×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ontario Court Wrong About IP Addresses, Too

kdawson posted more than 5 years ago | from the reasoning-by-bad-analogy dept.

Privacy 258

Frequent Slashdot contributor Bennett Haselton comments on a breaking news story out of the Canadian courts: "An Ontario Superior Court Justice has ruled that Canadian police can obtain the identities of Internet users without a warrant, writing that there is 'no reasonable expectation of privacy' for a user's online identity, and drawing the analogy that 'One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state.' But why in the world is it valid to compare an IP address with a street address in the phone book?" Read on for Bennett's analysis.
Last October I wrote about a the Virginia Supreme court's ruling that forged IP addresses in spam headers were constitutionally protected, because they were necessary to protect anonymous speech. I said that misconstrued facts about IP addresses for two main reasons: (a) there are protocols for secure anonymous speech on the Internet, so it's not true that forged IP addresses are "necessary"; (b) forging your IP in mail headers doesn't actually hide the sender's real IP anyway. Now an Ontario Superior Court Justice has ruled that IP addresses are no more private than "[o]ne's name and address or the name and address of your spouse", suggesting another instance where a court may not have realized the implications of how IP addresses work.

In the current case, Canadian police had determined the IP address of a user allegedly accessing child pornography, and faxed the ISP a request for the user's identifying information, which the ISP provided, without a warrant. The defendant had argued that the evidence should be in admissible because the police should have been required to obtain a warrant first, but Justice Lynne Leitch rejected that argument, drawing an analogy to the public listings in a phone book and writing, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state."

Even if the court had ruled that the evidence were inadmissible, that doesn't mean the police couldn't have caught this defendant if they'd followed the warrant procedure from the beginning — if the police had evidence that the user was accessing child pornography, presumably they could have gotten a warrant if they'd asked for one. So excluding this evidence probably would have only set a precedent that defendants would occasionally get off because of procedural screw-ups (similar to police forgetting to read a defendant his Miranda rights), not that huge numbers of child pornographers would have now been able to evade police, because the police could usually get a warrant in cases where they had evidence against them. What is troubling is the analogy that the court drew between IP addresses and "one's name and address".

Unlike the statements made by the Virginia Supreme Court, this may not be a case of getting technical facts wrong about IP addresses, but logical errors in the analogy, namely: (a) concluding that two things are similar when they are perceived differently, when perceptions are what the case is about, and (b) not following the premise through to its logical conclusion, which would be absurd, showing the premise is wrong in the first place.

Consider that the court drew the analogy to name and address information that can be found in the phone book, and wrote, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state." But then why would one draw any link between that, and information about the user's identity behind their IP address? The only similarity is that both pieces of information are "information about someone". But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book — users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP. When asking whether users have a "reasonable expectation of privacy" for a given type of information, if you parse that sentence literally, there are only two questions: (1) Do users have an expectation of privacy for that information, and (2) Is it reasonable? To determine if users have an expectation of privacy for something, you just ask them: Do you? You don't need to draw analogies to anything else — either users expect privacy (because of the analogies or the reasoning going on their own heads) or they don't. The remaining question is whether their expectation is reasonable, and it seems absurd to say that a user's expectation of privacy for their identity online (at least until a court issues a warrant) is "unreasonable".

Suppose a security company were to discover an exploit in Internet Explorer that could reveal your real name (as entered in your personal computer's Control Panel settings at setup time) to any Web site that you visited. This would be big news and would warrant Microsoft issuing a critical patch to fix the problem — because users expect that this information should not be available to a remote Web site, even though the Web site that they're visiting can of course see their IP address. And most would agree that this is a "reasonable" expectation.

On the other hand, try following the judges' ruling through to the end — if information about the user's real identity behind their IP address is not considered private, than what is? Justice Leitch stated that an address in the phone book and an IP address are both "biographical information" and hence that the analogy was proper. But by the same logic, virtually any fact that a company has on file about you would constitute "biographical information" just by virtue of the tautology that it's a fact about you, and so this would become meaningless as a standard by which to determine what facts should be kept secret from police without a warrant.

This line of argument raises two larger issues. First, this will have already provoked the ire of people with legally training, who are asking, "Who are you to disagree with a Superior Court Justice? Did you go to law school? Did you clerk with a judge?" The proper response to this is: If you're invoking your credentials to support a statement, then if I were to randomly poll 10 people with the same credentials, would at least 8 of them agree with you? If the answer to that question is No, then there's no point in bringing up credentials, because there is no strong majority of people with those credentials who agree on any particular to answer to that question, so it cannot be true that a strong majority agree on the "correct" answer to the question. The story about this case quotes Professor James Stribopoulos at the Osgoode Hall Law School in Toronto, as disagreeing with the judges' conclusion, for example: "It is not just your name, it is your whole Internet surfing history. Up until now, there was privacy. An IP address is not your name, it is a 10-digit number. A lot more people would be apprehensive if they knew their name was being left everywhere they went." If credentialed users are randomly divided on what the answer is, then that cannot be used as a guide to what the rest of us laypeople should think, because how do we know which group to side with? We have to rely on generic reasoning — looking for logical mis-steps in a judge's argument, or looking for premises that would be absurd if they were carried to their logical conclusion. If you're going to tell me that my reasoning is wrong, then mentioning a degree in mathematics or the hard sciences is just as relevant, if not more so, than mentioning a law degree — but in either case the logical argument should be evaluated on its merits, regardless of a person's "credentials". People who do well on those Martin Gardner brainteasers should be encouraged to take part in these debates.

Second, there is the question of whether such logical errors (if you accept the premise that the court made a logical error in drawing an analogy between IP addresses and street addresses in the phone book) could be avoided if the courts took a different approach to answering these questions. In the October article about the Virginia Supreme Court's ruling on IP addresses, I suggested that a judge could have avoided the technical mis-statement in the ruling if they had just convened some Internet technology experts in their courtroom and said, "Here's my reasoning so far. Is any part of it wrong on the technical facts? I'm not promising to change my mind in response to anyone's objections. But just tell me if you think some part of it is wrong." A large number of people e-mailed me objections that all boiled down to, "That's not how judges do things", or suggesting that I didn't know that because I'd ventured outside my own area of expertise.

Hello! I know that's not how judges do things, that was my point: that they might avoid certain types of errors if they did try it. On the other hand, just because a particular practice by a judge might have avoided one type of error, that doesn't mean it's a good idea. If the judge had tested their theory about IP addresses and street addresses by posting it on a message board somewhere and asking for feedback, that might have helped to avoid the particular mis-statements that they made about IP addresses in that case, but would that be a good idea generally? Almost certainly not — because users responding to the judge's request for help would not be under oath, so they'd be free to try and confuse the issue with lies to support whatever outcome they wanted for the case. That would be bad enough if it were a one-time case where a judge solicited feedback for their reasoning on a message board. If it became a regular practice by judges, and people knew in advance that judges were likely to solicit public feedback on their arguments before making their rulings official, then all parties with an agenda would have misinformation campaigns gearing up in advance to fool judges whenever possible.

That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information. (Of course, this depends on the court system's willingness to prosecute experts and other witnesses if they lie under oath. If the courts don't bother, then there's not much point in swearing in the experts before they testify anyway.)

So: an interesting counterargument would be: What is an example of a problem (a situation where a judge could be led to the wrong conclusion, or where a third party would have new incentives to spread false information) that would be created by judges running their opinions past experts who are assembled in their courtroom, that does not already exist under the current system? I can't immediately think of any, but some more imaginative people might be able to. I don't think it would be valid to say, for example, that this creates an incentive for biased experts to try and mislead the judge without technically lying — because biased experts in court already try and mislead the judge anyway, even without a "final round" where the judge asks what they think. But that's the form that an interesting argument would take. Not "I went to law school and that's not how we do stuff."

Meanwhile, regular users can use Tor and similar programs if they want their anonymity to be securely protected online. Tor can securely protect your identity from anyone, with or without a warrant. At least 8 out of 10 computer experts would agree; otherwise I wouldn't say that.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

258 comments

Who is John Galt? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26844129)

For twelve years you've been asking "Who is John Galt?" This is John Galt speaking. I'm the man who's taken away your victims and thus destroyed your world. You've heard it said that this is an age of moral crisis and that Man's sins are destroying the world. But your chief virtue has been sacrifice, and you've demanded more sacrifices at every disaster. You've sacrificed justice to mercy and happiness to duty. So why should you be afraid of the world around you?

Your world is only the product of your sacrifices. While you were dragging the men who made your happiness possible to your sacrificial altars, I beat you to it. I reached them first and told them about the game you were playing and where it would take them. I explained the consequences of your 'brother-love' morality, which they had been too innocently generous to understand. You won't find them now, when you need them more than ever.

We're on strike against your creed of unearned rewards and unrewarded duties. If you want to know how I made them quit, I told them exactly what I'm telling you tonight. I taught them the morality of Reason -- that it was right to pursue one's own happiness as one's principal goal in life. I don't consider the pleasure of others my goal in life, nor do I consider my pleasure the goal of anyone else's life.

I am a trader. I earn what I get in trade for what I produce. I ask for nothing more or nothing less than what I earn. That is justice. I don't force anyone to trade with me; I only trade for mutual benefit. Force is the great evil that has no place in a rational world. One may never force another human to act against his/her judgment. If you deny a man's right to Reason, you must also deny your right to your own judgment. Yet you have allowed your world to be run by means of force, by men who claim that fear and joy are equal incentives, but that fear and force are more practical.

You've allowed such men to occupy positions of power in your world by preaching that all men are evil from the moment they're born. When men believe this, they see nothing wrong in acting in any way they please. The name of this absurdity is 'original sin'. That's inmpossible. That which is outside the possibility of choice is also outside the province of morality. To call sin that which is outside man's choice is a mockery of justice. To say that men are born with a free will but with a tendency toward evil is ridiculous. If the tendency is one of choice, it doesn't come at birth. If it is not a tendency of choice, then man's will is not free.

And then there's your 'brother-love' morality. Why is it moral to serve others, but not yourself? If enjoyment is a value, why is it moral when experienced by others, but not by you? Why is it immoral to produce something of value and keep it for yourself, when it is moral for others who haven't earned it to accept it? If it's virtuous to give, isn't it then selfish to take?

Your acceptance of the code of selflessness has made you fear the man who has a dollar less than you because it makes you feel that that dollar is rightfully his. You hate the man with a dollar more than you because the dollar he's keeping is rightfully yours. Your code has made it impossible to know when to give and when to grab.

You know that you can't give away everything and starve yourself. You've forced yourselves to live with undeserved, irrational guilt. Is it ever proper to help another man? No, if he demands it as his right or as a duty that you owe him. Yes, if it's your own free choice based on your judgment of the value of that person and his struggle. This country wasn't built by men who sought handouts. In its brilliant youth, this country showed the rest of the world what greatness was possible to Man and what happiness is possible on Earth.

Then it began apologizing for its greatness and began giving away its wealth, feeling guilty for having produced more than ikts neighbors. Twelve years ago, I saw what was wrong with the world and where the battle for Life had to be fought. I saw that the enemy was an inverted morality and that my acceptance of that morality was its only power. I was the first of the men who refused to give up the pursuit of his own happiness in order to serve others.

To those of you who retain some remnant of dignity and the will to live your lives for yourselves, you have the chance to make the same choice. Examine your values and understand that you must choose one side or the other. Any compromise between good and evil only hurts the good and helps the evil.

If you've understood what I've said, stop supporting your destroyers. Don't accept their philosophy. Your destroyers hold you by means of your endurance, your generosity, your innocence, and your love. Don't exhaust yourself to help build the kind of world that you see around you now. In the name of the best within you, don't sacrifice the world to those who will take away your happiness for it.

The world will change when you are ready to pronounce this oath:
I swear by my Life and my love of it that I will never live for the sake of another man,
nor ask another man to live for the sake of mine.

Re:Who is John Galt? (0, Offtopic)

A. B3ttik (1344591) | more than 5 years ago | (#26844479)

I'm not sure whether to be thrilled that you posted John Galt's Speech, upset that it's just a short summary that leaves out a lot of his best points, or confused since I'm really not sure how it applies to the Anonymity of IP Addresses at _all_.

Ayn Rand hates large government, sure, but the government does many things much more contrary to her cause (Economics, redistribution of wealth, other social programs) than, say, ruling that IP Addresses aren't private.

Re:Who is John Galt? (0, Offtopic)

Asic Eng (193332) | more than 5 years ago | (#26845189)

I am a trader. I earn what I get in trade for what I produce.

This is the worst definition of the term "trader" that I've ever seen. A trader buys stuff and resells it. If you are selling what you produce you are a producer. The contribution of a trader is that he identifies where things can be made cheaply and bring them to markets where they'd otherwise be expensive.

I realize you just copied that text, but still...

wth? (-1, Offtopic)

dtml-try MyNick (453562) | more than 5 years ago | (#26844173)

What the hell happened with the frontpage? Is slashdot tired of it's visitors or something?

Re:wth? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26844737)

Obviously /. has figured out how to better serve our short attention spans and lack of interest in RTFA.

I like the new front page (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26845047)

I like it. I could quickly scan for the headlines that interest me and click "open in new teb" on each one I want to read...

Justice is blind (3, Insightful)

Pig Hogger (10379) | more than 5 years ago | (#26844205)

Justice is blind, and even more so when technological cases are heard in an anglo-saxon setting, where customary law (precedents) is king.

Re:Justice is blind (4, Interesting)

debrain (29228) | more than 5 years ago | (#26844597)

Justice is blind, and even more so when technological cases are heard in an anglo-saxon setting, where customary law (precedents) is king.

I think you're mixing a number of references, there. Justice is blind is a reference to the notion that justice ought to be objective, a concept going back to (at least) the Babylons. I don't think objective (versus subjective) reasoning in any takes away from "justice", which seems to be what you are implying.

"Customary law (precedents)" is presumably a reference to stare decisis [wikipedia.org], a concept of binding precedents which dates back to the Normans invading Britain around the 1100's I believe. Stare decisis generally occurs only when a "higher" Court (i.e. an appellate level Court) makes a decision. The lower Courts are bound to the decision of higher Courts, subject to law and fact that distinguishes the case at hand from the case of the higher Court. Courts of the same level are generally not bound (though it is generally considered polite not to change the law the same Court had previously made - case made law is in principle, after all, not creating law, but illuminating an already-existing truth).

In terms of facts, though, appellate Courts generally defer to the Court of first instance (i.e. the trier of fact, or trial court), because the judge at the first instance will have heard the facts from experts first-hand. However, there is generally a discretion in appellate Courts to overturn rulings of the Court of first instance on the basis that the trier of fact made errors that were incorrect, unreasonable or patently unreasonable (depending on the nature of the appeal and the Court in question).

In the Ontario case in question, I haven't read the reasons of Justice Leitch, but if she took "judicial notice" of the analogy between an IP and an address (i.e. no experts were called), a higher Court may alter that. However, if an expert posited that analogy, then it is very unlikely that the decision will be overturned by a higher Court (i.e. the Ontario Court of Appeal). In both scenarios, it's possible that subsequent decisions would be made on different facts, and this wayward analogy would be debunked.

Learn to summarize, Tolstoy (5, Insightful)

BadAnalogyGuy (945258) | more than 5 years ago | (#26844225)

"I think judges should get expert opinion outside the courtroom."

There, that wasn't so hard, was it?

May I suggest the following link [slashdot.org]

Re:Learn to summarize, Tolstoy (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26844301)

I was thinking the exact same thing ... we listen to quite a bit of Bennett Haselton on legal advice when I'm not so certain he's a lawyer.

Re:Learn to summarize, Tolstoy (2, Funny)

KevinKnSC (744603) | more than 5 years ago | (#26845797)

According to Wikipedia, he has a graduate degree in math but no law degree. This is too bad, because a name like "Bennett Haselton" seems like it was made for a law office door.

Re:Learn to summarize, Tolstoy (0)

Anonymous Coward | more than 5 years ago | (#26845303)

Learn to summarize, Tolstoy

Not sure about this, I've read War and Peace, but couldn't be arsed to read this article. At least War and Peace has some decent battles in it!

Re:Learn to summarize, Tolstoy (1)

PeterKraus (1244558) | more than 5 years ago | (#26845785)

I just listen to the Gates of Delirium (Relayer, by Yes), and it sums up nicely all the interesting things in 20ish minutes :)

tl;dr (-1, Redundant)

yincrash (854885) | more than 5 years ago | (#26844235)

can someone please summarize?

Re:tl;dr (5, Insightful)

CarpetShark (865376) | more than 5 years ago | (#26844423)

tl;dr...can someone please summarize?

What is it with people today? You want to know stuff, but can't be bothered reading something that IS a summary, of a lengthy court proceeding involving lots of debate on principles, history, etc.?

You want summaries of summaries? OK, we're all screwed. Feel informed now?

Summary (5, Informative)

SpeedyDX (1014595) | more than 5 years ago | (#26844711)

Bennett Hasleton thinks that education and legal training have no impact on how legitimate a person's opinion on legal matters is. His style of writing is very flawed in that it contains fallacies, appeals to emotion, and numerous grammatical errors. He doesn't link to the actual case file, so I can only assume that all of his commentary is based solely on the National Post article. This type of second-hand analysis is unreliable, as it relies on the interpretation of the journalist in question. He also does not recognize how the legal system views expert evidence - that is, it treats it as "opinion evidence" as opposed to "real evidence", the differences between which I will not delve into here.

I'm not going to go further, as I think it would be unnecessary and a complete waste of time. This is basically a very long rant on a subject in which he is nowhere near qualified to provide an in-depth analysis. I am not a lawyer, but I am a Criminology student at the University of Toronto, studying under one of the more prominent defence lawyers in the country (one of Maher Arar's lawyers) on legal procedure. Of course, if you're Bennett Hasleton though, that doesn't mean anything.

Re:Summary (1)

Bieeanda (961632) | more than 5 years ago | (#26844769)

This is, of course, no different from any of the other long-winded blog posts that he occasionally gets posted to the front page under the guise of 'news'.

Re:tl;dr (1)

camperdave (969942) | more than 5 years ago | (#26845035)

Sure: An IP address is a ten digit number that contains your entire internet surfing history. That IP address was used at one point to access child porn. Therefore we don't need a warrant to get your name and address from whatever ISP is serving up that address.

Is it valid to compare an IP to address book? (2, Insightful)

commodore64_love (1445365) | more than 5 years ago | (#26844283)

The police using an IP Number to locate my address is no different than if they did a Reverse Phone Number lookup. If the latter does not violate my rights, then the former does not violate my rights either.

Re:Is it valid to compare an IP to address book? (4, Insightful)

compro01 (777531) | more than 5 years ago | (#26844493)

How about if the phone number is unlisted?

Consider that if you do a WHOIS search on a non-business IP, you're likely going to get the ISP's info, not the info of the person using that IP, so I would consider that to be more like an unlisted number than a number in the phone book.

Though I'm not able to find any precedents regarding whether a warrant is required to request unlisted phone numbers either, so this may be a moot argument.

Good, it should be the same (5, Insightful)

phorm (591458) | more than 5 years ago | (#26844495)

When I look up my phone # in a reverse directory, I get the a result like the following:

Type: Cell Phone

Provider: Someprovider

Location: Somecity, SomeProvince

There are plenty of reasons *NOT* to have your personal information linked to your phone #. The same should apply to your IP.

Re:Good, it should be the same (1)

dadragon (177695) | more than 5 years ago | (#26845475)

The provider information is now often wrong. It just looks up the NXX, and tells you its code holder, but thanks to WNP it isn't guaranteed to be accurate.

Re:Is it valid to compare an IP to address book? (2, Insightful)

ForrestFire439 (1458475) | more than 5 years ago | (#26844553)

No, it is different because users don't expect their identity to be revealed by their ip address. The whole point of a phone book is to link people with numbers and you can opt out if you don't want to be listed.

Re:Is it valid to compare an IP to address book? (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26844937)

If I, as a private citizen, cannot call up the ISP and get the same information; then that information should not be considered public by reasonable expectation; and should require a warrant.

Re:Is it valid to compare an IP to address book? (1)

MikeBabcock (65886) | more than 5 years ago | (#26845335)

It sure does have a difference. People already know their phone numbers are publicly listed information and act accordingly. People should routinely expect others to have Caller-ID or access to reverse directories.

IP addresses are not published in a big white book that is handed out to every home in North America, and your IP identity is not something you assume will be public knowledge without good reason. As a result, people do expect privacy even though the data is obviously available to their ISP, usually a private company who the user trusts.

Re:Is it valid to compare an IP to address book? (1)

DarthVain (724186) | more than 5 years ago | (#26845457)

Not the same thing at all.

A) No expectation of Privacy. Your name and number is PUBLISHED in the phone book. You agree to this when you get a number, unless you get it unlisted, in which case they could not get at it.

B) No Personal information attached. You address is covered off by A). You can't get a list of calls made, when you called them, who you talked to, what your conversations consisted of, etc... without a court order, or warrant I believe.

This is the whole crux of the problem. You are basically allowing all the above to anyone of "Lawful Authority" for whatever reason they like with no oversight.

That is bad.

Re:Is it valid to compare an IP to address book? (3, Insightful)

bcwright (871193) | more than 5 years ago | (#26845779)

The problem is that an IP address is NOT a unique identifier for an individual. In most cases, it's going to be a dynamically-allocated address that may map to many subscriber locations within your neighborhood or your city or even the entire country, depending on how your ISP allocates addresses. At any given moment in time, it will only map to one subscriber location, but the only one who has access to that information will be your ISP, possibly in conjunction with the telephone company if you're connected by modem.

But even apart from that, an IP address can be multiplexed between many individuals or even other locations once the traffic for it reaches the subscriber location.

So it's not like a phone number at all - there's not even approximately a one-to-one mapping between IP addresses and individuals, nor is the mapping that does exist stable over even fairly short spans of time.

I'm not sure whether I think that the police should have the authority to do a reverse IP lookup without a warrant (though from a civil liberties standpoint it does make me distinctly uneasy, since this is in no sense "public" information and has serious potential for abuse), but the analogy with the phone system is badly flawed.

tl; dr (2, Interesting)

Eevee (535658) | more than 5 years ago | (#26844311)

I did a quick search on "phone" and found no references to Canadian case law dealing with warrents and phone numbers--the obvious precedent for warrents and IP addresses. Why is this even posted if the most basic of research hasn't been done?

Re:tl; dr (0)

Anonymous Coward | more than 5 years ago | (#26845309)

did a quick search on "phone" and found no references to Canadian case law dealing with warrents and phone numbers--the obvious precedent for warrents and IP addresses. Why is this even posted if the most basic of research hasn't been done?

Perhaps you need to do more research than "quickly searching for the word 'phone'". Trust me, in Canada, there ARE laws that apply to telephones... it's not like all phone usage and everything done on it is irrelevant to the law up here.

"Bennett Hasleton" just sounds like a dick name (0, Troll)

Gizzmonic (412910) | more than 5 years ago | (#26844323)

Sorry, Bennett Hasleton, but I might listen a little closer if you got a better nickname. "Bennett Hasleton" just sounds like the name for the male lead in a romance novel. Bennett Hasleton smirked roguishly as he pushed his mirrored aviators over his bronzed, jutting face. Aubrey St. Croix quivered as she caught his reflection in the Florentine bakery window.

Bennett Hasleton looks down his nose at you lowly plebes. Bennett Hasleton lives in a world filled with glamour and mysterious women. Bennett Hasleton drives a car that's more expensive than your house. And if I ever meet Bennett Hasleton, I will KICK HIS ASS!

PS His real name is Hassell "the United Colors of" Bennetton!

Re:"Bennett Hasleton" just sounds like a dick name (0)

Anonymous Coward | more than 5 years ago | (#26844917)

All that and you didn't even think of Bennett Asshole-ton?

Re:"Bennett Hasleton" just sounds like a dick name (1)

PIBM (588930) | more than 5 years ago | (#26845495)

That was left as an exercise to the reader

Better analogy: Receipt number (5, Interesting)

Anonymous Coward | more than 5 years ago | (#26844383)

A better analogy is: If police find a repair receipt with an order number, can the police go to the shop and ask for the name of the customer?

A receipt number is neither public nor private, it is merely obscure. Can a business owner not voluntarily give information to the police? If the business has a privacy contract with the customer, a violation is a contract law issue between the customer and the business, and not a constitutional issue.

If the business won't voluntarily provide the information, the police can use a search warrant to search the business. But that is a situation between the business and the police, not the customer. And if the business voluntarily gives the information the police haven't conducted a search.

Mod parent up!!! (4, Interesting)

multimediavt (965608) | more than 5 years ago | (#26844651)

This guy has it right, along with the reverse lookup comment for a phone number there was no violation of criminal law or established procedures for enforcement with what was done. Now, the ISP may have violated their privacy agreement, but privacy agreements usually contain verbiage that denies privacy if you are suspected of a crime, depending on the nature of information being divulged.

Data that was traveling over the wire to and from the IP address was not obtained and would require a warrant to view, but simple subscriber information will-9 times out of 10-be given to law enforcement upon request. Now, if that information was somehow "unlisted at the user's request", like an unlisted phone number, then a warrant would be needed to obtain the information. I do not know of an ISP that provides "unlisted" Internet service.

an ISP that provides "unlisted" Internet service (1)

way2trivial (601132) | more than 5 years ago | (#26844881)

they are callewd "anonymous proxy" services.

http://en.wikipedia.org/wiki/Anonymous_proxy#Anonymizing_proxy_server [wikipedia.org]

Re:an ISP that provides "unlisted" Internet servic (1)

MikeBabcock (65886) | more than 5 years ago | (#26845395)

... and if you want to use one at some point in the future, use it regularly for no reason starting now so there's no obvious pattern to rely on.

Re:Mod parent up!!! (2, Insightful)

WiartonWilly (82383) | more than 5 years ago | (#26845551)

Now, the ISP may have violated their privacy agreement, but privacy agreements usually contain verbiage that denies privacy if you are suspected of a crime, depending on the nature of information being divulged.

..........

Now, if that information was somehow "unlisted at the user's request", like an unlisted phone number, then a warrant would be needed to obtain the information. I do not know of an ISP that provides "unlisted" Internet service.

I do not know of an ISP that provides a "listed" internet service, either. I can't find personal addresses from IPs, so it's not listed.

If the privacy agreement has a "suspected of a crime" loop-hole, a warrant would provide suitable, credible evidence of the suspicion. ISPs might be absolved by their clause, but law enforcement requires that judges validate that there is reasonable suspicion. This is standard procedure for modifying a citizen's privacy. An extra step, true, but not overly burdensome.

A phone book listed by phone number. Useful... (0)

nsolon (1064682) | more than 5 years ago | (#26844393)

More obviously, the "phone book" analogy also fails apart, to some extent, because traditional phone books are indexed by last name and NOT by address or phone number. Prior to the advent of searchable electronic versions, the public would not have been able to find your name from your address through a phone book without going through record by record. Granted, this argument is moot because such electronic databases DO exist, but it strikes me as showing how much care went into the Crown's argument.

Re:A phone book listed by phone number. Useful... (3, Informative)

cdrguru (88047) | more than 5 years ago | (#26844903)

Wrong. Reverse directories were published and could be found in just about any library. Police stations had them on hand. Phone companies offered services whereby the name and address would be read off to the caller for any phone number, if the number was listed.

Isn't it based on commuity expectations? (2, Interesting)

DoofusOfDeath (636671) | more than 5 years ago | (#26844447)

It strikes me that "reasonable expectation" would mean, "reasonable by those in the community in question".

Was this judge a regular Internet user? If not, is his opinion about what's a "reasonable expectation" relevant, or should he poll, for example, 1000 high-school and college kids regarding whether or not they expect their IP#'s to be tied back to them as people?

Re:Isn't it based on commuity expectations? (2, Funny)

droopycom (470921) | more than 5 years ago | (#26845661)

Yeah right... he was not a pedophile suspect either ....

Should the judge ask 1000 pedophiles suspect what their expectation of privacy be...

Public Information? (5, Insightful)

number17 (952777) | more than 5 years ago | (#26844499)

Lets take a different analogy. A credit card number.

Like an IP address, that number is handed out by a company and is linked to my name at a particular point in time. I am responsible for it during that period of time.

Both credit card number and name are kept in a database, just like the MAC address of my modem and subscriber information. How does this make it public information that can be published?

Unlisted numbers? (1)

javacowboy (222023) | more than 5 years ago | (#26844511)

The judge's analogy fails in several ways, but one is that I can ask the phone company for an unlisted phone number.

Obviously, there's no way to ask for an "unlisted" IP address.

It's not the same because... (5, Insightful)

dmomo (256005) | more than 5 years ago | (#26844515)

Your phone number and address specify where you live. Your IP address in an apache log specifies:

Where you were at what time and what you were doing.

Big difference.

Yes, my home address might be public info (arguably).. but what I am doing inside is NOT!

Re:It's not the same because... (1)

Piranhaa (672441) | more than 5 years ago | (#26844787)

Exactly.. It's like asking someone to enable GPS and walk around with a camera strapped to their foreheads and recording their actions 24/7. The recordings get put on tape for as long as the medium is backed up (so technically indefinitely). There's little to no chance that websites will start anonymizing log files - it just doesn't happen very often. So what's to stop police from going back 5+ years and saying "Well, you visited X and Y on these days... Because you KNOW about X and Y, we suspect you are guilty for this crime."

And as others have said... Who's to say someone ELSE didn't use your connection, even as a proxy?

I really can't believe some people and their ideologies

Re:It's not the same because... (1)

SirWhoopass (108232) | more than 5 years ago | (#26844807)

Well, your IP address doesn't tell the police what you were doing INSIDE either. A second piece of information is needed: the servers you were connecting to OUTSIDE of your home. Probably not owned by you. If you were doing anything entirely inside of your home, then your IP is irrelevant.

Which gets to the root of the issue. On one side there are those who believe that because you are sitting in the privacy of your home, your online activities should be private.

On the other side are those who point out you're connecting across a network and to servers that are owned by someone else. You may be physically at home. But your activities occur in a third-party (virtual) space.

Re:It's not the same because... (1)

dmatos (232892) | more than 5 years ago | (#26844995)

I think a more apt analogy would be a telephone number. If the police were able to determine that a call made from a certain telephone number was illegal, then looking in the phone book to associate that telephone number with a name and address would be appropriate, and not require a warrant.

My concern here is what the cops did to determine that a particular IP was downloading kiddie-porn. Did they set up a honeypot and catch flies? Or did they snoop on the communication between two parties not related to the police? If the first case, then I have no problem with the ruling. If the second case, well, I have no problem with the ruling, but I equate that to wire-tapping of a phone, and the cops better have had a warrant for that activity.

Re:It's not the same because... (0)

Anonymous Coward | more than 5 years ago | (#26845565)

Did they set up a honeypot and catch flies? Or did they snoop on the communication between two parties not related to the police? If the first case, then I have no problem with the ruling.

So you think it's ok for the police to distribute this crap and engage in entrapment?

Re:It's not the same because... (1)

canajin56 (660655) | more than 5 years ago | (#26844915)

If you use your OMG PRIVATE PHONENUMBER to call in a bomb threat against your place of work, they don't need a warrant to perform a reverse phone lookup and find the name of the account holder. Explain how your phone number only specifies where you live, where the calledID at the business you called with a bomb threat specifies "where you were at what time and what you were doing." Nobody is saying that they don't need a warrant for server logs. They already have the server logs that they obtained with a legal warrant. This is no different than if they busted a porn ring ringleader, took his blackberry, and did a reverse lookup on all his phone numbers. Nope, it doesn't say WHO at that house did it. But it does say probably somebody at that house. So that's enough for a warrant, which they did get, by the way.

Re:It's not the same because... (1)

Piranhaa (672441) | more than 5 years ago | (#26845173)

But how do you know the server logs needed a search warrant to obtain? Some sites are resistant at giving out logs, while others will blatantly give them out if there is ANY indication at legal action. RIAA lawsuits anyone?

While I can partially see where you're coming from, I just don't see how this can be justified. If there is enough of a reason to care, a search warrant should be required IMHO.

This could also just be a baby step to "security". Next year we could be seeing a similar article, but the police saying the same thing about server logs. "Well, we really are too lazy to put together search warrants all the time, so why don't we just get every website to hand over their logs upon request?".

Re:It's not the same because... (1)

DontBlameCanada (1325547) | more than 5 years ago | (#26845075)

I view it a bit differently.

If police had asked for the website's Apache log, then they were indeed attempting do determine what visitors were doing. They had already determined the "what" was illegal, now they were asking for the "who".

Its little different than police asking for the name of an threatening letter writer who didn't sign their name, but did leave a return address. The illegal act was the threatening letter, the valid query was "who lives at 22-B Baker Street?"

Re:It's not the same because... (1)

nurb432 (527695) | more than 5 years ago | (#26845553)

While i agree with you, they could take that analogy to the point that what you do with your connection is similar to what you do in front of an open window facing the street.

I thought you needed a warrant? (1)

theredshoes (1308621) | more than 5 years ago | (#26844533)

"There is no confidentiality left on the Internet if this ruling stands," said James Stribopoulos, a law professor.

I just can't believe this. I thought in the US you have to have a warrant to get an IP address info on subscribers. It is crazy dealing with traffic with savvy users, much less dealing with the people that change them, black hole them, then trace them again. I wouldn't want to have that job, it sounds exhausting.

It's sounds like the government is tired of playing cat and mouse to me with this kind of legislation put in place it will elevate some of the pressure I guess. Maybe they are trying to just clean up the internet, nab people. I read the first article so far.

John Gault (1)

theredshoes (1308621) | more than 5 years ago | (#26844681)

I liked John Gault's speech, I never have heard of him before coming across what was posted.

Re:John Gault (1)

theredshoes (1308621) | more than 5 years ago | (#26844909)

I read parts of Atlas Shrugged about ten years ago and recently wanted to read it again about four or five months ago when I saw that a movie was made about Ayn Rand. I did not have the time while I was in school last semester and I certainly didn't remember the "Who is John Gault?" reference at all until I just googled it right now. It is on my list to read, but putting in 1,000 + pages of reading right now is probably not the best idea in my current circumstances.

Ayn Rand is very logical and her ideas on individuality seem sound, but the power of believing in yourself isn't any good if you don't have someone to share it with, so I can't get completely on board with her ideas and philosophy the little that I know of it. Sharing makes life worthwhile if it is heartfelt and willing.

I agree with not forcing people, but then I guess with how the world is now, you sort of have to force people to share with the state of things. Most people I meet have all of these agendas. I couldn't live my life that way, that is probably why I am not much of a success. LOL

Anyway, I enjoyed reading the speech.

Re:John Gault (1)

DrLang21 (900992) | more than 5 years ago | (#26845691)

Ayn Rand was a nut ball. She made a lot of good points, but for her to consider you to be rational and objective she demanded such irrational strict adherence to her words that she was building a religion rather than a philosophical concept.

Also, just fyi, Ayn Rand was never opposed to sharing your life with someone else. She held that if being with someone else whom you respect brings you joy, then it would be foolish to deny yourself that selfish desire. Just because you are selfish does not mean that you can't selfishly love someone. In fact, she would have held that most happy relationships generally identified as selfless are actually quite selfish.

Re:I thought you needed a warrant? (1)

cdrguru (88047) | more than 5 years ago | (#26844763)

Police generally do not need such a warrant. They can get one, everyone knows they can get one, so the actual necessity of getting one is usually waived.

This is pretty much identical to the situation of a cop standing on your doorstep wanting to search your home. They have probably cause, you know they have probable cause, they know they have probable cause. The cop says if you want them to get a warrant it will just be a hassle and if you put them through that extra step it will certainly happen and everyone will just stand around and wait for it.

What do you do? Make them get the warrant? Most businesses are not going to do that. They fork over the information on request with the assumption that the need to maintain good relations with law enforcement and being an obstrctionist isn't the way to make friends.

99% of the time it is irrelevent because they could have easily gotten a warrant within 24 hours.

C A N A D A -- is different from the US ! (3, Interesting)

redelm (54142) | more than 5 years ago | (#26844551)

There are no exact Miranda Rights in Canada, nor "fruit of the poisoned vine" doctrine nor 9th Amendment "expectation of privacy". There is a Candian constitution, and it says different things, mostly with "reasonable" exemptions.

Canadian Courts and police operate differently from the US. The individuals are generally more professional and competant, and less ambitious for higher office.

A Canadian court might will find (and even presume) police are acting reasonably, so evidence is admissible.

Exactly how is a Reverse IP lookup is different from using a Criss-Cross telephone directory?

Chill!

Re:C A N A D A -- is different from the US ! (1)

ForrestFire439 (1458475) | more than 5 years ago | (#26844661)

As far as I know, in the U.S. the police can *ask* for any information they want but the company is under no obligation to provide it. I'm not sure a case would get thrown out in the U.S. because there wasn't a warrant if the company voluntarily provided the information. The company might run afoul of consumer protection laws, but I'm not sure. Someone correct me if I'm wrong.

Re:C A N A D A -- is different from the US ! (1)

k7gixxer (1441997) | more than 5 years ago | (#26845285)

Why do you, at the end of your comment, ask a question that was fully answered in-depth by the article? There's irony in the fact that you use a rather strained analogy also, just the point the author is trying to get across as being necessary...

An IP address is not biographical (5, Insightful)

MisterSquirrel (1023517) | more than 5 years ago | (#26844639)

Several people use my computer at home. Plus, I use computers at several different IP addresses, some of which are in turn used by other people. So how can any IP address, by itself, be biographical information about me in particular?

More importantly, how can an IP address be identified with me directly? If "my" IP address is used to download porn, how do they know whether I did it, or someone else at my computer did it? How do they know it wasn't some Russian Mafia's botnet that took over my computer and did it?

Re:An IP address is not biographical (1)

FTWinston (1332785) | more than 5 years ago | (#26844861)

They don't, so its far easier for them to just assume it was you and crucify you.

Re:An IP address is not biographical (1)

whisper_jeff (680366) | more than 5 years ago | (#26845083)

"Several people use my computer at home. Plus, I use computers at several different IP addresses, some of which are in turn used by other people. So how can any IP address, by itself, be biographical information about me in particular? "

Probably in the same way that a physical address is. For most people, they live at an address with one or more other people (spouse, kids, parents, etc.). Some people also have a country home (second address) which may be shared with additional other people (brothers, parents, children, cousins, you get the point). In other words, it won't identify _YOU_ but it will narrow down the number of possible people from "everyone in Canada" to "everyone with access to this (IP) address".

(Yes, I know it's easy to spoof/steal an IP address and all of that stuff, which is a separate issue which would be used to argue how poorly an IP address can be used as a tool for identifying a person. I was answering your question, however - an IP address _can_ be used to help identify someone.)

Fixing computers (1)

phorm (591458) | more than 5 years ago | (#26845117)

While I don't do it so often these days, I used to fairly regularly fix other people's computers at home. Part of the process generally involved testing the internet connection, and often monitoring for spews of unusual traffic (all my connections are routed through a 'nix box).

While I haven't seen anything outright illegal on a client machine (or not that they put there, if you're counting spyware crap), but there have been some pretty weird things on there, not to mention the rather borderline popups that seem to infest the PC's of those who downloaded trojans from warez/pr0n sites.

I wonder how much material it would take to tip you over the line into becoming a suspect. I'd imagine that a few rogue popups aren't going to do in the average user if there's a fair bit of work involved in tracing down their identify, but if the police have a click-of-the-button system to tag people there may be more incentive to do so, and possibly a lot more collateral damage in the process.

Account Holder (1)

JSBiff (87824) | more than 5 years ago | (#26845295)

First, I want to start by stating that I agree with the basic premise of the original Op-Ed piece that these comments are attached to - namely that there is no good reason why police/prosecutors shouldn't get a warrant or subpoena for this information - users should have a reasonable expectation of privacy when using the Internet.

That said, with regards to your questions about an IP address not proving that any particular person is responsible for traffic, while you are correct, it is still necessary for the police to be able to associate an IP address with a name and address, for investigation purposes - it's all about following the clues backwards to the source. Every IP address (well, most, if not all) is associated with some person or organization/company. By getting that information, it allows the police to keep tracking backwards, possibly getting closer to the source.

So, for example, if you are the account holder, and the police have evidence of some online crime which points to your IP address, while they cannot prove that you did the crime, it is reasonable for the police to get a warrant so that they can locate and question you (so, for example, they might be able to find out from you who else you have let use your computer or network, whether you have a wireless or wired network, if it is wireless - whether or not your network is protected with an encryption/authentication scheme), and so that they can do a forensic analysis of your computer equipment. Let's go with your idea that the Russian Mafia made your computer part of a botnet - in that case, the police analysts might be able to detect the presence of the botnet software on your computer, and verify that this is the case. Having made that analysis, perhaps the police work with you and your ISP to trace the control traffic for the botnet back further along the chain away from your computer. Or, maybe it is someone on your network - like say for example you are the Network Admin for a company, and one of the computers at your company is being used to distribute kiddie porn - the police can then try to investigate to find out whether the files were placed on the server by one of your employees, or if instead the computer was compromised by an external hacker or botnet.

My point is, that while the IP address alone isn't really proof of guilt that any particular person committed a crime, it *is* a very important clue, and from that, it is both reasonable and important for the police to be able to obtain, *with a warrant*, name, address, and telephone number for the person who is responsible for that account. Without that information, they would be virtually unable to investigate crimes back to the source (it is, of course, very difficult even with that info, but that info does give them a lead to follow).

Now, yes, some police investigators, and prosecutors, will probably try to incorrectly establish a prosecution based upon the idea that the crime evidence points to this IP address, so the account holder must be responsible. In those cases, the defense attorney should point out to the jury and/or judges the flaw in their reasoning, and get the case dismissed or a not guilty verdict. But, just because this could be mis-used, doesn't mean that police should not have access in the first place to this important evidence.

It's like fingerprints or DNA evidence - alone, they often don't prove guilt. For example, if someone steals your gun, knife, or whatever, and commits a crime with it, your fingerprints or DNA might be on the weapon, but that doesn't prove your are guilty. A good investigator/prosecutor will take that into account, and a good defense attorney will point that out in court, if necessary, but that doesn't mean that fingerprint and DNA evidence aren't useful, and aren't legitimate for the police to use. In this example, once the police have identified you as the weapon owner, they can contact you, and find out that the weapon was stolen, approximately when it was stolen, any information you might have about who stole the weapon, etc.

The analogy is fair up to a point (0)

Anonymous Coward | more than 5 years ago | (#26844677)

Comparing IP addresses to residential addresses would be reasonable if the consequences of disclosing them were the same. But they're not.

If the police, without a warrant, could easily find out the contents of the postal mail that's delivered to any residential address, you'd better believe that people would want to keep their residential addresses private.

And, if there was no way for the police or anyone else to identify the contents of Internet traffic based on IP address, then people wouldn't care that much about keeping their IP addresses secret.

Expert evidence at trial (1)

wrecked (681366) | more than 5 years ago | (#26844685)

That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information.

Expert evidence is often used in many different trials, for many different issues. However, the law in Canada requires that judges do not abdicate their decision-making authority to the experts. The proper role of the expert is to provide information to the judge that is outside of the judge's own area of expertise. On any given trial, there will usually be two experts (one for each side) who have completely contradictory opinions. It is the judge's job to weigh each expert's opinion against the rest of the evidence as a whole.
Thanks for bringing attention to this Ontario case. I raises a lot of interesting issues. I hope it is limited to criminal matters, and is not extended to civil ones. There was another Canadian case a few years ago where some RIAA-type outfit was demanding subscriber information from an ISP, and the judge held there that the subscriber information should not be disclosed.

ohnoitsbennett (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26844687)

I keep hoping my "ohnoitsbennett" tag will catch on. No luck yet.

I swear this dumbass must have compromising pictures of kdawson with a sheep, or something.

Faulty Reasoning (0)

DeathToBill (601486) | more than 5 years ago | (#26844701)

The OP reasons that a 'reasonable expectation' of privacy can be broken down into two independent components: Is there an 'expectation'? And is that expectation 'reasonable'?

The reason this is not valid is that the broken-down version has a subtly subjective aspect that the combined expression lacks. Does the user have an expectation of privacy in context X? "Just ask them: Do you?" The question has become an entirely subjective one posed to the defendant, and it amounts to, 'Did you expect that your access to illegal content would remain undiscovered?' Well, duh, of course he did. The point of the law is not whether the defendant had an expectation of privacy, but whether our society has a reasonable expectation that such things will remain private.

Having broken the question down in an invalid way, he still makes a mess of the second part of it: "It seems absurd to say that a user's expectation of privacy for their identity online [...] is 'unreasonable'." Well done, that man, a top piece of reasoning, indeed. Taken together, these two would produce the following courtroom scene:

Lawyer: "Did you have an expectation of privacy when you murdered ninety-three people in central park?"
Defendent: "Yes."
Lawyer: "Well, it seems absurd to say that your expectation of privacy was unreasonable; after all, you wouldn't have done it if you'd expected people to be watching. OK, right to privacy established!"

You can't rely on the defendant's expectations and ideas about reasonableness.

Re:Faulty Reasoning (1)

dstarfire (134200) | more than 5 years ago | (#26845787)

hmm, I think you misunderstood the sentence there. The author was suggesting that the general user population be polled for their opinion, NOT the accused. Who really cares what an accused person thinks about the crime (or circumstances thereof) they're accused of?

Secondly, your example is wildly unrealistic as it ignores the whole "innocent until proven guilty" thing. I know canada's a bit different than here (as redelmd pointed out), but I'm pretty sure they subscribe to THIS judicial standard.

Ignorant Old White Men (1)

hyades1 (1149581) | more than 5 years ago | (#26844715)

If there's a more hidebound, out-of-touch, bunch of rich old white men on the continent than a meeting of Ontario judges, I'd be surprised. Even the few who happen to have vaginas fit the profile.

Security is always a trade off (0)

Anonymous Coward | more than 5 years ago | (#26844843)

Security is always a trade off. Want to protect your children, your precious children, from the evil perverts of the world? All you have to do is throw away anonymity. Throw away your capacity for reprisal free speech.

Say I'm a corrupt government official and I decide I don't like dissidents. I'll just order the ISPs to reveal any political opposition via IP tracing. No warrant. I'll just send a letter. I'll find my enemies. I'll find this anonymous coward.

Safety isn't so precious that you sell off far more important things. If my father or mother sold out my right to do, well, something just like this...I'm not sure if I'd return their fearful love.

Perhaps the case of child porn is a strong enough one to warrant(heh) an exception to the rule, but the rule should be privacy first. Free speech first.

This should be the LAW (0)

Anonymous Coward | more than 5 years ago | (#26844893)

The court is right. Not only that but it should be a worldwide law that all computers, televisions, phones (landline and cellular), automobiles, and toilets should have a built-in video camera that transmits video to the government at all times. The government will hire thousands of people to each watch about 100 screens at a time, with the source of the video on each screen changing every minute or so, so that everybody knows they are being watched but nobody knows exactly when. If a government agent sees something they don't like, they have the swat team barge in, arrest you, and have you "disappear" into a prison or gulag system without the possibility of getting out, of getting a trial, or of ever being heard from again, even if the alleged offense is not illegal at all. This will have many advantages. First it will help stimulate the economy because the government will have to hire all those people to watch the screens, the government will have to buy the screens and set up the facilities to install them in, the people will have to buy all those camera-enabled devices to comply with the law, prisons and gulags will have to be built very rapidly, and a lot of additional jobs will be created when thousands of people have to be hired to administer the system. Even more jobs will be created when the government hires thousands of auditors who have the right to barge into anyone's home or office and check to make sure that all the requisite devices comply with the new law. All of this economic stimulation guarantees multiple economic orgasms.

The excuse (1)

phorm (591458) | more than 5 years ago | (#26844929)

Recently, there have been a bunch of bills being pushed through to allow the police sweeping powers [michaelgeist.ca]. I've also noticed a lot more in the paper about the police busting illegal pornography peddlers.

Seems that this is a pretty common pattern. If you're trying to push privacy-invading laws into effect, focus on a group that's rather universally disliked, generated a lot of publicity, and then say it's all part of the fight against (group X).

Re:The excuse (0)

Anonymous Coward | more than 5 years ago | (#26845385)

Goodwin's law in 3...2...1...

commentary boils down to this: (1, Insightful)

circletimessquare (444983) | more than 5 years ago | (#26844939)

But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book -- users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP.

i don't know about you, but i have no expectation of privacy for my identity online, and frankly, i don't know why anyone, especially the technically astute on slashdot, would have such an expectation. if i wanted to hide my identity, i would use Tor... just like the commentary says. if i don't use Tor, i have no expectation that what i am doing online is private. why do you?

and i'm not talking about policies and procedures of the government, i'm talking about any random yahoo of questionable motivation and privy to ip logs. this can be the government, it can also be a miscreant like a hacker who breaks into a webserver, it can be a webmaster of questionable ethics, it can also be a website i do business with interested in selling my private information. i know for a fact that if i make a purchase online, that my ip address is being explicitly logged for fraud purposes. i don't believe, in any way, that i have any privacy on the internet

in fact, one of the worst offenders here is google. think about what you've typed into google in the past 3 months. random musings, personal concerns, professional interests... as a running list, its a pretty good profile of some of the deepest secrets of your identity. anyone reading that list can even triangulate psychological truths about yourself perhaps in ways better than even you yourself understand yourself. and google is explicitly keeping this information. and maybe you use gmail, which represents even a larger treasure trove of such insights. put it all together: you have no privacy on the internet

the internet, in fact, pretty much represents the great assault on the very notion of privacy ever to exist in human history. honestly, if you want privacy, stop using the internet, or surf in complete incognito (which can be a pain in the ass at times)

i think the commentator is fighting a war which has long been lost, regardless of how the government operates. what the government thinks and how it operates CAN and SHOULD be attacked, by all means. but the idea of a "reasonable expectation of privacy" about anything you do on the internet is absurd. i know what i search for and what i visit is recorded and can be stitched back together, by all sorts of entities, not just the government

What Would we Know? We're not :Lawyers (2, Insightful)

segedunum (883035) | more than 5 years ago | (#26844977)

As a previous Slashdot article claimed, us technology people are not lawyers. What would we know about this stuff? Of course you can identify one person via one IP address in a one-to-one mapping. Everyone knows that. I got modded down for suggesting this kind of idiocy, because this is internet and networking 101. If you can't present the facts of what an IP address actually is then you have a real problem.

Child pornography is serious (OK, it's used as a politically correct example sometimes) and I'm not suggesting for a second people should get off on technicalities, but if courts are going to gather evidence and convict then they need to get some clue about the facts and understand what it is that they're talking about. Unless they do I can see massive claims for damages at some point in the future. This happens all over the world as well.

Solution: Notarized letter to ISP (1)

javacowboy (222023) | more than 5 years ago | (#26844987)

If the judge's analogy applies to listed but not unlisted numbers, then there's a simple solution:

Send a notarized letter to my ISP telling them that I wish my IP address to be kept private, and that I expect the same level of confidentiality as I would with an unlisted number.

This way, if they get my identity from my IP address without a warrant, the letter of intent will be on file, and I will thus be unaffected by this ruling.

As long as there's reasonable cause (1)

ImOnlySleeping (1135393) | more than 5 years ago | (#26845097)

I like privacy as much as the next guy, but I assume this doesn't work both ways. If you are suspected of downloading child porn (as in this case, which is illegal despite what all the thought crimers out there think) the cops have a reason to locate you (same as if you were soliciting over the phone). As long as the cops aren't allowed to obtain the identity first and then look at your browsing habits after, there isn't really an issue. I have an expectation of privacy as long as I'm operating within the bounds of the law, but if I chose to violate the law, I have to expect that there can be repercussions. As long as in all cases where the IP is obtained, the cop can detail what steps lead to the searching for the IP, we're okay. The problem would be if a cop has a beef with someone or a political opponent that they obtain information on and then scour all the details after the fact, looking for the escort service or an anonymous post about drug use or what not.

Re:As long as there's reasonable cause (2, Insightful)

josepha48 (13953) | more than 5 years ago | (#26845261)

So what if some spammer or someone sends you porn or child porn in this case in your email?

Anyway, it's not like anyone can spoof an IP address anyway, right? (j/k we know better) so then what if someone does, and the cops don't figure it out and they go after the wrong guy? Suddenly someone could be accused of being a child pedophile and then his neighbors find out. Even AFTER he is found innocent because the police could screw up ( AND THEY DO ), his life will NEVER be the same. Once someone is tagged pedophile even if they are not a pedophile society does not change it's thoughts towards them.

In theory this sounds like the right idea, but in practice, ANY TIME the government is involved ( and police are part of the government ) things can go amuck.

Re:As long as there's reasonable cause (1)

mini me (132455) | more than 5 years ago | (#26845823)

So what you are saying is that the police should only have access to your information if you are already suspected of breaking the law using a given IP address?

If only we had a legal process in place whereby the police could be given permission to access said information in such a situation. A warrant, if you will.

Buried gem of a quote (0, Offtopic)

liegeofmelkor (978577) | more than 5 years ago | (#26845255)

For those of you whose eyes glazed over after realizing this 'analysis' was drivel, I'll highlight a superb quote which disinclines me to believe anything Bennett says:

Suppose a security company were to discover an exploit in Internet Explorer that could reveal your real name (as entered in your personal computer's Control Panel settings at setup time)...

Your 'real name'?!?! Who the fuck EVER puts their real names on any Microsoft product registration (excluding your basic, non-slashdot reading, use-the-computer-to-download-the-internets user). I think that the MAJORITY of machines that I've seen have some variant of "FUCK BILL GATES/FUCK M$" for registration names. His naivety is worth a chuckle. Enjoy!

Re:Buried gem of a quote (1)

SuiteSisterMary (123932) | more than 5 years ago | (#26845445)

One day, while installing Windows at home, it wanted a company name. Wouldn't let me continue without one. So I put in 'Defenders of Justice.'

A while later, while checking a resume written in Word 2000, I couldn't help but notice that 'Defenders of Justice' was auto-embedded in the file metadata.

self-fullfilling? (1)

molecular (311632) | more than 5 years ago | (#26845291)

So the argument is that it's reasonable to expect that my IP can be mapped to my person? Well, after this ruling it's definitely reasonable to assume this.

So this is something like a self-fullfilling prohphecy, right?

Think of the Children! (0)

Anonymous Coward | more than 5 years ago | (#26845325)

Wow. Just wow. I live there. I find this ruling unbelievable. Very wrong. All under the auspices of the "save the children" chant.

IANAL however I do work for the Ontario Government and I do deal with FIPPA (Freedom of Information and Protection of Privacy Act) daily. Which is a law that governs this sort of thing. I am pretty sure I would be hung up by my balls and fired if I did what that judge just did. I guess some laws are just laws of convince.

If the same thing happened where the investigator got a warrant, court order, etc to get the info from the ISP, I would have no problem with it. The fact that he now made it open season to anyone with "lawful authority" (whatever the hell that means) to contact the ISP and look at your internet history, for whatever reason they well feel like, probable cause or not. What sites you visit, what files you download, etc... just brutal.

Big brother was always watching, but at least he had to have a good reason to do so before.

Scary Stuff.

I can't wait until someone is convicted because they didn't secure their WAP.

BTW the IP number by itself would not be protected, only in association with a private individuals name and other personal details.

Also just for fun, because I have "no expectation of privacy" I might as well "Post Anonymously" for the irony. :)

Not street address (1)

pcgabe (712924) | more than 5 years ago | (#26845389)

An IP address is not like a street address (which is fairly permanent). It's more like a hotel room number (transitory). The identity of the occupants of room 128 are not public knowledge like in a phone book, but must be obtained through a 3rd party (the hotel's front desk).

Do police need a warrant to look at the front desk's guest log?

The hotel room analogy also explains why IP addresses are insufficient evidence of criminal activity. If they know that criminal activity took place in room 128 last week, and arrest whomever is staying in that room this week, they don't necessarily have the person responsible. Could it in fact be the criminal? Sure, it's possible. But hotel rooms change occupants on a regular basis.

What if the IP is constantly being changed? (0)

Anonymous Coward | more than 5 years ago | (#26845435)

Privacy arguments aside, people typically don't change their names constantly, nor necessarily their physical addresses and phone numbers. But if I change my MAC and my IP address on a regular basis then how are either of these "biographical data" if they no longer apply to my computer? Considering that there are plenty of folks who take the same security precautions, an IP address (and/or a MAC) taken from any given time and date may be as relevant biographically as a phone book listing taken 10 years and 5 moves ago.

The simple fact is that for law enforcement to expect that an IP address should count as accurate "biographical" information for them to act upon is the same as expecting that old phone book listing to be current and accurate. Big mistake, both for whomever's door they bust in who happens to have gotten the old IP address assigned to their computer via DHCP, and for law enforcement when they get eventually sued or otherwise disciplined for the bad accusation/arrest made on bad information.

houses aren't made of glass (0)

Anonymous Coward | more than 5 years ago | (#26845437)

Giving someone your address does not imply to them that they are welcome into your house and can take a full inventory of what you own, and put a camera in every room.

However, your ISP giving someone your IP address implies your entire "inventory" of internet searching is now available for viewing.

To the author (1)

Dunbal (464142) | more than 5 years ago | (#26845527)

Ontario is a country called Canada.
Virginia is in a country called The United States of America.

Comparisons between the laws of two separate countries are useless, because they have their own separate laws, governments and courts.

Uniquely identifying someone from an IP address (1)

Ronald Dumsfeld (723277) | more than 5 years ago | (#26845583)

ISPs deliberately go out of their way to stop you from establishing a link between your IP address and any sort of identity.

By sheer luck, some people manage to get semi-static IPs, if you want it guaranteed you pay hand-over-fist. The rest of us? Bounced from one DHCP lease to the next in case we actually run some services on our machines.

You can count me in for a "reverse IP phone book" if they'll let me have ronald-dumsfeld.myisp.com
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...