Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Crime Privacy

Cops Are Raiding Homes of Innocent People Based Only On IP Addresses (fusion.net) 241

Kashmir Hill has a fascinating story today on what can go wrong when you solely rely on IP address in a crime investigation -- also highlighting how often police resort to IP addresses. In the story she follows a crime investigation that led police to raid a couple's house at 6am in the morning, because their IP address had been associated with the publication of child porn on notorious 4chan porn. The problem was, Hill writes: the couple -- David Robinson and Jan Bultmann -- weren't the ones who had uploaded the child porn. All they did was voluntarily use one of their old laptops as a Tor exit relay, a software used by activists, dissidents, privacy enthusiasts as well as criminals, so that people who want to stay anonymous when surfing the web could do so. Hill writes: Robinson and Bultmann had [...] specifically operated the riskiest node in the chain: the exit relay which provides the IP address ultimately associated with a user's activity. In this case, someone used Tor to make the porn post, and his or her traffic had been routed through the computer in Robinson and Bultmann's house. The couple wasn't pleased to have helped someone post child porn to the internet, but that's the thing about privacy-protective tools: They're going to be used for good and bad purposes, and to support one, you might have to support the other.Robinson added that he was a little let down because police didn't bother to look at the public list which details the IP addresses associated with Tor exit relays. Hill adds: The police asked Robinson to unlock one MacBook Air, and then seemed satisfied these weren't the criminals they were looking for and left. But months later, the case remains open with Robinson and Bultmann's names on police documents linking them to child pornography. "I haven't run an exit relay since. The police told me they'd be back if it happened again," Robinson said; he's still running a Tor node, just not the end point anymore. "I have to take the threat seriously because I don't want my wife or I to wake up with guns in our faces."Technologist Seth Schoen, and EFF Executive Director Cindy Cohn in a white paper aimed at courts and cops. "For many reasons, connecting an individual to a crime linked to an IP address, without any additional investigation, is irresponsible and threatens the civil liberties of innocent people."
This discussion has been archived. No new comments can be posted.

Cops Are Raiding Homes of Innocent People Based Only On IP Addresses

Comments Filter:
  • by LichtSpektren ( 4201985 ) on Thursday September 22, 2016 @01:44PM (#52940765)
    "The police told me they'd be back if it happened again." For what crime? Is it normal for police in Canada to threaten to invade an innocent couple's home for doing something legal?
    • by tsqr ( 808554 )

      "The police told me they'd be back if it happened again." For what crime? Is it normal for police in Canada to threaten to invade an innocent couple's home for doing something legal?

      As someone else pointed out, Seattle WA; not Canada.

      Anyway, there are a couple of other points to make here:

      1. Knocking on the door and executing a legal search warrant is not what most reasonable people think of when they see words like 'raid' and 'invasion'.
      2. If the couple keep operating the exit node and the police trace another child porn upload to them, they risk being prosecuted for facilitating a crime. It's a bit of a stretch, but still a real risk.
      • It depends on the police force. Sometimes they'll use a no-knock warrant - the one where they smash your door down and force everyone to the floor at gunpoint. But that's not their preferred procedure, it's only used if they believe the suspect may destroy evidence when they see a policeman at the door.

        I'm somewhat surprised they didn't go with that approach, because any half-competent dealer in child pornography is going to pull the plug on their encrypted computer the instant they see a uniform.

  • by Anonymous Coward

    It's /. so here we go. If you let anyone use your car, no questions asked, then you wouldn't be surprised if the cops traced the plates back to your house when it was used in a crime.

    • Re:Exit Nodes (Score:5, Insightful)

      by jxander ( 2605655 ) on Thursday September 22, 2016 @01:52PM (#52940829)

      Tracking it back to you is fine.
      Asking you if you know anything about the crime in question is fine.

      Raiding your home at 0600 is not fine.
      Threatening an innocent party not to participate in their legal activities is not fine

    • Re:Exit Nodes (Score:5, Insightful)

      by NotAPK ( 4529127 ) on Thursday September 22, 2016 @01:55PM (#52940855)

      Sure, so the cops rock up at the front door: "sir, do you own a black chevy impala", "yes sir I do", "were you driving it last night", "no sir, I lent it to a friend of mine", "can you tell us their name and contact details", "do I have to?", "by law, yes you do" [questionable, of course], "OK then sir, here they are, are we done?", "yes sir, have a nice evening", "you too".

      Why would any of this require an armed response is absolutely insane. The entire scenario fabricated above can be applied equally to internet access.

      Is this finally a legitimate car analogy?

  • IP V6 (Score:4, Funny)

    by invictusvoyd ( 3546069 ) on Thursday September 22, 2016 @01:47PM (#52940787)
    Breaking news : Cops raid refrigerator for uploading porn .
    • by zlives ( 2009072 )

      do the iot dance

    • by GuB-42 ( 2483988 )

      I remember a friend delivering a phone book to a boiler.
      The reason : the boiler was connected to a phone line, probably for remote control. And because at that time, when you had a landline, a phone book was sent to the subscriber's address, the boiler had its phone book too.

  • by beheaderaswp ( 549877 ) * on Thursday September 22, 2016 @01:47PM (#52940789)

    It's probably not a good idea to use Tor anymore. There was a time when it was very useful, especially as a tool for journalists and dissidents ETC.

    My main use for it was as a remote testing platform. Which it excelled at. Heck- I even wrote a small section of the Tor website regarding Tor's use by IT professionals.

    Now... there's so much scrutiny on the system that your presence there basically gets you tagged as "suspicious".

    My decision to stop using Tor was based on the apparent numbers of pedophiles that were hiding on the darknet. In an effort to not be confused with "them"- I stopped using it.

    YMMV- it's a risky proposition. If you've ever run an exit node (not me!!) you are a potential target for misguided law enforcement. Plus the fact you may be unwittingly be aiding illegal activity as a middle man node.

    Not for me. Make sure you understand what you are doing if you participate.

    • by NotAPK ( 4529127 ) on Thursday September 22, 2016 @02:00PM (#52940917)

      "Plus the fact you may be unwittingly be aiding illegal activity as a middle man node."

      If your home network is compromised, or any of your home computers are compromised, then you are most likely being used as a relay for nefarious purposes.

      It's actually easier to crack your neighbor's WiFi password, then use a disposable WiFi dongle with a random rotating MAC to connect to their network. Bonus points for compromising their PC and routing through that, but it's not strictly necessary. The true danger is not knowing when the game is up. To do this reliably and consistently you need to monitor the neighbor's coms and also put some trip wires in place to ensure you aren't caught out unawares. This is unwise to do locally for those reasons, but it's trivial to park up on a random street, find the weakest WiFi network, breach it, and either use it immediately, or leave a payload on local PCs so they can act as relays later on.

      If you are reading this, go and change your passwords right now...that is, unless I'm already in your network and waiting for you to change your password so I can intercept the new value...social engineering for the win!!!!

      • by sims 2 ( 994794 ) on Thursday September 22, 2016 @02:53PM (#52941345)

        We have a rather large area that's covered with open wifi at work.

        We have had problems with abuse. The people that were loitering around the building after dark were leaving litter everywhere. So wifi now gets switched off at dark.
        The wifi is still open the rest of the time. We actually had not noticed just how many people were using it until we started shutting it off at dark and then people started walking up to the building with their phone trying to get a signal.

        I feel it's a public service there are a few others in town that still run free wifi 24/7 like the library, walmart and mcdonalds.

        Not sure how ours got to be so popular. It's only got a 12 Mbps dsl line attached.

        But other than that we've never had any issues.

        • by NotAPK ( 4529127 )

          I agree with you entirely, and I too run open WiFi wherever I can.

          Unfortunately a sibling poster missed the point entirely. Please see my reply [slashdot.org] for a clarification: though I'm confident you got all that without too much difficulty.

          Here in the UK there are vague legislative issues surrounding open WiFi, and the common belief is that the entity running the access point is somehow responsible for those who utilise it. Whether this is true or not doesn't matter, it plays right into the establishment and ensures

    • "It's probably not a good idea to use Tor anymore. "

      I run a Tor exit node with a VPN on the next door Starbucks, never had any problems.

    • It's probably not a good idea to use Tor anymore.

      You should use Tor — and other systems intended to enhance privacy — just to keep it legal to use them. Rights not exercised are rights lost. This is also why you should be able to burn somebody's Holy Book every once in a while, refuse police' request to search your car, and carry (or, at least, own) a firearm.

      "I haven't run an exit relay since."

      Yep, that may very well have been the objective (even if secondary): let's go, guys, either we bust th

    • by AHuxley ( 892839 )
      If the security services never demanded an end to onion routing politically it was always trackable.
      The public US court cases with an ip been tracked finally showed the per case budget and skills needed to trace any onion routing network user.
    • by AmiMoJo ( 196126 )

      Best to keep Tor running 24/7. Not necessarily as an exit node, just the client is enough. Routing traffic for others. Then it becomes very difficult and resource intensive to even know when you are using it, because it balances traffic in and out so there isn't a spike.

      I run it over a VPN anyway so all the cops would ever get is the address of a server in a random country and no logs or way to trace where it originated from.

  • That's the problem with Tor: Most people aren't brave enough (and, rightfully so) to operate an exit node because of the law enforcement repercussions. So, the only people that can operate exit nodes without repercussions is law enforcement. Which defeats the purpose of Tor.

    • Also libraries, concerned not-for-profit companies like the EFF and Mozilla, etc.
    • That's the problem with Tor: Most people aren't brave enough (and, rightfully so) to operate an exit node because of the law enforcement repercussions. So, the only people that can operate exit nodes without repercussions is law enforcement. Which defeats the purpose of Tor.

      And criminals. Notably ones in hard to prosecute countries.

  • by aaron44126 ( 2631375 ) on Thursday September 22, 2016 @01:49PM (#52940809) Homepage
    Could smart criminals just also run a Tor exit node, and just use it to blame anything that they get caught on?
    • by drnb ( 2434720 )

      Could smart criminals just also run a Tor exit node, and just use it to blame anything that they get caught on?

      Only if the police were dumb enough to look at a list of Tor exit nodes, find the IP there, and decide not to investigate the owner of that IP.

    • It doesn't make sense, smart criminals wouldn't attract the police, they would just use tor, there is no gain in running an exit node.
      If the couple in question didn't unlock their notebook to prove their innocence they would face a legal battle to get it back from the State.
      In the same situation, the criminal would lose his electronics and keep praying for the statute of limitations to go faster than the technology to unlock computers (or an image of his HD) with current cryptography.

  • by barc0001 ( 173002 ) on Thursday September 22, 2016 @01:49PM (#52940813)

    It's one thing for libraries and nonprofits to operate them, but as a private citizen running one? Your misguided attempt to help some people will almost certainly end up badly for you because of bad people using that goodwill to do bad things.

    To be perfectly honest, reading the linked story I was quite surprised the end result of the police visit was as positive as it was. I fully expected the cops to not know or care what Tor was and just round everyone and everything up and let the courts deal with it, which has happened several other times. Which again reinforces my point that there are precedents that show running a Tor exit node is just bad news and if you are still doing it, you're playing with fire.

    • by Raul654 ( 453029 )

      I fully expected the cops to not know or care what Tor was

      I'd imagine that cops looking for child pornographers would have a pretty good understanding of what TOR is (even if they didn't think to check that it was an exit node)

    • by AmiMoJo ( 196126 )

      I bet they are a lot of TOR exit nodes and VPN endpoints during their investigations. They are probably used to it by now.

  • by zlives ( 2009072 ) on Thursday September 22, 2016 @01:58PM (#52940887)

    why do we continue to call this "PORN" and not just child exploitation/crime/abuse.

    • by Megol ( 3135005 )

      Because it is pornographic material for some? There are other types of pornography that are abusive, still referred to as pornography even though the vast majority of people would be sick looking at it...

    • by suutar ( 1860506 )

      because then they wouldn't be able to apply it to images that don't contain actual children.

    • Re:porn? (Score:4, Insightful)

      by PCM2 ( 4486 ) on Thursday September 22, 2016 @03:28PM (#52941651) Homepage

      To many people, the word "pornography" does not carry the positive connotations you seem to think it has.

    • Because napalm girl isn't porn

    • Agreed. I try to call it 'child abuse imagery' so as not to taint the name of good pornography by association. But it won't work. Language is hard to direct.

    • I know it's trendy for SJW's to reframe language to make it more horrible. But do you honestly believe that the general public doesn't think that child porn is already horrible enough?

      It is child abuse, and child porn. You don't need to reframe it one way or the other as for common people it is equally bad.

  • by Joe_Dragon ( 2206452 ) on Thursday September 22, 2016 @02:08PM (#52940981)

    Can a jury look at CP? You own legal team? expert witness?

    In a case what if some takes it to court (does not take the plea deal) and demands an jury trail?

    What you legal needs the logs / system to prove that it was not from your systems? If they try to say they give that out then they in possession of CP.

    • by AmiMoJo ( 196126 )

      It depends what your definition of child porn is. In cases where it's very clear cut the court would probably take the investigator's word for it, but in the UK at least it can include things like children's clothes magazines and TV shows if the police think you have been jacking off to them. In that case the jury might see them and the defendant might explain why they had them.

      There have also been cases where young looking adult actors in porn were claimed to be child porn. There was a prominent lawyer who

  • by Nutria ( 679911 ) on Thursday September 22, 2016 @02:13PM (#52941029)

    10% of all Tor traffic is used by such people. The rest are people engaged in some degree or another of crime. (Unfortunately, I can't find the citation.)

  • by T.E.D. ( 34228 ) on Thursday September 22, 2016 @02:45PM (#52941267)
    All matching an IP address really tells you (assuming it isn't spoofed), is that you share an ISP with the machine that created that traffic.

    Here's a real-world example from just this week. I'm a moderator on a site on the StackExchange network. We had a problem user who was posting a bunch of stuff the community didn't want posted (consistently badly moderated). What I'm supposed to do in this circumstance is point said user to our instructions for writing acceptable posts. However, such users often are just sock-puppet accounts for someone who's already been suspended. If that's the case, I'm supposed to take more drastic action.

    SE has a (community-mod only) link for this, that shows you the user's IP, and all user accounts that have used that user's same IP. I click on this, and discover that he happens to share an IP with one of our better users. Not only is the writing style completely different (writing style is practically a fingerprint), but this user has in fact voted to close all but one post the problem user has ever made.

    I talked to the "good" user about this, and he confirmed that his work access point is shared by a very large number of other people.

    Just this week we got another new problem user. Again, totally different style than the other two users mentioned above, but also same IP.

    As an investigative tool, IP address is useful, but only as a piece of evidence. I'd place it somewhere down with blood-type (perhaps like sharing an uncommon blood type like AB), rather than up in the realm of fingerprints.

    • by AmiMoJo ( 196126 )

      It's really good that you bother to check these things and don't just apply blanket IP bans. I haven't been able to edit Wikipedia for years due to IP bans affecting the addresses I use. There is an exemption but they are unwilling to give it.

  • This reminds me of a late-90s first-dotcom-boom service that was planned to be like Napster, for long-distance phone calls. The general idea was that you'd run a server program on your pc that made your winmodem and phone line available for others to use for making phone calls that were long-distance for them (over the internet), but local and free for you.

    It was a great idea, until assholes started using it to make anonymous bomb threats using other people's phone numbers. I think the service lasted for ma

  • by nult ( 3522097 ) on Thursday September 22, 2016 @04:22PM (#52941975)
    Last year this happened to me! I had run misc. anonymous networks at home to understand the concepts better (I ran a TOR exit node for about 2 months/ Alongside I2P); and for my own development process(es).. FBI came along with the local police to take every piece of electronic device I owned.. along with all my code that I had been working on for years. I also lost my job (doing telework) of 5 + years because my work laptop was taken also..and the FBI had to contact my work (at a well known bank) for them to decrypt the laptop.. I was let go a few days afterwards without reason and my neighbors never talk to me now . This really fu*ked up my life for about a year, just getting back on track now. Its absolute bullshit ! Its been about a year now and have yet to get back any of my property (not that Id use it); but its really screwed up how they can manipulate the courts by tossing around the "child porn" verbiage when they really have no evidence otherwise. Where did that leave me?? FUC*ED..thats where...ha My lawyers advised against any attempt to retaliate against the FBI. Im really curious if anyone else out there is working on any sort of group legal action to be taken up with the FBI about this... we are citizens and should not be treated this way. Hell, no one should be presumed to be doing something illegal just because they are using anonymous networks .
    • by Nutria ( 679911 )

      If you're smart enough to realize you live in a flawed society, you should be smart enough not to do things that have a high-enough profile they're almost guaranteed to get the jackboots standing on your neck.

  • by gestalt_n_pepper ( 991155 ) on Thursday September 22, 2016 @04:27PM (#52942027)

    ...to suppress the use of TOR and it's ever growing list of alternatives. I'm surprised they didn't break heads and steal their equipment while they were at it.

  • Think of the people who receive/re-ship stolen merchandise that were most likely purchased with stolen credit cards. Can they really argue, that they are just performing a service like a mailboxes etc, and not committing a crime?

Genius is ten percent inspiration and fifty percent capital gains.

Working...