Internet Mapping Glitch Turned a Random Kansas Farm Into a Digital Hell

An anonymous reader writes: Back in 2002, a company called MaxMind had an idea: Gather up as many unique computer or smartphone IP addresses as they can, match them to a map, and sell that data to advertisers. The problem is that MaxMind's tech has made life miserable for a handful of homes across the US -- especially one otherwise unnoteworthy northern Kansas farm. The farm's 82-year-old owner, Joyce Taylor, and her tenants have been subject to numerous FBI visits, IRS collectors, ambulances, threats, and the release of private information online. They've found people rummaging in the farm's barn and one person even left a broken toilet for some reason. People would even post her details online and encourage others to get in on the harassment, she said. The local sheriff even had to put a sign on her driveway, telling trespassers to stay away and contact him first if there are any questions. What's her mistake? MaxMind thought that if its tech couldn't tell where, exactly, in the United States, an IP address was located, it would instead return a default set of coordinates very near the geographic center of the country -- coordinates that happen to coincide with Taylor's front yard. The abuse began in 2011. A quick online search for the farm's address brings up pages of forum posts reporting the "scam farm."

Squashed a similar bug for a bank once

[netsavior]

I used to build/maintain software that predicted Flooding risk for potential home loans as part of the pre-funding process.

Long story short, one of the vendors of data we used did a stupid trick like this. If they couldn't find the address, it returned a "zip centroid" (middle of the zip code), And if the entire zipcode had no flooding risk, it would go ahead and "clear" the property. The problem was when it got worse than a Zip code match, it would think it got a zip centroid match in the middle of Kansas (probably this lady's farm actually!)... clearing the property of flood risk.

It was the vendor's mistake and they would have been liable, but it was BS and easy to detect once I ran some statistical analysis on it.

It really screwed with people's lives though... they get a home loan knowing they won't need to pay 2-4 grand a year in flood insurance, then once we audited the vendor data, or their home finally showed up on a map, they would be required to get insurance.

Re:Bullshit

[Trailer+Trash]

"“Until you reached out to us, we were unaware that there were issues with how we selected these lat/lons,”"

Bullshit.

To be fair, these are people who are running a database company but don't understand the basic concept of NULL values. And now their "fix" is to change the defaults to a more obvious wrong location.

Sigh.

Re:"Glitch"

[ShaunC]

By the time anyone had figured out the information was low quality, the scammers had cashed the checks and their tent was folded up and on the way to the next scheme.

Except MaxMind is still very much in business and still selling the data, I run into their name fairly often. They've agreed to relocate the ZIP code centers of Powtin KS and Ashburn VA within their dataset to be in the middle of local lakes, but that doesn't help the other 40,000+ ZIP codes out there.

What's more troubling to me is that police, the FBI, and the US Marshals are apparently using this data to get search warrants and to raid peoples' homes! Shouldn't they be subpoenaing the ISP?

Re:"Glitch"

They are, and the ISP are using MaxMind to tell them were the IP address was physically located!

MaxMind has disclaimers on their data sets saying they're only good down to the local city or zip code but people are taking them to be exact location. I've never used their service so I can't say how visible those disclaimers are. I'm not sure which part is more to blame.

I also don't know why all the people affected by this can't sue and get tons of money from everybody.