back to article Cops blasted for relying on IP addresses to hunt down suspects

A new white paper from the Electronic Frontier Foundation argues that police rely too heavily on IP addresses when conducting criminal investigations. The paper [PDF], written by EFF executive director Cindy Cohn along with legal fellow Aaron Mackey and senior staff technologist Seth Schoen, argues that the numerical addresses …

  1. hplasm
    Holmes

    Dear Fuzz- here's how it goes.

    1. Get a clue *

    2.Get evidence

    3.get a warrant.

    * yes, in both senses of the word.

    1. Lee D

      Re: Dear Fuzz- here's how it goes.

      The IP address involved is the evidence. Not of PERSONAL liability.

      And usually 3) is needed to get 2) (e.g. in the case of which customer premise equipment was given that IP).

      And the problem is not using the IP to issue warrants to discover home addresses. IP addresses are equivalent to home addresses in this regard, really.

      "Someone at this address posted a bomb to the White House". That could be the resident. A guest. An intruder. Someone trying to make it look like the address in question, etc.

      The problem is not investigating that lead and gaining information. The problem is convicting on that basis alone. When the little old granny at that address who's never heard of the Internet or used a computer is fined in court for running a Microsoft counterfeiting operation worth billions, that's the problem.

      Not a police officer being told "It was that guy who lives over there" by a neighbour and then going and knocking on the door to ask.

      1. Dr. Mouse

        Re: Dear Fuzz- here's how it goes.

        The problem is not investigating that lead and gaining information. The problem is convicting on that basis alone.

        I would suggest that getting a warrant to search and seize someone's computer equipment based on IP address alone is also the problem.

        Search and seizure of equipment is a massive deal, and is effectively punishment without conviction. How many of us would endure serious hardship if all our tech was seized by the cops? It would likely disrupt our work, potentially costing us our jobs or contracts. Damage to our reputations would be severe, and that's before looking at the effect on our personal lives.

        There are many reasons the cops could link an IP address to us when we have done nothing wrong. Someone could have gained access to our wifi network, we could have been infected with malware (yes, it even happens to techies), the ISP could have out of date records, etc. This is without looking at the ones noted in the article, which could all be deemed our own fault (open wifi, Tor exit node etc).

        The cops should need more than an IP address to gain a warrant. There should be some other way to link a person at that address to the crime they are investigating. In addition, should the search throw nothing up, the cops should compensate the suspect for damages.

        Then again, there are many ways in which the criminal justice system can punish someone without a conviction. Just the fact that you cannot claim back costs from the CPS when found not guilty is a large punishment: You spend tens of thousands on defence, the CPS brought a charge with little evidence, you are cleared, but you have effectively been fined that tens of thousands, plus months (or even years) of stress and wasted time, potentially lost earnings, damage to reputation etc.

        The law is an ass, and I don't expect anything to change about that.

        1. Anonymous Coward
          Anonymous Coward

          Re: Dear Fuzz- here's how it goes.

          "Search and seizure of equipment is a massive deal, and is effectively punishment without conviction."

          One way to address that - make it an offence to deprive someone of their means of earning a living without a court-issued warrant with solid foundations An IP address alone does not constitute solid foundations, unless of course the police can prove beyond reasonable doubt that the suspect was not piggybacking on an innocent connection.

      2. Halfmad

        Re: Dear Fuzz- here's how it goes.

        IP addresses are only equivalent to home addresses if you assume the network connected to that IP is entirely secure which is rarely the case especially if you have an ISP which gives customers a router which also allows for a guest wifi network on the same line.

  2. Anonymous Coward
    Anonymous Coward

    Odd...

    Why is the Title box coming up with a list of selectable subjects? Oh well Faux Fox.

    Anyway roll back a few years to someone who had a friend, no longer, and detected said ex-friend sitting in a car outside their window |(according to neighbours) for several hours.

    I suggested after checking whether he had given them his wifi password, that they had been using his internet connection.

    Possibly for illegal purposes. That's the sort of people we are talking about here.

  3. Fihart

    Cops not the only ones...

    Amazon calculated my address by IP to be the house next door. Not bad - but not good for actual delivery. How long before they omit the facility to edit incorrect guesses ?

    1. Cynic_999 Silver badge

      Re: Cops not the only ones...

      I suggest that the reason Amazon "calculated your address by IP to be the house next door" was because you were using your neighbour's WiFi signal when you logged on to Amazon. Perfectly possible to do so accidentally if an unencrypted AP happens to be the strongest signal your laptop is seeing.

  4. Anonymous Coward
    Anonymous Coward

    Now you know ..

    .. why there's so much interest in IPv6. It will allow the numbering of citizens.

    I already noticed this with some location sites which give me my location despite having the VPN online. I must check if I can change that - I suspect the VPN is set to IPv4 only.

  5. adam payne

    So you have an IP address, does that tell you who it was? no of course it doesn't.

    Backdoored network, trojans etc.

  6. Version 1.0 Silver badge

    It's your address sonny ...

    They've got your "address" ... if it was called your IP number then Mr. Plod would be a lot less likely to want to search the premises

  7. Anonymous Coward
    Anonymous Coward

    Hardly surprising

    Hardly surprising given that it's the most readily available attribute. Sure on a corporate network it's relatively easy to attribute a username but on the internet, without a lot more effort and cooperation from other providers it's probably all there is to go on.

  8. FuzzyWuzzys
    Happy

    Simples!

    Dear fuzz....

    An IP address is to identity, as a carvan is a to a house!

    1. Blotto Silver badge

      Re: Simples!

      nope, it identifies a bill payer, someone who is responsible and liable for the transactions over that account. its the first clue in an investigation, not the only clue, just the first of hopefully many needed to resolve the case.

  9. Cynic_999 Silver badge

    Featured IP address

    I see the photo used in the article is showing an IP address of 951.27.9.840

    Maybe plod should be sent off to track down the location of that IP address ...

    Although I have noticed that most IP addresses that are shown in movies are impossible addresses, so I suppose it's for a similar reason as all the "555" telephone numbers - to prevent people contacting numbers they see in movies.

  10. swm Silver badge

    DHCP?

    Most internet providers give out IP addresses using DHCP. These addresses can change so the fuzz had better check the service provider's logs for date and time info too.

  11. Anonymous Coward
    Anonymous Coward

    The Feds track you down using your IP. It provides just cause for searches. They find a big cache of kiddy filth or some scam shit. You go to jail for a few years. I don't have a problem it's that.

    1. Blotto Silver badge

      Someone remotely hacks into your pc and uploads a load of kiddie porn then makes connections to dodgy sites from your ip. The cops come looking and lock you up even though you've done nothing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022