Forgot your password?
typodupeerror
Music Piracy Security The Internet Your Rights Online

Can You Really Be Traced From an IP Address? 246

Posted by CmdrTaco
from the who-are-you-who-who-who-who dept.
Barence writes "Identifying individuals using nothing more than their IP address has become a key part of anti-piracy and criminal investigations. But a PC Pro investigation casts serious doubt on the validity of IP-based evidence. 'In general, the accuracy of IP address tracing varies depending on the type of user behind the IP address,' Tom Colvin, chief technology officer with security vendor Conseal told PC Pro. 'Whilst big businesses can be traceable right back to their datacenters, standard family broadband connections are often hard to locate, even to county-level accuracy.'"
This discussion has been archived. No new comments can be posted.

Can You Really Be Traced From an IP Address?

Comments Filter:
  • by Chas (5144) on Monday March 28, 2011 @09:37AM (#35638360) Homepage Journal

    Depending on what data is being captured by the ISP for management purposes, this COULD be true.

    But, if they can track you well enough to meter you (Comcast, AT&T, etc), they can track you down to your IP too.

    • by rolfwind (528248) on Monday March 28, 2011 @09:44AM (#35638470)

      Apparently they can't meter you too well.

      http://www.digitaltrends.com/computing/att-vows-to-improve-inaccurate-broadband-metering/ [digitaltrends.com]

      As to the tracking, I'm sure it can be done, however, unlike DNA, spoofing is completely trivial, so I would never be comfortable having it as the only evidence in some type of trial.

      • Throw in this that a lot of people have wireless routers, it would be impossible to tell, even if you track down the IP address to the physical address, that it was being used by you or your family. One could always say "I had an open wi-fi connection", and it would impossible to say who was behind that IP address.
      • Actually, current DNA identification isn't all that good either. Most DNA identifications are "1 in 100,000", those that I have seen claiming higher reliability have proven to be hyperbole. This does not mean that higher reliability is not possible, just that current techniques that I have heard referenced are not very reliable identifiers.
        • Most DNA tests are done to the 1:100,000 level because this is a) quick and b) cheap

          DNA testing can be done reliably and accurately to 1:1 billion but this is very expensive and takes a long time ....

          But if you are relying on DNA evidence alone then you have a very unsound case, if you test everyone you will find at least 6 matches even at 1:1billion ...

          Same goes for IP tracking, you can do it quickly and cheaply and it is often inaccurate, or you can do it properly and it can be made very reliable but thi

          • Absolutely, the way that IP and DNA evidence are used today, they are useful for two purposes. First, take a specific group of suspects and eliminate those that it could not be because of this evidence (more reliable for DNA,than for IP). Second, obtain a potential suspect or two who are worth more in depth investigation. Unfortunately, the press, TV shows and movies make it seem like both IP and DNA evidence identifies someone much more reliably than it actually does.
      • by SomePgmr (2021234)
        I'd think that for the purposes of a file sharing case, ISP logs would be sufficient if they can compel them to turn over the relevant bits. No doubt they keep traffic details of some kind from the session layer on down, which would rule out a 4th party spoofing scenario. I could be overlooking something there. Seems to me the problem with tracking traffic back to a user is if you're required to do it blind from an IP in a server log. But if you can take that hint and get the information from the ISP-on
    • by delinear (991444)
      It's not just that it's difficult to track the IP back to your household, but that that's not the full extent. What if it's a shared account in a student accomodation, or you're running your PC as a node on a TOR network (so in both cases the "infringing" traffic might look like it's coming from your IP but you aren't the one committing the act). With difficulty in ensuring the IP was assigned to you at the time it was used on one side, and then in proving that it was you downloading the file on the other (
      • From a legal standpoint, only one person signed the contract. That person is liable for anything done with the connection. And yes, as the legally assigned person have to 'prove' it wasn't they who committed the act that was traced back to their 'address'.

        and for the old world analogy:
        If your car is seen and photographed robbing a bank and everybody in the house had access to keys, who do you think they are going to look at first?
        • And yes, as the legally assigned person have to 'prove' it wasn't they who committed the act that was traced back to their 'address'.

          Forget innocent until/unless proven guilty! You're guilty unless you can prove otherwise!

          • You're not convicted of anything until you're in court hence you're not guilty of anything. However, they *are* going to bring you into court if your car was seen robbing a bank and you can't reasonably explain who else might have been driving it.
        • It is quite reasonable to ask you first .... but it is still up to them to prove it was you ...

          • but it is still up to them to prove it was you ...

            which happens in court. You don't have 'prove' anything to charge someone and hold a trial. There are some checks along the way but they don't require 'proof' of anything, just some semblance of reasonableness that you could be the guilty party.

        • by DavidTC (10147)

          Dude, you can't sign a private contract making you liable for other people's criminal activity. That simply is not possible under any sort of American law. You could sign one with the government, possibly, and that's sorta what it means be 'released into the care of...', although not to the extent of making a criminal out of anyone. But private actors can't just magically sign things making them liable for criminal actions by someone else.

          Likewise, a contract between you and second party (your ISP) cannot

    • But, but, but...the meter is by account, not by "person". It's like a water meter: it doesn't matter who is using the water, all that the water company wants to know is how much is flowing out of its pipes to the customer of record. Take a WiFi access point: one IP address with NAT can be used by hundreds of people at the same time. (I know this because every year I run a WiFi network at a show with 300 people...and roughly 700 devices -- so tracing activity to just one device is a real needle in a hay
    • Depending on what data is being captured by the ISP for management purposes, this COULD be true.

      But, if they can track you well enough to meter you (Comcast, AT&T, etc), they can track you down to your IP too.

      The problem is that Charter assigns one IP address to my router, and everything behind it is sharing that one IP.

      So... Who generated that traffic you're interested in? Was it me? My wife? My kid? One of the few people I've given wireless access to? Somebody who cracked my wireless network?

    • by poetmatt (793785)

      The "you" here is the wrong focus.

      Can you be traced to an IP address? The answer is and will always be, no.

      Can an IP address be traced to a MAC address and/or general geolocation? Yes. Is that data accurate? Not necessarily, and there's pretty much no guarantee of accuracy. Do ISP's give a shit who is using their cable modem as long as it's paid for? No.

      Just because "I found an IP address accessed at X time and Y cable modem" does not mean that you can truly verify anything beyond the cable modem without fa

  • WTF? (Score:4, Insightful)

    by YodasEvilTwin (2014446) on Monday March 28, 2011 @09:38AM (#35638380) Homepage
    This is not the problem with IP tracking. In most instances the ISP will have logs linking IPs to customers, and people can be easily traced. The real problem is that AN IP IS NOT A PERSON. You cannot trace a person through an ISP (except through strong circumstantial evidence such as someone using their email account from that IP). If all the info you have is that someone/something at IP 12.34.56.78 downloaded kiddie porn, that's no evidence at all. Was it the suspect? Was it a family member or friend? Was it some random on the street who cracked the WEP key or accessed an open network? You have no idea and you never will unless you can find 1) evidence on a computer and 2) evidence that the suspect was using said computer at the time.
    • Re: (Score:3, Insightful)

      Interestingly, the article says much the same. If you're going to get pissed off about an article, shouldn't you at least read it first?
      • Re: (Score:2, Redundant)

        by VolciMaster (821873)

        If you're going to get pissed off about an article, shouldn't you at least read it first?

        you must be new here...

      • Interestingly, the article says much the same. If you're going to get pissed off about an article, shouldn't you at least read it first?

        But I'm angry now!

    • by AHuxley (892839)
      Thats where a phone tap and sneak and peek can be so useful. A "plumber" at 12.03 on the afternoon you expected.
      Just before they touch your tap something sets up a few lines about a mix up at the office.
    • by mark-t (151149)
      But an IP address (at any specific given time) does have a direct correspondence to a customer of the ISP, a specific person who has agreed to (often in writing) the ISP's terms of service, and would have already had to be prepared to assume accountability for how their connection to their ISP was utilized, even if it wasn't by them personally.
    • You are right. The depressing thing in TFA is: "Unlike anti-piracy cases, however, IP tracking is only ever used as supporting, rather than primary, evidence in a criminal prosecution." (This said by a police detective constable.) That is, an IP address is apparently enough to bust you for downloading a song, but not enough to download CP... :/
    • You have no idea and you never will unless you can find 1) evidence on a computer and 2) evidence that the suspect was using said computer at the time.

      No one is convicting based on IP addresses. But "the Comcast account at 215 Pine St was used to dl kiddie porn" is probable cause to get a warrant for the computers at that address. Probable cause is not proof beyond a reasonable doubt --- it's possible that it was a guy in a van in a laptop -- but there's still very good reason to believe that evidence will be found. See, e.g. http://en.wikipedia.org/wiki/Illinois_v._Gates [wikipedia.org]. So the idea is that IP evidence is a good 'lead' to justify further searches for ev

    • If all the info you have is that someone/something at IP 12.34.56.78 downloaded kiddie porn, that's no evidence at all.

      See:

      1: Probable Cause
      2: Personality Profiling
      3: Jury trials.

      A DA doesn't need to prove your kiddie porn habit to a geek-fandom level. He just needs to convince 12 more or less random strangers that it's very likely you traffic in child porn. And that's only if he wants to throw you in jail. If he just wants to harass you, he just needs to show a judge that IP address -- and he's got "probable cause" to bust down your door and take your PC from you. (Hell, if we're talking about a vice squad geek and not

    • by TheSpoom (715771)

      Proof is not necessary in a civil suit, and the IP -> computer link is probably enough for the court to authorize seizure and examination of the computer in question.

  • by jaymz2k4 (790806) <jaymz AT jaymz DOT eu> on Monday March 28, 2011 @09:39AM (#35638382) Homepage
    I'm often having to remind users in the office that a simple reverse lookup on our IP and there's the company name sat right there, a few clicks and you've got the building address. Go onto linked in and you've probably got half the employees full names. A lot of people forget just how much information you can get from work IP's. It's not CSI style VB GUI interface level but if you're about to go make some stupid edits on wikipedia don't do it from your office connection.
    • if you're about to go make some stupid edits on wikipedia don't do it from your office connection.

      Making stupid Wiki edits from work is far better for me than from y own IP. If our IT department was the recipient of some screed from some Wiki uber-Editor having a cow over some stupid edit, they would roll their eyes and hit the Delete key...

    • by value_added (719364) on Monday March 28, 2011 @09:58AM (#35638686)

      I remember doing a reverse lookup on my ATT (then SBC) DSL account years ago. When I discovered my name was shown (for all the world to see), I called ATT to complain and they replaced my name with "Private Customer".

      A year or so later, I upgraded to a 5 static IP account, had ATT delegate the /29 to me, and started hosting my own DNS, mail, web, etc. services. Now, a simple WHOIS not only listed my name, but my address and telephone number as well!

      Somehow, the new setup made more sense, and felt more acceptable.

  • by mario_grgic (515333) on Monday March 28, 2011 @09:39AM (#35638394)
    has written a Visual Basic application to track your IP.
    • by danhuby (759002) on Monday March 28, 2011 @09:48AM (#35638554) Homepage

      I had no idea what you meant until I saw this: http://www.youtube.com/watch?v=hkDD03yeLnU [youtube.com]

      Made me cringe!

      • And, in spite of that, their portrayal of IT is still more accurate than their portrayal of forensics...
      • by pyrr (1170465)

        That...wow. I heard the words, but it was like she was speaking a different language.

        I think some studio must have a random IT jargon generator.

        • by L4t3r4lu5 (1216702) on Monday March 28, 2011 @10:43AM (#35639444)
          The problem is that the real thing is so much more time consuming and boring. You remember one of the Matrix movies showed Trinity using nmap? It was on screen for about 0.75 seconds, because using nmap is really, really tedious if you're not into that kind of thing.

          How does this sound for action packed fun: "We need to get hold of his laptop and pull out the hard disk drive. We can then mount it as a slave and wait for 6 hours while it takes an image of the entire contents, then put it back in his laptops. From there, we can mount the image in a read only state and use a tool to brute force the encrypted partition key. It should take around 8 years."

          Or "He has a 2048 bit encryption! We need to hack all of the code walls with a GUI worm!"
          • by tnk1 (899206)

            You're right about the tediousness of certain real-life tasks, but there's no reason that they can't tell someone to get to work on it, and then move to other scenes and then come back to the computer lab 8 hours later. I mean, they seem to be able to accept that it takes time for blood test results to come back, there's no reason that they can't assume that computer results will take just as long.

            Additionally, despite the fact that it takes forever to use certain apps, like nmap, to do an analysis there c

    • by Idbar (1034346)
      Which is particularly easy when someone is using IP addresses in the 300 block.
    • by N0Man74 (1620447)

      It doesn't take a full blown VB application... just a VB GUI.

  • by EasyTarget (43516) on Monday March 28, 2011 @09:40AM (#35638408) Journal

    standard family broadband connections are often hard to locate, even to county-level accuracy

    Advertisers rarely seem to be affected by this; every time I plug my laptop in while abroad the adverts change to the current locale..

  • Sued (Score:2, Interesting)

    by Anonymous Coward

    In 1997 a company threatened to sue me for breaking into their system (which I didn't do). Due to my good contacts with the ISP at the time I was able to get my hands on 6 months worth of packet logs related to my cable modem. This was a Dutch, but American owned, cable ISP. If they were logging things to that details at the time, I doubt it has gotten any less today. If you're with one of the bigger ISP's, rest assured, your packets are safely logged.

  • Well yes and no. In the case of someone like the RIAA claiming they traced it back to a user -yes there is some room to say it's not foolproof. Far from it. But with someone like the FBI? That's not going to work. They will catch you in the act using a "man in the middle" sniffer like Carnivore to ensure the evidence chain of custody can be proved correct in a court room. Considering almost every piece of networking equipment made has LEO intercept capabilities built in, it's not hard.

  • 'In general, the accuracy of IP address tracing varies depending on the type of user behind the IP address...'

    I whole heatedly agree with this statement. This is one of the few times this has happened with a Slashdot premise.

    As a young graduate more than 10 years ago, I NATed a few of my employer's computer IPs, including the internal 192.168.X.X up to 3 levels and asked the then ISP support dude to find out what was going on. He could not, despite having the 'latest' software.

    This gives defense lawyers one item they could use to challenge the DA. Trust me on this.

  • by Coopjust (872796) on Monday March 28, 2011 @09:48AM (#35638542)
    RTFA and you see that, as many of us already know, you can get a court order to get the exact identity of the account holder, so the problem as described by the summary quote is not the real issue. Rather, just because you know the account holder does not mean that you can prove that the account holder, or whoever you have on the stand, is the one that infringed.

    Despite rear-end covering clauses in the terms of most home ISPs that state that the account holder is liable for everything that goes across their connection, most courts won't accept that. I wouldn't be willing to test it, but it's a very valid point of defense. The number of people with open Wi-Fi is staggering, and even then there are attacks which work on WEP (a ton) and WPA (GPU accelerated attacks can get passphrases in under a minute on many routers), which is the maximum security many home routers in use are capable of. That makes this point even more valid.
    • by mark-t (151149)
      While you can't prove the account holder is the one who infringed, he can likely still be held accountable for how his own internet connection is utilized... in fact, he probably agreed to something along those lines when he signed up with the ISP.
      • by Combatso (1793216)
        but that 'contract' the end user agrees to does not trump law. so there may be valid loop-holes and precedents. im not a lawyer or a criminal, so I havent got any references,
      • by rgviza (1303161)

        If the acct holder is not responsible for the activity that happened over their wi-fi, eventually they'll be cleared. The burden of proof is still on the government and they need to prove you did something. Traffic to your IP only leads them to your cable modem. It doesn't prove you downloaded anything. They still need to prove you possess(ed) whatever they are looking to nail you for. Only problem is in the mean time the feds will have confiscated every electronic device in their possession to do forensics

      • by corbettw (214229)

        Being responsible for billing purposes to your ISP is one thing; being responsible for all criminal activity that occurs on your network is quite another.

  • if they're billed, authorities can get the information, provided that they go through the hoops necessary. it's not instant and movie like, of course. even pre-paids get tied to a name when they're charged(and cellinfo is logged, for a time). so it's mainly used to find a place of evidence and then to raid that place for said evidence. it's not evidence by itself but a clue about where to maybe get evidence. by itself it's just a phone number and about as useful as that.

    of course if there's been proxying an

    • Got any significant data to back up your claim that IP geolocating doesn't work? It doesn't have to be perfect to be useful for many applications. In my own experience, it works exceedingly well.

    • by swilver (617741)

      even pre-paids get tied to a name when they're charged(and cellinfo is logged, for a time)

      When what is charged? You just pay with cash, and of course, you donot fill in the form to get "double credits".

  • You know what is even harder to identify: me sitting behind my Swedish Relakks> VPN connection. [relakks.com]

  • It's unlikely you can trace an IP back to a single user. You can, however, almost certainly trace it back to who it was assigned to, either statically or dynamically. The problem is that can be anything from a single home user to a small to medium sized company behind a NAT. Hell it could even be a large company - although they're more likely to be behind a many-to-many NAT, rather than one-to-many.

    The only place I can see you being able to track back a single user would probably be in cases where you ac

  • ...which of the 4 people living here and on which of the 9 computers (7 physical, 2 virtual) behind my NAT firewall committed the act based on the evidence you have already? Which subnet of my internal network were they using (the virtual machines are subnetted away from the rest of the network)? Is it possible that someone outside my home cracked my wireless security, joined my network, and committed the act in question?

    • by Dcnjoe60 (682885) on Monday March 28, 2011 @10:37AM (#35639364)

      ...which of the 4 people living here and on which of the 9 computers (7 physical, 2 virtual) behind my NAT firewall committed the act based on the evidence you have already? Which subnet of my internal network were they using (the virtual machines are subnetted away from the rest of the network)? Is it possible that someone outside my home cracked my wireless security, joined my network, and committed the act in question?

      If you have 9 computers in your possession, the authorities really don't care which is infringing, they are still in your possession. Subnets don't really matter, nor does your NAT firewall, as all they have to do is show that the content in question was transmitted to whatever device you have that is connected to your ISP (usually a router). That is enough to give probable cause for a search warrant (at least in the US). From there, they can confiscate said computers and analyze them looking for signs of the data in question.

      It may be possible that somebody outside your home cracked your security. You could try to use that as a defense, it wouldn't be up to the prosecutor to show that it didn't happen, anymore than they would need to show that somebody broke into your home or business and used your computer. That would be your burden to disprove the prosecutor's case. Besides, a good prosecutor would point out that if you have the smarts to create the network you have described, then you have the smarts to adequately protect it. Negligence usually is not a good defense at a trial.

      Here is an analogy for you. If you loan your car to somebody and they commit a crime with it, the authorities are coming after you. If you have an alibi, that is great, otherwise, you'd better be ready and willing to turn over who borrowed your car. Even with an alibi, if you don't want to be an accomplace, you'd better be ready and willing to turn over who borrowed your car.

      So, back to your 9 computers. If it wasn't you who did whatever, which of your family or users (depending on whether this is a home or work system) did? That is the information they will find out when they confiscate your equipment. Happens every day, all the time.

      • Good to know. Are you a lawyer, or is it because you've seen it happen, or you've been through an incident like you described? It is an honest question...

        • by Dcnjoe60 (682885)

          Good to know. Are you a lawyer, or is it because you've seen it happen, or you've been through an incident like you described? It is an honest question...

          Let's just say strong ties to law enforcement. Really can't say much more than that.

  • You should have the exact IP assignment time table from the ISPs.
    Then you need to be sure about the exact time drift among all the involved systems.
    And finally you need to be sure about the person using that vey device using that very IP.
    And even so, you still need to make sure about another dozen of constraints like NAT and open/broken WiFi access points.
    So, of course you cannot. Apart of a very limited number of cases. Very, very limited.
  • Wheneven you connect to the Internet via your ISP and they give you an IP address, they record the time you connected and your account username (or cable modem's MAC address which can be traced back to your billing account). All, all someone needs is your IP address and the time the offense took place (has to be a specific time frame) and all the ISP needs to do is look in their database of addresses they gave out and they have you.

    Yeah, you could have an open WiFi router but usually the company attempti
  • by ledow (319597) on Monday March 28, 2011 @10:17AM (#35639004) Homepage

    Can you trace the final connection endpoint (i.e. the part that contacted the observed target as the last link in the chain)? Yes. Even if they fake the IP you *could* in theory do work to discover where that connection originated from. This assumes greatly that the IP you recorded isn't forged, random or nonsense and that you haven't just been "given" a list of IP's from a third-party who didn't do the correct analysis to determine where those IP's are gathered from.

    Can you get from an IP to a physical location? Almost certainly. Usually to the campus, home address or business telecoms line that the IP is associated with. But it will be the IP of the other endpoint of the connection, not necessarily the origin of the user's actions. E.g. proxies, hacked routers, etc. And even that can be extraordinarily tricky to arrange over international borders.

    Can you trace back through proxies and other hindrances to get to an actual connection origin. Yes. Doubling the work necessary at each stage and if you can force physical access to each of those origins in order to trace back where the source came from.

    Can you get from a confirmed IP-packets physical origin to an actual person? Depends. Not automatically, and probably not at all without an admission of guilt or other concrete evidence and almost certainly it would only be "coincidental" rather than anything else (otherwise it would be like arresting everyone who used an Acer laptop because the connection originated from an Acer laptop)

    Can you do "hacker-work" to knock on the door of Hacker 1 who lives in an uncooperative country who was trying to hide their tracks (i.e. someone you actually WANT to trace using police resources and raiding datacentres)? Probably not.

    Can you do some simple police investigations to get from an abusive IP address to a home address that you can raid for more evidence in a co-operative, or your own, country (i.e. someone stupid enough to do something incredibly illegal and traceable from their home Internet connection)? Yes.

    Can you then prove it was them that used that IP? Not without taking their computer and ISP logs and all sorts of other evidence and doing a full "ordinary" investigation.

    Can you determine who random user X was who piggybacked on a wifi connection that you *can't* prove the owner used himself but can only trace to that IP? Not without some other evidence (e.g. spotting the car that was sitting outside).

    Can you tie an IP address on the general Internet to a single person unequivocally? Not to the standard of any court that I know, no.

    Can you tie an IP address on the general Internet to a single person enough to make you suspicious. Usually - yes.

    Will it stand up in court? Not without a shit-ton of other evidence that's much more convincing.

  • No they can not (Score:5, Informative)

    by Charliemopps (1157495) on Monday March 28, 2011 @10:25AM (#35639156)
    Having worked for several large ISPs in their "Copyright infringement" department (ironic I know) I can tell you that no, tracing an IP address back to its original user is not likely and shouldn't be admissible in court.

    The way the system works is this:
    The ISP gets an email claiming copyright infringement on a certain date and time by a paticular IP.
    It's important to note, the ISP has no way of verifying any of the following:
              The email came from the person it's claiming to come from
              That person is the copyright holder
              There is even a copyright on the file in question
              The person sending the email did anything to confirm what they were downloading was a copyrighted file (is batman.zip the new or fan fiction?)
              The ISP can not even confirm that anything at all was downloaded.
    The ISP then takes the IP address provided and the time claimed and compares this to their DHCP server and looks for lease statements before and after the time the file was claimed to be downloaded. So if the complaint was at 10pm and we had that IP time stamps at 9:30pm and 11:00pm for Jim, then Jim gets a letter.

    As you can imagine there are all kinds of holes in this. There are a zillion and one ways that could be inaccurate inside the ISP alone. This doesn't even include all the failures on the part of the copyright holders. We had one that was so inaccurate they were sending us multiple complaints on a daily basis against IPs we hadn't had leased out to anyone for days surrounding the times of their complaints. We made repeated inquiries with the "Company" to try and clarify their problem. But in the end just blacklisted their email accounts. We had other incidents in which the complaint was that the user downloaded a dozen or so movies... but a quick check of their usage logs showed they were using less than a couple hundred meg a month.

    It was clear that the copyright holders were using automated scripting software to flood us with complaints with no real checks and balance on their part and then expected the ISP to do the heavy lifting when it came to investigation.
    • Big thanks for the info.
  • by gordguide (307383) on Monday March 28, 2011 @10:47AM (#35639506)

    Users of standard home IPs (via ISPs) are neither completely, or even significantly, anonymous nor identifiable. The line is grey and moves, possibly by the minute.

    However, the article refers to two legal situations, and doesn't discriminate between then sufficiently. With regard to a lawsuit, the test is often stated as "a preponderance of evidence" while when the article referred to a police investigation, it's often described as "beyond a reasonable doubt". The two are not interchangeable.

    The copyright lawsuits that the article refers to are probably attempting to show "enough" evidence to get a settlement or a judgement. Taking the evidence collection to the point the police would want would certainly be an asset to the case and would probably be in the "lead pipe cinch" category, taking into account the lesser evidentiary need.

    Without that ... well, they will certainly try to get the judge to agree with them. It may be enough in some cases ... we have a few examples where a Judge or Jury in a civil suit did accept it ... but at the same time by itself it's also probably grounds for appeal as well.

    With regard to even national-level geolocation, occasionally at work, due to remoteness, I connect via a sat feed. When I'm on that feed I'm in the arctic; when I see certain ads while browsing and those ads include a city or region as part of the targeted ad, they think I'm in New York state (which is where the ground sat link is with the ISP we happen to use).

    But, there are probably cases where there is strong evidence, similar to a corporate IP address ... for a few dollars a month, I could have a static IP at my ordinary (home) ISP as well (although it's dynamic currently). So, it's neither here nor there ... it will vary depending on the unique circumstances of the case.

    Essentially, that's also what the judge quoted in the article says ... he's hinting that he would be willing to accept the IP as part of the evidence provided there was corroborating evidence to back it up; otherwise not good enough by itself.

  • All ISP's keep logs. Knowing the IP immediately identifies the ISP. From there it's just a petition away to find the account/modem MAC that was using that IP at that time.

    Proving exactly who was on the computer at that time would be impossible. But you could easily narrow it down to the household.
  • Surely the validity of any evidence citing party x having IP address a.b.c.d at time t comes down the accuracy of the clock on the server that logged the IP address allocation.

    How do you prove in court that clock on a logging server was correct.

    I don't think you can.

    • by gknoy (899301)

      How often is the timestamp off by enough to matter? Wouldn't that mess up network traffic that those machines stamp, and thus have been already fixed by the ISP?

  • Even though I have a dynamic IP, it's effectively static since it hasn't changed in 9 months, so if someone asked Comcast who my IP belonged to, Comcast could say with quite some certainty that it was me.

    But, I wonder what would happen if I was running a public access point (aside from facing the wrath of Comcast since I'm sure it violates their ToS) - could I blame any illegal activity on my "customers"? How can I shield myself from liability from actions by my users?

  • Isn't it harder with dial-up and open wifis?

...though his invention worked superbly -- his theory was a crock of sewage from beginning to end. -- Vernor Vinge, "The Peace War"

Working...