
How Police and Courts are Misusing Unreliable IP Address Information [pdf] - Jasamba
https://www.eff.org/files/2016/09/22/2016.09.20_final_formatted_ip_address_white_paper.pdf
======
jMyles
It's great that the EFF has outlined this material in such detail, but, as
with many issues of legal epistemology, we need to remember that the state has
an interest in _not understanding_ these things, and it will continue to fail
to understand until political pressure forces a different course.

A similar example: the tests used to detect the presence of certain chemical
substances ("narcotics field tests") are laughably unreliable[0], but police
agencies across the USA continue to use them, and courts continue to accept
their results as probable cause.

It is not difficult to explain to someone, in under 5 minutes, why IP
addresses are insufficient to determine either identity or location, but the
state chooses not the understand this information.

That is its nature, and also the reason to be optimistic that it is subject to
deprecation in the information age.

0: [https://www.washingtonpost.com/news/the-
watch/wp/2015/02/26/...](https://www.washingtonpost.com/news/the-
watch/wp/2015/02/26/a-partial-list-of-things-that-field-testing-drug-kits-
have-mistakenly-identified-as-contraband/?utm_term=.fd172f07aa99)

~~~
rayiner
I think your analysis failed to identify the root causes. Based on my
observation having worked within the court system, the biggest problem is that
courts have too low a standard for the submission of "expert" evidence. That
precludes courts from distinguishing between real science and fake science (
_e.g._ most forensic "science").

Courts understand that they can never be subject matter experts, and give
great deference to people who call themselves experts (doctors, etc.) The real
failure is the mainstream scientific community's failure to police fields that
hold themselves out as being "scientific."[1] The National Academy of Sciences
did a paper several years ago, where they took a look at the state of forensic
"science" and collectively gasped:
[https://www.ncjrs.gov/pdffiles1/nij/grants/228091.pdf](https://www.ncjrs.gov/pdffiles1/nij/grants/228091.pdf).
But then they kind of just let that go.

If scientists were as politically-involved about forensic science as they are
about climate change, we'd see major changes in the system.

[1] Engineers and doctors, in contrast, have done an excellent job policing
their fields through their professional organizations.

~~~
gist
Isn't someone's "expert" status up to challenge by the opposing party though?

~~~
rayiner
Yes, but as a practical matter, the accused have little credibility when
challenging an entire field of forensics. Both because the obvious self-
interest and because of the lack of any scientific credentials on the part of
the lawyer challenging the expert.

You can't get another expert to come in and say "bite mark analysis is
unreliable." But given the wide variety of individual views among experts, a
single opinion by one expert condemning an entire field doesn't carry much
weight. In these situations courts look for scientific consensus. The problem
is, the scientific community hasn't deigned to establish a concensus as to
forensics. Not because they wouldn't mostly agree that it's pseudo-science,
but because they don't consider it their responsibility.

------
grecy
I have to wonder if the following would have any impact:

1\. Create something, copyright it and put an insane value on it (movie, book,
music, something)

2\. Put it on torrent sites.

3\. Spoof the IP address of a ton of high profile people - hopefully
executives at he kinds of places the sue for this crap.

4\. Download that copyrighted content with the spoofed IPs, and make sure it's
"Monitored" by one of the companies that monitor this junk

5\. Sue them all for downloading your copyrighted content.

6\. Likely in court they'll argue that an IP address does not equal an
individual, thus ending this nonsense once and for all.

Thoughts?

~~~
CPLX
It's fraudulent. You'd have to claim under oath/affidavit that you believe the
people you are suing are in fact infringing on you copyright, and that you
have suffered a monetary loss as a result. As you know with certainty that
neither of those statements is true you'd be committing perjury and fraud.

~~~
Zigurd
There is a lot of fraud in DMCA takedowns already. If none of it has been
punished, that tells you something about the risk of such fraud.

------
riskable
Another aspect of IP addresses in court cases I never understood is in regards
to copyright infringement. When someone shows up in court with a log showing
your IP doing "something bad" how do you know the log wasn't entirely
fabricated?

I mean, it's pretty easy to create a log showing any given IP doing whatever
you want. I seriously doubt that prosecutors are demonstrating a chain of
custody and immutability in regards to such digital evidence.

If it's the government doing it you at least have the sworn testimony of the
investigating LEOs but in civil court it seems like it would be merely the
word of the prosecution which is basically no different than, "it happened
because I said it happened."

~~~
rayiner
To the contrary, prosecutors do (with various degrees of success) establish
chain of custody for digital evidence. Moreover, no prosecutor is going to
build a case on just an IP address in a log file. They will use that as
evidence supporting a warrant to search a suspect's computer. At that point,
law enforcement will usually collect a physical hard drive, which will be
considered the "original evidence" and subject to the usual chain-of-custody
protections.

~~~
Freestyler_3
Forensics is a way to do things (procedure) so that you can use your findings
in court. It is up to the opponent to challenge certain methods, like "you
used md5 hashing which is proven unreliable", or something like that.

"They will use that as evidence supporting a warrant to search a suspect's
computer" Indeed, you won't be called to court just because your ip address in
on a list. There will be further research which could result in: We found this
video on the computer which was downloaded from [source] as shown in the logs
from with this ip.

------
AstroJetson
HN from a few days ago.
[https://news.ycombinator.com/item?id=12559183](https://news.ycombinator.com/item?id=12559183)

Article is about another real example of raiding the homes of innocent people
based only on IP addresses.

It's a real nightmare for the people involved. It's scary that after all this
time the legal system doesn't really understand that IP address does not mean
physical address.

------
wmf
Previously:
[https://news.ycombinator.com/item?id=12558308](https://news.ycombinator.com/item?id=12558308)

