
A Digital Rumor Should Never Lead to a Police Raid - dwaxe
https://www.eff.org/deeplinks/2016/09/digital-equivalent-rumor-should-never-lead-police-raid
======
danso
FWIW, the prospect of being suspected and questioned (but not necessarily
raided) because of your IP location is one of the best metaphors to relate
what it's like as a minority to be searched just because you are of the same
race as a suspect in an nearby active case.

It is _perfectly logical_ to say that if there was an assault on a college
campus and that the victim said the perp is an "Asian male", for the police to
_not_ prioritize the questioning of all non-Asians in the area. And if the
report was made within minutes of the incident and the suspect is on foot, it
may be justifiable to target the 5 Asian males loitering around rather than
the 95 people of other demographics. What logical person would argue
otherwise?

But the problem creep comes in the many, many cases when police don't have a
threshold for how long and wide that demographic descriptor should be used.
Within 1000 feet of the reported attack? A mile? Why not 2 miles? And why not
2 days or even 2 weeks after the incident, just to be safe?

The main difference in the ISP/IP metaphor is that in the digital world, it's
possible to imagine search-and-question tactics that aren't time-consuming for
the police or for the suspect. Hell, the suspect might not even know their
internet-records were under any suspicion. OTOH, there are definitely real-
world places in which for the police (and their community and most
specifically the politicians), hand-cuffing and patting someone down has been
so streamlined and accepted by the powers-that-be that it isn't a bother for
them (the police) either.

edit: To clarify, I don't mean to get in the very wide debate on racial
profiling, etc. But when I worked at a newspaper, we had a policy to not
mention race unless the police could provide 4 or 5 other identifiers. That
led to readers cussing us out because, they'd argue, knowing that the suspect
was black is better than nothing. My point here is that sometimes, nothing is
not always better than something, and that is most explicitly clear when it
comes to broad IP range searches.

~~~
zo1
>" _But the problem creep comes in the many, many cases when police don 't
have a threshold for how long and wide that demographic descriptor should be
used. Within 1000 feet of the reported attack? A mile? Why not 2 miles? And
why not 2 days or even 2 weeks after the incident, just to be safe?_"

The big difference being the cumulative nature of peoples' experiences. If the
same police are repeatedly exposed to a disproportionate amount of crimes
being performed-by(or accused) by a specific group, then it would only be
logical for them to naturally stop/search that specific group more often. It's
a game of numbers, and I see no reason for it to be demonized as much as it
has been as some "systemic oppression". As long as the police don't falsify
reports that exaggerate those numbers, and behave in a civil manner towards
complying citizens, then it should be "okay".

Personally, I would say that profiling by race and gender alone is way to wide
of a search-criterion. For all we know, the police are actually using other
side-properties of the individuals in order to profile them more specifically,
yet on the surface to others it appears crass and simply based off crude
properties such as race/gender. I.e. it may even be a layered approach where
they "back-off" when they hit a dead-end in their search through the "good
indicators for being a criminal or have just committed a crime".

E.g.: Broken tail-light -> hiding face behind hoodie -> oh, well spoken
individual that just lost a family-member, must be fine.

Or: Broken tail-light -> hiding face behind hoodie -> hmm's and haw's when
asked to leave vehicle for DUI test -> acting aggressive -> etc.

~~~
jackpirate
_The big difference being the cumulative nature of peoples ' experiences._

Your post focused on the cumulative nature of the police experience, but
completely neglected the cumulative nature of the minority's experience.
Therefore I downvoted you.

~~~
zo1
I'm part of a different targeted-minority. The only times I felt it weighing
on me more than as a nuisance, was when I actually had something to hide.
Which shouldn't have a bearing on whether or not the police should target me
or not, as long as they behave and I as a citizen don't escalate.

Edit: Grammar.

------
soylentcola
A similar example, while not a raid, hit me closer to home a bit over a year
ago.

I'm sure that if you follow US news at all, you heard about the looting and
arson in Baltimore in the Spring of 2015. While the city was on edge in the
wake of a citizen's death in police custody, there had already been some minor
demonstrations and a brawl between protesters, baseball fans, and provocateurs
downtown earlier in the month.

Then, on the day of the funeral held for the man killed in custody, word
started to spread of plans for some sort of riot or mass havoc being planned
later in the day. Later, authorities pointed to a digital "flyer" being passed
around yet nobody investigating this outside of the police has found any
source or initial copy of this flyer that dates before this was published in
the media. Trust me, we looked.

In response to this alleged threat to public order, cops with riot gear and a
freaking mini-tank showed up at a major public transit hub right as school let
out. Transit was shut down and everyone was corralled into a small area next
to a busy street and without a way home for hours.

Eventually, tensions got high enough that when the first pissed off teenager
or whoever chucked a bottle or a rock, it didn't take long for others to join
in. In the ensuing vandalism and arson, hundreds of thousands in damage was
caused, people got hurt, the city was put under curfew for a week, and to this
day, businesses and residents have suffered from the reputation gained
(worsened?) that day.

Looking back, the part that really sticks out to me is how the whole thing was
triggered (assuming you don't think it was a deliberate provocation) by some
"social media flyer" that claimed some teens were planning to run around
starting shit after school. This rumor summoned riot police, shut down
transit, stranded loads of adults and teens alongside the road, and facing
down a phalanx of police plus one armored tactical vehicle.

Would those shops and homes still been damaged or those stores been looted and
burned in a wave of unrest without this rumor-inspired flashpoint? No idea.
But it sure didn't help.

~~~
okwhatthe2
A spoiler is contained in the following reference.

This reminds me of Ghost in the Shell: Standalone Complex: 2nd Gig, wherein a
single actor causes an AI to rotate military forces within a refugee area,
with the explicit intention of increasing anti-police sentiment among
refugees.

The world is a stage and, without proper leadership, crowds will behave in
ways they believe are allowed within the hard constraints of the social order.
This is at the core of the BLM movement, and a pillar of the Occupy movement:
police must not view themselves as separate from the policed. For cybernetic
reasons as well as pathos ones. Otherwise, from the perspective of the social
order, the distinction between the two is error.

~~~
SolarNet
You missed the even deeper point of Ghost in the Shell: The standalone
complex.

The original commentator described a standalone complex. Copy cats without an
original.

~~~
okwhatthe2
I actually did not miss this, I simply did not have the space to say it, nor
was it relevant to the point I was making.

It is strange to tell someone you have likely never met that they have missed
something, based on very little information provided to you. This might be a
sign of a cognitive impairment on your part, or perhaps a broken worldview. I
don't have time to discuss either of these points, but it may be helpful for
you to consider why you believe you can "read the minds" of people over the
Internet.

~~~
SolarNet
I didn't mean it like that. I meant it like "you missed this parallel with the
post in question" not "you missed this concept entirely".

So back at ya with the mind reading.

------
dtnewman
It starts off saying:

> If police raided a home based only on an anonymous phone call claiming
> residents broke the law, it would be clearly unconstitutional... Yet EFF has
> found that police and courts are regularly conducting and approving raids
> based on the similar type of unreliable digital evidence: Internet Protocol
> (IP) address information.

I'm not sure that these two are equivalent. A better example would be the
police raiding my home based on an illegal phone call that came from my phone
number. Sure, the fact that it comes from my phone number doesn't mean I did
it, but it's certainly evidence that points to me, just as an IP address can
be.

In general, the summary linked to above makes it sound like police should
never use IP addresses. To be fair, if you read the whitepaper itself, it
doesn't say this, but rather that police should be _careful_ in how they use
IP addresses. Specifically, it recommends that police "conduct additional
investigation to verify and corroborate the physical location of a particular
decive connect to the Internet whenever police have information about an IP
address’ physical location, and providing that information to the court with
the warrant application".

~~~
crooked-v
> A better example would be the police raiding my home based on an illegal
> phone call that came from my phone number.

That's broadly overestimating the reliability of IP addresses, though.
Consumer IP addresses change on a random basis, based on whatever obscure
policies an ISP has set up at the time.

~~~
jlarocco
That doesn't matter.

Police get the physical address from the ISP. The ISP knows which IP was
assigned to each customer at any particular time because they log it. Yeah,
it's theoretically possible they don't keep the logs, but IRL they always do.

~~~
taormina
You have to remember that the ISP might have a physical location if this is a
paying customer on a landline, but that's not usually the case. Reverse IP
address location lookups are unreliable as worst and inaccurate at best. That
house in Kansas that they mentioned? It's the default "middle of the US"
location that is returned when they don't actually know where you are.

~~~
tedunangst
Any ISP is going to have a more accurate idea of which customer has an IP than
a generic geolocation service. An ISP in Ohio is not going to return a
latitude and longitude that happens to be in Kansas.

------
pmoriarty
In the 1980's, some powerful senator's cell phone was snooped on, resulting in
a major scandal when the contents of his phone calls was revealed in the
press.

This resulted in Congress passing laws that made it illegal for radios to be
capable of listening in on cell phone frequencies or being easily modified to
allow them to do so.

It is likely that only similar widely publicized embarrassments and privacy
violations of the rich and powerful will result in any meaningful legislative
attempts to curtail the growth of the police state in the United State.

They clearly don't intend to do much about it unless they themselves are the
victims of such abuses of power. As long as it's just "nobodies" or social or
political outcasts who are the victims the police and surveillance aparatus,
it's doubtful that much will change.

~~~
AnthonyMouse
Your example shows why that _doesn 't_ work. The correct solution to people
eavesdropping on calls is end-to-end encryption, which we _still_ don't have
for phone calls. Which means that bad people can still eavesdrop.

But meanwhile we now have a stupid law that prevents honest people from buying
interesting radio hardware and makes it even less likely that we will ever
have open cellphone baseband processors etc.

------
eth0up
A few more examples of botched attempts at IP-based raids:

[http://arstechnica.com/tech-policy/2011/04/fbi-child-porn-
ra...](http://arstechnica.com/tech-policy/2011/04/fbi-child-porn-raid-a-
strong-argument-for-locking-down-wifi-networks/)

The one I'm familiar with is the Sarasota, FL incident, where a married couple
was raided in the middle of the night in response to alleged child
pornography. Their unit was in a condominium, practically on the edge of
Sarasota bay, where various boats moor and dock. After further investigation,
it was discovered that the traffic had originated from some guy in a boat
using a high gain antenna. If I remember correctly, he had cracked their WEP
key and illegally accessed their network to obtain nasty images, lots of them.
The insecurity of WEP has been known about for a long time, presumably by LE
too.

It is conjecture on my part, but a few things come to mind regarding
alternative methods of investigation that may have avoided this. 1. Contact
the ISP first (in this case I think it may have been Verizon). I remember
Verizon having the ability to remotely reset router passwords, which possibly
suggests the ability to remotely view associated client data, e.g. MAC
addresses and hostnames and maybe even OS. This may have provided valuable
clues. 2. Note the protocol used by the wireless router. 3. Wardrive a bit. 4.
Maybe check for logs of any accounts the boat guy logged into while on their
network.

Regardless, the raid was botched and pretty traumatic for the couple,
considering they were operating a legal AP probably secured with what they
thought was adequate encryption. At the time of this event, WEP was standard
default, straight from the ISP. They'd done nothing wrong.

More info: [http://www.heraldtribune.com/news/20110131/wireless-
router-h...](http://www.heraldtribune.com/news/20110131/wireless-router-
hijacked-for-child-pornography)

~~~
braum
most police, especially in smaller areas, don't have the people on hand or on
call to explain all this "techy" stuff to the people who make these decisions
OR those people choose to ignore them... it seems like it takes 10+ years for
cops to catch up and improve their investigation techniques, at least in the
smaller areas with fewer resources.

~~~
ChoHag
> most police, especially in smaller areas, don't have the people on hand or
> on call to explain all this "techy" stuff

Perhaps they should not explain and make decisions which can have devastating
effects on "techy stuff" they don't understand?

------
rayiner
Not great to start an article off with sloppy reasoning:

> If police raided a home based only on an anonymous phone call claiming
> residents broke the law, it would be clearly unconstitutional.

> Yet EFF has found that police and courts are regularly conducting and
> approving raids based on the similar type of unreliable digital evidence:
> Internet Protocol (IP) address information.

When police go after an IP address, it happens after there is evidence linking
it to some crime. That makes the situation wholly unlike an anonymous phone
call, where there is no evidence a crime has even been committed, and where
the identifying information itself is trivial to falsify.

Also, IP addresses give a lot more information than the article implies.
Especially these days now that everyone has a home router that probably keeps
the same IP address for weeks at a time if not months. Not enough to trigger a
police raid, of course (if we want to argue that the police have too low a
standard of evidence for initiating a raid, I agree) but it's probably a good
lead to go on in the common case.

EDIT: I don't disagree with the rest of the article.

~~~
danso
Huh, how is that sloppy reasoning unless you take that out of context? I don't
think the EFF is saying that the IP address should _never_ be used as
information. It seems they are in perfect agreeance that if there is enough
corroborating evidence in addition to the IP information, _then_ the police
can consider action.

The EFF's problem is when IP information, as with an anonymous phone call, is
used to spur action _without_ enough additional evidence. This is the anecdote
they cite in their whitepaper:

[http://fusion.net/story/287592/internet-mapping-glitch-
kansa...](http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/)

edit: I responded to someone who clearly pointed out that I misunderstood
raynier's argument. The comment was deleted by the time I hit Reply, but here
is my reply:

I now agree that I'm at fault for short-shrifting raynier's argument. The
whitepaper also includes up on top a story of a place being raided for being a
Tor node, which may feel similar to the vagueness of justification that comes
from a anonymous phone call, but that's not completely analogous either.

Perhaps the closer analogy would have been SWATting, but I don't think law
enforcement _supports_ that as a practice (because it's a result of them
getting actively deceived). But I feel that's part of the EFF's overall point:
SWATting is clearly a bad thing, whereas the specious reasoning the police
sometimes uses to justify a raid based on IP information is not scrutinized
enough, because of general tech ignorance.

~~~
tzs
> Huh, how is that sloppy reasoning unless you take that out of context? I
> don't think the EFF is saying that the IP address should never be used as
> information. It seems they are in perfect agreeance that if there is enough
> corroborating evidence in addition to the IP information, then the police
> can consider action.

Shouldn't it depend on the action? An IP address alone would not justify going
to the location it was assigned to and arresting, charging, and holding in
jail until trial the person(s) found there.

However, if the action is just to get a search warrant to search that location
for more evidence, that seems OK to me. With nothing else other than that the
IP address was used for some criminal activity, that is pretty good evidence
that something related to the crime took place at the location the IP address
was assigned to at the time.

~~~
michaelmrose
Without first going to the ISP and filing a warrant to get the information
regarding whom had that ip address its not even enough for a warrant.

If you've been following some of the recent stupidity police have opted
repeatedly to just use some sort of resource to correlate ip address to
physical location. This could be because this provides instant gratification
or because they lack enough evidence as of yet to even justify THAT warrant.

As an example one such resource used to list a single coord for all unknown
addresses in the US. This led to parties at that address dealing with hundreds
of cases of unpleasant police contact wherein each officer individually
learned that this address wasn't the center for criminality on planet earth.
Unfortunately this knowledge didn't percolate upward.

So we aren't dealing with just proxies, tor exit nodes, open networks, many
users connecting to the same router and other relatively complex matter. We
are dealing with the fact that the police can't even be bothered to confirm
with the ISP which customer even had that address at a given time.

In that context, without an initial warrant to gather the most basic of
information IP addresses rarely are sufficient for anything at all except
further research.

------
eth0up
A few examples suggesting that SWAT protocol may altogether need reform:

1\. [http://arstechnica.com/tech-policy/2012/06/swat-team-
throws-...](http://arstechnica.com/tech-policy/2012/06/swat-team-throws-
flashbangs-raids-wrong-home-due-to-open-wifi-network/) 2\.
[https://www.salon.com/2013/08/29/11_over_the_top_u_s_police_...](https://www.salon.com/2013/08/29/11_over_the_top_u_s_police_raids_that_victimized_innocents/)
3\.
[https://en.wikipedia.org/wiki/Swatting](https://en.wikipedia.org/wiki/Swatting)
4\. [https://www.techdirt.com/articles/20150805/19343431865/no-
im...](https://www.techdirt.com/articles/20150805/19343431865/no-immunity-
cops-who-sent-swat-team-to-68-year-old-womans-house-threats-delivered-over-
open-wifi-connection.shtml)

I'll refrain from posting dozens more supporting links.

~~~
Pxtl
Here's the problem: what do you do when somebody has managed to describe, over
the phone, a convincing scenario that demands an immediate and severe
response. Like "people are dying in that room right now and will continue to
die if nobody stops them".

Fundamentally, there is no good answer to that. Both options can result in
lives lost. One is an active shooter being allowed to continue killing freely,
the other is sending police officers ready to deal and face lethal force.

Obviously no-knock raids on suspected drug-dealers are a different matter -
those are unacceptable by any sane metric. But you include swatting in your
list. Swatting generally involves a violent emergency where delaying for
verification would cost lives.

For that case, all I think we can do is treat the swatters as people
committing aggravated kidnapping or even attempted murder. They're attempting
to send men to detain somebody at gunpoint.

~~~
eric_h
> For that case, all I think we can do is treat the swatters as people
> committing aggravated kidnapping or even attempted murder.

Absolutely. In fact - if swatting results in the death of a person, then the
swatter should be charged with first degree murder.

The problem, however, is that the swatters are not always in the US, so even
identifying the swatter can be quite difficult; let alone extraditing them.

Thus, the swat teams also need to, in one way or another, tone down their
violent, no-knock raids.

~~~
jessaustin
If I told an easily-angered person that her spouse had intimate relations with
someone I didn't like, could I be charged with the resulting murder? Why don't
the police have agency?

~~~
Pxtl
Intent matters. The intent was to send a group of dangerous and heavily armed
men in to detain an innocent person. That's aggravated kidnapping.

In common law, if somebody is killed in the commission of a violent felony
even if the death was unplanned, it's "felony murder". In most of the USA,
"felony murder" is first-degree murder.

------
pjc50
"If police raided a home based only on an anonymous phone call claiming
residents broke the law, it would be clearly unconstitutional"

I thought that was how SWATting worked - anonymous denunciation by untraceable
phone call?

~~~
astazangasta
Yeah, is this just an urban legend? Fake videos, etc.? It's always seemed
absurd to me that you can send men with guns to raid someone's house just with
an anonymous phone call.

~~~
dottrap
Nope, not an urban legend. This is really happening.

Just last week a home with 5 children was wrongly raided:
[http://www.denverpost.com/2016/09/14/swat-officers-raid-
home...](http://www.denverpost.com/2016/09/14/swat-officers-raid-home-in-mesa-
county-only-to-find-innocent-family/)

Wrong house with Grandmother and Teen girl raided with flash-bang:
[http://reason.com/blog/2015/08/03/swat-team-liable-for-
wrong...](http://reason.com/blog/2015/08/03/swat-team-liable-for-wrong-house-
flash-b)

This gamer was "Swatted" and the web cam caught it:
[http://reason.com/blog/2014/08/28/militarization-of-
police-h...](http://reason.com/blog/2014/08/28/militarization-of-police-helps-
feed-swat)

This 1-year old baby was critically burned by a flash-bang grenade thrown into
the playpen: [http://www.cnn.com/2014/10/07/us/georgia-toddler-stun-
grenad...](http://www.cnn.com/2014/10/07/us/georgia-toddler-stun-grenade-no-
indictment/)

------
s_q_b
If the use of IP addresses in this manner disturbs you, you should look into
the the proposed changes to Federal Rule Of Criminal Procedure 41.

This is the EFF's article, which is either a highly overzealous or highly
prescient: [https://www.eff.org/deeplinks/2016/04/rule-41-little-
known-c...](https://www.eff.org/deeplinks/2016/04/rule-41-little-known-
committee-proposes-grant-new-hacking-powers-government)

------
stronglikedan
> If police raided a home based only on an anonymous phone call claiming
> residents broke the law, it would be clearly unconstitutional.

But they do this all the time, especially in low income areas. They just don't
call it a raid. They call it a "welfare check".

~~~
xor1
It's honestly terrifying.

------
xienze
> Put simply: there is no uniform way to systematically map physical locations
> based on IP addresses or create a phone book to lookup users of particular
> IP addresses.

Maybe today, but when we have wide deployment of IPv6 (heh), won't ISPs do
away with NATing and give everyone their own block of IPs? Then I would think
you could reliably tie a person to an IP address as long as the ISP
cooperates.

~~~
mikeash
NAT isn't the only or even the most important source of errors here. The
article cites two examples, one where imprecise IP location information was
being represented as precise, and one where a Tor exit node was mistaken as
the actual originator. Neither one would have been fixed by using IPv6.

~~~
snuxoll
Well, location will be fixed to an extent with IPv6. All you need to do is
contact the ISP that owns the appropriate /48 or whatever they were given, ask
them the address of the customer with said /64 and there you go. Of course,
this is the same thing they should already be doing with v4, carrier-grade NAT
is fairly uncommon for anything but mobile use except in Asian countries.

Still, you can't tie an IP address to a specific person or computer, v4 has
NAT to contend with and privacy extensions with v6 (which Microsoft and Apple
use by default, most Linux distributions do as well) - so regardless if you
can get the physical location where that IPv4 address or IPv6 prefix is
assigned it does you no good on determining who was actually behind that
address (unsecured wifi or easy to crack passwords, malware, the list goes
on).

~~~
mikeash
The first example isn't due to an inability to get the location, but using a
source of data that didn't have it, and didn't adequately explain that fact.
It'll happen just as easily with IPv6.

------
vorotato
Otherwise the police become the weapons of criminals which is, of course
backwards.

------
coldcode
(1) It's unreliable (2) It's unconstitutional assuming judges agree (3) It's
expensive if you screw it up, such as people die, lawsuits, or embarrassment.
All of which is unlikely change behavior unless everyone agrees.

------
bootload
_" A call is an unknown source, talking about unreliable information, about a
location. It is NEVER to be trusted NEVER...."_ \-- Michael A. Wood Jr

An unverified call can never to be trusted. Read the whole twitter thread by
ex BPD, USMC Retd., Michael A. Wood Jr [0] to understand why.

[0]
[https://twitter.com/MichaelAWoodJr/status/778813281376931840](https://twitter.com/MichaelAWoodJr/status/778813281376931840)

------
nv-vn
>If police raided a home based only on an anonymous phone call claiming
residents broke the law, it would be clearly unconstitutional.

Isn't that exactly what happens when you get SWATted?

------
throwaway92314
I'll just point this out here. Reena Virk started as a rumour going around in
schools. Until eight days later her body was found. A little bit of prudence
is necessary, but don't discount rumours out of hand.

[https://en.wikipedia.org/wiki/Murder_of_Reena_Virk](https://en.wikipedia.org/wiki/Murder_of_Reena_Virk)

------
PaulHoule
It's as much a "law and order" issue as it is a civil rights issue.

Cops have limited resources to deal with a number of problems and if they
don't have the training and procedures to use internet evidence they are going
to waste those resources tracking down stolen cars, child porn and whatever in
the wrong places.

------
rocky1138
Why don't we just regulate any Internet-connected device? When you purchase
one, you register your name and address and are given the IP address in
return.

Then, we can simply look up the physical address of the IP address holder.

~~~
jedberg
I'm not sure if you're trying to make a sarcastic analogy to gun registration
or not, but if you are, they aren't quite the same, given that a gun is a
physical object and an IP can change without the user knowing or being
responsible for that change.

~~~
rocky1138
Haha nah, I didn't put those two together. I guess gun registry is a big topic
in the states right now. I was just pretending to be a politician since that's
the sort of response I feel they would come up with.

------
marcoperaza
> _Law enforcement’s over-reliance on the technology is a product of police
> and courts not understanding the limitations of both IP addresses and the
> tools used to link the IP address with a person or a physical location._

You can most certainly narrow down an IP address to a particular ISP customer.
Is it possible that they have an open wifi? Yes. Is it possible to narrow it
down to a single member of the household? Depends! Is it possible that a
computer at the destination is being used a proxy by the real attacker? Yes!
But it's certainly not the blackbox that the EFF is trying to portray it as.

It's totally appropriate to execute a search warrant based on IP logs. A
search warrant doesn't mean that any particular person is guilty, just that
there is probable cause that there is information about a crime at a certain
location.

~~~
snuxoll
I mean, it's reasonable to link it with a physical location, but only to the
extent that there's obviously _A_ computer at the location that is being used
for some purpose. The problem is when they use it to try to identify an
individual, which is completely unreasonable.

~~~
guitarbill
> obviously A computer at the location that is being used for some purpose

Well "A computer" could be any TCP/IP enabled device nowadays, including a
router. So no, it's not reasonable to look at traffic coming from an IP, and
say that traffic originated from the physical location of that IP, just
because the LAN beyond that router is opaque.

I mean, several ISP IP addresses are involved with routing, but "everybody
knows" they're shared machines. But again, simply because a trace route stops
at a certain machine doesn't mean the routing actually terminates there - for
most cases this is not true. It's just that the person behind the router with
NAT often owns all devices on the LAN/opaque side. Using this correlation
alone is dangerously inaccurate.

~~~
snuxoll
I never implied that a system in that network was the origin of the traffic,
but if a traceroute ends there then obviously SOMETHING at that location is
involved, knowingly or not.

A search warrant leading to a malware infected machine is acceptable in my
eyes. Again, tying traffic to a location is fine, as long as the correlation
ends at the computer that originally appears to be the source of the traffic
(even if it ultimately isn't) is all that is targeted until evidence can
determine the individual behind it.

~~~
guitarbill
> A search warrant leading to a malware infected machine is acceptable in my
> eyes.

Search warrant for what? All TCP/IP enabled devices? Or the router? An IP
address doesn't even uniquely identify a single device.

(Also given how search warrants are executed in the US and how long they can
seize these devices for, I don't know if I'd say it's "acceptable". I'm in
favour of setting the bar high to protect the innocent.)

~~~
marcoperaza
You realize that what you're suggesting would make it impossible to prosecute
most computer crime, right?

------
matt_wulfeck
> IP address information was designed to route traffic on the Internet, not
> serve as an identifier for other purposes.

I think you're going to have a hard time here convincing a jury or judge with
this argument. In general LOE isn't concerned with the _intentional_ of what
an IP address was meant for. At least with today's ISP an IP address can be a
reasonable approximation of a person or persons.

~~~
riskable
It is _not_ a reasonable approximation of a person or persons. That's the
point.

An IP address is merely an end point to some internet traffic. There's a
nearly infinite number of reasons why traffic could originate from an IP that
was not initiated by the current responsible party. Anything from hacked
machines to clever redirects to shared IPs to just plain network trickery.

It is so ambiguous at this point that you can't even make an analogy that it
is like a home housing a dozen people. Because even in that situation it just
means there's _n_ more devices that could've been hacked and they've shared
their wifi with _n_ more guests.

An IP address by itself should never be used for anything but _starting_ an
investigation. For a warrant it had better be surrounded by corroborating
evidence.

~~~
matt_wulfeck
I totally agree with you in principle. However, ultimately the EFF is the one
making the argument and I don't personally believe it's going to convince a
judge and a jury.

And it's important to sometimes be skeptical, because if they use this
argument in a trial and lose then it sets a precedent that can be used in
future cases.

And the prosecuting attorneys have _plenty_ of examples where IPs successfully
led directly to the perpetrator of a crime. Think of all of the people who
have been arrested and prosecuted for online crimes and took a plea bargain.

It's a very uphill battle. I wish the EFF all of the best luck (I myself am a
contributor and believer), but I don't think they're going to make much
progress with this one.

