Cops blasted for relying on IP addresses to hunt down suspects A new white paper from the Electronic Frontier Foundation argues that police rely too heavily on IP addresses when conducting criminal investigations. The paper [PDF], written by EFF executive director Cindy Cohn along with legal fellow Aaron Mackey and senior staff technologist Seth Schoen, argues that the numerical addresses …
The IP address involved is the evidence. Not of PERSONAL liability.
And usually 3) is needed to get 2) (e.g. in the case of which customer premise equipment was given that IP).
And the problem is not using the IP to issue warrants to discover home addresses. IP addresses are equivalent to home addresses in this regard, really.
"Someone at this address posted a bomb to the White House". That could be the resident. A guest. An intruder. Someone trying to make it look like the address in question, etc.
The problem is not investigating that lead and gaining information. The problem is convicting on that basis alone. When the little old granny at that address who's never heard of the Internet or used a computer is fined in court for running a Microsoft counterfeiting operation worth billions, that's the problem.
Not a police officer being told "It was that guy who lives over there" by a neighbour and then going and knocking on the door to ask.
The problem is not investigating that lead and gaining information. The problem is convicting on that basis alone.
I would suggest that getting a warrant to search and seize someone's computer equipment based on IP address alone is also the problem.
Search and seizure of equipment is a massive deal, and is effectively punishment without conviction. How many of us would endure serious hardship if all our tech was seized by the cops? It would likely disrupt our work, potentially costing us our jobs or contracts. Damage to our reputations would be severe, and that's before looking at the effect on our personal lives.
There are many reasons the cops could link an IP address to us when we have done nothing wrong. Someone could have gained access to our wifi network, we could have been infected with malware (yes, it even happens to techies), the ISP could have out of date records, etc. This is without looking at the ones noted in the article, which could all be deemed our own fault (open wifi, Tor exit node etc).
The cops should need more than an IP address to gain a warrant. There should be some other way to link a person at that address to the crime they are investigating. In addition, should the search throw nothing up, the cops should compensate the suspect for damages.
Then again, there are many ways in which the criminal justice system can punish someone without a conviction. Just the fact that you cannot claim back costs from the CPS when found not guilty is a large punishment: You spend tens of thousands on defence, the CPS brought a charge with little evidence, you are cleared, but you have effectively been fined that tens of thousands, plus months (or even years) of stress and wasted time, potentially lost earnings, damage to reputation etc.
The law is an ass, and I don't expect anything to change about that.
"Search and seizure of equipment is a massive deal, and is effectively punishment without conviction."
One way to address that - make it an offence to deprive someone of their means of earning a living without a court-issued warrant with solid foundations An IP address alone does not constitute solid foundations, unless of course the police can prove beyond reasonable doubt that the suspect was not piggybacking on an innocent connection.
IP addresses are only equivalent to home addresses if you assume the network connected to that IP is entirely secure which is rarely the case especially if you have an ISP which gives customers a router which also allows for a guest wifi network on the same line.
Why is the Title box coming up with a list of selectable subjects? Oh well Faux Fox.
Anyway roll back a few years to someone who had a friend, no longer, and detected said ex-friend sitting in a car outside their window |(according to neighbours) for several hours.
I suggested after checking whether he had given them his wifi password, that they had been using his internet connection.
Possibly for illegal purposes. That's the sort of people we are talking about here.
I suggest that the reason Amazon "calculated your address by IP to be the house next door" was because you were using your neighbour's WiFi signal when you logged on to Amazon. Perfectly possible to do so accidentally if an unencrypted AP happens to be the strongest signal your laptop is seeing.
I see the photo used in the article is showing an IP address of 951.27.9.840
Maybe plod should be sent off to track down the location of that IP address ...
Although I have noticed that most IP addresses that are shown in movies are impossible addresses, so I suppose it's for a similar reason as all the "555" telephone numbers - to prevent people contacting numbers they see in movies.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
