Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Can You Really Be Traced From an IP Address?

CmdrTaco posted more than 3 years ago | from the who-are-you-who-who-who-who dept.

Music 246

Barence writes "Identifying individuals using nothing more than their IP address has become a key part of anti-piracy and criminal investigations. But a PC Pro investigation casts serious doubt on the validity of IP-based evidence. 'In general, the accuracy of IP address tracing varies depending on the type of user behind the IP address,' Tom Colvin, chief technology officer with security vendor Conseal told PC Pro. 'Whilst big businesses can be traceable right back to their datacenters, standard family broadband connections are often hard to locate, even to county-level accuracy.'"

Sorry! There are no comments related to the filter you selected.

Static & resolves? (0)

Anonymous Coward | more than 3 years ago | (#35638340)

If your address is static & your ISP is quite happy to cooperate...however, if you're like most people, on dynamic IP, or some behind proxy or on Tor etc then the "evidence" can be highly unreliable.

Re:Static & resolves? (3, Insightful)

Anonymous Coward | more than 3 years ago | (#35638488)

I would say if your address is static OR you ISP is happy to cooperate; only takes one for you to be quite trackable. What worries me a bit is that this article seems to advocate for legal precedent to be based on this idea, which is quite short sighted. Yea, right now it might be a bit hard to authoritatively determine the end user of a dynamic IP, but IPv6 is coming and when it does, everything and everyone will have their own, easily traceable IP address. Privacy laws need to be based around that assumption now.

Re:Static & resolves? (2)

dogsbreath (730413) | more than 3 years ago | (#35639446)

It also depends on the accuracy of the ISP dynamic IP records.

The IP records, if they keep them, are subject to a number of accuracy issues. So much of the ability to trace the given IP at a given time back to a particular subscriber line or dataset depends on accurate configuration of many devices and databases... and on the people that manage all of it.

eg1: Allocation of routable IP address ranges to DHCP servers changes more often than you might think, primarily due to the scarcity of IPV4 addresses. Depending on how the ISP handles these changes, you could easily have a situation where a subscriber endpoint is returned that is no longer correct.

eg2: Say we're talking about DSL. In all of the millions of pairs of wires that have been connected by hand, there are bound to be errors, either in the actual jumpering or in the record keeping about the jumpers and the end points. Believe me, this happens and it can go undetected for a long time.

eg3: Systemic errors in the provisioning software that manages the DHCP servers. As long as the billing records don't come into question and the subscribers get their service, it is unlikely that anyone is going to notice that there is a problem with the generation of the reverse lookup name. If the dynamic IP to dynamic name relationship is not always correct, who is going to notice? This one in particular can be a real bugger to find.

eg4: You would think that everything is kept straight by monolithic, standardized allocation software and methods that are tried and true, but all you need is one manual step in a process to throw everything into question. Excel spreadsheets crop up in the most unexpected places.

Basically, IP tracking by an ISP is an inventory management issue and even with relatively static warehouses it is nigh on impossible to get two counts to agree. The larger the inventory and the more dynamic the flow, the more likely there will be problems.

Re:Happy (1)

TaoPhoenix (980487) | more than 3 years ago | (#35639530)

I'll conclusively say right now: the ISP is happy to cooperate. It's only When, not If. They get a cut of the resulting lawsuits.

Re:Static & resolves? (1)

isopropanol (1936936) | more than 3 years ago | (#35639018)

My IP at home is dynamic but I've had the same one for over a year.

Sure. Don't be paranoid! (5, Insightful)

Chas (5144) | more than 3 years ago | (#35638360)

Depending on what data is being captured by the ISP for management purposes, this COULD be true.

But, if they can track you well enough to meter you (Comcast, AT&T, etc), they can track you down to your IP too.

Re:Sure. Don't be paranoid! (4, Informative)

rolfwind (528248) | more than 3 years ago | (#35638470)

Apparently they can't meter you too well.

http://www.digitaltrends.com/computing/att-vows-to-improve-inaccurate-broadband-metering/ [digitaltrends.com]

As to the tracking, I'm sure it can be done, however, unlike DNA, spoofing is completely trivial, so I would never be comfortable having it as the only evidence in some type of trial.

Re:Sure. Don't be paranoid! (1)

ZonkerWilliam (953437) | more than 3 years ago | (#35639368)

Throw in this that a lot of people have wireless routers, it would be impossible to tell, even if you track down the IP address to the physical address, that it was being used by you or your family. One could always say "I had an open wi-fi connection", and it would impossible to say who was behind that IP address.

Re:Sure. Don't be paranoid! (0)

Anonymous Coward | more than 3 years ago | (#35639470)

Will law enforcement treat this like the photo systems that capture speed/red light infractions eventually? The infraction is not associated to the user but rather the connected device. Having received a speed violation (sent to me, but my wife was the operator, given the location), I dislike the fault association with the owner, but it seems that someone would likely create it to stop people from using the "open wifi" defense.

Mij

Re:Sure. Don't be paranoid! (1)

Vanderhoth (1582661) | more than 3 years ago | (#35639954)

I'm under the impression this is already done. At least in Canada.

I've read that if a router has an open connection and someone out war driving connects to the unprotected router to look up child porn (CP). The owner is responsible because they negligently left the connection unprotected. In the city live in there are free connections all over the place. If you live in an apartment building guaranteed there is an open connection. I've only ever heard of one case where some one tried to use the, "But my router is unprotected. It could have been anyone." defense. The problem was the CP was found on their laptop. Then they tried to say some malware had been installed, which downloaded the CP so they weren't responsible. I didn't ever hear how the case turned out.

That being said, Someone COULD try to hack my router to do something illegal or they could park a house over and leach off the High schools free open wifi. I was talking to my neighbor one day when he told me he and at least the other six houses to the corner of our street just use the high schools connection. On a good day I can connect, but most of the time I'm just out of range so I'm stuck paying for the connection. If I had bought the house I was originally looking at, which is just on the other side of my neighbors house I could have gotten free internet. Everyday I see that one bar signal for the HS flashing on and off, I hear Nelson laughing at me because I could had it. Oh Well, I'm sure my neighbors will all get in shit for it some day.

Re:Sure. Don't be paranoid! (1)

rikkards (98006) | more than 3 years ago | (#35640078)

Wouldn't surprise me if this is true but do you have a link that proves this?

Re:Sure. Don't be paranoid! (0)

Anonymous Coward | more than 3 years ago | (#35639544)

Most Cases involving IP addresses do not need "Beyond a Shadow of a doubt", but rather "More likely than not" to assume guilt.

In which case a open wifi connection would not protect the owner of such IP Address from a civil suit.

In a criminal case the IP would be combined with other evidence, such as alibi, motive, and witnesses.. etc.

Re:Sure. Don't be paranoid! (0)

Anonymous Coward | more than 3 years ago | (#35639426)

What makes you think DNA is a good evidence?

1 in a million match is a statistical measurement based on the assumption that markers are evenly spread - as far as I know they haven't actually proven that we as humans are as diverse as the DNA proponents propose.

Re:Sure. Don't be paranoid! (1)

Attila Dimedici (1036002) | more than 3 years ago | (#35640072)

Actually, current DNA identification isn't all that good either. Most DNA identifications are "1 in 100,000", those that I have seen claiming higher reliability have proven to be hyperbole. This does not mean that higher reliability is not possible, just that current techniques that I have heard referenced are not very reliable identifiers.

Re:Sure. Don't be paranoid! (1)

delinear (991444) | more than 3 years ago | (#35638550)

It's not just that it's difficult to track the IP back to your household, but that that's not the full extent. What if it's a shared account in a student accomodation, or you're running your PC as a node on a TOR network (so in both cases the "infringing" traffic might look like it's coming from your IP but you aren't the one committing the act). With difficulty in ensuring the IP was assigned to you at the time it was used on one side, and then in proving that it was you downloading the file on the other (and that's assuming you don't have the right to do so, or that you initiated the act knowingly) it's an incredibly flaky way to "prove" anything.

Copyright law out of whack warning (1)

Mathinker (909784) | more than 3 years ago | (#35638884)

> or that you initiated the act knowingly

IIRC, this is not a valid defense against the tort of copyright infringement. Neither is not knowing the true copyright status of the work.

Perhaps this was somewhat defensible in an era where distribution was for all practical purposes always funded by having to pay for works under restrictive copyrights. However, even since television began, long before the net, other models of distribution have become widespread. To me it's pretty amazing that this is still the law in the current reality.

Re:Copyright law out of whack warning (2)

zach_the_lizard (1317619) | more than 3 years ago | (#35639430)

It's not amazing to me. History is full of business models being propped up by legislation and cronyism, copyright laws being no exception. Benjamin Franklin lobbied for paper money so that he could get a job printing it (decades before the American Revolution), so it's a time honored tradition in this country.

Re:Copyright law out of whack warning (1)

pixelpusher220 (529617) | more than 3 years ago | (#35640130)

> or that you initiated the act knowingly

I think the poster's meaning was that you actively participated in the download; rather than a virus doing the downloading so to speak.

Re:Sure. Don't be paranoid! (1)

pixelpusher220 (529617) | more than 3 years ago | (#35640102)

From a legal standpoint, only one person signed the contract. That person is liable for anything done with the connection. And yes, as the legally assigned person have to 'prove' it wasn't they who committed the act that was traced back to their 'address'.

and for the old world analogy:
If your car is seen and photographed robbing a bank and everybody in the house had access to keys, who do you think they are going to look at first?

Re:Sure. Don't be paranoid! (1)

satch89450 (186046) | more than 3 years ago | (#35638682)

But, but, but...the meter is by account, not by "person". It's like a water meter: it doesn't matter who is using the water, all that the water company wants to know is how much is flowing out of its pipes to the customer of record. Take a WiFi access point: one IP address with NAT can be used by hundreds of people at the same time. (I know this because every year I run a WiFi network at a show with 300 people...and roughly 700 devices -- so tracing activity to just one device is a real needle in a haystack.) It gets worse if the ISP is monitoring ATM packets instead of IP traffic...

Re:Sure. Don't be paranoid! (1)

VolciMaster (821873) | more than 3 years ago | (#35639220)

gets worse if the ISP is monitoring ATM packets instead of IP traffic...

Why is the ISP monitoring my banking?

Re:Sure. Don't be paranoid! (1)

Ephemeriis (315124) | more than 3 years ago | (#35639162)

Depending on what data is being captured by the ISP for management purposes, this COULD be true.

But, if they can track you well enough to meter you (Comcast, AT&T, etc), they can track you down to your IP too.

The problem is that Charter assigns one IP address to my router, and everything behind it is sharing that one IP.

So... Who generated that traffic you're interested in? Was it me? My wife? My kid? One of the few people I've given wireless access to? Somebody who cracked my wireless network?

Re:Sure. Don't be paranoid! (0)

Anonymous Coward | more than 3 years ago | (#35639522)

As someone using a public wifi I disagree

Re:Sure. Don't be paranoid! (1)

poetmatt (793785) | more than 3 years ago | (#35639998)

The "you" here is the wrong focus.

Can you be traced to an IP address? The answer is and will always be, no.

Can an IP address be traced to a MAC address and/or general geolocation? Yes. Is that data accurate? Not necessarily, and there's pretty much no guarantee of accuracy. Do ISP's give a shit who is using their cable modem as long as it's paid for? No.

Just because "I found an IP address accessed at X time and Y cable modem" does not mean that you can truly verify anything beyond the cable modem without far more info (and a violation of plenty of laws without a warrant).

WTF? (4, Insightful)

YodasEvilTwin (2014446) | more than 3 years ago | (#35638380)

This is not the problem with IP tracking. In most instances the ISP will have logs linking IPs to customers, and people can be easily traced. The real problem is that AN IP IS NOT A PERSON. You cannot trace a person through an ISP (except through strong circumstantial evidence such as someone using their email account from that IP). If all the info you have is that someone/something at IP 12.34.56.78 downloaded kiddie porn, that's no evidence at all. Was it the suspect? Was it a family member or friend? Was it some random on the street who cracked the WEP key or accessed an open network? You have no idea and you never will unless you can find 1) evidence on a computer and 2) evidence that the suspect was using said computer at the time.

Re:WTF? (3, Insightful)

MokuMokuRyoushi (1701196) | more than 3 years ago | (#35638476)

Interestingly, the article says much the same. If you're going to get pissed off about an article, shouldn't you at least read it first?

Re:WTF? (1, Redundant)

VolciMaster (821873) | more than 3 years ago | (#35639240)

If you're going to get pissed off about an article, shouldn't you at least read it first?

you must be new here...

Re:WTF? (0)

Anonymous Coward | more than 3 years ago | (#35638498)

This is not the problem with IP tracking. In most instances the ISP will have logs linking IPs to customers, and people can be easily traced.

The real problem is that AN IP IS NOT A PERSON. You cannot trace a person through an ISP (except through strong circumstantial evidence such as someone using their email account from that IP). If all the info you have is that someone/something at IP 12.34.56.78 downloaded kiddie porn, that's no evidence at all. Was it the suspect? Was it a family member or friend? Was it some random on the street who cracked the WEP key or accessed an open network? You have no idea and you never will unless you can find 1) evidence on a computer and 2) evidence that the suspect was using said computer at the time.

strangely this doesn't seem to stop the authorities from charging many people and ruining their lives in the process before dropping the charges

Re:WTF? (1)

AHuxley (892839) | more than 3 years ago | (#35638762)

Thats where a phone tap and sneak and peek can be so useful. A "plumber" at 12.03 on the afternoon you expected.
Just before they touch your tap something sets up a few lines about a mix up at the office.

Re:WTF? (0)

Anonymous Coward | more than 3 years ago | (#35638808)

you sound pretty mad, almost as if you're taking it personally. Or you have something (perhaps involve pictures of naked children) to hide.

Re:WTF? (1)

mijelh (1111411) | more than 3 years ago | (#35639620)

My fallacy detector just exploded. I *do* have many things to hide, but they are not illegal. I call that privacy.

Re:WTF? (2)

mark-t (151149) | more than 3 years ago | (#35638916)

But an IP address (at any specific given time) does have a direct correspondence to a customer of the ISP, a specific person who has agreed to (often in writing) the ISP's terms of service, and would have already had to be prepared to assume accountability for how their connection to their ISP was utilized, even if it wasn't by them personally.

Re:WTF? (1)

misexistentialist (1537887) | more than 3 years ago | (#35639624)

Whoever is upstream of the ISP must have earlier demanded that the ISP take full responsibility for data transmitted. Thoughtcrime: everyone is guilty, though punishment is at the discretion of the government.

Re:WTF? (1)

andrea.sartori (1603543) | more than 3 years ago | (#35639478)

You are right. The depressing thing in TFA is: "Unlike anti-piracy cases, however, IP tracking is only ever used as supporting, rather than primary, evidence in a criminal prosecution." (This said by a police detective constable.) That is, an IP address is apparently enough to bust you for downloading a song, but not enough to download CP... :/

Re:WTF? (0)

Anonymous Coward | more than 3 years ago | (#35639688)

But if they've tracked the IP to your household address, that is reasonable cause to get a search warrant and they'll take all the computers in the house and search them until they find something. The IP address may not give them indisputable proof, but it narrows the search down to just a few people, at a specific address in most cases.

reverse dns + office workers = trouble (5, Insightful)

jaymz2k4 (790806) | more than 3 years ago | (#35638382)

I'm often having to remind users in the office that a simple reverse lookup on our IP and there's the company name sat right there, a few clicks and you've got the building address. Go onto linked in and you've probably got half the employees full names. A lot of people forget just how much information you can get from work IP's. It's not CSI style VB GUI interface level but if you're about to go make some stupid edits on wikipedia don't do it from your office connection.

Re:reverse dns + office workers = trouble (1)

Frosty Piss (770223) | more than 3 years ago | (#35638600)

if you're about to go make some stupid edits on wikipedia don't do it from your office connection.

Making stupid Wiki edits from work is far better for me than from y own IP. If our IT department was the recipient of some screed from some Wiki uber-Editor having a cow over some stupid edit, they would roll their eyes and hit the Delete key...

Re:reverse dns + office workers = trouble (3, Interesting)

value_added (719364) | more than 3 years ago | (#35638686)

I remember doing a reverse lookup on my ATT (then SBC) DSL account years ago. When I discovered my name was shown (for all the world to see), I called ATT to complain and they replaced my name with "Private Customer".

A year or so later, I upgraded to a 5 static IP account, had ATT delegate the /29 to me, and started hosting my own DNS, mail, web, etc. services. Now, a simple WHOIS not only listed my name, but my address and telephone number as well!

Somehow, the new setup made more sense, and felt more acceptable.

Re:reverse dns + office workers = trouble (1)

fezzzz (1774514) | more than 3 years ago | (#35638964)

Most people do not have a problem if the world knows what they do at work. Most of the time the publicity is more of a benefit than a drawback. This is what makes Facebook so popular.

Re:reverse dns + office workers = trouble (0)

Anonymous Coward | more than 3 years ago | (#35639058)

I'm often having to remind users in the office that a simple reverse lookup on our IP and there's the company name sat right there, a few clicks and you've got the building address. Go onto linked in and you've probably got half the employees full names. A lot of people forget just how much information you can get from work IP's. It's not CSI style VB GUI interface level but if you're about to go make some stupid edits on wikipedia don't do it from your office connection.

This is a big Duh!!! Unfortunately too many people do stupid stuff at work. My last office job had most of the web locked out to nearly everyone in the company. Companies are the easiest to trace, but most common folk don't know this.

Depends if someone... (4, Funny)

mario_grgic (515333) | more than 3 years ago | (#35638394)

has written a Visual Basic application to track your IP.

Re:Depends if someone... (5, Informative)

danhuby (759002) | more than 3 years ago | (#35638554)

I had no idea what you meant until I saw this: http://www.youtube.com/watch?v=hkDD03yeLnU [youtube.com]

Made me cringe!

Re:Depends if someone... (2)

TheRaven64 (641858) | more than 3 years ago | (#35639016)

And, in spite of that, their portrayal of IT is still more accurate than their portrayal of forensics...

Re:Depends if someone... (1)

Tolkien (664315) | more than 3 years ago | (#35639614)

Enhance!

Re:Depends if someone... (1)

pyrr (1170465) | more than 3 years ago | (#35639150)

That...wow. I heard the words, but it was like she was speaking a different language.

I think some studio must have a random IT jargon generator.

Re:Depends if someone... (1)

danhuby (759002) | more than 3 years ago | (#35639414)

No, it actually made sense, but it was just a very bizarre solution to the problem (to an IT professional).

An internet security expert will have several tools and methods at their disposal but I somehow doubt "developing a GUI in Visual Basic" would be one of them :)

Developing a GUI in Visual Basic isn't going to help you track an IP address (although it might make tracking an IP address look a bit prettier). Whatever "tracking an IP address" actually means anyway - possibly traceroute or some sort of geolocation - something for a which an existing tool would probably exist anyway.

It's just... wrong... and very cringeworthy.

Re:Depends if someone... (3, Interesting)

L4t3r4lu5 (1216702) | more than 3 years ago | (#35639444)

The problem is that the real thing is so much more time consuming and boring. You remember one of the Matrix movies showed Trinity using nmap? It was on screen for about 0.75 seconds, because using nmap is really, really tedious if you're not into that kind of thing.

How does this sound for action packed fun: "We need to get hold of his laptop and pull out the hard disk drive. We can then mount it as a slave and wait for 6 hours while it takes an image of the entire contents, then put it back in his laptops. From there, we can mount the image in a read only state and use a tool to brute force the encrypted partition key. It should take around 8 years."

Or "He has a 2048 bit encryption! We need to hack all of the code walls with a GUI worm!"

Re:Depends if someone... (0)

Anonymous Coward | more than 3 years ago | (#35638632)

Just make sure it has a GUI interface [youtube.com] .

Re:Depends if someone... (1)

Idbar (1034346) | more than 3 years ago | (#35639626)

Which is particularly easy when someone is using IP addresses in the 300 block.

Re:Depends if someone... (1)

N0Man74 (1620447) | more than 3 years ago | (#35640104)

It doesn't take a full blown VB application... just a VB GUI.

To a point you generally can (1)

cheeseandham (1799020) | more than 3 years ago | (#35638402)

In my experience you can generally trace an IP address back to a given location (using RIPE and then contacting the ISP and I presume using legal means to find out who was using that IP address at that particular time).
But of course after that you have no idea what happens, is it an open Wifi point? Is it a closed one but has been cracked? Has the wifi key been given out to a neighbour? All of these options cast doubt on the exact person who committed whatever criminal or civil act that is under investigation.

They need to learn from the ad muppets. (2)

EasyTarget (43516) | more than 3 years ago | (#35638408)

standard family broadband connections are often hard to locate, even to county-level accuracy

Advertisers rarely seem to be affected by this; every time I plug my laptop in while abroad the adverts change to the current locale..

Re:They need to learn from the ad muppets. (2)

lennier1 (264730) | more than 3 years ago | (#35639198)

Sure you didn't misread "county" as "countRy"?

Re:They need to learn from the ad muppets. (1)

EasyTarget (43516) | more than 3 years ago | (#35639292)

Fair point; it's the language that gets my attention.

Sued (2, Interesting)

Anonymous Coward | more than 3 years ago | (#35638438)

In 1997 a company threatened to sue me for breaking into their system (which I didn't do). Due to my good contacts with the ISP at the time I was able to get my hands on 6 months worth of packet logs related to my cable modem. This was a Dutch, but American owned, cable ISP. If they were logging things to that details at the time, I doubt it has gotten any less today. If you're with one of the bigger ISP's, rest assured, your packets are safely logged.

IP Geolocation is not your location (0)

Anonymous Coward | more than 3 years ago | (#35638450)

My DSL derrived Geolocaton is a good 50 miles from where I am physically located. As someone with a fairly common name then all I can say is good luck to using JUST the IP Geoloc to find me.
Now if the ISP was forced to release my details then fine, fair cop gov. Otherwise, yah boo sucks.

Then if people use things like vpn tunnels or 'tot' then 'ha ha' good luck...

Not me (1)

aAnaRchY (847600) | more than 3 years ago | (#35638456)

They can track my IP, but not me! If "me" is connected to the net with something like Tor...

more HOT jobs; apologists of every circumstance (-1)

Anonymous Coward | more than 3 years ago | (#35638462)

yes, we are easy to find. the truth is much more difficult to locate presently.

convincing talknician apologists for; war, economy, weather, fearmongering, exploding people, religious depopulation schemes etc.. are garnering wages on a level with hired goons, & assorted other liar, tout & shill positions.

business, or pleasure? both sides of chosen ones' evile; http://www.youtube.com/watch?feature=player_embedded&v=lSp-oIOhq00#at=55

so monkeys NEVER had a hymen? (0)

Anonymous Coward | more than 3 years ago | (#35638924)

that's right. butt they/you can have one (re)installed in china, & in various other counties, now. revirginization. what a product/vocation.

we're betting on the advanced dna babys. we know where they came from, & what they can do, no apologies needed.

We all have the same address! (0)

Anonymous Coward | more than 3 years ago | (#35638484)

It get's especially confusing to authorities when they realize we all have the same IP address anyways. (127.0.0.1)

Well Yes and No (1)

trollertron3000 (1940942) | more than 3 years ago | (#35638494)

Well yes and no. In the case of someone like the RIAA claiming they traced it back to a user -yes there is some room to say it's not foolproof. Far from it. But with someone like the FBI? That's not going to work. They will catch you in the act using a "man in the middle" sniffer like Carnivore to ensure the evidence chain of custody can be proved correct in a court room. Considering almost every piece of networking equipment made has LEO intercept capabilities built in, it's not hard.

Alas! I agree with the premise (1)

bogaboga (793279) | more than 3 years ago | (#35638538)

'In general, the accuracy of IP address tracing varies depending on the type of user behind the IP address...'

I whole heatedly agree with this statement. This is one of the few times this has happened with a Slashdot premise.

As a young graduate more than 10 years ago, I NATed a few of my employer's computer IPs, including the internal 192.168.X.X up to 3 levels and asked the then ISP support dude to find out what was going on. He could not, despite having the 'latest' software.

This gives defense lawyers one item they could use to challenge the DA. Trust me on this.

Quote in summary is misleading (3, Informative)

Coopjust (872796) | more than 3 years ago | (#35638542)

RTFA and you see that, as many of us already know, you can get a court order to get the exact identity of the account holder, so the problem as described by the summary quote is not the real issue. Rather, just because you know the account holder does not mean that you can prove that the account holder, or whoever you have on the stand, is the one that infringed.

Despite rear-end covering clauses in the terms of most home ISPs that state that the account holder is liable for everything that goes across their connection, most courts won't accept that. I wouldn't be willing to test it, but it's a very valid point of defense. The number of people with open Wi-Fi is staggering, and even then there are attacks which work on WEP (a ton) and WPA (GPU accelerated attacks can get passphrases in under a minute on many routers), which is the maximum security many home routers in use are capable of. That makes this point even more valid.

Re:Quote in summary is misleading (1)

mark-t (151149) | more than 3 years ago | (#35638978)

While you can't prove the account holder is the one who infringed, he can likely still be held accountable for how his own internet connection is utilized... in fact, he probably agreed to something along those lines when he signed up with the ISP.

Re:Quote in summary is misleading (1)

Combatso (1793216) | more than 3 years ago | (#35639526)

but that 'contract' the end user agrees to does not trump law. so there may be valid loop-holes and precedents. im not a lawyer or a criminal, so I havent got any references,

Re:Quote in summary is misleading (1)

nordah (1365739) | more than 3 years ago | (#35639842)

but that 'contract' the end user agrees to does not trump law. so there may be valid loop-holes and precedents.

Well, certainly a contract to do something illegal is not a valid contract, and form contracts of adhesion that do not allow negotiation (the kind nearly everyone signs with their ISP) are looked at with increased scrutiny and some disfavor by courts.

But the law largely allows you to freedom to bind yourself to contracts and those contracts are enforced, by law.

im not a lawyer or a criminal, so I havent got any references,

Though our laws at the local, state, and federal levels are becoming increasingly complex, you do not need to be a lawyer, (or a criminal!) to be educated on the rules governing our society's behavior.

Re:Quote in summary is misleading (1)

rgviza (1303161) | more than 3 years ago | (#35639796)

If the acct holder is not responsible for the activity that happened over their wi-fi, eventually they'll be cleared. The burden of proof is still on the government and they need to prove you did something. Traffic to your IP only leads them to your cable modem. It doesn't prove you downloaded anything. They still need to prove you possess(ed) whatever they are looking to nail you for. Only problem is in the mean time the feds will have confiscated every electronic device in their possession to do forensics on it. Then it all may sit in an evidence room for an indeterminate amount of time (usually years) waiting for trial.

In the mean time the accused has had all of their equipment taken and may as well write it off. It'll be depreciated by the time they get it back.

So despite not having any criminal charges that will stick to them, they are out many thousands of dollars for the gear that's now sitting in an evidence room.

It pays to secure your wireless connection... Even if you simply get accused of something you didn't do, it's rough, can be very costly, and will ruin your life for a considerable amount of time.

It's much easier to set a damned wireless password.

yes, you can be, but not instantly. (1)

gl4ss (559668) | more than 3 years ago | (#35638622)

if they're billed, authorities can get the information, provided that they go through the hoops necessary. it's not instant and movie like, of course. even pre-paids get tied to a name when they're charged(and cellinfo is logged, for a time). so it's mainly used to find a place of evidence and then to raid that place for said evidence. it's not evidence by itself but a clue about where to maybe get evidence. by itself it's just a phone number and about as useful as that.

of course if there's been proxying and such, it's a different matter. why do you think tor etc exist? same problems exist with a phone too.

and this is finland, but then again, here policemen can do a house search by hunch and cases often depend on confession(and in IT/piracy/data related matters especially, with often the questioning policemen not even knowing what they're asking about). it's a fiddly line here, really. and just a small number of cases, which is why they have no idea what they're questioning about. the main bread and butter of these guys is drug cases and violent drunks, home abuse and such. but if there's a suspected murder case then the mobile phone logs, ip-logs, etc get combed routinely.

but about ip-targeted ads.. ip-geolocationing is a fraud, it only sort of works per country.

Re:yes, you can be, but not instantly. (1)

moonbender (547943) | more than 3 years ago | (#35638894)

Got any significant data to back up your claim that IP geolocating doesn't work? It doesn't have to be perfect to be useful for many applications. In my own experience, it works exceedingly well.

Re:yes, you can be, but not instantly. (1)

nanotik (1750832) | more than 3 years ago | (#35639246)

Accuracy varies a lot between countries, for an example in Finland geolocating ip to a city isn't reliable with home dsl users who live in smaller cities(they're usually shown as users from a bigger city nearby or Helsinki). You can probably get better accuracy from commercial geolocation db's but since i haven't worked with them i don't know how accurate they are in practice.

Re:yes, you can be, but not instantly. (0)

Anonymous Coward | more than 3 years ago | (#35639390)

My last connection had my ip-geo-location as being at the opposite side of the country due to some special network setup (student housing).

My current ip address apparently sometimes reads as being across the ocean...

Yet I would believe it if you said geo-ip is about 90% accurate, but I would doubt it if you said it was more accurate than that.

Re:yes, you can be, but not instantly. (1)

T-Bone-T (1048702) | more than 3 years ago | (#35639818)

My IP currently points to a city about 40 miles away from my actual location. A city of millions falls within that circle.

Relakks (1)

cerberusss (660701) | more than 3 years ago | (#35638676)

You know what is even harder to identify: me sitting behind my Swedish Relakks> VPN connection. [relakks.com]

Re:Relakks (0)

Anonymous Coward | more than 3 years ago | (#35639704)

It depends. If you are using PPTP, then the security is weak. And if your ISP really needs to know what you are doing, then your VPN is already missing the central "Private" letter...

Re:Relakks (0)

Anonymous Coward | more than 3 years ago | (#35639856)

Is there a way to pay for that Relakks service with some anonymous euro credit card? Are they any better than using TOR or the thingie from TPB?
Please, do tell!

Yes and no... (1)

_Shad0w_ (127912) | more than 3 years ago | (#35638732)

It's unlikely you can trace an IP back to a single user. You can, however, almost certainly trace it back to who it was assigned to, either statically or dynamically. The problem is that can be anything from a single home user to a small to medium sized company behind a NAT. Hell it could even be a large company - although they're more likely to be behind a many-to-many NAT, rather than one-to-many.

The only place I can see you being able to track back a single user would probably be in cases where you actually have the IP address of a workstation and you can compare to the login/logoff audit logs. I suspect the number of places assigning world routable IP addresses to workstations is vanishingly small. I can't see many places keeping NAT translation logs for the workstations on private IP blocks.

I'd definitely be asking these questions... (1)

Eggplant62 (120514) | more than 3 years ago | (#35638760)

...which of the 4 people living here and on which of the 9 computers (7 physical, 2 virtual) behind my NAT firewall committed the act based on the evidence you have already? Which subnet of my internal network were they using (the virtual machines are subnetted away from the rest of the network)? Is it possible that someone outside my home cracked my wireless security, joined my network, and committed the act in question?

Re:I'd definitely be asking these questions... (1)

I3OI3 (1862302) | more than 3 years ago | (#35639346)

For any investigating agency, the answer is simple: bust down the door and confiscate everything. We can sort out the rest during trial.

So far, the courts have upheld the scorched-earth approach, and an tying an IP address to a physical location has serviced as sufficient probably cause.

Does that leave you with a warm, fuzzy feeling about your open WiFi?

You wouldn't like the answers.... (4, Interesting)

Dcnjoe60 (682885) | more than 3 years ago | (#35639364)

...which of the 4 people living here and on which of the 9 computers (7 physical, 2 virtual) behind my NAT firewall committed the act based on the evidence you have already? Which subnet of my internal network were they using (the virtual machines are subnetted away from the rest of the network)? Is it possible that someone outside my home cracked my wireless security, joined my network, and committed the act in question?

If you have 9 computers in your possession, the authorities really don't care which is infringing, they are still in your possession. Subnets don't really matter, nor does your NAT firewall, as all they have to do is show that the content in question was transmitted to whatever device you have that is connected to your ISP (usually a router). That is enough to give probable cause for a search warrant (at least in the US). From there, they can confiscate said computers and analyze them looking for signs of the data in question.

It may be possible that somebody outside your home cracked your security. You could try to use that as a defense, it wouldn't be up to the prosecutor to show that it didn't happen, anymore than they would need to show that somebody broke into your home or business and used your computer. That would be your burden to disprove the prosecutor's case. Besides, a good prosecutor would point out that if you have the smarts to create the network you have described, then you have the smarts to adequately protect it. Negligence usually is not a good defense at a trial.

Here is an analogy for you. If you loan your car to somebody and they commit a crime with it, the authorities are coming after you. If you have an alibi, that is great, otherwise, you'd better be ready and willing to turn over who borrowed your car. Even with an alibi, if you don't want to be an accomplace, you'd better be ready and willing to turn over who borrowed your car.

So, back to your 9 computers. If it wasn't you who did whatever, which of your family or users (depending on whether this is a home or work system) did? That is the information they will find out when they confiscate your equipment. Happens every day, all the time.

Unless someone hacks your WIFI (1)

2bfree (113445) | more than 3 years ago | (#35638828)

An IP address only points to the person being billed for a service, it doesn't prove anything as far as who did what; especially if someone has cracked your WiFi.

Re:Unless someone hacks your WIFI (1)

pyrr (1170465) | more than 3 years ago | (#35639366)

Perhaps they couldn't earn a conviction on an IP address alone, but unless the courts stop granting the MAFIAA things like search warrants and subpoenas based on IP addresses, I'm thinking for the purposes of going on a fishing expedition, it would work well enough. As it seems to work now, just having their private investigators log an IP address allows them to get a subpoena to force the owner of that IP address to open-up its records (if they do any logging of customer/MAC against timestamp against assigned IP), and then taking that information to send the jack-booted record label thugs to bust down your door and take all your computer equipment to search for "potential infringement".

A better system might be to force the MAFIAA to get a unique identifier to seize a specific machine, but that would most likely be the MAC, which are easily-enough spoofed. Also, they like the current situation where they can get vague warrants and fish to their dear little hearts' content.

Of course no! (1)

VincenzoRomano (881055) | more than 3 years ago | (#35638836)

You should have the exact IP assignment time table from the ISPs.
Then you need to be sure about the exact time drift among all the involved systems.
And finally you need to be sure about the person using that vey device using that very IP.
And even so, you still need to make sure about another dozen of constraints like NAT and open/broken WiFi access points.
So, of course you cannot. Apart of a very limited number of cases. Very, very limited.

Re:Of course no! (0)

Anonymous Coward | more than 3 years ago | (#35639094)

there is a lot of wrong assumptions here, yes the IP alone doesn't indicate the person but there is a good chance it indicates the account holder, if i lend my car to my friend and he has an accident,but he is not identified at the scene the Police would definitely wanna question me.
Which brings me to the next point, Criminal Justice for instance tend to weigh on "within a reasonable doubt", the law doesn't need to prove 100% it was you, they only need to prove it within a reasonable doubt.

I think when this get tested in courts of law, things like "my WIFI was open, my Neighbor uses my computer" i suspect it won't carry a lot of water, i think it will be more "you pay $10 a month for this connection, it's you name on it, the router is on your property, therefore it highly likely it was you".

Re:Of course no! (0)

Anonymous Coward | more than 3 years ago | (#35639770)

IPs are not cars. You are not required by any law to name who is using your IPs. Maybe not even ISPs can name who's.

ISPs keep track of the IPs that they give out (2)

trparky (846769) | more than 3 years ago | (#35638960)

Wheneven you connect to the Internet via your ISP and they give you an IP address, they record the time you connected and your account username (or cable modem's MAC address which can be traced back to your billing account). All, all someone needs is your IP address and the time the offense took place (has to be a specific time frame) and all the ISP needs to do is look in their database of addresses they gave out and they have you.

Yeah, you could have an open WiFi router but usually the company attempting to sue you (*cough* RIAA, MPAA *cough*) doesn't care. They want their own twisted version of justice and they want money now. They don't care if you have an open WiFi router and that the neighbor may have downloaded music on your network, they see that your account was responsible for the act and they want money!

Re:ISPs keep track of the IPs that they give out (0)

Anonymous Coward | more than 3 years ago | (#35639510)

You would think but apparently that is too hard for some IPS's *Cough*Comcast*cough*, which leads to such things as lawsuits being dropped because the person could prove that they where not a subscriber at the time of the infringement, even though the isp swears that they had that ip address at the time of the invringement.

Question (2)

ledow (319597) | more than 3 years ago | (#35639004)

Can you trace the final connection endpoint (i.e. the part that contacted the observed target as the last link in the chain)? Yes. Even if they fake the IP you *could* in theory do work to discover where that connection originated from. This assumes greatly that the IP you recorded isn't forged, random or nonsense and that you haven't just been "given" a list of IP's from a third-party who didn't do the correct analysis to determine where those IP's are gathered from.

Can you get from an IP to a physical location? Almost certainly. Usually to the campus, home address or business telecoms line that the IP is associated with. But it will be the IP of the other endpoint of the connection, not necessarily the origin of the user's actions. E.g. proxies, hacked routers, etc. And even that can be extraordinarily tricky to arrange over international borders.

Can you trace back through proxies and other hindrances to get to an actual connection origin. Yes. Doubling the work necessary at each stage and if you can force physical access to each of those origins in order to trace back where the source came from.

Can you get from a confirmed IP-packets physical origin to an actual person? Depends. Not automatically, and probably not at all without an admission of guilt or other concrete evidence and almost certainly it would only be "coincidental" rather than anything else (otherwise it would be like arresting everyone who used an Acer laptop because the connection originated from an Acer laptop)

Can you do "hacker-work" to knock on the door of Hacker 1 who lives in an uncooperative country who was trying to hide their tracks (i.e. someone you actually WANT to trace using police resources and raiding datacentres)? Probably not.

Can you do some simple police investigations to get from an abusive IP address to a home address that you can raid for more evidence in a co-operative, or your own, country (i.e. someone stupid enough to do something incredibly illegal and traceable from their home Internet connection)? Yes.

Can you then prove it was them that used that IP? Not without taking their computer and ISP logs and all sorts of other evidence and doing a full "ordinary" investigation.

Can you determine who random user X was who piggybacked on a wifi connection that you *can't* prove the owner used himself but can only trace to that IP? Not without some other evidence (e.g. spotting the car that was sitting outside).

Can you tie an IP address on the general Internet to a single person unequivocally? Not to the standard of any court that I know, no.

Can you tie an IP address on the general Internet to a single person enough to make you suspicious. Usually - yes.

Will it stand up in court? Not without a shit-ton of other evidence that's much more convincing.

tech savy jurys (1)

softWare3ngineer (2007302) | more than 3 years ago | (#35639092)

anyone really believe that a jury would be able to make these types of distinctions? all they see is we tracked something back to your house without regard to how trustworthy the data is. it happens all the time with other forensic techniques increasing the number false convictions.

Not with any reliability... (0)

Anonymous Coward | more than 3 years ago | (#35639122)

With the proliferation of wireless networks and cheap broadband connections these days, it's not hard to crack a WEP key, spoof a MAC address (so they can't even find the real hardware used), and do pretty much whatever you want online without being reliably traceable. At that point, you pretty much have to be in the area, sniffing for the MAC address used. The only thing you really can narrow down is to the county level at that point, but they could really be anywhere within even so.

This says nothing of free wireless internet cafes and public libraries either.

An IP address doesn't point to a user. It never has. It's just a means to facilitate communications. Even a MAC address does not point to a user: it points to a machine. That's it. If you use a fake MAC address, well... Then it doesn't even point to a real machine.

No they can not (5, Informative)

Charliemopps (1157495) | more than 3 years ago | (#35639156)

Having worked for several large ISPs in their "Copyright infringement" department (ironic I know) I can tell you that no, tracing an IP address back to its original user is not likely and shouldn't be admissible in court.

The way the system works is this:
The ISP gets an email claiming copyright infringement on a certain date and time by a paticular IP.
It's important to note, the ISP has no way of verifying any of the following:
          The email came from the person it's claiming to come from
          That person is the copyright holder
          There is even a copyright on the file in question
          The person sending the email did anything to confirm what they were downloading was a copyrighted file (is batman.zip the new or fan fiction?)
          The ISP can not even confirm that anything at all was downloaded.
The ISP then takes the IP address provided and the time claimed and compares this to their DHCP server and looks for lease statements before and after the time the file was claimed to be downloaded. So if the complaint was at 10pm and we had that IP time stamps at 9:30pm and 11:00pm for Jim, then Jim gets a letter.

As you can imagine there are all kinds of holes in this. There are a zillion and one ways that could be inaccurate inside the ISP alone. This doesn't even include all the failures on the part of the copyright holders. We had one that was so inaccurate they were sending us multiple complaints on a daily basis against IPs we hadn't had leased out to anyone for days surrounding the times of their complaints. We made repeated inquiries with the "Company" to try and clarify their problem. But in the end just blacklisted their email accounts. We had other incidents in which the complaint was that the user downloaded a dozen or so movies... but a quick check of their usage logs showed they were using less than a couple hundred meg a month.

It was clear that the copyright holders were using automated scripting software to flood us with complaints with no real checks and balance on their part and then expected the ISP to do the heavy lifting when it came to investigation.

will IPV6 make it better or worse? (0)

Anonymous Coward | more than 3 years ago | (#35639192)

What are the implications of an IPv6 world with universally identifiable endpoints and without NAT to hide behind? If it means what I think it might, I'm mystified that RIAA/MPAA and the DHS aren't pressing hard for IPV6 adoption.

Re:will IPV6 make it better or worse? (1)

magamiako1 (1026318) | more than 3 years ago | (#35639416)

The RFC for IPv6 provides for temporarily assigned addresses. The original spec required a MAC to be used to generate the 64-bit host address, but that has since been sort of ditched. The best they could trace to is your network ID (either a /48, /56, or /64, or whatever they otherwise decide to do with host networks--right now Comcast provides /64's to their IPv6 testing customers).

That /64 should ideally never change, and will be assigned per customer. So while the specific device can not be found, the network address should make it easier for them to track you. There's nothing known about whether or not they'll rotate network IDs per customer, but I would imagine not.

The only reason it worked out previously was because customers were assigned individual host addresses via V4, which were typically picked up via DHCP just like any computer.

Not with a reasonable doubt (1)

boxxa (925862) | more than 3 years ago | (#35639448)

Ya in theory you could translate the IP back to the area and the MAC possibly on their switch of the router to the customer device if they kept that detailed of records of what modems they sent out to each location however you still would not get past the problem that if 5 people are using a internet connection, you can't pin down which one actually did the downloading by IP address alone which in a normal legal system is not enough to convict. If it was a murder trial and you have your suspect down to 5 people, you wont get a conviction so it shouldn't be any different for electronic crime.

Neither identifiable nor anonymous (2)

gordguide (307383) | more than 3 years ago | (#35639506)

Users of standard home IPs (via ISPs) are neither completely, or even significantly, anonymous nor identifiable. The line is grey and moves, possibly by the minute.

However, the article refers to two legal situations, and doesn't discriminate between then sufficiently. With regard to a lawsuit, the test is often stated as "a preponderance of evidence" while when the article referred to a police investigation, it's often described as "beyond a reasonable doubt". The two are not interchangeable.

The copyright lawsuits that the article refers to are probably attempting to show "enough" evidence to get a settlement or a judgement. Taking the evidence collection to the point the police would want would certainly be an asset to the case and would probably be in the "lead pipe cinch" category, taking into account the lesser evidentiary need.

Without that ... well, they will certainly try to get the judge to agree with them. It may be enough in some cases ... we have a few examples where a Judge or Jury in a civil suit did accept it ... but at the same time by itself it's also probably grounds for appeal as well.

With regard to even national-level geolocation, occasionally at work, due to remoteness, I connect via a sat feed. When I'm on that feed I'm in the arctic; when I see certain ads while browsing and those ads include a city or region as part of the targeted ad, they think I'm in New York state (which is where the ground sat link is with the ISP we happen to use).

But, there are probably cases where there is strong evidence, similar to a corporate IP address ... for a few dollars a month, I could have a static IP at my ordinary (home) ISP as well (although it's dynamic currently). So, it's neither here nor there ... it will vary depending on the unique circumstances of the case.

Essentially, that's also what the judge quoted in the article says ... he's hinting that he would be willing to accept the IP as part of the evidence provided there was corroborating evidence to back it up; otherwise not good enough by itself.

Depends (0)

Anonymous Coward | more than 3 years ago | (#35639584)

Next!

Don't be stupid - You are tracked (0)

Anonymous Coward | more than 3 years ago | (#35639608)

Ok folks, if you are using TCP successfully, then you are being traced, PERIOD.

TCP is used by almost all commonly used protocols, so you are being tracked. SMTP, HTTP, HTTPS, FTP, SFTP, bittorrent, NNTP, IMAP, POP3, etc all use TCP. With UDP, you can spoof your source IP, but not if you hope to get any replies.

ISPs have 3 types of records to ensure your traffic comes and goes to your modem/router. They have your login (PPOE on DSL), MAC for the WAN-side of your router for cable and commercial ISPs, and your gateway IP address for all of us. Inside your network, the tracking is up to you. If you are at home, it could be by MAC or IP or not at all. If you run a non-secured WiFi LAN, then anyone nearby could be "borrowing" your network.

If you are a corporation, your IT department probably tracks IP/MAC address pairs. This is how your IT guys know your specific PC has a virus.

So everyone ... don't be stupid - you are being tracked.

There are ways to hide your traffic and final destination, but traffic analysis is providing insights to the data inside those encrypted packages. It is also possible to make a tiny mistake in your setup and leak information that can help someone knowledgeable back to your location and IP.

Obligitory XKCD reference (0)

bLanark (123342) | more than 3 years ago | (#35639640)

This is simply not true (2)

tom229 (1640685) | more than 3 years ago | (#35639700)

All ISP's keep logs. Knowing the IP immediately identifies the ISP. From there it's just a petition away to find the account/modem MAC that was using that IP at that time.

Proving exactly who was on the computer at that time would be impossible. But you could easily narrow it down to the household.

Will IPV6 make it better or worse? (0)

Anonymous Coward | more than 3 years ago | (#35639840)

What are the implications of an IPV6 world with universally identifiable endpoints and without NAT to hide behind? If it means what I think it might, I'm mystified that RIAA/MPAA and DHS aren't pushing hard for IPV6 adoption.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?