even since television began, long before the net, other models of distribution have become widespread. To me it's pretty amazing that this is still the law in the current reality.
Wheneven you connect to the Internet via your ISP and they give you an IP address, they record the time you connected and your account username (or cable modem's MAC address which can be traced back to your billing account). All, all someone needs is your IP address and the time the offense took place (has to be a specific time frame) and all the ISP needs to do is look in their database of addresses they gave out and they have you.
Yeah, you could have an open WiFi router but usually the company attempting to sue you (*cough* RIAA, MPAA *cough*) doesn't care. They want their own twisted version of justice and they want money now. They don't care if you have an open WiFi router and that the neighbor may have downloaded music on your network, they see that your account was responsible for the act and they want money!
Can you trace the final connection endpoint (i.e. the part that contacted the observed target as the last link in the chain)? Yes. Even if they fake the IP you *could* in theory do work to discover where that connection originated from. This assumes greatly that the IP you recorded isn't forged, random or nonsense and that you haven't just been "given" a list of IP's from a third-party who didn't do the correct analysis to determine where those IP's are gathered from.
Can you get from an IP to a physical location? Almost certainly. Usually to the campus, home address or business telecoms line that the IP is associated with. But it will be the IP of the other endpoint of the connection, not necessarily the origin of the user's actions. E.g. proxies, hacked routers, etc. And even that can be extraordinarily tricky to arrange over international borders.
Can you trace back through proxies and other hindrances to get to an actual connection origin. Yes. Doubling the work necessary at each stage and if you can force physical access to each of those origins in order to trace back where the source came from.
Can you get from a confirmed IP-packets physical origin to an actual person? Depends. Not automatically, and probably not at all without an admission of guilt or other concrete evidence and almost certainly it would only be "coincidental" rather than anything else (otherwise it would be like arresting everyone who used an Acer laptop because the connection originated from an Acer laptop)
Can you do "hacker-work" to knock on the door of Hacker 1 who lives in an uncooperative country who was trying to hide their tracks (i.e. someone you actually WANT to trace using police resources and raiding datacentres)? Probably not.
Can you do some simple police investigations to get from an abusive IP address to a home address that you can raid for more evidence in a co-operative, or your own, country (i.e. someone stupid enough to do something incredibly illegal and traceable from their home Internet connection)? Yes.
Can you then prove it was them that used that IP? Not without taking their computer and ISP logs and all sorts of other evidence and doing a full "ordinary" investigation.
Can you determine who random user X was who piggybacked on a wifi connection that you *can't* prove the owner used himself but can only trace to that IP? Not without some other evidence (e.g. spotting the car that was sitting outside).
Can you tie an IP address on the general Internet to a single person unequivocally? Not to the standard of any court that I know, no.
Can you tie an IP address on the general Internet to a single person enough to make you suspicious. Usually - yes.
Will it stand up in court? Not without a shit-ton of other evidence that's much more convincing.
My IP at home is dynamic but I've had the same one for over a year.
anyone really believe that a jury would be able to make these types of distinctions? all they see is we tracked something back to your house without regard to how trustworthy the data is. it happens all the time with other forensic techniques increasing the number false convictions.
Having worked for several large ISPs in their "Copyright infringement" department (ironic I know) I can tell you that no, tracing an IP address back to its original user is not likely and shouldn't be admissible in court.
The way the system works is this:
The ISP gets an email claiming copyright infringement on a certain date and time by a paticular IP.
It's important to note, the ISP has no way of verifying any of the following:
The email came from the person it's claiming to come from
That person is the copyright holder
There is even a copyright on the file in question
The person sending the email did anything to confirm what they were downloading was a copyrighted file (is batman.zip the new or fan fiction?)
The ISP can not even confirm that anything at all was downloaded.
The ISP then takes the IP address provided and the time claimed and compares this to their DHCP server and looks for lease statements before and after the time the file was claimed to be downloaded. So if the complaint was at 10pm and we had that IP time stamps at 9:30pm and 11:00pm for Jim, then Jim gets a letter.
As you can imagine there are all kinds of holes in this. There are a zillion and one ways that could be inaccurate inside the ISP alone. This doesn't even include all the failures on the part of the copyright holders. We had one that was so inaccurate they were sending us multiple complaints on a daily basis against IPs we hadn't had leased out to anyone for days surrounding the times of their complaints. We made repeated inquiries with the "Company" to try and clarify their problem. But in the end just blacklisted their email accounts. We had other incidents in which the complaint was that the user downloaded a dozen or so movies... but a quick check of their usage logs showed they were using less than a couple hundred meg a month.
It was clear that the copyright holders were using automated scripting software to flood us with complaints with no real checks and balance on their part and then expected the ISP to do the heavy lifting when it came to investigation.
Depending on what data is being captured by the ISP for management purposes, this COULD be true.
But, if they can track you well enough to meter you (Comcast, AT&T, etc), they can track you down to your IP too.
The problem is that Charter assigns one IP address to my router, and everything behind it is sharing that one IP.
So... Who generated that traffic you're interested in? Was it me? My wife? My kid? One of the few people I've given wireless access to? Somebody who cracked my wireless network?
"Work is the curse of the drinking classes." -Oscar Wilde
gets worse if the ISP is monitoring ATM packets instead of IP traffic...
Why is the ISP monitoring my banking?
antipaucity
...which of the 4 people living here and on which of the 9 computers (7 physical, 2 virtual) behind my NAT firewall committed the act based on the evidence you have already? Which subnet of my internal network were they using (the virtual machines are subnetted away from the rest of the network)? Is it possible that someone outside my home cracked my wireless security, joined my network, and committed the act in question?
If you have 9 computers in your possession, the authorities really don't care which is infringing, they are still in your possession. Subnets don't really matter, nor does your NAT firewall, as all they have to do is show that the content in question was transmitted to whatever device you have that is connected to your ISP (usually a router). That is enough to give probable cause for a search warrant (at least in the US). From there, they can confiscate said computers and analyze them looking for signs of the data in question.
It may be possible that somebody outside your home cracked your security. You could try to use that as a defense, it wouldn't be up to the prosecutor to show that it didn't happen, anymore than they would need to show that somebody broke into your home or business and used your computer. That would be your burden to disprove the prosecutor's case. Besides, a good prosecutor would point out that if you have the smarts to create the network you have described, then you have the smarts to adequately protect it. Negligence usually is not a good defense at a trial.
Here is an analogy for you. If you loan your car to somebody and they commit a crime with it, the authorities are coming after you. If you have an alibi, that is great, otherwise, you'd better be ready and willing to turn over who borrowed your car. Even with an alibi, if you don't want to be an accomplace, you'd better be ready and willing to turn over who borrowed your car.
So, back to your 9 computers. If it wasn't you who did whatever, which of your family or users (depending on whether this is a home or work system) did? That is the information they will find out when they confiscate your equipment. Happens every day, all the time.
Throw in this that a lot of people have wireless routers, it would be impossible to tell, even if you track down the IP address to the physical address, that it was being used by you or your family. One could always say "I had an open wi-fi connection", and it would impossible to say who was behind that IP address.
The RFC for IPv6 provides for temporarily assigned addresses. The original spec required a MAC to be used to generate the 64-bit host address, but that has since been sort of ditched. The best they could trace to is your network ID (either a /48, /56, or /64, or whatever they otherwise decide to do with host networks--right now Comcast provides /64's to their IPv6 testing customers).
/64 should ideally never change, and will be assigned per customer. So while the specific device can not be found, the network address should make it easier for them to track you. There's nothing known about whether or not they'll rotate network IDs per customer, but I would imagine not.
That
The only reason it worked out previously was because customers were assigned individual host addresses via V4, which were typically picked up via DHCP just like any computer.
It also depends on the accuracy of the ISP dynamic IP records.
The IP records, if they keep them, are subject to a number of accuracy issues. So much of the ability to trace the given IP at a given time back to a particular subscriber line or dataset depends on accurate configuration of many devices and databases... and on the people that manage all of it.
eg1: Allocation of routable IP address ranges to DHCP servers changes more often than you might think, primarily due to the scarcity of IPV4 addresses. Depending on how the ISP handles these changes, you could easily have a situation where a subscriber endpoint is returned that is no longer correct.
eg2: Say we're talking about DSL. In all of the millions of pairs of wires that have been connected by hand, there are bound to be errors, either in the actual jumpering or in the record keeping about the jumpers and the end points. Believe me, this happens and it can go undetected for a long time.
eg3: Systemic errors in the provisioning software that manages the DHCP servers. As long as the billing records don't come into question and the subscribers get their service, it is unlikely that anyone is going to notice that there is a problem with the generation of the reverse lookup name. If the dynamic IP to dynamic name relationship is not always correct, who is going to notice? This one in particular can be a real bugger to find.
eg4: You would think that everything is kept straight by monolithic, standardized allocation software and methods that are tried and true, but all you need is one manual step in a process to throw everything into question. Excel spreadsheets crop up in the most unexpected places.
Basically, IP tracking by an ISP is an inventory management issue and even with relatively static warehouses it is nigh on impossible to get two counts to agree. The larger the inventory and the more dynamic the flow, the more likely there will be problems.
Ya in theory you could translate the IP back to the area and the MAC possibly on their switch of the router to the customer device if they kept that detailed of records of what modems they sent out to each location however you still would not get past the problem that if 5 people are using a internet connection, you can't pin down which one actually did the downloading by IP address alone which in a normal legal system is not enough to convict. If it was a murder trial and you have your suspect down to 5 people, you wont get a conviction so it shouldn't be any different for electronic crime.
Bryan
Users of standard home IPs (via ISPs) are neither completely, or even significantly, anonymous nor identifiable. The line is grey and moves, possibly by the minute.
However, the article refers to two legal situations, and doesn't discriminate between then sufficiently. With regard to a lawsuit, the test is often stated as "a preponderance of evidence" while when the article referred to a police investigation, it's often described as "beyond a reasonable doubt". The two are not interchangeable.
The copyright lawsuits that the article refers to are probably attempting to show "enough" evidence to get a settlement or a judgement. Taking the evidence collection to the point the police would want would certainly be an asset to the case and would probably be in the "lead pipe cinch" category, taking into account the lesser evidentiary need.
Without that ... well, they will certainly try to get the judge to agree with them. It may be enough in some cases ... we have a few examples where a Judge or Jury in a civil suit did accept it ... but at the same time by itself it's also probably grounds for appeal as well.
With regard to even national-level geolocation, occasionally at work, due to remoteness, I connect via a sat feed. When I'm on that feed I'm in the arctic; when I see certain ads while browsing and those ads include a city or region as part of the targeted ad, they think I'm in New York state (which is where the ground sat link is with the ISP we happen to use).
But, there are probably cases where there is strong evidence, similar to a corporate IP address ... for a few dollars a month, I could have a static IP at my ordinary (home) ISP as well (although it's dynamic currently). So, it's neither here nor there ... it will vary depending on the unique circumstances of the case.
Essentially, that's also what the judge quoted in the article says ... he's hinting that he would be willing to accept the IP as part of the evidence provided there was corroborating evidence to back it up; otherwise not good enough by itself.
I'll conclusively say right now: the ISP is happy to cooperate. It's only When, not If. They get a cut of the resulting lawsuits.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I hope this was a lame attempt at a joke, but if not, read this: http://en.wikipedia.org/wiki/Asynchronous_Transfer_Mode
Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
All ISP's keep logs. Knowing the IP immediately identifies the ISP. From there it's just a petition away to find the account/modem MAC that was using that IP at that time.
Proving exactly who was on the computer at that time would be impossible. But you could easily narrow it down to the household.
If it ain't broke, don't fix it.
I'm under the impression this is already done. At least in Canada.
I've read that if a router has an open connection and someone out war driving connects to the unprotected router to look up child porn (CP). The owner is responsible because they negligently left the connection unprotected. In the city live in there are free connections all over the place. If you live in an apartment building guaranteed there is an open connection. I've only ever heard of one case where some one tried to use the, "But my router is unprotected. It could have been anyone." defense. The problem was the CP was found on their laptop. Then they tried to say some malware had been installed, which downloaded the CP so they weren't responsible. I didn't ever hear how the case turned out.
That being said, Someone COULD try to hack my router to do something illegal or they could park a house over and leach off the High schools free open wifi. I was talking to my neighbor one day when he told me he and at least the other six houses to the corner of our street just use the high schools connection. On a good day I can connect, but most of the time I'm just out of range so I'm stuck paying for the connection. If I had bought the house I was originally looking at, which is just on the other side of my neighbors house I could have gotten free internet. Everyday I see that one bar signal for the HS flashing on and off, I hear Nelson laughing at me because I could had it. Oh Well, I'm sure my neighbors will all get in shit for it some day.
The "you" here is the wrong focus.
Can you be traced to an IP address? The answer is and will always be, no.
Can an IP address be traced to a MAC address and/or general geolocation? Yes. Is that data accurate? Not necessarily, and there's pretty much no guarantee of accuracy. Do ISP's give a shit who is using their cable modem as long as it's paid for? No.
Just because "I found an IP address accessed at X time and Y cable modem" does not mean that you can truly verify anything beyond the cable modem without far more info (and a violation of plenty of laws without a warrant).
Actually, current DNA identification isn't all that good either. Most DNA identifications are "1 in 100,000", those that I have seen claiming higher reliability have proven to be hyperbole. This does not mean that higher reliability is not possible, just that current techniques that I have heard referenced are not very reliable identifiers.
The truth is that all men having power ought to be mistrusted. James Madison
Wouldn't surprise me if this is true but do you have a link that proves this?
From a legal standpoint, only one person signed the contract. That person is liable for anything done with the connection. And yes, as the legally assigned person have to 'prove' it wasn't they who committed the act that was traced back to their 'address'.
and for the old world analogy:
If your car is seen and photographed robbing a bank and everybody in the house had access to keys, who do you think they are going to look at first?
People in cars cause accidents....accidents in cars cause people
Agreed, however this should not come as a surprise. Your ISP is in the business of connecting the tubes to your house, not fiercely fighting for your civil liberties. Fighting for your privacy is your responsibility and you should never expect it to be done for you. Also, I am not sure about your last statement - it would be tantamount to bribing a witness, but nevertheless the ISPs want to be on good terms with the media companies.
I'd think that for the purposes of a file sharing case, ISP logs would be sufficient if they can compel them to turn over the relevant bits. No doubt they keep traffic details of some kind from the session layer on down, which would rule out a 4th party spoofing scenario. I could be overlooking something there. Seems to me the problem with tracking traffic back to a user is if you're required to do it blind from an IP in a server log. But if you can take that hint and get the information from the ISP-on-out, that seems pretty concrete (aside from cases of a compromised machine or AP).
When I worked for Time Warner, I'd often process abuse tickets while our Abuse Coordinator was out. It was pretty simple. You'd get the subpoena with the exact time and date of the incident along with the IP address. You'd enter the IP address along with the time and date into the abuse tool and it'd return the account that IP address was associated with at that specific time. It wasn't hard to locate them at all. The IP association data was stored for 2 years or more.
Surely the validity of any evidence citing party x having IP address a.b.c.d at time t comes down the accuracy of the clock on the server that logged the IP address allocation.
How do you prove in court that clock on a logging server was correct.
I don't think you can.
cantenna
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Even though I have a dynamic IP, it's effectively static since it hasn't changed in 9 months, so if someone asked Comcast who my IP belonged to, Comcast could say with quite some certainty that it was me.
But, I wonder what would happen if I was running a public access point (aside from facing the wrath of Comcast since I'm sure it violates their ToS) - could I blame any illegal activity on my "customers"? How can I shield myself from liability from actions by my users?
And yes, as the legally assigned person have to 'prove' it wasn't they who committed the act that was traced back to their 'address'.
Forget innocent until/unless proven guilty! You're guilty unless you can prove otherwise!
Filthy, filthy copyrapists!
Isn't it harder with dial-up and open wifis?
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
That's the way DHCP works. When the IP address lease is eligible for renewal, the client will ask the server if it can keep the existing IP address. If the server okays the request, the client keeps the same address. For continually connected networks, such as DSL and cable, you're typically not going to see a lot of change in the DHCP assigned IP address.
When our name is on the back of your car, we're behind you all the way!
You bring up excellent points. This also spiked me to think about my last interaction with my local Cable provider regarding an internet service outage. Each time I would call a Level 1 technician, they were always asking for my MAC address on the modem. Why wouldn't they just have this tied to the customer record? It's possible they were just verifying, but the tone of their voice made me feel otherwise....
Karnal
You're not convicted of anything until you're in court hence you're not guilty of anything. However, they *are* going to bring you into court if your car was seen robbing a bank and you can't reasonably explain who else might have been driving it.
People in cars cause accidents....accidents in cars cause people
I remember using a program years ago called neotrace that traced IP's. Surely they have something even better now no?
Most DNA tests are done to the 1:100,000 level because this is a) quick and b) cheap
DNA testing can be done reliably and accurately to 1:1 billion but this is very expensive and takes a long time ....
But if you are relying on DNA evidence alone then you have a very unsound case, if you test everyone you will find at least 6 matches even at 1:1billion ...
Same goes for IP tracking, you can do it quickly and cheaply and it is often inaccurate, or you can do it properly and it can be made very reliable but this is very expenside and time consuming and does not usually prove any more than the quick test ... the defense lawayer first question should laways be what other evidence do you have linking the person to the crime?
Puteulanus fenestra mortis
DNA is better at proving people not guilty than guilty. Sure, it is used by prosecution along with other evidence, but DNA alone can't prove someone guilty (not to say someone won't be convicted by an uneducated jury, but you won't hear a properly trained forensic scientist claim proof, they will claim only a correlation usually by saying it is indistinguishable). On the other hand, if you analyze the DNA and find that the markers don't line up at all, it assures that the sample the lab was given doesn't match the defendant thereby demonstrating that if the sample is a valid representation of the perpetrator then the defendant is not guilty. IANAL YMMV.
Get a web developer
It is quite reasonable to ask you first .... but it is still up to them to prove it was you ...
Puteulanus fenestra mortis
Will law enforcement treat this like the photo systems that capture speed/red light infractions eventually? The infraction is not associated to the user but rather the connected device. Having received a speed violation (sent to me, but my wife was the operator, given the location), I dislike the fault association with the owner, but it seems that someone would likely create it to stop people from using the "open wifi" defense.
The flip side is that getting a photo-radar ticket is substantially less expensive than getting pulled over. Since you (as the driver) aren't charged, you don't get demerits, for instance. (At least up here where I am - they define photo radar speeding as a "non-moving violation". Yes, the irony is stunning.)
I think the current IP tracing does make a few assumptions, not the least of which is that there is only one user who is ever on that address - no roommates, visitors, people hacking your wireless, and so on. It's the equivalent of charging someone with theft because they traced the crime to the bus you were riding on that day - with no additional evidence. Realistically, I'd think an IP trace would be good enough for a warrant or other discovery document, but that's it.
but it is still up to them to prove it was you ...
which happens in court. You don't have 'prove' anything to charge someone and hold a trial. There are some checks along the way but they don't require 'proof' of anything, just some semblance of reasonableness that you could be the guilty party.
People in cars cause accidents....accidents in cars cause people
Even MACs are dynamic. There are very few hard coded MAC addresses in devices anymore. Probably he wanted to make sure that he was looking at the same thing that you were.
The stuff I mentioned above are just on the ISP side. Unbelievably (tongue in cheek here), subscribers do all kinds of odd and unauthorized things. Neighbours and friends will swap, trade, loan and sell their set top boxes and modems. The curious sort will install custom firmware on the ISPs device, or they'll stick a transparent BSD box on the wire to see what fun they can have.
The IP allocation system will include a lot of devices that the end user may be surprised about. Of course there are the DHCP servers and the systems that mange them (set and query), but configuration of routers is often involved even to the provisioning of a single subscriber for access control, QoS, virtual circuits, etc etc. It is one big state machine and if someone monkeys with it (er... sets an illegal or unforseen state) then all bets are off as to how it operates.
This stuff is only simple on a small scale or from a distance.
LOL. And the "abuse tool" works by magic and fairy dust, right? The "tool" was probably just a website front end to a database. If the database contained junk, you got junk, without knowing any better.
A successful API design takes a mixture of software design and pedagogy.
That is unless your DSL provider is Windstream. My IP changes almost daily with no service interruptions. It got so bad that I wrote a script that grabs my public IP every 5 minutes and scp's that to one of my servers every 5 minutes.
Tracing down something to an IP address can be a solid pointer for a courtroom - remember, if it's a jury trial, and it goes that far, you have to convince the jury, not the judge - this means a good lawyer and no smoking guns will get you off. If a common person has an IP that leads law enforcement to their doorstep, then that person is screwed. A good lawyer can make all the difference, but having a fairly diverse network with potential vulnerabilities could go a long way.
I've seen worse things - PenTeleData (ptd.net) puts their subscriber information into their reverse DNS. I'm just glad I don't use them. Does their doing this constitute a breech of their promise to not provide customer identifying information? I think yes, regardless of how you defend against being tagged with your IP, it can still give out a lot more than you'd want to share.
This block, 24.229.69.0/24 is owned by ptd.net – and this ISP, located in Eastern PA, puts their customers names in the reverse lookup of their IP address. Tell me that these folks don't get more than their fair share of P2P lawsuits and targeted advertising.
24.229.69.2 : cpe-static-jpjayassoc-rtr.cmts.all.ptd.net
24.229.69.3 : cpe-wifi-subwaytilghman-145.2.1-ap.cmts.all.ptd.net
24.229.69.4 : cpe-static-aestheticsurgery-rtr.cmts.all.ptd.net
24.229.69.7 : cpe-static-thecontigrpmdm2-rtr-cmts.all.ptd.net
24.229.69.8 : cpe-static-apa612wlindenst-rtr.cmts.all2.ptd.net
24.229.69.12 : cpe-static-ramadainnkiosk-rtr.cmts.all.ptd.net
24.229.69.15 : cpe-static-cntyoflehighgovtcntr-rtr.cmts.all.ptd.net
24.229.69.51 : cpe-static-westendpharmacy-rtr.cmts.all2.ptd.net
24.229.69.52 : cpe-static-bnaibrithapartments-rtr.cmts.all2.ptd.net
24.229.69.55 : cpe-static-adultmedgeriatics-rtr.cmts.all2.ptd.net
24.229.69.56 : cpe-static-cysticfibrosis-rtr.cmts.tv2.ptd.net
24.229.69.57 : cpe-static-stanleywest-rtr.cmts.all2.ptd.net
24.229.69.58 : cpe-static-panylentzengineering-rtr.cmts.all2.ptd.net
24.229.69.59 : cpe-static-drhabig-rtr.cmts.all2.ptd.net
Absolutely, the way that IP and DNA evidence are used today, they are useful for two purposes. First, take a specific group of suspects and eliminate those that it could not be because of this evidence (more reliable for DNA,than for IP). Second, obtain a potential suspect or two who are worth more in depth investigation. Unfortunately, the press, TV shows and movies make it seem like both IP and DNA evidence identifies someone much more reliably than it actually does.
The truth is that all men having power ought to be mistrusted. James Madison
Is there any reason why you don't just use dyndns?
The Tao of math: The numbers you can count are not the real numbers.
I am not sure if it is still like this, but with TWC used to work across the city with the same Cable Modem (MAC address?). For whatever reason I had moved my cable modem to a different part of the city and it worked just fine. Not that they couldn't look at the routing path, but that may be limited to knowing you are on this street/building, but I am sure almost every has their cable modem at the place on the bill.
The owner is responsible because they negligently left the connection unprotected.
That is a misuse of the word 'negligent' if I've ever seen one.
It is negligent to do things that you should have knew people might get harmed by, like leaving a broken board on your front porch that people step through.
It is not negligent to leave things laying around that other people deliberately use to harm others. If an adult picks up a hammer I left on my porch, and attacks, someone, no, that is not negligence.
It's even less negligent, if that's possible, for someone to use them to commit a criminal action that does not, per se, harm someone. Like if I give an adult a beer, and they walk off with down the sidewalk in violation of 'public drunkenness'.
If corporations are people, aren't stockholders guilty of slavery?
Dude, you can't sign a private contract making you liable for other people's criminal activity. That simply is not possible under any sort of American law. You could sign one with the government, possibly, and that's sorta what it means be 'released into the care of...', although not to the extent of making a criminal out of anyone. But private actors can't just magically sign things making them liable for criminal actions by someone else.
Likewise, a contract between you and second party (your ISP) cannot make you civilly liable for the actions of the third party(an illegal downloader) against a fourth party(the copyright holder), allowing the fourth party to sue you. That doesn't make any sense either. They can't try to enforce some contract they aren't a party to. Either they could already sue you, or they couldn't.
If corporations are people, aren't stockholders guilty of slavery?
Dude yourself. If you make available the tools by which crimes can be committed, you damn well can be held liable for their use in such crimes.
If you allow someone access to your computer and they do something illegal with it, *you* are the one they are going to talk too since it was your computer and connection. They don't know anything about anybody else, nor frankly, do they care. You can explain your alibi, but if you say nothing, trust me, you are ending up in court.
There are certainly mitigating issues in many cases, but the 'facts' only show that your IP address committed the crimes. They are going to sue *you* and nobody else. If threats are made over a phone, they know the person to whom that number is assigned and will investigate them appropriately.
Now, IP crimes are generally not criminal which is both good and bad. Good, for you, that it doesn't rise to the same level as 'criminal' charges, bad, for you, that they don't need to adhere to the same level of proof. Hence, they'll sue *you* and let you have to explain in court.
People in cars cause accidents....accidents in cars cause people
And nothing you said has anything to do with signing a contract, which is what my post was about.
Signing a contract with a private actor cannot impose additional criminal liabilities, or impose additional civil liabilities for actions between two other parties. You might already have criminal or civil liabilities, but they are irrelevant to any contract.
If corporations are people, aren't stockholders guilty of slavery?
It's my job to trace IPs back to customer's accounts.
Big ISPs have nice record keeping and database systems setup to make it easy, but even the little guys can track you down with very little trouble.
It's not hard to trace an IP address back to a customer's internet account and (in many cases) a physical address.
Sure you can't tell exactly who was at the keyboard, but as far your ISP is concerned, who you allow to access your account is your problem. The account holder is responsible for what takes place over the service they signed up for.
When it comes to major legal issues, we are able to give police a very firm places to start looking (a physical address, a hostname, access logs etc) and from there they can check your hard drives, network, home router config, and decide how likely a suspect you are from that.
Of course, when most ISPs have a very long DHCP lease, it might as well just be static. For example, if you have Comcast, chances are that your IP address hasn't changed since you first started your service.
If you don't think your contract holds *you* responsible for any criminal activity during the use of the contracted services, you are wildly naive. Not 'liable', 'responsible'. The latter they can do. The former is the justice department's job (or whoever was harmed).
"You hereby agree to not violate any laws when using the system." is blatant boilerplate legalese in every contract ever written by even a half competent lawyer.
People in cars cause accidents....accidents in cars cause people
The IP address can appear on these records in many ways that don't ever involve your hardware even being used. These include numerous hardware and software intractions.
For example, hardware wise, someone could temporarily disconnect your modem and plug in their own (at any point between your home and the dslam). Done at the right time, you would probably never notice it. They could also sneak into your house and plus in a small wifi router, in order to steal your internet connection.
Software, what if your ISP doesn't handle daylight savings properly. That gives the "bad guy" an hour of IP usage that could appear to be you. Then there are numerous IP spoofing methods available. And, breaking into the ISP and changing data there is not impossible.
Then, there is the possibility of someone just finding an open wifi port into your network.
They should first need to prove that your hands were on they keyboard before being able to charge you. If someone placed a cardboard copy of your license plate on a car used in a bank robbery, should you be charged with the crime? If not, then why should you be charged when someone does the same thing with your IP address?
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
On the contrary, they don't have to 'prove' anything to charge you. Hence why it is 'charge' and not 'convict'.
They do have to offer evidence that it is 'reasonable' that you did the crime. And the ISP saying the IP in question is yours is plenty 'reasonable' for a court of law.
So yes, you can and will be charged based on that information.
In court, all of the things you mention are perfectly good defense arguments. But they are that, defense arguments. You need to be charged before you can bring them up. Of course playing nice with the investigation up front might keep you only at 'person of interest' levels and avoid the charge all together. But that requires the acknowledging that they have information that points to you and providing an explanation to point them somewhere else.
People in cars cause accidents....accidents in cars cause people
At least in Germany the owner is responsible for illegal actions taken via his open wi-fi connection as long as he cannot absolutely identify the real perpetrator.
I don't need anything outside of the IP address so that I can SSH to my machines. I don't host sites or email or anything of that nature so name resolution is unimportant.
If you make available the tools by which crimes can be committed, you damn well can be held liable for their use in such crimes.
No, you can't. Unless you had knowledge of the crime, or could have reasonably expected the crime to occur.
If you allow someone access to your computer and they do something illegal with it, *you* are the one they are going to talk too since it was your computer and connection.
"Talk to" isn't the same as "held liable."
By your reasoning, the ISPs are responsible for all file sharing, since they "made the tools available."
Everyone will have a static prefix. Privacy extentions randomly generate the rest of the address, and change it often (eg. 24hrs). And this assumes ISPs are going to assign static prefixes instead of DHCP6-PD -- which could be dynamic. You'll have the exact same issue as today... you cannot reliably trace an address to a specific machine and specific human being.
[Even in my house, where I'm the only perm. resident, it's never 100% assured that I'm the one generating traffic. There are dozens of people with devices that can access my wireless network. And 3 that have keys that can access the wired network. Plus the possiblity of remote users doing things -- with or without permission.]
Many (all?) home wifi routers log the physical hardware address of the connecting wifi device. While that hw code can be faked, most freeloaders on an open home wifi network or hacked WEP key wifi aren't going to bother obscuring that code in their wifi chipset. A smart lawyer/prosecutor would subpoena your router to see if your claim that "someone else hacked my network and downloaded that naughty file" is supported by the log in your router. Even if you've deleted that log (my router let's me clear it I think) maybe it can be recovered? Of course, if the log has been cleared then not recovering an attacker's hw address does not mean there was no attacker, so maybe this isn't so bad?
Note I said 'can be' not 'will be'.
We can argue about semantics all you want. ISPs are 'common carriers' and are immune to such lawsuits as a general rule.
And yes 'talk too' is the first step. If you don't have a reasonable alibi or explanation, then yes you are going to be charged with said violation of the law.
People in cars cause accidents....accidents in cars cause people
Yes, it is. But if it's like any of the systems I've worked with over the years (and some I wrote myself), it's faster to ask the user than go dig it up. The first thing we asked for was "customer number and/or circuit id". Yes, we can find that from a company name, postal address, ip address, or the billing account name (which for a company can take several guesses.) (and at BTI, being a phone company... a phone number.)
What they need depends on what system they're using.
I meant that you can clone MAC addresses (a common feature on home routers) or you can set them to whatever you want. You can't assume that a MAC address will be unique outside of a LAN segment. IP collisions are easy to create by setting a static IP on your machine, but so are MAC collisions. Some people like to try to get other people's service features by copying MACs. Doesn't usually work because of other issues but you still get people trying it.
It just goes back to the original point that identifying someone definitively by their IP and information from the ISP has lots of room for error. Even if the ISP has excellent record keeping and systems, other people can throw a monkey wrench into things. It should take a fair amount of effort to prove without a doubt that a given IP was actually provisioned to a given location at a given time. Even more to prove that a specific person was using that IP.
I was referring to big iron routers re: ACLs and so forth. Not your little DLINK home WAP.
Of course, when most ISPs have a very long DHCP lease, it might as well just be static. For example, if you have Comcast, chances are that your IP address hasn't changed since you first started your service.
Yes. I had them for a few years, and you're right: it hardly ever changed. The only times that it did were when they were doing a major network upgrade (I lost service for an hour or so, and when it came back on I had a new IP) and when I upgraded my speed. I think they call it a "Permanent IP", meaning they can change it if they want, but usually leave it alone. Worked well for me: I could get to my machines from the outside and didn't need to bother with DynDNS or anything like that.
The higher the technology, the sharper that two-edged sword.
on my porch, and attacks, someone, no, that is not
Welcome back, Captain Kirk.
The higher the technology, the sharper that two-edged sword.
negligent Adjective /negljnt/ listen
Synonyms:
* adjective: careless, neglectful, remiss, inadvertent, heedless, slack, inattentive, perfunctory, slovenly, nonchalant, slipshod
* Failing to take proper care in doing something
o directors have been negligent in the performance of their duties
I haven't read a definition that indicates they harm caused by a negligent action must be physical. If I leave the keys in my car and it's stolen my insurance company won't pay out because I was negligent. If I leave my router unprotected and someone uses it to break the law it was because I was negligent. I did not preform my duty to secure the connection.
ISPs are 'common carriers' and are immune to such lawsuits as a general rule.
This bit of misinformation keeps popping up now and then. ISPs (even those who are also telephone companies) are exempt from common carrier regulation (and all that goes with it) for the purposes of their data services. They got an exception to that, somehow, because they'd rather pay for the occasional lawsuit rather than have to labor under universal service and quality-of-service standards that are part of being a common carrier.
The higher the technology, the sharper that two-edged sword.
Not to mention how much oversight and protection is there from a MITM working on the inside of your local ISP? I had to clean up the mess at a law office once where one of the asshat IT guys had set up his own file sharing and Quake server on the backend, and frankly if he hadn't been caught surfing pron by having a PHB literally walk in on him he'd be there today and frankly I think he had more oversight than many of the contract guys at my local ISPs.
While we'd all like to think our ISP is at least run in a professional manner, especially when we are talking about shit like this that can drag you into court for years or even throw you in PMITA prison, actually having contact with some of the guys working local offices makes me believe this is about as far from the case as can be. Most of the ones I've dealt with are contract hires that frankly really don't give a fuck WHAT is going on, as long as they get their check.
Would it surprise me if one of these guys wanted to do something illegal and just set himself up a little box in the back? Not at all and it would probably be damned hard to prove where the IP address in question terminated 4 years ago last Tuesday and THAT I find scary as hell. How many times does your dynamic address change? Mine changes practically every time the wind blows and my local ISP wants ass raping prices for a static address.
But considering I've had to deal with these guys for some of my business clients and got told "And?" when I pointed out more than a dozen illegal splices in his line frankly I wouldn't trust these guys to give me an honest bill, much less hand over evidence that is supposed to stand up in a court of law. There is just too little oversight and too much lowest bidder going on, at least in my area.
I mean for the love of Pete I've had to deal with a WISP that saw nothing wrong in ALL PCs on a node showing up in network neighborhood and having all shares accessible and we are supposed to trust these people to give data that could cost you years of court and/or prison time?
ACs don't waste your time replying, your posts are never seen by me.
I highly disagree. From everything I know about ISP's, they take VERY detailed logs. I highly doubt, if your ISP is willing to cooperate as in the GP, it will be hard to match you up.
ROTFL Thanks for that! You're bringing back painful memories of an ISP our company absorbed. Their servers were all compromised by their star sysadmin who had rooted and compromised all of the servers and firewalls for his own admin (and other) convenience. The bad ol' days.
Best defence against that kind of thing is promotion and maintenance of a high standard of professionalism. You can put in all of the monitoring systems you want but the shop culture often determines how vulnerable you are to an inside job. My 2 cents anyways.
Which is what I find seriously scary about TOR and Freenet. Has anyone even tried the "plausible deniability" defense that Freenet brags about? because from what I've seen of CP laws (IANAL of course) the problem is it doesn't say you have to have specifically viewed it to be distributing it. If they trace CP coming from your machine I haven't seen ANY statute that says you can't be charged if you didn't view it, you simply have to have facilitated its distribution.
So has anyone tested this in court? How much did the poor soul that got to be the test case end up out in lawyer fees? Because as much as I support freedom of speech I also have a family and while I probably have enough spare bandwidth at the shop to run it spending the next three years in a cell waiting on a court date or trying to come up with a couple of hundred thousand to get a decent lawyer while sitting in said cell doesn't seem like a good way to spend my time, thanks anyway.
To me this is the problem with relying on IP addresses as the laws and reality don't match when it comes to the tech, and while we all support helping those in oppressive regimes all it takes is one asshat or troll pushing CP with the current witchhunt climate to give you a seriously bad day. Hell I wouldn't trust the average jury to even understand what an IP address is, much less onion routing or distributed computing. And the fact that Freenet uses some of your HDD for data you have NO control over just makes this stuff even scarier IMHO, as you can't even honestly claim there is no CP on your PC, as you honestly don't know.
ACs don't waste your time replying, your posts are never seen by me.
Absolutely, they keep records and detailed logs. But having done the systems architecture for such a system I can say without reservation that although most of the information is accurate, there are erroneous records. And it is almost impossible to tell which records are correct and which are false without a lot of work.
So... if the law came to us and we gave them an IP record, and they asked about my confidence in it then I would say my confidence is high. If a defence attorney asked me if the records were ever wrong (ie: the subscriber to IP match is wrong) I would have to say yes. Then I could name at least a dozen issues that we have experienced that resulted in some erroneous records.
Also, I would have to attest that it is possible for someone to corrupt a lease record or even hijack a lease under certain conditions and within some limits.
That is all that the discussion is about. Not whether or not the ISP could trace back to you but whether the dynamic IP to subscriber record is certain and whether courts should take the IP to subscriber match at face value. Having worked with these systems I would say emphatically no, not without supporting evidence that the record is correct.
Usually it doesn't matter from an ISP point of view since most customers are on monthly billing plans and 98% of them never exceed their plan limits (what a change from dial-up!). So if no money is involved, what do we or the customer care if a few records are wrong? After all, we generate millions of DHCP log lines per day so what's misplaced IP, reverse lookup, or time event here or there? Point is, although in our system the records are very very accurate, they are not perfect.
Our original IP provisioning system was very bad. Sigh. Our records were terrible.
What's the lesson: the court should not assume that the records are accurate. Just because ISP xx has good records and systems doesn't mean ISP yy does. The ISP should have to show that the records are correct and also indicate how they could be wrong and what the likelyhood is. They should also have to show some kind of track record for the accuracy of the system. All of this is doable and is no more than you would expect from, say, a speed trap camera system in court. Police departments have to show that the device is calibrated, the operator is trained, the device has an accurate history, etc.
The point is that they're not following through with their "innocent until/unless proven guilty" ideal. They're the ones who have to prove their claims against you. And it's probably far easier and more common to use someone's wireless connection.
Filthy, filthy copyrapists!
If I leave the keys in my car and it's stolen my insurance company won't pay out because I was negligent.
That is between you and your insurance company. They can set up whatever rules they want regarding payment as long as you agree to them.
You are not negligent in the eyes of the law...if someone steals your car and uses it to commit criminal or civil offenses you are not negligent, and, hence, not liable.
If I leave my router unprotected and someone uses it to break the law it was because I was negligent. I did not preform my duty to secure the connection.
You would be if there was any such duty, but there is not. No one is required to secure connections, or police the ways in which people using their connections, any more than a gas station is required to make sure that people don't use their gas to commit arson.
Just ask anti-spammers, who have been trying for more than a decade to sue people who provided connections to spammers.
If corporations are people, aren't stockholders guilty of slavery?
You might want to read up on the law a bit. Charged != guilty. But charged is how they start the process. They don't need to 'prove' anything to charge you. Just a reasonable idea that it *might* be you. At that point you retain counsel and rebut their charges in...wait for it....court.
Since these are mostly civil cases the standard they have to meet to file charges is lower. Unfortunately so is the standard to 'prove' you guilty.
People in cars cause accidents....accidents in cars cause people
The point is that they're assuming he's guilty beforehand. Their assumption should be that he is innocent to begin with (not necessarily in their mind, but in the actual court case). Yes, in the actual court case, it is typically innocent until/unless proven guilty, but I am speaking of their mindset.
They don't need to 'prove' anything to charge you.
Yet another problem. It enables them to waste your time and money by making frivolous claims.
Since these are mostly civil cases the standard they have to meet to file charges is lower. Unfortunately so is the standard to 'prove' you guilty.
And that's exactly what I don't like. Neither of those make any sense. Just because it's money at stake instead of jail time, that does not mean that you should be able to get away with having less evidence.
Filthy, filthy copyrapists!
No one requires me to lock up my power tools either, but if a kid wonders over to my yard and cuts off a finger, I'm pretty sure I'd be sued and the key word in the case was because I was negligent.
Stop being a douche and go look the word up instead of arguing about something you don't understand. The only thing worse then a grammar and spelling natiz troll, is a wrong grammar and spelling natiz troll.
On second thought sorry, I just read you signature. This all makes sense now, you're obviously a tea bagger and the whole argument is because I said I was Canadian. I apologise for you ignorance.
Nonsense.
Even the best DNA testing methods cannot reliably tell identical twins apart. 1:1 billion was a theoretical maximum number dreamt up decades ago, in reality the ratio is much much lower. You also have to factor in the quality of the sample, as especially samples from crime scenes are rarely ideal.
IP addresses only identify an internet connection at best, assuming you could somehow be reasonably sure they there are not spoofed. Behind that connection there is probably a router/firewall and an unknown number of computers belonging to multiple people and probably with multiple users one each. The law in the UK has made it clear that in order to sue someone for copyright infringement you have to show that they were the infringer, not just the person who pays the bill for the net connection. For criminal cases the bar would be even higher.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
The point is that they're assuming he's guilty beforehand.
How? because they found their IP being shared from an IP address they take the IP address owner to court? That's called finding evidence of a crime and taking appropriate action. How is anyone 'assuming' guilt?
Their assumption should be that he is innocent to begin with ... in the actual court case. Yes, in the actual court case, it is typically innocent until/unless proven guilty
Well which is it? You say they should be innocent in the court case while rebutting that by saying they are innocent in the court case?
Yet another problem. It enables them to waste your time and money by making frivolous claims.
That's why they need to meet a 'reasonable' standard prior to filing charges. And there are frivolous lawsuit penalties should they do that.
And that's exactly what I don't like. Neither of those make any sense. Just because it's money at stake instead of jail time, that does not mean that you should be able to get away with having less evidence.
Really? you don't agree with having civil courts and criminal courts? You don't agree that jail time should require a higher standard than just a parking ticket? just wow.
People in cars cause accidents....accidents in cars cause people
If you think I'm a teabagger you probably need to learn something about American politics, as my signature is pretty anti-conservative.
No one requires me to lock up my power tools either, but if a kid wonders over to my yard and cuts off a finger, I'm pretty sure I'd be sued and the key word in the case was because I was negligent.
Yes, because you do have a duty to lock up, or at least unplug, your power tools.
I have no idea why you're having trouble with this concept. Hell, you even mentioned 'duty' before I did.
Stop being a douche and go look the word up instead of arguing about something you don't understand. The only thing worse then a grammar and spelling natiz troll, is a wrong grammar and spelling natiz troll.
Instead of me looking up a word that I know full-well the meaning of, perhaps you should find ANY COURT CASE EVER that said people had a duty to lock up their computers and networks.
People are negligent if they don't do something they have a duty to do, and someone gets harmed because of it. They are not negligent if they do not have such a duty, even if someone gets harmed. (They can still end up liable for certain types of harm, but not very often.)
No such duty has ever existed for providing people internet access. People have actually sued under such a theory, and been shot down in court. The courts have, every time, said that people who sell other people an internet connection do not have a duty to monitor it for illegal behavior, do not have a duty to monitor it for harm caused to others, and hence are not negligent for failing to do so.
It's very very simple.
This decision is basically in line with all other services, BTW. You give someone a ride somewhere, you have no duty to make sure passengers aren't carrying drugs. You let someone use your phone, you have no duty to make sure people aren't plotting murder over it. You let someone use your internet connection, you have no duty to make sure they aren't downloading CP over it. You are not negligent if you fail to do check those things, because you have no duty to do so.
You, of course, might be in violation of a law or two, but that is not due to negligence. Perhaps it is illegal to transport drugs, even unknowingly. 'Negligence' and 'illegal' aren't anywhere near synonyms. Shooting someone in the head on purpose isn't negligent, it's just murder.
Or it might just look like you're in violation of the law. If your IP downloads CP the police will be all over you because they mistakenly think you're in violation of the law. But if you don't know about it, you're actually not. (Although have fun proving that in court.)
But that has fuck-all to do with 'negligence', which is a specific legal term that means you failed to do a duty you had, and then either criminal activity or harm was caused by your failure, which means either the police can charge you or you can civilly sued. And the most important part of that is you did have a duty in the first place. If there was no duty, you cannot be negligent in that duty, period.
And this is all a stupid argument in the first place because no one has ever been sued for letting other people access CP over their network anyway, and it's hard to see who the wronged party, who is suing, would be. It would have to be the minor whose pictures it was, they are the only 'wronged' person...but how the hell would they even know?
If corporations are people, aren't stockholders guilty of slavery?
How? because they found their IP being shared from an IP address they take the IP address owner to court? That's called finding evidence of a crime and taking appropriate action. How is anyone 'assuming' guilt?
Is the owner of the IP not assumed guilty?
Well which is it? You say they should be innocent in the court case while rebutting that by saying they are innocent in the court case?
I already told you. In the minds of many, the person is already guilty, and they are ready to take action based on that assumption whether or not they have proof that it is true. Not all the time, but it happens.
And there are frivolous lawsuit penalties should they do that.
Really? I've heard of instances where big corporations were able to continually sue (and lose against) small businesses until they could not devote anymore time or money into the court cases. How is that possible, then?
Really? you don't agree with having civil courts and criminal courts? You don't agree that jail time should require a higher standard than just a parking ticket? just wow.
No. Everything should require the same standard of proof to minimize mistakes. In other words, proof beyond a reasonable doubt (which is the amount of proof needed for criminal courts, I believe).
Filthy, filthy copyrapists!
Oh that's why I don't work corporate anymore. All the Dilbert bullshit had me pounding my logical head against a wall too damned much. I don't make as much running my own little shop but I don't have the ulcers and headaches anymore either.
A perfect example of Dilbert bullshit was that law office. I told them I didn't have the time to manage their network and pointed them towards not one, not two, but THREE different IT guys, all with years of experience and know how, that could do a bang up job, so what do they do? Some bean counter decides actual IT guys are "a waste of the budget" and hires some ass clown his cousin knows that is a "whiz with computers". Let me tell you what I find when I'm called in a year or so later after they fire this joker, you'll LOL!
I get there and find the clown has thrown away ALL the PCs that I had purchased for them not two years ago as "too slow junk" (They were standard HP business machines, and NOT cheap ones I might add, just good quality office boxes) and replaced them with home built gaming rigs yes you read that right, home built Tigerdirect gaming rigs, with not a SINGLE part identical on ANY of them, so you can give up imaging or pushing updates. I had to shitcan the whole lot. Then to top it off he apparently didn't understand the standard corporate network setup I had left (Cisco Router hooked into standard switches, classic corporate setup) so he again shitcanned the whole thing and replaced the network with....get this shit.... over a dozen home ISP accounts and Dlink routers, you know, the shitty blue POS ones you'd get at Staples? Yeah those things. Over a DOZEN different ISP accounts with FOUR, count them four, different ISPs, as he'd run out of bandwidth he'd just add another Dlink and another ISP account. Dumbass!
So final damage? probably $50,000 worth of machines and hardware I'd originally setup GONE, just tossed in the trash, braintrust didn't even have enough sense to keep or sell any of it even though it was ALL still under warranty, and then another $50,000 to shitcan ALL of his gaming junk (which I kept and sold, after I explained how fucked they were they didn't want it nor did they want to pay me to auction it off (surprise) so into my truck it went) and rebuild the network. Did anyone besides the clown get fired? Nope, from what I understand the original beancounter got a raise for "savings on the budget" LOL and then they passed the costs of the TWO networks onto their clients. And before I left they were already bitching about how much a real IT manager cost so I wouldn't be surprised if they did the dance ALL over again!
It was shit like that that made me get out of corporate. I felt like the cave painter in "History of the World: Part 1" where he would paint this masterpiece and then some retard would come along and piss all over it. The levels of short sightedness, waste, and just mind numbing stupid were just too much for this logical brained IT guy to take anymore. Now I strictly fix boxes and deal with people that actually listen to me which while it don't pay as well is a hell of a lot less headache inducing.
ACs don't waste your time replying, your posts are never seen by me.
I hear you. I was the only guy in the financial office of a large industrial firm. About $50 million / week of transactions. Customized Oracle Financials. Plus they had several projects on the go: automated invoice intake and they were big into real-time financial analysis. Not to mention generating database reports for the accountants. Oh and EDI (don't complain about XML until you deal with EDI).
I complained to my boss that it was just too much work... so he advanced the implementation date for the next project instead of spreading things out or hiring someone else.
I quit and they brought in a pair of expen$ive consultants to fill in while they spent two months hiring another fool.
Sigh.
See it is THAT, that right there, that made me have to quit corporate. They would have the thing running like a Swiss watch, have a guy that really knew his shit and had it running good, and what would they do? They would fire him or let him get away by not paying him decently and then have to bring in consultants at three times what it would have cost to simply pay the first guy and then waste just as much trying to bring another guy up to speed.
I knew it was time to get out when I just couldn't plaster a smile and lie my ass off anymore. I found myself saying things like "Is the point of this exercise to waste truckloads of cash? because if so you're doing a bang up job, bravo!" which needless to say didn't go over every well, but the endless mountains of stupid was just more than I could take.
And it wasn't like you had plan A, they had plan B, and both had their merits. Nope it was "We'll royally fuck the company by firing everyone with any experience, thus saving money on salaries!" and when you'd point out that the reason they got paid well is because they made money for the company and now that they were gone you had fuck all in the way of experienced workers and the place was quickly going to shit, you'd just get this blank fucking look on their face like the thought there was a day after today was too much of a concept for them to grasp. Un-fucking-believable.
And we've seen huge corps destroy the entire company with that same logic fault, like how Circuit City when faced with competition from Best Buy fired ALL the experienced sellers and thus saved money for a single quarter while giving all the business to Best Buy thanks to THEIR VERY OWN WORKERS which were simply snatched up by BB.
So if you are still in Dilbert land you have my sympathies my friend. But being cursed with an IQ of 156 and a severe case of logic made me just unsuitable for doing Dilbertisms. I couldn't just dig a hole on Mon to fill in back in on Tues because some PHB thought it would develop synergy or be 6 sigma or some other tripe, I just couldn't take it.
ACs don't waste your time replying, your posts are never seen by me.
You will find that the Police are very good at not arresting people when they do not have enough evidence and are unlikely to find any ... ..they would be remiss however if they did not ask you as the obvious person, just as they always question the householder in a burglary, just in case it was an insurace scam ...
Puteulanus fenestra mortis
As one of my other posts on this thread said. You can cooperate and avoid the hassle since you have an alibi or other information that says your property wasn't being operated by you. However, the general tone of the posts has been, 'fuck the cops, they have to prove it was me so I'm not listening'. If you pull that attitude with cops, they are *very* good at finding you a new place to sleep that night. :) of course we're mostly talking civil cases here anyway, but you get the point.
People in cars cause accidents....accidents in cars cause people