Judge Orders Piracy Trial To Test IP Address Evidence 321
another random user sends word of a case in Pennsylvania District Court in which Judge Michael Baylson has ordered a trial to resolve the issue of whether an IP address can identify a particular person. The plaintiff, Malibu Media, has filed 349 lawsuits against groups of alleged infringers, arguing that getting subscriber information from an ISP based on an IP address that participated in file-sharing was suitable for identification purposes. A motion filed by the defendants in this case explains "how computer-based technology would allow non-subscribers to access a particular IP address," leading Judge Baylson to rule that a trial is "necessary to find the truth."
"The Bellwether trial will be the first time that actual evidence against alleged BitTorrent infringers is tested in court. This is relevant because the main piece of evidence the copyright holders have is an IP-address, which by itself doesn't identify a person but merely a connection. ... Considering what's at stake, it would be no surprise if parties such as the Electronic Frontier Foundation (EFF) are willing to join in. They are known to get involved in crucial copyright troll cases, siding with the defendants. We asked the group for a comment, but have yet to receive a response. On the other side, Malibu Media may get help from other copyright holders who are engaged in mass-BitTorrent lawsuits. A ruling against the copyright holder may severely obstruct the thus far lucrative settlement business model, meaning that millions of dollars are at stake for these companies. Without a doubt, the trial is expected to set an important precedent for the future of mass-BitTorrent lawsuits in the U.S. One to watch for sure."
Hopefiully... (Score:2)
Responsibility? (Score:5, Insightful)
An IP address will identify a connection, that someone is responsible for.
There is plenty of cases of Person A committing a crime or getting into an accident, using something from Person B, and Person B getting into trouble as a result.
Re:Responsibility? (Score:4, Interesting)
Sure. The ISP is responsible for that IP address, and has bigger pockets than some individual subscriber - so why not go there? ISPs have fought long and hard to not be considered "common carriers," so that would be just desserts.
Re: (Score:2)
Which of course now they are actively trying to throttle and monitor traffic.
Re: (Score:2)
for the same reason that a car company won't get blamed when someone drunk drives, but the establishment serving the drinks (or in some jurisdictions, the bar tender) will be.
Re:Responsibility? (Score:5, Insightful)
Now whether the laws should even exist in the first place, is a whole other matter. IMO no, but that is off the subject, the discussion isn't on whether the law is right or not, but on whether just sniffing trackers for IP addresses, is enough to fairly judge someone guilty. My view on that is absofrickinlutely not.
Re: (Score:3)
Forced entry into a car, the police will likely look at as a stolen car and whatever the crime is.
And today's lesson, kids: Next time you rob a bank, throw a brick through your car window!
Plausible deniability. Good enough for presidents, good enough for us.
Re: (Score:3)
Re: (Score:3)
Of course open wifi, is more akin to leaving the car on the street, door open keys in the ignition, that could be negligence.
How can open internet connections in any way be considered negligent? It's fundamental to the business plan of any internet cafe. Equally as important as selling coffee that cost 15 cents to brew for 5 dollars. And btw, my local library also offers it as a public service. For free
Re: (Score:2)
But this is a civil lawsuit, not a criminal investigation.
Re: (Score:2)
Re: (Score:2)
so that makes it unlikely that the person is going to be held liable for the criminal action of another as the basis.
Why take a chance on that? Secure your network or else pay someone else to do it for you, preferably through a registered business, and save the receipt.
Re: (Score:2)
why?
negligence, in some cases, should be considered criminal.
Re: (Score:2)
Right. If you leave your car's emergency brake off on a slope, and it rolls down and kills someone, you're responsible for that person's death. Of course, they'd have to prove that you were the one who parked the car badly. Now, what's the equivalent analogy for an open WiFi connection?
Re: (Score:2)
your router, your connection, your responsibility.
If you leave your wifi open, you do not suddenly become a common carrier yourself.
If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?
Now, that said, we have to look into the grey areas. Should a company be held responsible for an employee that uses their internet connection for bad things? What about a cafe
Re:Responsibility? (Score:5, Insightful)
The Internet is meant to be open and free. You clearly oppose that because you believe that it's easier to adopt a Tough On Crime mentality than to do some actual police work. It's much easier to just throw your arms up and say "I don't know who did this, so we're punishing you!" than to accept that you can't get all the 'bad guys'.
If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?
If normal people can't get away with it, businesses shouldn't be able to, either.
Re:Responsibility? (Score:4, Insightful)
Saying "I don't give a shit who did it, it came from your internet" is a powerful motivator for people to clamp down out of fear.
And that suits the authorities just fine. They don't want upstart outspoken free speech yahoos providing TOR exit nodes anyway. They WANT you to help them censor things, and if they can make you do it by holding you responsible for other people's crimes just because they borrowed your internet to do it they will.
And learn your place you dirty fucking peasant...because businesses are in charge and they get things you don't. So suck it up.
I am of course being sarcastic on the last one, but cracking down on people that only provided the internet connection is not entirely based on ignorance. Many don't care, and are happy to force you to do their work for them.
Re:Responsibility? (Score:4, Insightful)
So if I leave my car unlocked or even my keys in my car and someone comes along and uses it to rob a bank I should be partially responsible?
Doesn't pass the smell test.
If you swap out car for tank and robbing a bank for rampaging through San Diego then it looks more like criminal negligence.
I'm thinking a misdemeanor at most for leaving a wifi connection open. That's still stretching it.
Re:Responsibility? (Score:4, Informative)
Re: (Score:2)
So how is McDonald's not legally liable for anything and everything somebody does while on their open, free, unauthenticated WiFi network?
Re: (Score:3)
They would be... if it happened often enough to be noticed. That doesn't seem to be the case so far, however. Probably because (most) people who use McDonald's free wifi don't generally stay there for hours and hours to surf the 'net. The general case is that people are usually there to get food, and may only browse online while they are eating there. When they are done, they get up and leave. Not a whole lot of time for crime committing, overall. Of course exceptions to this can and certainly do ha
Re: (Score:2)
While YOU certainly know how to secure a router, not everyone does. Anyone, even someone with no tech knowledge (no license required to drive the Internet) can go to the store and buy a WiFi router. Which they set up. And maybe it tells them how to secure it and maybe it doesn't. If they don't, someone can drive by and steal their connection. They can abuse copyright (a civil matter)
Re: (Score:2)
Re: (Score:3)
If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?
Why should I take any responsibility for it? The person committing the crime is the one responsible. Not just for the "primary" crime, but also for the crime of ILLEGALLY using my wifi connection.
And if I had secured my router, they would have just gone down the street to McDonald's and grabbed some free WiFi there.
If some douchebag steals my shit, that makes me the victim, not the criminal.
Re: (Score:2)
Only intentional and willful negligence leading to the harm of actual people where the negligent party had reasonable cause to suspect that might happen. Creating the potential to hinder the copyright cartels and police state from positively identifying and tracking an individual and their actions is a far cry from harming real people.
There is no physical harm that directly results from the use of an internet connection. A killer could rig up some kind of click to kill site to a machine or something but I d
Re: (Score:3)
There is no physical harm caused in counterfeiting currency either.
Just sayin'.
Re: (Score:2)
That's not a good example, because there should be physical evidence and witnesses of the person who committed the crime inside the bank. That is additional evidence and information that either reinforces or weakens the case against the car owner.
In this case, I think a better example is if you have a car that several family members and a few neighbors can use. You simply leave the keys in the car all the time so those people can use it at will. Late at night someone takes your car (it might be one of th
Re: (Score:2)
The prosecution would have to prove that you loaned them the car knowing they intended to rob the bank. Otherwise you are just another victim.
Re: (Score:2)
If you loan them your car then you're an accessory to the crime.
No you are not. If you knew that he is going to rob a bank and still loaned him the car, then you are an accessory (for obvious reasons).
Re: (Score:2)
If you loan them your car then you're an accessory to the crime.
Only if the prosecution can prove the owner knew what they were going to use the car for.
Re:Responsibility? (Score:5, Informative)
No, you aren't, or at least not in the U.S. You are only an accessory if it can be shown that you had actual knowledge that the person who borrowed your car intended to rob a bank. If someone asks to borrow my car and then, without my knowledge, uses it to rob a bank, I am not an accessory.
Similarly, you are only an accessory if you knew that loaning him or her your car would help him or her in committing that crime or evading capture in some way. If somebody tells me he or she is thinking about robbing a bank and then, in a separate conversation, asks to borrow my car to go get milk, I am not an accessory even if he or she then robs the bank using my car.
You have to have not only knowledge of the crime, but also intent to aid in the commission of the crime.
Re: (Score:3)
It can help. (Score:5, Insightful)
It can definitely negatively identify a person - if the public IP is different it wasn't you doing it (assuming you weren't using that public IP
If the download was made by the IP of your internet connection at that time, then it's evidence that something using your connection was doing the downloading. If they find other corroborating evidence that it's you - e.g. the downloaded file is on your computer, in your personal folders, shows up in your download history, the computer is not normally shared, there's no malware or remote control software, then it's likely to be downloaded by you.
But an IP sure isn't sufficient alone in itself. The **AA probably want it to be like a car license plate in certain countries - where if a camera takes a picture of a car breaking a traffic speed limit, that has the same plate as your car, looks like your car, then they expect you to either pay the (usually smaller) fine or identify the person responsible so that they can do it. Or challenge it in court and pay the full fine.
However in this case they want huge fines and the fines to go to them
Re: (Score:2)
So, what about this:
I can change my IP address to anything I want. Sure, if it's in use, there will be collisions and what not, but if I get lucky, it's unused. But from the standpoint of the argument, which IP address does my ISP think I have? The one I got via DHCP from their servers? Or the one I manually set (assume it's still one of the ISPs pool of numbers and I got lucky with one that was currently free). Also assume my MAC address is spoofed to BEEFCAKE or what have you.
Re: (Score:2)
Re: (Score:3)
The first address is the network address and cannot be used.
The last is the broadcast address and cannot be used.
This leaves one unused address in your case, which may well be a local address for the router or some other ISP use.
So basically, you have the 5 addresses your ISP can/will give you.
See http://www.aelius.com/njh/subnet_sheet.html [aelius.com] for details on subnets.
Re: (Score:2)
Re: (Score:2)
So in other words, really it CAN'T negatively identify a person. There is nothing to say John didn't visit Harry and use Harry's router to download. It can't positively identify, and it can't negatively identify. It can't identify SHIT. Not by itself.
Exactly like you said, it is merely a piece of evidence which MAY, combined with other evidence, combine to acc
This is still an issue? Are you KIDDING?! (Score:2)
Big problem? No. (Score:5, Interesting)
This isn't the smoking gun you might be thinking it is. Until now, most piracy claims have been prosecuted under the idea that infringement must be willful. In other words, the prosecution has to prove intent. If you accidentally download, or stumble home late one night and while fumbling for the lights, happen to push the "download 300 gigabytes of copyrighted porn" button, intent is not satisfied. Of course, it's pretty hard to prove intent looking at network traffic -- how can you tell the difference between an action initiated by a human, and an action initiated by a computer program? Even if you can prove it's a human, can you prove which one? Digital forensics is still in its infancy, and it has clear and compelling limitations.
That's why, (drum roll please), we have crimes of strict liability. For example, possession of stolen property. Doesn't matter if you knew it was stolen. Doesn't matter if you checked all the registries for stolen products, the serial numbers -- there is simply no defense in cases of strict liability. It was found on your person or on your property and ta-da, guilty. I'll let someone with a more legal background get into why this is bad if they want in a reply, but short answer: Yes, it's abused. No, it won't stop anytime soon. This is what file sharing is moving towards -- you no longer have to prove intent, the act itself is now grounds to throw you in prison or fine you more than acts of major depravity, terrorism, murder, etc., would net you. Again, not how strict liability was sold when it came out, but that's how the way the doughnut's rolling these days.
What I'm getting at is that IP addresses might legally become evidence that the account holder did it... or it may not. But either way, it's still probable cause to search your computer, person, property, etc., and if they find ye ole pirate treasure, you're going to be just as screwed. And as a bonus, if you encrypt it or otherwise protect it from being searched, odds are good they'll tack on additional criminal charges as well, or simply hold you in contempt of court, which means indefinite jail time without appeal, trial, etc., for failing to surrender the encryption keys... even if you can prove a sudden case of total amnesia and are now a glorified vegetable who's main mode of communication is drool, you might still be rotting in jail the rest of your life.
God bless America.
Re: (Score:3)
That's why, (drum roll please), we have crimes of strict liability. For example, possession of stolen property. Doesn't matter if you knew it was stolen. Doesn't matter if you checked all the registries for stolen products, the serial numbers -- there is simply no defense in cases of strict liability. It was found on your person or on your property and ta-da, guilty.
At the Federal level, knowledge is required for a guilty verdict.
At the State level, your mileage may vary.
You must live in one of those asshole States where proving knowledge is not required.
FYI - Receiving is what happens when you get something you know is stolen.
Possession is what happens if you find out, after the fact, that you got something stolen.
Not all States make this legal distinction or they do, but it's covered under the same law.
And, as with many things under the law, being really really drunk
Re: (Score:2, Interesting)
Must be one of those angry overweight ugly lesbian cunts the FBI uses to infiltrate other groups of ugly overweight ugly lesbian cunts.
I know I'm breaking rule #1 of Slashdot: Don't feed the trolls. Buuut... it's late, I'm bored, somewhat drunk, and still fabulous. First, not overweight or ugly. Second, I'm bi, but my last two relationships have been lesbian. Third, I prefer the term bitch, not cunt. I reserve that word for people who have done worse to me than making an internet post on some website only known to a fraction of the population. As far as being used by the FBI, nope -- that's what PETA is for. Didn't you get the memo? Us cun
Re: (Score:2, Funny)
Every now and then, beating an anonymous coward to a pulp is carthetic.
No, the Kia Soul is carthetic.
Re:Big problem? No. (Score:4, Funny)
"download 300 gigabytes of copyrighted porn" button
They've simplified that to a single button? Thank goodness for progress.
Only now, at the end, do you see the true power of the Facebook 'Want' Button [slashdot.org] plans.
Nope. (Score:3)
It can't identify a specific person. At all. The pigeonhole principle proves it irrefutably, since there are 4 billion possible IP's, but roughly 7 billion people on the planet. It is therefore impossible for an IP to uniquely identify an individual.
Although admittedly that particular argument isn't valid for IPv6... it's still true for a vast majority of IP addresses right now. Even under IPv6, however, it will probably still be the case unless (or until) we start directly associating unique IP's with particular people regardless of what kind of device they are utilizing, you still won't be able to associate an IP address with a particular person. At best, you can get only the subscriber who leased that IP. This may or may not be the individual, but an argument can be made (one that I don't fully agree with, but can see some valid reasoning behind) that a subscriber could be held accountable for activities on his or her subscription that they ought to have had the ability to supervise and approve of.
Re: (Score:2)
The inevitable car analogy... (Score:2)
ISP have messed up ip tracking as well metering (Score:2)
ISP have messed up ip tracking as well metering so what a ISP says may not hold up in court.
There lot's of old cases of that hear on Slashdot.
a trial is "necessary to find the truth." ??? (Score:3)
a trial is "necessary to find the truth." ???
Wouldn't an experiment or a demonstration be more in order?
Or is that what the trial is to consist of?
all the best,
drew
Re:IPs parallel the discoverable world (Score:5, Insightful)
Re:IPs parallel the discoverable world (Score:5, Insightful)
Your DNA can get nearly anywhere very easily. If you get unlucky, you could be framed for a crime or at least it will appear that you did the crime.
DNA isn't as accurate as some make it out to be.
Re:IPs parallel the discoverable world (Score:5, Interesting)
Not only that, but the current testing methodology is questionable. Instead of matching the whole DNA sequence, they use a series of markers that a private company decided uniquely identifies a person. There is no evidence to support this. The statistical probabilities given that someone has the same DNA are based on the completely unsupported assertion that there is no genetic relation between these markers.
Not too many people have katana's, not too many people keep chopsticks in their silverware drawer. So you could argue that someone having both these things makes it highly unlikely the suspect is the killer. In reality, I'd venture most everyone with a katana also has chopsticks. Having both is slightly more statistically unique than having one but it is nowhere near as distinct as the individual probabilities of having these items would suggest. The same may well be true of these markers or of certain value combinations of them.
I wouldn't buy something based on a companies claim of statistical success because it is too easy to use selective information and to spin results. Why are we using this same kind of data to send people to prison.
Re: (Score:3, Interesting)
Instead of matching the whole DNA sequence, they use a series of markers that a private company decided uniquely identifies a person. There is no evidence to support this.
What private company? And nobody has asserted that it matches a unique person, but that it's a 99.something% match. Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error. But that's great reliability. If you run it against the top 10 suspects, then you have better than a 99% chance it's the one that you got the match on. That's
Re:IPs parallel the discoverable world (Score:5, Insightful)
The DNA tests are fine. The problem is that too many people watch CSI and don't know what statistics mean.
While 100% accurate, the problem is that part of these "too many people" are the police, the judges and jury.
What private company? And nobody has asserted that it matches a unique person,
Ahem ahem ahem.
I'm sorry, I was caught by a sudden cough. Do continue...
but that it's a 99.something% match. Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error. But that's great reliability. If you run it against the top 10 suspects, then you have better than a 99% chance it's the one that you got the match on. That's enough for a conviction, in most cases.
Yes, I completely agree. Unfortunately, while you show much clue in the field of statistics, you show very little clue in the field of human behavior.
DNA is routinely used, not to narrow down the suspects pool, but in order to find the suspect to begin with. That is why DNA databases are so lucrative for law enforcement. Quite often, a finger gets pointed at someone because police already had his DNA for an unrelated reason. As I'm sure you understand, this kind of use is precisely the kind where GP's concerns are justified.
Shachar
Re:IPs parallel the discoverable world (Score:5, Informative)
Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error.
No you won't. There are 13 standard Loci with something like 10 Alleles or more at each marker. So that is something like the chance of a "random" match as one in 10^-12. This is both correct and wrong. First many of these 13 markers have more than 10 alleles and the provability is closer to something like 10^-15. Its wrong in that its not random, you share about 50% of these markers with your father for example. Even population wide this does reduce the randomness. Then there is a birthday paradox. But that does not apply in this case since you are matching the database to a given profile. So with 7 billion humans in the database, chances are that there is just one hit. Not millions. You would be very lucky to get more than one.
When comparing to a 100 suspects that are not related (remember the profile will tell us if they are related.) You are more like 99.99999999% sure. Even far more than that.
Yes this is directly related to my day job.
Re:IPs parallel the discoverable world (Score:5, Informative)
"When comparing to a 100 suspects that are not related (remember the profile will tell us if they are related.) You are more like 99.99999999% sure. Even far more than that. "
Wrong. The reliability of the person doing the testing accurately is not anywhere near 99.99999999% or even 99.999% and represents the absolute maximum assurance the test can provide. That is comparable to saying something weighs 1.34545g when your scale is only accurate to +/- .1g.
The lack of randomness does not make DNA profiling a better indicator, it skews the odds the other way. It proves that there are relationships in these markers. If I have a one byte binary number you can say that there are 2^8 possible numbers so the chances of a randomly picked number matching mine are 2^8. But the moment that number has a meaning the uniqueness of the indicator drops. If it is human readable English text then there are only 96 possibilities and my random selection now has a 1 in 96 possibility of matching. If it was a "random" keypress the odds become much better and a simple number can no longer express the odds because some numbers are more probable than others, for instance if my random key is a home row key the odds are dramatically better than 96 to 1. More like 20 to 1 and even within the home row some keys are more likely than others.
The point being, while we suspect these markers are very unique, there definitely have not been any studies on a sample set nearly large enough to assert a 1 in 99.99999999% probability with any degree of confidence. Those type of odds assume there is no relation between these markers and any relation can drop the real probability by several orders of magnitude.
Re: (Score:3)
If I remember correctly there are actually two companies that sell almost all DNA testing supplies to crime labs in the US and they pick the genetic markers that are used. So while DNA profiling is not specifically tied to a single set of markers dictated by a private company, that is the practical result.
That probability you speak of is based on the assumption that the DNA markers being used have no correlation. That assumption is not factual. And 99% is nowhere near enough to meet a "beyond a reasonable d
Re:IPs parallel the discoverable world (Score:5, Funny)
But at least DNA doesnt change every 2 weeks.
Re: (Score:2, Interesting)
But at least DNA doesnt change every 2 weeks.
Logs will show who had which IP at which time. This is a non-issue.
I want to believe the court will rule that IP addresses don't prove which person used the equipment which held the address. It is consistent with how we treat cars, license plates, and drivers. Your plate is not enough for say a traffic offence, because you may not have been driving.
But I just can't justify faith in the system anymore. Honestly if I was going to bet a large percentage of my money on this, I would bet on the most au
Re: (Score:3)
Actually if you can reasonably show you are unaware of who was driving, you CAN return the NIP (notice of intention to prosecute) with said information.
Maybe, but that is contrary to the information they provide on the NIP.
1) Not receiving the NIP in a timely manner - usually receipt outside of 14 days will be accepted here
Untrue - I received an "intent to prosecute" (or whatever they call the one you get if you don't respond to the NIP) a few years ago. I had never received the NIP, so I challenged them. They resent the NIP and gave me an extension, but they flatly said that this was a good will gesture and that legally they are deemed to have served the NIP if they have proof of posting. If the Royal Mail lose it, tough shit, you're still in the wrong
Re:IPs parallel the discoverable world (Score:5, Funny)
People can share IP addresses, but only twins share DNA?
Eww, incest is gross.
Re: (Score:2)
NATcest is best!
Put your router to the test!!
Re:IPs parallel the discoverable world (Score:4, Funny)
Re:IPs parallel the discoverable world (Score:4, Interesting)
People can share IP addresses, but only twins share DNA?
http://en.wikipedia.org/wiki/Chimera_(genetics)#Human_chimeras [wikipedia.org]
Re: (Score:3)
Re:IPs parallel the discoverable world (Score:5, Insightful)
Yes you can. You can easily 'hijack' DNA from someone and plant it at the scene of your crime. Hair clippings, skin flakes, spit. You could even use it to commit the crime if you so desired, but you'll need a fair bit of hair to choke a full grown man. Could be fun though.
Re: (Score:3)
Usually, DNA is enough to strongly link a person or persons to a scene, just like usually an IP is strong enough to link a person or persons to a scene.
Whether there's anything more than a correlation between those links is part of the job of law enforcement and the judiciary to sort out.
There are also many cases where there are strong doubts regarding the link between DNA or IP and a person being more than happenstance in a given situation.
The analogy is far better than many seen on Slashdot.
Re:IPs parallel the discoverable world (Score:5, Interesting)
The problem is NAT and DHCP, for which there are no parallels for with DNA.
NAT means that multiple individuals can share a single public IP, and short of the home router having logs, there is no way to differentiate between the computers behind the router based on their public IP.
DHCP means that not only might someone else have had your IP yesterday, but you might not even have your IP tomorrow, and the private IPs behind the NAT will likely shift as well.
Combined, the two of them MIGHT make an IP address sufficient for probable cause, but definitely not as a unique identifier.
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
Usually, DNA is enough to strongly link a person or persons to a scene, just like usually an IP is strong enough to link a person or persons to a scene.
Except that in this case, the plaintiff likely presented only a list of IP addresses, dates and a name of a torrent. I can create a list like that in a few minutes using Excel and the "RAND()" function. The relatively strict rules that apply to collection and custody of evidence like DNA samples is nowhere to be found in these copyright cases.
The whole point of these cases is not to go to trial, but rather to get a payout with little expenditure of money. Most of the firms that are pursuing these sorts o
Re: (Score:2)
I can't hijack your body and use it to commit a crime that can be traced back to you through DNA evidence.
You are right. YOU can't do it. You are so lame.
Re:IPs parallel the discoverable world (Score:5, Funny)
I see you still can't hijack their bodies, and need to use technical measures.
Please return your evil overlord card.
Re:IPs parallel the discoverable world (Score:5, Informative)
MAC authentication is absolutely, literally, worthless from a security standpoint if you are using WPA2. Anyone who has the capability to crack WPA2 will necessarily have the ability to impersonate your MAC-- it is, I believe, a requirement to mount an attack against WPA2 in the first place. The fact that you have MAC auth turned on would probably not even be noticed by an attacker, and if it were, it would take all of about 5 seconds to get around.
Re: (Score:3, Interesting)
My old wardriving rig had a new MAC address from a randomly selected vendor every time it booted up. Hell, the only consistent thing about it would've been the fact that it intentionally excluded two of the medium-common vendors -- one being its own, the other being an extra exclusion to not be blatantly obvious if it was ever tracked.
It's a basic command that can be ran on nearly any decent linux system that doesn't have a completely crap card.
MAC filtering is about as valuable as locks on car doors -- ex
Re:IPs parallel the discoverable world (Score:5, Insightful)
From the comfort of my living room I can connect to no fewer than 6 access points that don't belong to me. 2 more if I wanted to take 5 minutes to crack a few WEP passwords. If I had a mind to I could use them to download movies, music. If I really wanted to cause trouble there are plenty of worse things I could do.
There would be absolutely no way to trace that activity back to me, and the people taking the blame would be guilty of no other crime than not understanding how networks operate.
Spoofing another person's DNA would be *slightly* more challenging.
Re: (Score:3)
and the people taking the blame would be guilty of no other crime than not understanding how networks operate.
Actually, they may understanding completely how networks operate, but have a device that requires the use of WEP (older wifi-enabled printers, anyone?). Don't assume that because something isn't secured to some arbitrary amount that the person who secured it was uneducated.
Also, there is some data left behind that could link it to you: Until the router is rebooted, it will probably maintain an ARP record (if not also a DHCP lease) in the memory of the device. That record will contain the MAC address of you
Re: (Score:3, Insightful)
ARP records are flushed periodically, and arent really meant for logging. Theyre stored in RAM in basically every OS AFAIK, and would be lost on reboot. ARP records would NOT contain your computer name-- only IP and mac-- but thats not even foolproof. While the MAC address of a NIC can be tedious to alter, it is absolutely trivial to poison an arp cache so that bogus information appears in the cache.
The idea that ARP caches have been used to bust people I find rather hard to believe, since ARP is a layer
Re:IPs parallel the discoverable world (Score:4, Informative)
While the MAC address of a NIC can be tedious to alter
1.) Boot a backtrack iso
2.) Run macchanger -r eth0
There you go, you're now operating under a randomly generated MAC address.
Not too tedious, IMHO.
Re:IPs parallel the discoverable world (Score:4, Informative)
Re:IPs parallel the discoverable world (Score:4, Insightful)
ARP records would NOT contain your computer name
*facepalm* I also mentioned the DHCP lease data, which would. You missed that.
The idea that ARP caches have been used to bust people I find rather hard to believe, since...
Since you can't imagine a death threat being sent and then the secret service not showing up ASAP? You think they just sit around going "hmm, should we deal with this now, or after tea and crumpets?" No -- their response time is in hours. It's a job requirement that their sense of humor be surgically removed. The ARP data will likely still be in RAM, and yes, you crack open the device, and then remove the ram (or hook clips up to the debugging ports, etc., while it is powered on), chill it, and transfer it to a reader device to extract its contents. This is not theoretical: This has been proven, the people who wrote TrueCrypt describe this particular attack in great detail in their disclaimers and limitations documentation.
And yes, there are workarounds, there are always workarounds... But are dozens of things you need to do to cover your trail, and each of those things that you do reduce the pool of potential suspects. As well, you aren't considering the other evidence that may be available -- a witness to your car being parked outside a few hours before the guys with shotguns showing up, for example. The home security camera on the neighbor's house you didn't notice. The ANPR system of the gas station you drove by on the way to the street you parked outside of. The list goes on.
Only layer 3 information survives, and only until it hits a NATting router at which point that, too, is stripped.
Yes, congratulations, you have a basic understanding of protocols. But you apparently don't understand implimentation of them in hardware, software, and firmware very well, and you're even worse at looking at the total system -- which includes things like statistical analysis, looking at words and speech patterns, timing delays in the data, other data your computer may accidentally chirp (like windows update, which sends a GUID). There's a hundred ways they can hang you -- and you only need to screwup once. Even NAT leaves traces in memory -- All it requires is a single missed ACK during the close of a TCP session, or sending any UDP data, and the state table data may remain there for minutes, hours, even days. Many NAT implimentations in firmware have problems with memory leaks caused by faulty code. Guess what's in the leak?
Cases where people are busted tend to involve ISPs who can pull up logs of who owned what public IP, and that then leads to a warrant which allows a physical search, leading to incriminating evidence on the home computer. But in the absence of such evidence...
All ISPs are required by law to store that data; They have had to for years. Also, the government has been consolidating existing wiretapping efforts into a supermassive data center intended to store detailed and comprehensive records of all communications on the internet domestically. They don't necessarily need the ISP's assistance -- though it may speed up the execution of a search warrant.
Yes, the 4th amendment still applies, but that doesnt mean a warrant cannot be issues. The 4th amendment specifically lays out circumstances in which your "right to be secure in person, houses, papers, and effects" may be violated.
You made a terroristic threat. Maybe you missed the memo, but since 9/11, all you need to do is mention the word 'terrorist' and you have no civil rights. They're detaining people in Guantanamo and elsewhere in the world without trial or charges being brought against them. A guy who merely accidentally bumped into the President spent several months in jail without a trial just last year. A government that has spent many trillions of dollars and bankrupted itself to protect against terrorism is not going to be held up by some internet critic's interpretation of the fourth amendment. The word "unreasonable" will be made to be amazingly elastic if you decide to attempt the aforementioned crime.
Re:IPs parallel the discoverable world (Score:5, Interesting)
The MAC address is only available on the home router. Home routers tend not to log this kind of information, because it would involve infrequent writes of small amounts of data to flash storage, which is a really great way to make it fail quickly. So in pretty much any case where the network wouldn't be secure, there would be no record of the MAC address.
Also, it's trivial to spoof a MAC address. E.g., just run bittorrent in a vmware virtual machine, and then blow it away when you're done—evidence gone, and the log will show that you are innocent.
The bottom line is that trusting IP addresses as personal identifiers is a really bad idea, which causes a great deal of social harm for a very small social benefit.
Re: (Score:3)
Some routers/firewalls do log the MAC address, so they COULD trace it back to you.
Bullshit. If I was going to use someone else's Internet connection for illegal activities, don't you suppose it might be a good idea to take 2 seconds to run a script that will switch me to a randomly generated MAC?
The only way to get caught would be for someone to pin down the radio signal while the connection was in process. Once the activities were complete, there would be no traceable evidence to be had.
Re:IPs parallel the discoverable world (Score:5, Informative)
In fact, if a person wanted to be really nasty about it, the following would be trivial to do:
1.) I passively monitor your WLAN in the evening.
2.) In the morning you leave for work, taking your laptop with you.
3.) I assign YOUR mac address to my pc and go about my illicit business.
Police come knocking on your door, check log files if your router has them, and right there in the logs is YOUR mac address from YOUR laptop correlated with the illegal activity.
Anyone who understands wireless networking, even a little, should know that the thought of an IP address being considered legal proof of identity is an absolutely TERRIFYING concept.
Re: (Score:2)
Re:IPs parallel the discoverable world (Score:4, Insightful)
In fact, if a person wanted to be really nasty about it, the following would be trivial to do:
1.) I passively monitor your WLAN in the evening.
2.) In the morning you leave for work, taking your laptop with you.
3.) I assign YOUR mac address to my pc and go about my illicit business.
You mean while I'm at work with said laptop with a lot of witnesses and firewall logs proving that I wasn't connected to the house? That would seem to be an even better indication that there was some funny business going on.
Re: (Score:2)
most that do lose it on reboot. You would specifically need to configure the device to have correct date/time (which I doubt most do), and specify nonvolatile storage for the logs (which Im quite sure most dont do).
Re: (Score:2)
MAC addresses can be changed.
Re: (Score:2)
They really cant confirm anything without a router or switch log. MAC address info doesnt leave the local subnet, and is simply not accessible from behind a home router.
get away car (Score:4, Interesting)
It's a bit like finding the get away car for the bank job in your house and all the neighbors agree you use it to drive to work.
Re: (Score:2)
...Except instead of it being "your car", its a ZipCar, and its shared by 20 other people on a weekly basis.
but a IP can be like take any car in the row (Score:2)
but a IP can be like take any car in the row and they don't do that good of a job of keeping records on who had what car. Also replace car with say a group of seats that can be used my more then one person. Poor analogy but think of it like this you are paying for X space (bandwidth) and you can use it all on your own or others can also use open space at the same time.
Re: (Score:3)
Not even close. An IP that is identified (assuming accurate logs) as having at some time originated from a connection associated with an account merely means that at some time a connection associated with that account was made with that IP. Nothing more.
Even if it is a static IP it still doesn't identify anyone as addresses can be spoofed. Or, as in any user of BTFON - where part of your router's wireless capacity is set to an open network in return for free connections around the world; the address the ISP
Re: (Score:2)
DNA shouldn't. Just because DNA is accepted where it shouldn't be doesn't mean IP's should be.
Re: (Score:2)
Unfortunately the standard in civil cases is "a preponderance of evidence," not "no reasonable doubt."
Re: (Score:2)
I would say that a 1 in 10 chance that the named individual was the one at that IP address at the time falls short of preponderance of the evidence. Throw in that someone might hop on their WiFi (invited or not), might spoof their address with a hacked cable modem, might use a compromized PC as a relay, or the ISPs logs may be wrong about who had the IP when, and IP address is looking like an absolutely terrible way to identify a particular person.
Re: (Score:2)
And the consequence of pushing your line of thought is French or NZ style laws where the connection is at fault, and the owner of the connection gets a fine and the connection turned off. No criminal liability. No trials. Simple, and no fault assigned.
Re: (Score:3)
The difference between my examples and yours is that the ones I mentioned actually DO happen. What world is it you live in where everyone correctly secures their PC and WiFi and never leaks a password?
Re: (Score:2)
Not sure if you realize, but judges can overturn jury nullification in civil cases.
Re: (Score:3)
You can't expect a judge to be an expert on everything they have to rule on. That's why they call in true experts to testify about technical problems. The problem here has been that the "experts" spouting commentary toward the courts so far have come from "digital forensics" firms hired and paid for by the copyright owners--the ones who are also selling them with the premise of "yes, we can find the pirates for you".
Unfortunately, the individuals being sued in these cases so far haven't been able to provi