Slashdot Mirror
An IP Address Does Not Point To a Person, Judge Rules
AffidavitDonda writes with this excerpt from Torrentfreak:
"A possible landmark ruling in one of the mass-BitTorrent lawsuits in the US may spell the end of the 'pay-up-or-else-schemes' that have targeted over 100,000 Internet users in the last year. District Court Judge Harold Baker has denied a copyright holder the right to subpoena the ISPs of alleged copyright infringers, because an IP-address does not equal a person. Among other things, Judge Baker cited a recent child porn case where the US authorities raided the wrong people, because the real offenders were piggybacking on their Wi-Fi connections. Using this example, the judge claims that several of the defendants in VPR's case may have nothing to do with the alleged offense either. ... Baker concludes by saying that his Court is not supporting a 'fishing expedition' for subscribers' details if there is no evidence that it has jurisdiction over the defendants."
Pity this'll never survive through the appellate courts, since the MafiAA bought off all the appellate judges long ago.
Obviously, this won't be settled until it reaches the Supreme Court, but it's a vital 1st step. Go Freedom!
...where Judges are applying an understanding of the technical issues, common sense, and considering the situation of ordinary citizens?
Finally a reason for people to get fixed IP addresses. IPv6 of course - preferably at least 256 per house. Most commercial interests don't want this, but if the **AA want if maybe it will actually happen :-)
What bad persons? *Really* bad persons launch all their bad stuff from hacked computers of ordinary people anyways. Or they're dumb not to do so.
Wait, you mean the police might have to do actual police work rather than relying on shoddy "evidence" that doesn't point to the right place, raiding innocent people's houses, trampling all over civil liberties...
Gee. I must be insane to think we could agree that the cops should be required to do their due diligence...
What do you propose we do to continue enforcement against these pieces of human waste? What if you can no longer get a warrant based on an IP?
Uh, get more evidence? The IP could be used as a starting point, but shouldn't be used as the only reason to kick down doors.
It's better to let 10 guilty men free than to put one innocent man behind bars.
One thing is for sure, if someone wants to really hide behind a computer, he can. Unless the investigation team has influence beyond national borders.
There are several reasons ISPs would rather give you dynamic addresses - DHCP is easier than keeping track of address assignments, and it lets them charge you more if you care about static. (And most ISPs are planning 256 subnets per house, not just 256 host addresses.)
But the commercial interests who do advertising or who do geolocation or other tricks to sell to advertisers would *love* to have user information tracked by static IP addresses and ideally even per-device MAC addresses that can be encoded into IPv6 addrs, because that's better consumer data.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
So let me get this straight. You're saying, because crap evidence can be used to nail child pornographers, the fact that it's crap evidence ought to be overlooked?
I don't think anyone is saying outright that an IP address can't be used to determine if someone at a specific geographical location is doing bad things. But rather than being some absolute identifier like RIAA and the MPAA have for so long claimed, it's more like blood tests in the pre-DNA days, a way of narrowing things down, but not in and of itself sufficient evidence to indicate wrongdoing.
The world's burning. Moped Jesus spotted on I50. Details at 11.
It wouldn't be probable cause for a warrantless search, but it would be enough for a bench warrant or enough to justify further actions. Perhaps something as complicated as stopping near the residence and checking to see if they have an open wireless AP.
World isn't ready for that: Voltaire died 200 years ago and people is still trying to deal with his works, let them have their time..
Surely the police raided the right people, the owners of the wireless device that facilitated the downloading. How they handled them after that however is debatable, but how would the police have been expected to solve the crime with out doing that?
Car analogy! If my car is caught on a video camera running over children, shouldn't they be allowed to go to the DMV with my license details, get my address and interview me?
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
It's better that 9999 guilty bad guys go free instead of 1 innocent be subject to a no-knock raid and arrest due to faulty information.
I'm too lazy to compose a creative sig.
(Should I feed the troll? Awww, c'mon, it'll be fun!)
An IPv4 address typically identifies a single household, not a single individual.
And while sometimes the activity that leads to a search warrant based on an IP address rates the term "pieces of human waste", it's usually not child pornography, it's usually just music or movie downloading, and maybe the person trying to have sex with the "13-year-old girl" in the chat room is actually the 13-year-old teenage boy in the household, not the 40-year-old adult who's paying for the IP address.
Getting a warrant for a guns-drawn SWAT raid should require an extremely high amount of certainty and a lot of information about the suspect, not just the simple "we've seen him dealing weed and don't want him flushing it" level. Even a warrant for a normal polite knock on the door by an officer with a search warrant or arrest warrant ought to require higher standards than police have been getting away with lately, and if the alleged "crime" is "copyright violation", that's something that ought to be dealt with by a process server, not a cop.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
But this probably will close the door on the 99 cases out of 100 where an IP actually does equal a bad person who needs to be caught.
I'm not sure about the 99/100 figure. However, even if that's true, I'd argue that just because something is a 99% accurate indicator of crime, it doesn't justify a forfeiture of rights for the other 1%. Is having an IP address linked to an illegal activity justification to open an investigation? Sure. Enough to break in and confiscate property of an individual who has an open WAP living in a populated area? Probably not. Keep in mind people committing internet crimes are "crafty" and know that its important to hide their own identities (often, masking them as the identities of others)
Ummm...no. You were able to tie an IP address to a MAC address. A MAC address does not equal a person. Especially in the case of a wifi router being the MAC address you found, you have no idea who might have actually been directing the offending internet traffic.
One fine day when the cops break your door down without warning, "drive stun" your crotch with a Taser and then destroy everything in your house (including the sheet rock, carpets, and floorboards) because as far as they're concerned, you are a "piece of human waste" and it's good enough for you, remember that you advocated that IP address=personal identity.
I wouldn't hold my breath waiting for compensation, an apology, or even a note to your neighbors that you're not actually a perv, because you'll get none of that without a years long bankrupting court battle.
Or, we could simply insist that they do actual followup police work to see if there's a GOOD reason to believe they have the right person first. They can look for things like financial transactions between the suspect and a known bad guy, or physical evidence of the crime taking place. If they find none of that, they should just move on. If they DO find it, then I'm sure a judge will be glad to sign the appropriate warrants.
Surveillance. Any contact with children? Does any of it look inappropriate? Look at financial transactions. Any payment to known pornographers or their agents?
While I don't condone in the trading of such items, I do have to say the legal system fighting the images does more harm then good. The actual abusers of the stuff (IE the ones actually taking the pictures, harming children etc...) are rarely targeted, while ones who actually trade the images after the fact, whether intentionally or by accident (accidentally finding an image posted on a forum, then having it in your cache is considered possession) are persecuted way beyond necessity. Heck people are going to jail for the rest of their lives over drawn pictures, manga collections etc... Putting a stop to the moronic abuses of the law is something for me to oppose.
advertisers would *love* to have user information tracked by static IP addresses and ideally even per-device MAC addresses that can be encoded into IPv6 addrs
But they already do have majority of that information. When you get your "dynamic" IP address, it is not really dynamic. It is quite static to the area you live in. Secondly, MAC address have no value. Thirdly, MAC addresses are NOT required to be part of IPv6 address - Windows 7 picks a random number, AFAIK.
On the other hand, static IP addresses allow users to actually participate in the internet as a network of peers. Skype, SIP, and ability to access your data remotely are all possible if you have static IP. Dynamic IP wrecks havoc on these protocol, irrespective of the counter measures deployed.
Static network assignments, like IPv6 /64, is the antithesis of provider-consumer model. Currently we have a broken internet, and there are people that fight any improvement simply because it means "change" and transfer of power to the end user.. It's almost like the media conglomerate is trying to spread misinformation..
The wrong person's door getting kicked down is not good, but you'll accept it anyway?
Who the hell are you to decide whether or not its acceptable, as an innocent in a FREE society, to be treated in such a matter as this? Yes it makes it harder for the good guys to catch the bad guys but thats how it will ALWAYS be.
Law enforcement will always be at a disadvantage because criminals, by definition, have already decided they don't have to play by the rules. Courts, judges, and cops are restricted by things called laws--and for good reason. If cops and criminals don't have to abide by rules, whats the difference between the two?.
I like cops, and would like to differentiate them from the criminals. Rulings like this make it easier for me to hold law enforcement in high regard.
I just found an interesting blog post on this topic: http://www.christopher-parsons.com/blog/technology/ipv6-and-the-future-of-privacy/
To get you interested here's a snippet:
Fortunately, the good engineers that develop Internet Protocols were aware of the potentially devastating consequences that static IP addresses for each device would have on anonymity online and, as a result, privacy. The Internet Protocol next generation (IPng) working group crafted a solution that involved creating;
pseudorandom interface identifiers and temporary addresses using an algorithm The temporary address would not derive from a completely random generation process, which might result in two computers generating the same number, but instead would produce a temporary pseudo-random sequence dependent on both the globally unique serial number and a random component. The number would be globally unique because it would derive from the interface identifier and from the history of previously generated addresses, but would be difficult for an external node to reverse engineer to determine the source computer. [3]
In layman’s terms, this means that the engineers responsible for IPv6 were mindful of the surveillance capacities of the new Internet Protocol, and built privacy into a system that would otherwise lend itself to surveillance and authoritarian tendencies. The catch, however, is that is requires the parties responsible for assigning IP addresses to participate in the pseudo-anonymization process itself: it’s possible for ISPs to forcibly assign particular address to each and every device on their network.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
"I'd rather let 100 guilty men go free, than chase after them." --Clancy Wiggum
Yeah. I think we could catch lots of criminals by searching every house and apartment without a warrant. Let's start with yours. We wouldn't want those living turds to get away.
Support SETI@home
Most routers have a "change MAC address" setting. A college near here asks students for their ethernet and wifi MAC addresses when giving them network access, and it only gives DHCP addresses to MAC addresses is recognizes. So every student living in the dorms knows how to spoof a MAC address with their router, ipad, phone, or any other device they want to put on the network. And this ain't MIT, it's a small liberal arts college. So I'd guess anyone young enough to be interested in pirating music, software, or movies would know how to spoof a MAC address. Most of them wouldn't bother for something as common as downloading music.
Anyone doing something really illegal would probably have found out about how to misdirect the police from the other criminals they associate with. I'm surprised that kiddie porn freaks would ever get caught by an IP address trace.
Support SETI@home
Your contract with the customer has nothing to do with who was actually using the internet at the time. What do you really not understand about that?
Listen man, you can pinpoint that one specific customer of your services had that IP/MAC at that time, you have NO IDEA who was actually sitting at that computer(s) behind that mac address. What SLA do you have that states that only the persons name on the contract can use the computer, not their relatives, the baby sitter, the neighbor over their wireless (hacked or open AP), their kids friends, etc? This was a CRIMINAL case, not a contract violation. It really should not be that hard to comprehend.
Another car analogy... I can rent a car and be the only authorized driver by contract. If I lend it to someone and they commit a crime, the police still have to PROVE who was driving the car. Sure, the rental place can charge me for the damages to the car under that contract and I can sue the real driver to get my money back from him but do you see the difference?
Bad boys rape our young girls but Violet gives willingly.
In linux, you can change your mac address with 3 simple lines:
ifconfig {device} down
ifconfig {device} hw ether 01:02:03:04:05:06
ifconfig {device} up
Where {device} is the device name (usually wlan0 or eth0) A simple google search will tell any user this information. When you reboot, your MAC address is reset back to the hardware default.
Plus, Setiguy already explained that it is even easier to change a router's MAC address.
Looking for a job?
Want your resume written professionally?
DON'T USE TUNAREZ!!!
Windows does this, but only within the same /64 subnet - the network bits (typically /56 or /48) and the subnet bits (any more bits to get to /64) stay the same. IPv6 address privacy hides which computer on the subnet you're using (and because it's hiding the MAC address, also hides what manufacturer of Ethernet chip you have), but it's still giving away a lot of information, especially if you've got different subnets for wired and wireless networks (typical.) You could get fancy and modify DD-WRT to switch off the subnets you're using a bit, but they'll still be on your house's IPv6 network number.
The big win that you get from IPv6 address privacy is with laptops that you use at different locations - otherwise you'd be trackable as you move from home to Starbucks to work to the pub to that dodgy nightclub to your friend's party. (Of course, if you keep checking in with Foursquare and tweeting geotagged pictures, there's nothing IPv6 can do to help you, but it's not their problem.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks