
After botched child porn raid, judge sees the light on IP addresses - shawndumas
http://arstechnica.com/tech-policy/news/2011/05/after-botched-child-porn-raid-judge-sees-the-light-on-ip-addresses.ars
======
viraptor
> One obvious takeaway: letting total strangers use your Internet connection
> for any purpose comes with some risk.

Really? My takeaway is: allow open access to anyone, but limit the bandwidth.
This way nothing can be proven about my actions. (could be anyone) It actually
reduces the risk for me if IP is not identifying people anymore.

~~~
falcolas
It's a great defense during a trial, but the cost would likely be associated
with being arrested, loosing computer hardware to the local officers for an
unknown amount of time, and the potential cost of mounting a legal defense in
the first place.

~~~
crikli
I've always wanted to mount a big electromagnet in my doorframe like in
Cryptonomicon.

The main reason I haven't is that there is a 100% chance I'd forget to
deactivate it and fry my own hardware. Probably within a week of installing
the magnet.

~~~
maayank
spoiler :(

edit: the comment has its place, but I can only assume that an alert at the
beginning would be highly appreciated by many.

~~~
allwein
At some point, spoilers have to have a statute of limitations. It's been 12
years since that book came out.

Likewise, Bruce Willis was dead the entire time; Vader is Luke's father; and
Rosebud was his sled.

~~~
Unseelie
I don't get the rosebud reference, so...you've apparently messed up some twist
for me. Thanks for that.

~~~
getsat
It's a reference to what is considered to be the greatest film of all time,
_Citizen Kane_.

------
ChuckMcM
_"Steele's request was denied until he can name at least one specific person
in the case over whom the court has personal jurisdiction—though it's not
clear he can do this at all without going to the ISPs for help. But the judge
doesn't care about Steele's problems."_

This is the correct result. I hope it is more broadly adopted by the courts.
At the moment these seem primarily driven by legal firms using extortion as a
business model, we should shut that down first and then go back to working
through the issues of fair use and copyright.

~~~
grellas
The courts have long recognized that one can sue someone whose name is not
known at the time of filing the action and then use the court's subpoena power
to find out the person's name through an ISP. This practice has been in place
since ISPs came into existence and it makes sense for the situation for which
it was devised.

The problem here is that the mass-infringement actions have twisted this
otherwise legitimate process into something warped and grossly unfair by using
the name-gathering process to target people who are then told, "pay up or you
will be exposed as a downloader of porn" (or, in other cases, you will be
subjected to a major infringement lawsuit that is not worth defending).

Federal judges have _enormous_ power and this judge (and many others) have
simply said, "I won't let my court be used as an instrument for a shakedown,"
using legal niceties about jurisdiction to justify the matter formally. In
effect, they are tossing the mass-infringement lawyers out the door, telling
them their model won't work in their court. This is indeed the right outcome
for this sort of abuse.

~~~
roel_v
OK, so the alternative is that John Doe's get subpoena'd, and without room for
settlement, a civil suit will be brought. How exactly is this better?

------
gtank
I'm surprised that IP address mappings still have the kind of legal weight
that authorizes raids. Anyone can acquire a deniable IP by walking down the
street to Starbucks (better yet, drive 15 minutes) or pointing a Pringles can
at a distant neighbor. I assume anyone taking part in criminal content or
actions on the internet would know this.

------
tlrobinson
So how long until we see legislation that a) makes open AP owners liable /
accomplices in crimes committed on open APs b) requires open APs authenticate
and log all user activity c) outright bans open APs?

~~~
roel_v
Of course, as it should be. When one speeds in a car, the owner of the car is
liable for the ticket, no matter who the driver. When a dog bites somebody,
the owner is liable, even when the owner could do nothing to prevent it. When
a tile falls off a roof one somebodies head, the owner of the building is
liable, even if he didn't know, had no reasons to suspect of even had no way
to know that a tile could come off.

All these situations are so-called risk-liabilities. How else would we solve
situations like this?

~~~
mustpax
No, the owner of the car is not always liable for the ticket. Car rental
companies will not pay fines you accrue just because they are the legal owners
of the car. The dog ownership analogy has even less merit. A dog is not a sane
person in the eyes of the law so as a guardian you are responsible for keeping
your dog in line. On the other hand, a person who is using your WiFi for
whatever illicit purposes is responsible for their own actions.

~~~
roel_v
...because when you sign the car rental agreement, you agree to pay back any
fines. Whoever cashes these fines will get their money from the rental agency,
and they will then get it from you (or sue you for breach of contract if you
don't pay them).

I was not saying that the dog did anything consciously. The point is that
there is a class of liabilities that do no depend on being 'factually
responsible' for something. You can have no power whatsoever to prevent
something, and still be liable for it. That makes the case for this wireless
network even stronger - there _is_ something you can do as an owner. You can
take reasonable measures to stop others from using it. It makes perfect sense
to hold people responsible for enabling the improper use by others.

(note also that I'm not claiming that somebody who has an open access point
will be jailed for child pornography; what I'm saying is that there is a very
reasonable case to be made for holding people accountable for not taking
proper care of their property (wifi network) that will enable others to use it
illicitly).

------
pilom
Time to invest in a DD-WRT router to be sure there aren't any backdoors for
ARP requests to map IP addresses to physical hardware.

~~~
yid
MAC addresses can be easily spoofed. For example, on some ethernet cards:

    
    
        sudo ifconfig eth0 hw ether 00:12:34:56:78:9A
    

will change your hardware address.

~~~
zcid
True but if your MAC just happened to match a MAC the litigating attorney had
on file due to the exploits which ChuckMcM is referring, it would be much more
difficult to claim innocence as you can do with a shared IP.

MAC spoofing would only be relevant if you were regularly using random spoofed
MACs on your own network.

~~~
sigil
> MAC spoofing would only be relevant if you were regularly using random
> spoofed MACs on your own network.

Or, if for some reason that practice was widespread enough that it provided
plausible deniability.

~~~
holdenk
The case for MAC spoofing being common (at least with people "borrowing" your
wi-fi) makes sense because some networks have MAC address based white lists,
so this defense isn't quite as crazy as it sounds at first. IANAL etc.

------
zerosanity
About time. Identifying people by IP address is like identifying people that
live in a certain house. A house can have many people living in it. It's not a
one-to-one mapping.

~~~
tzs
The law already knows how to deal with that. It's called a search warrant.
When many people are living in a house, and you have sufficient reason to
believe that one of them has committed a crime, you can get a search warrant
to do search the house.

The case at hand is a civil case, where the option of a search warrant is not
available. If it were a child porn case, the police would still be able to get
a warrant to search the house where the IP address is assigned.

~~~
ataggart
It's not clear to me that armed men busting down people's doors at 3am is a
preferable model.

~~~
zcid
That's exactly what this could be the precedent to prevent. The mistaken
pornographer case showed that an IP is not necessarily evidence enough for a
warrant, esp. a no-knock warrant. It will quite possibly lead to requiring
more evidence than just an IP in the future.

------
nooneelse
Perhaps more judges would see this light were they the ones behind such
ambiguous IP addresses. Surely some judges have open wireless networks at
home. Would it be illegal to put a computer in range of a judge's house, have
it search for child porn, and pipe anything it downloads straight to /dev/null
so that it isn't actually stored?

------
buckwild
I'm no networking expert, but don't they also note the mac addresses and
generally use DHCP for open wifi? If so, they could totally identify folks
with that info...

~~~
steevdave
Most expire the mapping within a few days although AT&T Uverse routers default
to ~30 days. Personally due to the fact that I tend to set up a lot of
machines and want them available by hostname I set mine to ~30 minutes.

------
IgorPartola
I wonder how IPv6 adoption is going to affect this. NAT is still available
under IPv6, but most won't use it and your MAC is by default a part of your
address.

------
chopsueyar
This is optimistic.

