Appeals Court Says An IP Address Is 'Tantamount To A Computer's Name' While Handing The FBI Another NIT Win

from the [extremely-superintendent-chalmers-voice]-good-lord dept

Fortunately, this profoundly-wrong conclusion is buried inside a decision that’s merely off-base. If it was the crux of the case, we might have witnessed a rush of copyright trolls to the Eleventh Circuit to take advantage of the panel’s wrongness.

But this decision is not about IP addresses… not entirely. They do play a part. The Eleventh Circuit Court of Appeals is the latest federal appellate court to deny suppression motions filed over the FBI’s use of an invalid warrant to round up suspected child porn consumers. The “Playpen” investigation involved the FBI seizing a dark web child porn site and running it for a few weeks while it sent out malware to anyone who visited the site. The FBI’s “Network Investigative Technique” (NIT) sent identifying info back to the FBI, including IP addresses and an assortment of hardware data.

As the court notes in its decision [PDF], pretty much every other appeals court has already gotten in on this action. (Spoiler alert: every other appeals court has granted the FBI “good faith” even though the DOJ was actively pursuing a law change that would make the actions it took in this case legal. The violation of jurisdiction limitations by the FBI’s NIT was very much not legal when it occurred.)

By our count, we become today the eleventh (!) court of appeals to assess the constitutionality of the so-called “NIT warrant.” Although the ten others haven’t all employed the same analysis, they’ve all reached the same conclusion—namely, that evidence discovered under the NIT warrant need not be suppressed. We find no good reason to diverge from that consensus here…

That being said, there are some interesting issues discussed in the opinion, but here’s where it kind of falls apart. The Eleventh Circuit may be joining ten (!) other circuits in upholding the FBI’s illegal search, but it’s the first to make this preposterous claim while doing so. (h/t Orin Kerr)

In the normal world of web browsing, an internet service provider—Comcast or AT&T, for example—assigns an IP address to every computer that it provides with internet access. An IP address is a unique numerical identifier, tantamount to a computer’s name.

That’s… just completely wrong. An IP address doesn’t identify a device any more than it identifies a person or location. It is very definitely not “tantamount to a computer’s name.” The court uses this erroneous conclusion for pretty benign ends — to veto the DOJ’s belated attempt to rebrand its NIT malware as a “tracking device” in order to salvage its invalid search warrant. Even so, this slip-up is embarrassing, especially in a decision that contains a great deal of technical discussion.

But I suppose all’s well that ends unsurprisingly. The Eleventh Circuit agrees with the other circuits: the warrant obtained was invalid from the moment it was obtained as it allowed the FBI to perform searches outside of the jurisdiction in which it was issued. But there’s no remedy for the two alleged child porn consumers. As the court states here, the error was the magistrate judge’s, who should never have signed a warrant granting extra-jurisdictional searches. According to the Eleventh Circuit, the FBI agent had every reason to believe the granted warrant was valid and that the searches could be executed. No one’s evidence is getting suppressed and no one’s convictions are being overturned.

The problem with this assumption is that it glosses over the issue of the DOJ’s Rule 41 politicking, which was well underway when this FBI agent approached a judge with a warrant that asked permission to violate a rule that hadn’t been rewritten yet. To call this “good faith” presumes a lot about the FBI and its investigators. It concludes they were unaware of the DOJ’s petitioning of the US court system to rewrite Rule 41 when everything about this case points to the fact that these investigators knew about the proposed rule change and knew this NIT deployment wasn’t legal at the point they handed the affidavit to the magistrate.

In the end, it’s another unearned win for the FBI. And it’s one that comes paired with a tech gaffe that’s going to sound very appealing (!) to IP trolls.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Appeals Court Says An IP Address Is 'Tantamount To A Computer's Name' While Handing The FBI Another NIT Win”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

'Look, they all jumped off the cliff so clearly we should too.'

Although the ten others haven’t all employed the same analysis, they’ve all reached the same conclusion—namely, that evidence discovered under the NIT warrant need not be suppressed. We find no good reason to diverge from that consensus here

… other than the fact said evidence was gathered under an illegal warrant, and as such all evidence related to that warrant should be inadmissible?

Other than the fact that if you allow evidence obtained via an illegal warrant you essentially have ruled that warrants are not needed, contrary to the Constitution which very clearly requires them?

Other than the fact that by allowing evidence obtained via an illegal warrant to be used you have all but flat out said that those pesky ‘constitutional rights’ can be ignored on a whim with no penalty, ensuring that violations will continue as there is no penalty even while there are potential gains?

Other than those reasons, any of which should have been more than enough?

Judges like this are an insult to the legal field and concept of justice, too cowardly or corrupt to tell a government agency that the constitution is not just a set of guidelines that can simply be ignored if following them would make someone’s job harder.

TKnarr (profile) says:

Re: Re:

It might be an interesting argument to make, though, especially if the router was leased from the ISP and thus was the ISP’s property and controlled by it the whole time. If one takes the decision’s statement as it’s worded, then one should look on the computer for the IP address the ISP assigned to it which is almost certainly in the 192.168/16 netblock. That’s also almost certainly not the IP address listed as the source of the download of the illegal material (which would belong to the router belonging to the ISP, not the computer belonging to the user). Given that, by the government’s own evidence, the ISP they’re looking for was not the one assigned to any computer belonging to the user by their ISP, what basis does the government have for the charges?

JoeCool (profile) says:

Re: As good as a name

It’s more like take a number at the post office or DMV – for that moment, in that location, you were very briefly #947… unless you got tired of waiting and gave the number to someone else and left… or your friend was holding the number… or you swapped numbers with someone else. You get the idea. The number was not good outside a limited area for a limited time, and could not be tied to you directly since they call your number when it’s your turn, not your name. Unless you personally hand them the number at that exact moment, no one can later say who #947 was.

Stephen T. Stone (profile) says:


Assume that you have an Internet connection with Wi-Fi. If a friend with a device other than your computer were to access your Wi-Fi network, they would then be using the same IP address as you. How, then, could the authorities know with even the slightest bit of certainty which one of you committed an illegal act based only on the IP address?

Anonymous Coward says:

Re: Re: Re:

Doesn’t matter. If they don’t want to host your friends white supremacist device on their networks, they don’t have too.

Show me the law or statute that says you can aide and abet a criminal with no legal consequences.

If you are in possession of stolen goods, you will be charged. Doesn’t matter who stole them, you have possession and you will be charged.

Anonymous Anonymous Coward (profile) says:

That computer has a name...Guilty.

As has been pointed out above, identifying a particular computer with IP addresses is overly simplistic. For example I have two routers, in series, and five computers connected to the inside one. For the moment, lets leave the fact of my VPN connection out of the equation, we’ll assume I slip up and turn the VPN off, but still connect to the Internet. Now, which computer is guilty?

This kind of makes me wonder why the defense’s haven’t brought in network engineering experts to refute this nonsense.

McKay (profile) says:

We could look at it another way...

In one way of looking at it, an IP does actually refer to a single computer. At my house, that’s the modem/router provided to me by the ISP. In the case of an "illegal download", the router is "guilty" of (routing requests) to illegally download content, not the users computer. Maybe there’s a good legal reason to rent routers from the ISP. The device with that IP address is the ISPs!

Anonymous Coward says:

Re: We could look at it another way...

Unfortunately, arguments have already pivoted to "the IP address may technically belong to the router, but as far as the ISP is concerned, the IP is temporarily assigned to the account holder."

This gives LEOs reasonable suspicion that the account holder is associated with the crime, so they can come and investigate the home the account holder has registered with the ISP for that IP address.

Personanongrata says:


<em>Appeals Court Says An IP Address Is ‘Tantamount To A Computer’s Name’ While Handing The FBI Another NIT Win</em>

The federal court jesters (ie judges) comprising the US Court of Appeals for the 11th Circuit might be on to something if they said the MAC address coded onto a machines network interface card is ‘Tantamount To A Computers Name’ but they didn’t.

Anonymous Coward says:

Re: Re: MAC, NIC and ARP

MAC address normally doesn’t change. That is what the ISP is using to allow you on their Intenet and have service.

On the other hand, the IP4 address you have on the Internet is almost always Dynamic. You generally have to PAY to have a Static IP address. Unless you run a Web server at home which most people don’t, you’re generally going to have a Dynamic IP address that will change once in a while.

Your local network, wired or wireless, doesn’t matter. It is what it is. It’s your IP address out into the world at large, the, or whatever block of IP addresses your ISP is assigned to use. This is the IP address that is TEMP that the world sees at large. Not your MAC, but your IP4 address. Do you want to be blamed on something someone else did when that HAD that IP number and now YOU do?

Anonymous Coward says:

Re: Re: Re: MAC, NIC and ARP

That is what the ISP is using to allow you on their Internet and have service.

Only if they insist that you use their router, which has its own MAC on their side. It does not apply yo the computers on your side of the router, as you are free to replace parts and computers as you wish. If you are able to use your own router, as I can, the mac on that side changes when you change your router.

Anonymous Coward says:

Re: Re: Re: MAC, NIC and ARP

That used to be the case.
It was not hard back then and a simple search would quickly reveal how to change it and it was recommended in some consumer security articles.
But now it is an option built into the OS to randomize your MAC address. Sure it is still a little bit buried in menus, but you don’t even need to know how a MAC address is supposed to look to turn this feature on for WIFI.
Disregarding the fact that the description of IP addresses (in the ruling) are terrifyingly wrong and shows a lack of even basic understanding, I do not believe that IP-to-MAC bindings are in any way a reliable indicator anymore.
From what I read about law enforcement "investigations" and "evidence", I would be able to completely frame another person with ease and be completely confident that this person would get the blame because no other avenue was even considered. I wouldn’t even need much understanding… everything could be done with freely available applications.

PaulT (profile) says:

Re: Re: Re: MAC, NIC and ARP

"MAC address normally doesn’t change"

Except, it’s trivial to spoof without any additional software on a desktop. I’d assume it’s easy enough to do on mobile devices as well.

But, the difference is moot anyway, since the device that’s usually connecting to the ISP is a router, not the device the end user is using. That’s what’s particularly stupid about this comment – you don’t have the "name" of a computer at all, you only have the device the computer used to connect. Which may not belong to the customer of the ISP, or indeed necessarily anyone they know.

That Anonymous Coward (profile) says:

I hope they appeal.
I hope they show the case where the FBI held a family at gunpoint for hours b/c of an ip address b/c they never bothered to see if it their router was secured.
Then they stumbled across the neighbor who WAS the CP downloading asshole.

Justice means we all follow the rules, but now it just is a cover for QI & remaining ignorant of facts so we can get the "bad guys".

If and IP address is a computers name, then why the FSCK haven’t we raided the FBI for providing CP & encouraging the creation of more.

tom (profile) says:

For most ISP setups, the IP address the ISP hands out goes to the modem/router. The modem/router then hands out a NATed address to any devices on the customer side. If you have the IP address AND a Time, you should be able to find the MAC address of the modem/router in the DHCP server log(assuming such was kept). With that you might be able to tie to a particular modem/router and derive the account using that device. Unless the ISP can read the DHCP logs from the modem/router, you can’t identify any of the devices that received private IPs from the modem/router. Gets even harder if the customer has the ISP modem in bridge mode and provided their own router.

Anonymous Coward says:

Re: Re:

For most ISP setups, the IP address the ISP hands out goes to the modem/router.

And that can be a NATed, so you need the port at ISP level to resolve the end user. That is an ISP level IP address can be shared by several customers due to their use of NAT to get round the shortage of IP V4 addresses.

Anonymous Coward says:

Re: Re:

I honestly wish this would actually be the case if not for fact that "high courts, low courts" would absolutely be in play here. Let’s say someone spoofs the 11th COA’s IP address and downloads Malibu Media smut. What’s likelier? The 11th COA pays Colette a sum of money to go away, or actually initiates an investigation/official statement to say "that time didn’t count"?

The uselessness of IP addresses as evidence was already clearly established before the judge in Strike 3 had to remind Fox Rothschild that his evidence was garbage. The RIAA, US government, the Vatican etc already have IP address evidence linking them to pirated music and pornography. Yet the only thing we hear is such evidence surfacing – no follow-through investigations, no penalties enforced, nothing.

And why is that? Because – as in the case of the RIAA being caught redhanded for using content without permission – copyright enforcers are terrible at self-policing, and have no intention to do so.

Anonymous Coward says:

an IP adress is selected by the isp, and assigned to customers pc,s as they log on to the web .Saying an ip adress is simply wrong,
it could be given to any device or pc who use,s the isp,
or even by someone who is within wifi range of the router,
Many routers can be hacked as they use basic default passwords.
Yes its likely an ip shows the pc is within a certain area, served by the isp,
but it should not be used as definite proof that a specific pc acessed a website at a certain time.
Unless they have data from the isp that shows the ip adress and the mac adress of the pc, each pc has a unique Mac adress .
The ip adress by itself should not be used to convict anyone of a crime,
This was adressed years ago when the record companys were going after users for downloading songs and music based on the isp adress .
It ,s not as if the subject of ip adress evidence has not come up in many legal case,s in america .

Clark O. Moradin says:

The EVIDENCE is NOT contested. ONLY a Court Rule in question.

A) The IP address turned out valid because NIT software accurately reported, along with absolutely identifying detail. The FBI went to right place. That’s why evidence as such is NOT contested. All arguing that line is STUPID.

B) Law is to protect the innocent, NOT to protect the guilty. This is extreme last hope lawyering. No black letter law nor Constitutional Right was ever in question, only a Court Rule that hadn’t been updated…

C) Which Court Rule has been FIXED. This basis for challenge will NEVER again come up!

Yet Techdirt / minion / fanboys clearly hope that downloaders of child pornography can escape.

Minion’s pointing up that is the eleventh Appeals level decision (besides as many original!) only shows weird mania to stay WRONG without any visible reason in first place, continued for years now without any hope from intermediate "win" in court, besides that your position (as I noted last week in the "sexting" case) can ONLY support child pornography.

NO GOOD is served by Techdirt’s position. Yet minion attempts justification:

Implies a "honey trap". There was no such. A series of steps with clear intent was necessary: NO ONE even could have blundered into this alleged "trap".

Implies lack of jurisdiction. The internet requires such reach of warrants, because one cannot know in advance the jurisdiction. — The mere Rule is now FIXED.

Implies lack of "good faith" by police level. NO, went to a court and were authorized. Techdirt simply hates police as such.

THAT LEAVES minion and other legalists with only shrieking over a mere Court Rule. The try been shot down ELEVEN times now.

Since persist after ELEVEN Appeals level decisions, and despite appearing to be in favor of child pornography, one has to ask WHY, Techdirt, WHY?

WHY do you spend your tiny bit of "authority" on THIS? What’s in it for you, readers, or the general public? WHY do you persist for years now advocating for a few downloaders of child pornography?

PaulT (profile) says:

Re: The EVIDENCE is NOT contested. ONLY a Court Rule in question

"Law is to protect the innocent, NOT to protect the guilty"

Then, why do you spend so much time demanding that innocent people are harassed by it and opposing calls to change that?

"WHY do you spend your tiny bit of "authority" on THIS?’

Well, it’s certainly better that wasting zero authority on this. You know you could make some good points here if you weren’t so obsessed with name-calling and lying in between the occasional good point you stumble across?

Stephen T. Stone (profile) says:


The law protects all people, regardless of their innocence or guilt. The Fourth, Fifth, Sixth, and Ninth Amendments — and any related “common law” court precedents — do not (and should not) disappear because someone is either guilty of or accused of a crime. Even people accused of heinous crimes such as murder, sexual abuse of children, and commercial copyright infringement retain their rights regardless of how much you want them all executed based only on mere accusation.

You offer no evidence that Techdirt commenters or Techdirt writers want child porn downloaders to “escape”, much less because they’re child porn downloaders (which is clearly your assertion here). Your mere accusations are worthless. If anything, what we want is for courts to rule on tech-related issues without ignorance, fear, malice, or ill-will driving those rulings — and to uphold the civil rights of all who stand accused of a crime, no matter how heinous the crime or how unlikeable the defendant.

A person accused of a crime (supposedly) walks into court with a presumption of innocence. That you want the presumption done away so you can feel comfortable with whatever violent punishment is dished out to a potentially innocent person based only on an accusation of guilt doesn’t make it go away. The law makes sure of that.

Anonymous Coward says:

Re: The EVIDENCE is NOT contested. ONLY a Court Rule in question

A) The IP address turned out valid because NIT software accurately reported, along with absolutely identifying detail. The FBI went to right place. That’s why evidence as such is NOT contested. All arguing that line is STUPID.

So you’re saying evidence obtained in violation of the Constitution, the law and court rules should not be questioned or contested as long as law enforcement gets the right bad guy?

So much for the fruit of the poisonous tree doctrine, along most of our rights.

Anonymous Coward says:

An IP address is tantamount to a … street name. (I like metaphors so I’m going for this)

An IP address points you to a place where there can be one or many houses (desktops) and cars (mobile devices) on the street. It doesn’t tell you where on the street something is, it just says here is the street name in this section of the internet. Some streets are really long and have thousands of houses and maybe thousands of cars on them every single day. Some are small cul-de-sacs that have maybe a house or two and very few cars… and maybe that street is owned by a single person or family.

So far so good, but the metaphor quickly breaks down (as most do).

1) When we think of houses on a street, we think of unmoving structures. But you have to think more of Winnebagos or RVs, houses that can be moved with a little bit of effort (I remember lugging my desktop to LAN parties)

2) Street names don’t normally get arbitrarily changed/swapped with each other every so often whereas IP addresses do. I know my home IP changes every so often (usually just after midnight local time) because I have to update an IP white list every time it happens (thanks Verizon)

I bet there are even more ways this metaphor breaks, but at least its more sensical than comparing an IP address to a computer name.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...