EFF White Paper Hopes To Educate Cops On The Difference Between An IP Address And A Person
from the but-are-they-willing-to-learn? dept
Judges have pointed out to copyright trolls on multiple occasions that an IP address is not a person. Trolls still labor under this convenient misconception because they have little else in the way of “proof” of someone’s alleged infringement.
Unfortunately, law enforcement agencies also seem to feel an IP address is a person — or at least a good indicator of where this person might be found. This assumption leads to blunders like ICE raiding a Tor exit node because it thought an IP address was some sort of unique identifier. After having IP addresses explained to it by the EFF, ICE returned the seized hard drives and promised to make the same mistake in the future.
In another case, the Seattle PD raided a Tor exit node in search of a person downloading child porn. It didn’t find the target it was looking for, but went ahead and demanded passwords so it could search files and logs at the unfortunate citizen’s home before realizing it had the wrong person.
The EFF is kind of sick of having to explain the difference between an IP address and a person to government entities. It has put together a white paper [PDF] that should be required reading anywhere government employees feel compelled to act on “evidence” as useless as IP addresses.
Law enforcement’s over-reliance on the technology is a product of police and courts not understanding the limitations of both IP addresses and the tools used to link the IP address with a person or a physical location. And the police too often compound that problem by relying on metaphors in warrant applications that liken IP addresses to physical addresses or license plates, signaling far more confidence in the information than it merits.
[…]
These ill-informed raids jeopardize public safety and violate individuals’ privacy rights. They also waste police time and resources chasing people who are innocent of the crimes being investigated.
By acting on this bogus assumption, law enforcement agencies are wasting time and money. Plus, they’re putting themselves in situations where innocent people could be killed over technical errors, seeing as warrant service these days usually involves militarized squads that value shock and awe tactics over minimizing collateral damage.
The white paper points out what should be obvious to anyone who considers themselves capable of solving “computer crimes:” an IP address is not only not a person, it’s not even a physical location.
First, the technology was never designed to uniquely identify an exact physical location, only an electronic destination on the Internet.
[…]
At a local level, similar IP addresses may be assigned based on geography, albeit only indirectly. ISPs make decisions to allocate blocks of IP addresses to particular locations for a variety of reasons, with the goal of creating a network that efficiently delivers Internet traffic. The result may be that locations near each other feature similar IP addresses, but that is more often the product of where the provider has physical links and routers to a network than geography. For example, if an ISP has a fiber-optic link between two distant cities, the IP addresses assigned to those cities may be similar because it creates a more efficient network. A third city near one of those towns geographically may not share the same connection and it would thus likely have completely different IP addresses assigned to it.
In addition, IP addresses only identify the block of devices assigned to it, not the people utilizing them. Even in cases where there’s only one resident at a physical address linked to an IP address, there’s still a chance law enforcement may be going after the wrong person. As the paper explains, the pool of IPV4 addresses has been used up. In areas where users haven’t been pushed to IPV6 addresses, IP addresses may be shared by more than one user (at more than one physical address) or reassigned to other users by service providers based on need and usage. As the paper states, IP addresses, unlike physical addresses, are not static.
The paper also points out that the use of bad analogies by law enforcement and courts has only made the misconceptions worse. Law enforcement agencies sometimes claim that IP addresses are every bit as unique as license plates. The metaphor fails because IP addresses can be shared or redistributed at private companies’ discretion unlike license plates, which are government-issued and must remain tied to a registrant.
In short, the best analogy for an IP address is an anonymous informant’s tip — something that’s basically hearsay until otherwise confirmed.
In a line of Supreme Court cases dealing with reliability and corroboration problems that arise whenever third parties provide tips to law enforcement, the court has made clear that police must do more to confirm the tips provided by anonymous informants before seeking a warrant or other process…
The question is: will law enforcement care enough about potential collateral damage to educate themselves on the problems of treating IP addresses as people… or will they decide that a combination of forgiveness (good faith exception, etc.) and easily-obtained immunity is preferable to gathering corroborating evidence and acting more cautiously?
Filed Under: crime, ip address, law enforcement, privacy
Comments on “EFF White Paper Hopes To Educate Cops On The Difference Between An IP Address And A Person”
There is also the failure of the PD’s to check to see if there is open WiFi when they get the location.
There is this magical assumption that technology makes it so, and given the recent review of many of these magical technologies used to convict people are deeply flawed it is sort of shocking that no one is forcing them to learn the truth.
Re: Re:
From the videos in the news it is apparent that LEOs prefer not to wait more 1-10 seconds after arriving on a scene before shooting someone. Why would you think they would take the time to see if there was an open WiFi, presuming of course, that they knew what that was?
Re: Re: Re:
Perhaps it is time to stop finding a reason to give them a pass when they screw up. If they faced the costs & punishment for misdeeds, perhaps they would be more diligent.
IIRC there was either a Chief or Union leader who was bemoaning all of the cell phones out there, because the officers were scared to do their job & to be filmed. Ostensibly it was because what they do is so special that normal people couldn’t understand what was happening and draw wrong conclusions, yet we’ve seen cops on video beating & abusing people in custody who are allowed to justify their actions with nonsense & get a pass still.
We need to stop pretending that cops are super human and infallible, and insist they live up to the standards. Stop making excuses for them screwing up, and hold them to what everyone else is held to.
Re: Re:
Or any WiFi for that matter. It’s not like secured WiFi is particularly hard to break into and I would imagine a 1/2 tech-savvy criminal would prefer the police give them fair warning by breaking down a neighbour’s door instead.
IP Addresses are people my friend.
Re: Re:
Corporations are people too.
So transitively, an IP address is also a Corporation.
Re: Re:
I remember when I was a kid, my parents told me I wasn’t their child. I was just a leased IP 🙁
Re: Re:
Actually, ‘in-the-beginning’ (too cliche, I know), IP addresses WERE intended to be locations that were ‘computer-specific’ (in an age when ‘laptop’ was related to certain activities occurring ‘after-work’, not part of work).
However, being out of IPv4 addresses (in theory), and EVERYONE running subnets, it’s almost-amazing that you can track an IPv4 address to a given city region, let alone a house or business. IPv6, on the other-hand, COULD BE allocated to individuals – oh, the agony that will cause, but bureaucrats will not heed this warning until it’s too late.
Imagine you get a dozen IPv6 addresses ‘sent to you’ (by the federal register of IPv6 numbers, or some insanity like this). That night, your 13-year old gives out all of them to a ‘little friend’ on the internet in exchange for ‘The Sword of Dill Pickle’ (his favorite RPG). The next morning, you wake up and cops are sending SWAT around the back of your house, tactical like. Seems that ‘little friend’ worked for a drug cartel South of you, and the unsecured communication across your compromised IP addresses pointed the cops RIGHT TO YOU. You were hacked, and your son helped. HOWEVER, the cops are CERTAIN it was you (they were your assigned numbers, after all). Now, you have to prove everything – from a motel room, since your home was just confiscated in a narco raid.
Don’t wish for ID-through-numbers too loudly. It won’t stop the bad guys, and it will just further hurt the innocent ones. I know government isn’t listening, they never do.
Re: Re:
At this moment, I currently have…. I think about 10 IP addresses on devices I’m using, including 3 completely different public ones. Does that mean I’ve got multiple personality disorder, then?
This assumption leads to blunders like ICE raiding a Tor exit node because it thought an IP address was some sort of unique identifier.”
This is exactly why you shouldn’t run a TOR exit node, plain and simple.
Re: Re:
Oh I get it, we must stop doing perfectly legal and legitimate activities because law enforcement is too stupid to figure out your not a criminal.
Yes, way to go America, freedo…I mean oppression for all.
Re: Re:
I thought that would be the thread you’d pull at.
Well, let’s say we agree, ignoring all the problems with accepting that “solution”. What about the other people who have been / will be accused of crimes based on an IP address despite not having done such a thing? What about the fundamental problem of believing that an IP identifies a person? The Tor issue only exposes that problem clearly enough for people to see it, it is not the issue at hand.
Go on, you’ve attacked the tiny bit of information that can be easily criticised. Now try address the vast majority of points and evidence you ignored.
Re: Re: Re:
Paul, I try to keep the thoughts and points as narrow as possible so you can digest the ideas without being overwhelmed. Apparently it works.
My feeling is that IP addresses should be like phone numbers or cars – you own the car, or it’s your phone. What happens on that phone (or in that car) should be at least in some part your problem.
Someone comes to your house for a party and spends all night making long distance calls to the Japanese time line… should the bill payer just be able to walk away saying SODDI?
IP addresses do mean an end point, a point of control away from the ISP. If you choose to permit others to use your internet connection, should there not be at least some responsibility?
Then again, I am also a believer that parents should be responsible for their children and their children’s actions (at least to the point where they are adults). So if your home internet is “shared” with your teenagers who decide to set up a file server for pirated music, shouldn’t the parent have some responsibility as a result?
It’s tricky topic, and not simple.
Re: Re: Re: Re:
“Paul, I try to keep the thoughts and points as narrow as possible”
…and as dumb as possible, while avoiding the actual subjects discussed. There’s a whole host of problems involved with treating an attempt to retain privacy as an indication of criminal activity, and a great deal of positive uses for Tor that you’d willingly discard, but you ignore those (and the points in the article) to make your silly little aside.
But, enough of that, let’s see what you’ve supplied us with this time.
“My feeling is that IP addresses should be like phone numbers or cars – you own the car, or it’s your phone. What happens on that phone (or in that car) should be at least in some part your problem.”
I can see what you’re driving at, but people with knowledge of how things work in the real world can see a great many problem, which are at the core of why that assumption “IP = person” is both stupid and dangerous even if everybody switched to IPv6. For a start, very few people get their houses raided over phone calls but dangerous raids are being encouraged by the fallacy you’re apparently defending. You can only expect this to increase as unique identifiers encourage criminals to hack equipment or spoof IPs rather than use something that identifies them.
Like many things you support, this will be counter-productive if you don’t address the real underlying issue.
“If you choose to permit others to use your internet connection, should there not be at least some responsibility?”
What if you don’t choose that, but they use it anyway?
“Then again, I am also a believer that parents should be responsible for their children and their children’s actions (at least to the point where they are adults)”
Unless they let an adult borrow their car, then their livelihood is on the line. Yes, you told us that already.
“Someone comes to your house for a party and spends all night making long distance calls to the Japanese time line… should the bill payer just be able to walk away saying SODDI?”
Is anyone being investigated or held criminally responsible for a large phone bill? If not, then this another of your distractions.
“So if your home internet is “shared” with your teenagers who decide to set up a file server for pirated music, shouldn’t the parent have some responsibility as a result?”
Should they also be held responsible if they use the phone or a garden tool for nefarious means? If not, what are the distinctions?
“It’s tricky topic, and not simple.”
Indeed, which is why you initially chose to try and derail the conversation immediately without even paying lip service to the topic at hand.
Re: Re: Re: Re:
IP addresses are easily spoofable. Person A uses Persons B IP address to commit a crime. Person A can do this without using any of Person’s B equipment. Person A can accomplish this while not in in the same city, or even the same continent, as person B. Person B has no idea that this is going on, never gave person A permission, doesn’t know person A exists. Person B not only did not know this was going on, Person B had no way to stop this without knowing it was happening.
Is person B responsible for the actions for the actions of person A? If so, why?
Re: Re: Re:2 Re:
That’s one of the major problems with this hare-brained idea. If you did apply a truly unique identifier on to everything, knowledgeable criminals would simply find a way to make it appear that someone else was responsible for their actions. They’re going to find a scapegoat, not just sit there and allow their true identity be broadcast to the world.
The only saving grace for a majority of the population is that most criminals aren’t knowledgeable enough to do this, but that won’t help the innocents who are caught up in the nightmare of having to prove that they weren’t responsible. Most likely, the people who do this will be committing more serious crimes, increasing the likelihood of tragedy from the violence increasingly being used to stop presumed suspects of such crimes.
But, I’ll guess that certain people either haven’t considered this or will reject this fact because reasons.
Re: Re: Re: Re:
My feeling is that IP addresses should be like phone numbers or cars – you own the car, or it’s your phone.
But they’re not.
If you look at the ownership for any public IP address assigned to say, a cable Internet user, guess who the ARIN says owns the IP? The ISP does.
So you don’t really own the IP. You just have it loaned to you from the ISP. They control it.
What’s to prevent them from doing something nefarious, as it is truly under their control?
If you want to argue the ISPs should be responsible for criminal behavior, well the law says they’re not.
But they own the IP.
I guess what I’m saying is that despite you repeating this same nonsense over and over again, it doesn’t make it true.
But I’m sure you already know that.
You’re just dense as fuck. And unfortunately, there’s no cure for stupidity.
Re: Re: Re: Re:
It’s actually quite possible to fake IP addresses, you know, right?
Re: Re:
@Whatever You mean this is exactly why EVERYONE should run an exit node.
As I understand it, exit nodes route traffic off the tor network onto the public network (I am not a tor user so I have no first hand knowledge)… then if every user was an exit and all traffic was routed out a node other than your own (hopefully choosing random exit nodes very frequently) then we would have a situation where tracing any traffic to the exit node would be futile and make the traffic even more anonymous. I would think that adding an additional layer where data is obfuscated to deliver to multiple IPs (yes, it’s a performance hit on the network) it would further distract from tracing through the network to the final destination, if that’s even possible…
That being said… no one should be anywhere near child porn and I hope those ass-hats that do get reamed by Bubba in prison.
Re: Re:
While you might like jackboots while they are on your feet, your opinion may change when they are on your neck.
Re: Re: Re:
I call bullshit.
The police are already murdering people and the only assholes really doing anything are those racist as hell BLM tards.
Re: Re: Re: Re:
The racially oppressed are the real racists – Donald, is that you?
Re: Re: Re:2 Re:
It wasn’t black officers getting shot in Dallas, right? Quacks like duck…
Re: Re:
This is exactly why you shouldn’t run a TOR exit node, plain and simple.
So stop doing something perfectly legal because ICE doesn’t understand the technology they’re investigating.
Instead of constantly making excuses for shitty cops, why not ask yourself if you really feel this level of ignorance in law enforcement is worth the money?
Re: Re:
This is exactly why you shouldn’t run a TOR exit node, plain and simple.
Oh, haven’t you claimed in the past that if you’re doing wrong then you have nothing to fear? What happened to that load of bull?
Re: Re:
You are such a backwards person.
Re: Re:
“This is exactly why you shouldn’t run a TOR exit node, plain and simple.”
Or drive on interstate highways because they could be “drug corridors” and result in you car being stolen, err, I mean “seized”.
Yeah, I see how your type operate.
Re: Re:
“This is exactly why you shouldn’t run a TOR exit node, plain and simple.”
What were those victims thinking anyways … they should’ve known better, therefore it is all their fault. Everyone gets the TOR exit node they deserve.
Re: Re:
As a patriotic American, I am proud to stand up and say that I love the rights we once used to have!
Re: Re:
This is exactly why women shouldn’t use short skirts or they may be raped. Because of course the victim should be blamed instead of the society working into protecting every single woman and stop being caring about how they dress up.
Same argument, same bullshitting. You suck.
Re: Re: Re:
I’m pretty sure the argument would have to be to blame the clothing store for selling skirts that women can be raped in.
Re: Re: Re: Re:
So every skirt should have a built-in locking chastity belt?
Re: Re:
So your surveillance sugar daddy can come fuck us up the ass? No thanks. Not everyone swings the way you do.
Missing the point folks!
The police DO NOT CARE!
Have you all just checked the fuck out of reality? As long as they can use and IP address to harass someone about something illegal online they are going to fucking do it. No they do not give a flying fuck either because it is their job to be the assholes on the block.
Every law on the books is just another excuse to harass the citizens and to remove them if deemed unfit for society or a $$$ benefit for the privatized prison system. The Justice System has become a FOR PROFIT VENTURE! You cannot have profit without criminals that must pay! Civil Forfeiture is walking proof!
Re: Missing the point folks!
Have you just been preaching to the choir?
Re: Missing the point folks!
They don’t care because they don’t know to care.
I suspect they’ll learn. Eventually. At a terrible cost to them.
Re: Re: Missing the point folks!
And a terrible cost to the citizens as well.
Re: Re: Re: Missing the point folks!
The tree of liberty must be refreshed from time to time with the blood of Patriot and Tyrants.
If a people wish to be free, it is not a question of if a war is necessary, it is a question of when does it become necessary. Governments natural flow is toward tyranny. The people often will endure gross injustices before they reach a breaking point.
Re: Re: Missing the point folks!
we can only hope that the good ones will start to weed out the bad cops before it gets too far down that path.
Be a shame to lose the good with the bad
Re: Re: Re: Missing the point folks!
Not even close to a change.
They are Brothers and Sisters in a literal fraternity. If you will not defend your brother or sister (regardless of good or evil) you will be squeezed out of the system.
That is just a fucking fact of all institutions created by man regardless of their level of religious focus. We are the darkness in our own hearts and people in power, the ones with a void in their soul, lust for it in all its forms!
Re: Re: Re: Missing the point folks!
I think it’s less a case of the good cops weeding out the bad cops, and more a case of systemic failure from top to bottom, inside and out.
The rank-and-file good cops (I suspect an oxymoron here, but can’t prove it) likely have very little influence over the careers of the rank-and-file bad cops. They might refuse to partner up with known bad cops – and likely should if they don’t. They should turn the bad cops in when the bad cops are being bad – and likely do, only to be ignored or have it whitewashed by the brass. There might be other things the putative good cops could do, but that seems about the extent of what they can actively do to weed the bad ones out.
It’s the brass who don’t put the screws to the bad cops.
It’s the prosecutors who let the bad cops get away with the bullsht on their reports and on the witness stand, who don’t come down on the criminal or abusive behavior by the cops – and lets face it, it does happen – like a tonne of brick.
It’s the judges who don’t call the prosecutors AND the cops on their bullsht, who give the cops a free pass in the form of all the little exceptions to the rules they should be governed by.
It’s the elected civic leaders who don’t hold the brass among the cops to the higher ethical and personal standard necessary to the moral high ground they claim, who allow the unions to play spin doctor, and protect their own.
It’s we the peepul(tm) who don’t hold our elected leaders to account when they screw up. And yes, I am very definitely pointing three fingers in my own direction here.
What to do? Start from scratch with the rules the cops work from. Hammer the judges, prosecutors, and cop leadership for allowing or encouraging it to happen. Vote the civic leaders who don’t take a stand out of office.
As for the bad cops themselves? Instead of the letter ‘A’, how about the letter ‘R’, a la Nathaniel Hawthorne, with all the attendant consequences.
Isn't it the judiciary that needs to be educated?
Yes the cops are following bogus leads. But they request a warrant from a judge — and the judge should call bullshit when it is all predicated on an IP address — *IF* they knew better.
EFF should be pushing for updating the law school curriculum, and for getting the facts about IP address <> person, and how they are not appropriate for warrants, to the existing lawyers and judges. The police would learn in time: the burnt hand learns best.
Re: Isn't it the judiciary that needs to be educated?
We have Judiciary who insist that everything be printed out on paper & hate anything electronically filed.
Perhaps it would help if they started to reflect real people, rather than just voting for someone because they are older and presumed wiser?
That we require they don’t just sit back on the bench telling new technology to get off their lawn because they are interrupting Matlock.
Judges far to often rely on what officers say, ignoring the numerous examples of officers stretching and flat out lying about the truth if it serves them. They trot out ‘experts’ to support outlandish claims, and the Judges smile, nod, and sign not questioning if this new ‘science’ of hair color/eye color combinations showing a predisposition to violence is accurate.
Many of us elect Judges with the best ads, because we don’t care about the system we never expect to be in… and we start to care when the system decides to screw us and the safeguards we imagined being in place don’t exist. We don’t ask where the money to elect the Judge came from and don’t notice that some Judges go lightly on those who contributed.
We have Judges appointed to positions for ‘life’ expecting they will know when it is time to bow out gracefully, this isn’t working in our favor.
We need to have a more robust Judiciary, not influenced by former employers (HI JUDGE HOWELL) who are impartial, listen to the presented facts & apply the law.
An informative article, but one that criticizes the police for something TD does when comments are submitted that it deems unworthy.
Re: Re:
Uh huh.
Re: Re:
care to elaborate with some examples or should we just assume you have a grudge
Re: Re: Re:
From the tone, I presume he’s one of the resident trolls who tries posting anonymously to pretend he has support for bullshit arguments, but then gets called out when someone at TD checks the logs and sees he’s posting from the same IP as the login he’s replying to. Or, gets caught by the spam filter when trying to post repeatedly from the same IP that’s been flagged by the community.
Re: Re:
Techdirt comes to people’s houses, kicks in their front doors, and points guns at them?
I think this is possible. Why? Because I have seen a pig riding a bike.
you cant make the blind see if they dont want to and these definitely dont want to!!
Perhaps someone should explain to them how DHCP leases work and watch their heads explode…
It has already been ruled police don’t have to know the laws they enforce at the point of brutality. Why on earth would they want to learn something that will just get in their way of absolute authority over everyone.
Re: Re:
Yeah, when there’s very real incentive for police to know as little as possible any attempt at educating them in a fashion that would lessen what they can do is going to be an uphill battle to say the least.
Complete US law enforcement failure.
Apologies for the following language but it seems necessary in the theme of police brutality.
Every big city now has a police force with a shoot to kill policy for black people if they appear to have ‘a car thats too expensive for a nigger’ or ‘a hot girlfriend’ or ‘money’ or ‘nice clothes’ or ‘an attitude that isn’t ‘bow before your white masters”
Sounds like a conspiracy theory until you realize there’s an ACTUAL concentration camp in Chicago called Homan Square where they torture and murder people for the crime of not being white.
Re: Re:
A higher percentage of blacks and Latinos are killed by police than whites. But in absolute numbers, more whites are killed than blacks. This is true even though almost all those shown and talked about are black or Latino.
It is a serious mistake to separate black, Latino and white live. It makes whites feel that they are immune to cops bullets and batons. It is a class issue, and the struggle against police brutality and murder can only be resolved by a united front of all. Splintering the affected groups is a standard mechanism for weakening and defeating them.
I knew an owner who only hired blacks. After they attempted to bring in a union, he hired the best mix he could by sex, race, age and marital status. Nobody trusted each other, and he never had another unionization attempt. This is the standard practice of governmental power expansion. Start with immigrants, then blacks/Latinos, finally whites.
Re: Re: Re:
“I knew an owner who only hired blacks…”
Wait… you’re saying that because one guy had problems after openly breaking anti-discrimination rules and forced to recruit fairly, that proves it’s a government conspiracy of some kind to divide people?
Perhaps a better analogy for an IP address is assigning one of your friends to wait by a public pay phone for you to call him. While you may be able to call your friend with that number, it won’t be him on the other end all the time.
Re:
Perhaps you are not old enough to see the steady erosion of Constitutional rights, or possibly you are not paying attention.
Government starts stealing these rights from those who are least able to defend themselves — the poor and those who have little or no legal standing in the country. They don’t start at the top, where people have social and political standing, money, connections and high quality defense lawyers. Gradually the behaviors of law enforcement become second nature, and they climb the social ladder.
What I gave you was an example of how the process works outside of government. But it is the same inside — just slower.
Re: Re:
None of that has anything to do with why a man had problems once forced to correct his racist hiring policies. I’m just curious as to why you think it does.
“What I gave you was an example of how the process works outside of government.”
No, it really wasn’t. You gave an example of a man who openly discriminated against another race and had problems when he was forced to stop that. That has nothing to do with the issue at hand, except perhaps to illustrate that racism is present everywhere and takes work and difficulty to overcome.
At best you are a trivial nitpicker. If you were anything else, you would be arguing for/against the central position.
Re: Re:
Was that aimed at me? If so, please learn how to use the reply button, else it gets confusing.
But, if so, how is my position of “people should not be discriminated against no matter their race” not the central one? If you have another position I should be arguing against, please present it in a manner other than “a black guy had problems because he couldn’t apply racist employment standards”. Or, at least explain what the hell that anecdote has to do with what you’re saying about conspiracies.