Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cops Are Raiding Homes of Innocent People Based Only On IP Addresses (fusion.net)

Posted by msmash on from the privacy-woes dept.

Kashmir Hill has a fascinating story today on what can go wrong when you solely rely on IP address in a crime investigation -- also highlighting how often police resort to IP addresses. In the story she follows a crime investigation that led police to raid a couple's house at 6am in the morning, because their IP address had been associated with the publication of child porn on notorious 4chan porn. The problem was, Hill writes: the couple -- David Robinson and Jan Bultmann -- weren't the ones who had uploaded the child porn. All they did was voluntarily use one of their old laptops as a Tor exit relay, a software used by activists, dissidents, privacy enthusiasts as well as criminals, so that people who want to stay anonymous when surfing the web could do so. Hill writes: Robinson and Bultmann had [...] specifically operated the riskiest node in the chain: the exit relay which provides the IP address ultimately associated with a user's activity. In this case, someone used Tor to make the porn post, and his or her traffic had been routed through the computer in Robinson and Bultmann's house. The couple wasn't pleased to have helped someone post child porn to the internet, but that's the thing about privacy-protective tools: They're going to be used for good and bad purposes, and to support one, you might have to support the other.Robinson added that he was a little let down because police didn't bother to look at the public list which details the IP addresses associated with Tor exit relays. Hill adds: The police asked Robinson to unlock one MacBook Air, and then seemed satisfied these weren't the criminals they were looking for and left. But months later, the case remains open with Robinson and Bultmann's names on police documents linking them to child pornography. "I haven't run an exit relay since. The police told me they'd be back if it happened again," Robinson said; he's still running a Tor node, just not the end point anymore. "I have to take the threat seriously because I don't want my wife or I to wake up with guns in our faces."Technologist Seth Schoen, and EFF Executive Director Cindy Cohn in a white paper aimed at courts and cops. "For many reasons, connecting an individual to a crime linked to an IP address, without any additional investigation, is irresponsible and threatens the civil liberties of innocent people."

49 of 241 comments (clear)

  1. "they'd be back if it happened again" by LichtSpektren · · Score: 3, Interesting

    "The police told me they'd be back if it happened again." For what crime? Is it normal for police in Canada to threaten to invade an innocent couple's home for doing something legal?

  2. Exit Nodes by Anonymous Coward · · Score: 2

    It's /. so here we go. If you let anyone use your car, no questions asked, then you wouldn't be surprised if the cops traced the plates back to your house when it was used in a crime.

    1. Re:Exit Nodes by jxander · · Score: 5, Insightful

      Tracking it back to you is fine.
      Asking you if you know anything about the crime in question is fine.

      Raiding your home at 0600 is not fine.
      Threatening an innocent party not to participate in their legal activities is not fine

      --
      This signature is false.
    2. Re:Exit Nodes by NotAPK · · Score: 4, Insightful

      Sure, so the cops rock up at the front door: "sir, do you own a black chevy impala", "yes sir I do", "were you driving it last night", "no sir, I lent it to a friend of mine", "can you tell us their name and contact details", "do I have to?", "by law, yes you do" [questionable, of course], "OK then sir, here they are, are we done?", "yes sir, have a nice evening", "you too".

      Why would any of this require an armed response is absolutely insane. The entire scenario fabricated above can be applied equally to internet access.

      Is this finally a legitimate car analogy?

  3. Re:Tor exit node = child sex offender by HBI · · Score: 5, Insightful

    You can't trust what the public will do with such a capability as an anonymizing onion router, so therefore running a Tor exit note is a ticket to having big legal problems, never mind the guns in your face. I wouldn't do it if my life depended on it. I have a wife and kids...

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  4. IP V6 by invictusvoyd · · Score: 3, Funny

    Breaking news : Cops raid refrigerator for uploading porn .

    1. Re:IP V6 by RavenLrD20k · · Score: 4, Funny

      I once knew someone online who said she was into food porn.

      It was sex...using food.

      I didn't talk to her much after that. I'm not even 100% sure it was a "she".

      thanks for helping me remember that.

      Asshole.

    2. Re:IP V6 by GuB-42 · · Score: 2

      I remember a friend delivering a phone book to a boiler.
      The reason : the boiler was connected to a phone line, probably for remote control. And because at that time, when you had a landline, a phone book was sent to the subscriber's address, the boiler had its phone book too.

  5. Not for me anymore.... by beheaderaswp · · Score: 3, Interesting

    It's probably not a good idea to use Tor anymore. There was a time when it was very useful, especially as a tool for journalists and dissidents ETC.

    My main use for it was as a remote testing platform. Which it excelled at. Heck- I even wrote a small section of the Tor website regarding Tor's use by IT professionals.

    Now... there's so much scrutiny on the system that your presence there basically gets you tagged as "suspicious".

    My decision to stop using Tor was based on the apparent numbers of pedophiles that were hiding on the darknet. In an effort to not be confused with "them"- I stopped using it.

    YMMV- it's a risky proposition. If you've ever run an exit node (not me!!) you are a potential target for misguided law enforcement. Plus the fact you may be unwittingly be aiding illegal activity as a middle man node.

    Not for me. Make sure you understand what you are doing if you participate.

    --
    Another consultant who stuck it out.

    "We are the Priests, of the Temples of Syrinx..."
    1. Re:Not for me anymore.... by NotAPK · · Score: 4

      "Plus the fact you may be unwittingly be aiding illegal activity as a middle man node."

      If your home network is compromised, or any of your home computers are compromised, then you are most likely being used as a relay for nefarious purposes.

      It's actually easier to crack your neighbor's WiFi password, then use a disposable WiFi dongle with a random rotating MAC to connect to their network. Bonus points for compromising their PC and routing through that, but it's not strictly necessary. The true danger is not knowing when the game is up. To do this reliably and consistently you need to monitor the neighbor's coms and also put some trip wires in place to ensure you aren't caught out unawares. This is unwise to do locally for those reasons, but it's trivial to park up on a random street, find the weakest WiFi network, breach it, and either use it immediately, or leave a payload on local PCs so they can act as relays later on.

      If you are reading this, go and change your passwords right now...that is, unless I'm already in your network and waiting for you to change your password so I can intercept the new value...social engineering for the win!!!!

    2. Re:Not for me anymore.... by sims+2 · · Score: 3, Interesting

      We have a rather large area that's covered with open wifi at work.

      We have had problems with abuse. The people that were loitering around the building after dark were leaving litter everywhere. So wifi now gets switched off at dark.
      The wifi is still open the rest of the time. We actually had not noticed just how many people were using it until we started shutting it off at dark and then people started walking up to the building with their phone trying to get a signal.

      I feel it's a public service there are a few others in town that still run free wifi 24/7 like the library, walmart and mcdonalds.

      Not sure how ours got to be so popular. It's only got a 12 Mbps dsl line attached.

      But other than that we've never had any issues.

      --
      Minimum threshold fixed. Thanks!
  6. Re:Tor exit node = child sex offender by LichtSpektren · · Score: 5, Insightful

    Makes sense, so long as you're also willing to charge every employee of every telecom company as being accessories to terrorism or child porn distribution.

  7. Run a Tor exit node to conceal your illegal acts by aaron44126 · · Score: 3, Insightful

    Could smart criminals just also run a Tor exit node, and just use it to blame anything that they get caught on?

  8. Operating an exit node privately is a bad idea by barc0001 · · Score: 3, Insightful

    It's one thing for libraries and nonprofits to operate them, but as a private citizen running one? Your misguided attempt to help some people will almost certainly end up badly for you because of bad people using that goodwill to do bad things.

    To be perfectly honest, reading the linked story I was quite surprised the end result of the police visit was as positive as it was. I fully expected the cops to not know or care what Tor was and just round everyone and everything up and let the courts deal with it, which has happened several other times. Which again reinforces my point that there are precedents that show running a Tor exit node is just bad news and if you are still doing it, you're playing with fire.

  9. porn? by zlives · · Score: 2

    why do we continue to call this "PORN" and not just child exploitation/crime/abuse.

    1. Re:porn? by PCM2 · · Score: 3, Insightful

      To many people, the word "pornography" does not carry the positive connotations you seem to think it has.

      --
      Breakfast served all day!
    2. Re:porn? by GuB-42 · · Score: 3, Interesting

      What's wrong with fantasizing about 20-30 year old women when you are 10-15? They are in peak physical shape and have experience. Biologically, that's the ideal age for child bearing, something, we, as a specie, associate with "sexy".
      Fantasies are an ideal. And what's more normal a straight male to fantasize about women the ideal age.

      And about virtual child porn, my stance is that as long as no kid is harmed, anything goes.
      In fact true pedophiles have a skewed perception of sexiness, they just don't find the right category of person attractive. Kind of like homosexuals in fact. The difference is while homosexuals can (now) happily do as they like because they are consenting adults, pedophiles can't, the relationship is asymmetrical and will always be.
      To cope with this, pedophiles can turn to crime, or find substitutes. Substitutes can be virtual child porn, young looking adults, age play, etc... In fact there are probably millions of pedophiles you never heard of, simply because they know how to deal with their desires without harming anyone. But if you criminalize everything innocuous that could make a pedophile jack off, it is no wonder they end up as criminals.

  10. Re:Tor exit node = child sex offender by LichtSpektren · · Score: 4, Informative

    Running a Tor node doesn't mean your intentionally concealing illegal activity. You're aware that political dissidents in other countries, and abuse victims, and others use Tor for perfectly legal purposes, right?

  11. Can a jury look at CP? You own legal team? 3rd par by Joe_Dragon · · Score: 2

    Can a jury look at CP? You own legal team? expert witness?

    In a case what if some takes it to court (does not take the plea deal) and demands an jury trail?

    What you legal needs the logs / system to prove that it was not from your systems? If they try to say they give that out then they in possession of CP.

  12. Re:Tor exit node = child sex offender by Spazmania · · Score: 2

    As an ISP you're already required to report address allocation information to the regional registry who makes the associations publicly available. The police know whether they're looking for ISP staff or a customer when they show up at the door because as an ISP you published enough information for them to make that determination.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  13. Re:Tor exit node = child sex offender by LichtSpektren · · Score: 2

    As an ISP you're already required to report address allocation information to the regional registry who makes the associations publicly available. The police know whether they're looking for ISP staff or a customer when they show up at the door because as an ISP you published enough information for them to make that determination.

    What does any of that have to do with police abuse against people doing nothing illegal?

  14. "used by activists, dissidents, privacy (geeks)" by Nutria · · Score: 2

    10% of all Tor traffic is used by such people. The rest are people engaged in some degree or another of crime. (Unfortunately, I can't find the citation.)

    --
    "I don't know, therefore Aliens" Wafflebox1
  15. Re:Tor exit node = child sex offender by gmack · · Score: 2, Informative

    The main difference is that the telecom company isn't helping hide the criminal's point of origin.

  16. Re:Tor exit node = child sex offender by LichtSpektren · · Score: 5, Insightful

    Sure they are. They provide cellular service to "burner phones" that can be bought with cash and without ID. I see no ethical difference between that and running a Tor node: both are providing a means for somebody to obscure their identity, which can be used for both good and evil.

  17. Re:Also perfectly legal by LichtSpektren · · Score: 2

    Actually, that's NOT "perfectly legal". Improper storage of firearms is a misdemeanor or equivalent in most places.

  18. Re:Tor exit node = child sex offender by LichtSpektren · · Score: 3, Insightful

    Poor analogy. Tor exit nodes don't store anything. It's a relay that people use in order to obscure the place they came from.

    Here's a better analogy. Imagine if a wanted criminal ran inside an open-door city shop in order to dodge the police, and the police then charged the shop owners as an accessory to evading law enforcement.

  19. Re:Tor exit node = child sex offender by Anonymous Coward · · Score: 2, Insightful

    Just like how a public storage facility lets random people store things?

  20. Re:Tor exit node = child sex offender by gmack · · Score: 4, Informative

    A lot of countries are cracking down on burner phones. I don't know the regulations where I'm at now (Canada) but I know in Spain, I could not purchase a SIM card without showing my passport.

  21. Re:Run a Tor exit node to conceal your illegal act by profet · · Score: 2

    Could smart criminals just also run a Tor exit node, and just use it to blame anything that they get caught on?

    A Tor exit node is just a tool used to obscure your location. Nothing more. So let's rephrase your question as such:

    "Could smart criminals just tape over their house numbers, and just use it to blame anything that they get caught on?"

    Uh... no...

    A Tor exit node is the last "hop" or "layer" before data exits the encrypted tor network.

    So let's rephrase the parent's question as such:

    "Could smart criminals just operate a package exporting company and just blame other people when they get caught for exporting contraband?"

    The answer is yes.

  22. It isn't just TOR by T.E.D. · · Score: 2
    All matching an IP address really tells you (assuming it isn't spoofed), is that you share an ISP with the machine that created that traffic.

    Here's a real-world example from just this week. I'm a moderator on a site on the StackExchange network. We had a problem user who was posting a bunch of stuff the community didn't want posted (consistently badly moderated). What I'm supposed to do in this circumstance is point said user to our instructions for writing acceptable posts. However, such users often are just sock-puppet accounts for someone who's already been suspended. If that's the case, I'm supposed to take more drastic action.

    SE has a (community-mod only) link for this, that shows you the user's IP, and all user accounts that have used that user's same IP. I click on this, and discover that he happens to share an IP with one of our better users. Not only is the writing style completely different (writing style is practically a fingerprint), but this user has in fact voted to close all but one post the problem user has ever made.

    I talked to the "good" user about this, and he confirmed that his work access point is shared by a very large number of other people.

    Just this week we got another new problem user. Again, totally different style than the other two users mentioned above, but also same IP.

    As an investigative tool, IP address is useful, but only as a piece of evidence. I'd place it somewhere down with blood-type (perhaps like sharing an uncommon blood type like AB), rather than up in the realm of fingerprints.

    1. Re:It isn't just TOR by T.E.D. · · Score: 2

      Well, the main question was whether to treat this user like any other normal user doing the same thing, or like sock-puppet account. In this case it was pretty clear with a modicum of other investigation that he was in fact a separate user, and not a sock of the other ("good") user.

      If I'd treated this the way the cops in this story were treating things, I would have just dumbly acted as if every user who's ever shared an IP were all socks of each other, and sent a nasty note (and probably a suspension) to one of our websites best users, who had in fact been one of the people who flagged this guy to my attention in the first place. Or that'd be like going to the scene of a robbery, and shooting the guy who called it in because he was at the scene of a reported robbery. Fortunately, we all know things like that don't happen.

  23. Re:Tor exit node = child sex offender by omnichad · · Score: 2

    The point is that the IP address would be registered to an end user and the police already know who is at the final end point before conducting a raid. The ISP would be subpoenaed for subscriber info first, not get woken up at 6am with a raid. Nothing at all to do with legal regulations.

  24. Re:Tor exit node = child sex offender by Anonymous Coward · · Score: 2, Insightful

    Yes, like, three of them. The ratio of good vs bad going through Tor routers is abysmal.

  25. Re:Tor exit node = child sex offender by irving47 · · Score: 2

    The telecoms are responsible for providing a point of origin (account).
    And they did.
    How do we know they did? Because the cops showed up at the physical address linkable via their records to the IP address.

    --
    I had a sucky sig.
  26. Re:My wife or me by sconeu · · Score: 2

    Indeed. The rule of thumb to figure out whether to use "me" or "I" is to try the plural.

    If you'd say "us", use "me". If you'd say "we", use "I".

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  27. Re:Tor exit node = child sex offender by Anonymous Coward · · Score: 2, Insightful

    Lame analogy.

    Try you lend someone your phone and they use it to make a bomb threat.
    Or Lend Someone your smart phone and they use it to watch child porn.

  28. Being on TOR exit node list is insufficient by drnb · · Score: 4, Insightful

    What does any of that have to do with police abuse against people doing nothing illegal?

    Police are responsible for **investigating** crimes. Sometimes this means surprising people so that evidence can not be destroyed. From the summary it seems that the the residents told the police they operate a TOR exit node, the police looked at a laptop and left. The resident is a bit naive thinking that being on a public list of TOR exit nodes should have made the search unnecessary. Being on that list does not indicate that the resident is not the uploader the police are looking for, just that they are unlikely to be that person but it still needs to be **investigated** to rule them out. That what a lot of **investigation** is, ruling innocent people out as suspects.

    1. Re:Being on TOR exit node list is insufficient by thegarbz · · Score: 3, Insightful

      "The police told me they'd be back if it happened again,"

      That doesn't sound like standard investigative work and ruling out innocent people to me. It sounds more like a threat.

  29. 3rd attempt at analogy by drnb · · Score: 4, Insightful

    Poor analogy. Tor exit nodes don't store anything. It's a relay that people use in order to obscure the place they came from.

    Here's a better analogy. Imagine if a wanted criminal ran inside an open-door city shop in order to dodge the police, and the police then charged the shop owners as an accessory to evading law enforcement.

    Poor analogy. Here is a better analogy.

    Imagine if a wanted criminal ran inside an open-door city shop in order to dodge the police, and the police questioned the shop owners to confirm that they were the shop owners and not the criminal.

    1. Re:3rd attempt at analogy by JonnyCalcutta · · Score: 4, Funny

      Bad analogy.

      Imagine instead, that you were an analogy and people kept using you as a comparison to the wrong things.

  30. Re:Tor exit node = child sex offender by VernonNemitz · · Score: 5, Funny

    Perhaps the solution is as simple as letting all police departments operate Tor exit nodes. Then they can investigate each other when child porn is posted.

  31. This happned to me... by nult · · Score: 5, Interesting

    Last year this happened to me! I had run misc. anonymous networks at home to understand the concepts better (I ran a TOR exit node for about 2 months/ Alongside I2P); and for my own development process(es).. FBI came along with the local police to take every piece of electronic device I owned.. along with all my code that I had been working on for years. I also lost my job (doing telework) of 5 + years because my work laptop was taken also..and the FBI had to contact my work (at a well known bank) for them to decrypt the laptop.. I was let go a few days afterwards without reason and my neighbors never talk to me now . This really fu*ked up my life for about a year, just getting back on track now. Its absolute bullshit ! Its been about a year now and have yet to get back any of my property (not that Id use it); but its really screwed up how they can manipulate the courts by tossing around the "child porn" verbiage when they really have no evidence otherwise. Where did that leave me?? FUC*ED..thats where...ha My lawyers advised against any attempt to retaliate against the FBI. Im really curious if anyone else out there is working on any sort of group legal action to be taken up with the FBI about this... we are citizens and should not be treated this way. Hell, no one should be presumed to be doing something illegal just because they are using anonymous networks .

  32. Of course, this is just intimidation... by gestalt_n_pepper · · Score: 2

    ...to suppress the use of TOR and it's ever growing list of alternatives. I'm surprised they didn't break heads and steal their equipment while they were at it.

    --
    Please do not read this sig. Thank you.
  33. Re:"used by activists, dissidents, privacy (geeks) by SuricouRaven · · Score: 2

    I don't know how such a thing could be measured.

  34. Re:Tor exit node = child sex offender by phoenix_rizzen · · Score: 4, Informative

    Pay-as-you-go SIMs can be bought at pretty much any gas station, 7-11, Mac's, Koodo, Fido, or Virgin booth with cash, without showing ID. Some of them require you to fill in an online form to activate the SIM, but you can put any info in there you want, and "payment" is done using the code on the receipt instead of credit card.

    Just went through this process to get a Koodo SIM for friends visiting from Australia. No ID required, no paper trail created.

    No regulation on this up here (Canada) that I can see.

  35. Re:Tor exit node = child sex offender by chihowa · · Score: 5, Insightful

    ...never mind the guns in your face.

    A nice improvement would be doing away with the "guns in your face" part. Even if this couple had been the perps that the cops were looking for, what part of of "posting child porn" necessitates an early morning armed raid? Do cops not know how to interact with the public at all anymore besides by kicking down doors and shooting their pets?

    --
    If you want a vision of the future, imagine a youtube comments section scrolling - forever.
  36. Re:Tor exit node = child sex offender by spire3661 · · Score: 4, Insightful

    The ratio of good to bad Anonymous Coward posts is abysmal too, yet we still allow you to speak here.

    --
    Good-bye
  37. Re:Tor exit node = child sex offender by BringsApples · · Score: 2

    They're allowing encrypted traffic to traverse their network. How's that any different than folks hosting a Tor exit node?

    The real question here is, how did the police discover this IP address was associated with CP? As I understand it, and maybe I'm wrong, but if you're finding CP that came from the Tor network, then you know that the exit node that the offending data came out of wouldn't have been the source. How would a warrant have been granted based on such loose evidence? I mean, this type of situation should be happening more often, no? Seems like every Tor exit node would be raided at some point, because Tor is used for so much illegal activity.

    Following the same set of logic exhibited here, UPS and FedEX should be raided every 3 hours.

    --
    Politics; n. : A religion whereby man is god.
  38. Re:Tor exit node = child sex offender by Anonymous Coward · · Score: 2, Funny

    You should have thought about your Wife and Kids before you posted on Slashdot.