Forgot your password?
typodupeerror
Privacy The Courts

Ontario Court Wrong About IP Addresses, Too 258

Posted by kdawson
from the reasoning-by-bad-analogy dept.
Frequent Slashdot contributor Bennett Haselton comments on a breaking news story out of the Canadian courts: "An Ontario Superior Court Justice has ruled that Canadian police can obtain the identities of Internet users without a warrant, writing that there is 'no reasonable expectation of privacy' for a user's online identity, and drawing the analogy that 'One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state.' But why in the world is it valid to compare an IP address with a street address in the phone book?" Read on for Bennett's analysis.

Last October I wrote about a the Virginia Supreme court's ruling that forged IP addresses in spam headers were constitutionally protected, because they were necessary to protect anonymous speech. I said that misconstrued facts about IP addresses for two main reasons: (a) there are protocols for secure anonymous speech on the Internet, so it's not true that forged IP addresses are "necessary"; (b) forging your IP in mail headers doesn't actually hide the sender's real IP anyway. Now an Ontario Superior Court Justice has ruled that IP addresses are no more private than "[o]ne's name and address or the name and address of your spouse", suggesting another instance where a court may not have realized the implications of how IP addresses work.

In the current case, Canadian police had determined the IP address of a user allegedly accessing child pornography, and faxed the ISP a request for the user's identifying information, which the ISP provided, without a warrant. The defendant had argued that the evidence should be in admissible because the police should have been required to obtain a warrant first, but Justice Lynne Leitch rejected that argument, drawing an analogy to the public listings in a phone book and writing, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state."

Even if the court had ruled that the evidence were inadmissible, that doesn't mean the police couldn't have caught this defendant if they'd followed the warrant procedure from the beginning — if the police had evidence that the user was accessing child pornography, presumably they could have gotten a warrant if they'd asked for one. So excluding this evidence probably would have only set a precedent that defendants would occasionally get off because of procedural screw-ups (similar to police forgetting to read a defendant his Miranda rights), not that huge numbers of child pornographers would have now been able to evade police, because the police could usually get a warrant in cases where they had evidence against them. What is troubling is the analogy that the court drew between IP addresses and "one's name and address".

Unlike the statements made by the Virginia Supreme Court, this may not be a case of getting technical facts wrong about IP addresses, but logical errors in the analogy, namely: (a) concluding that two things are similar when they are perceived differently, when perceptions are what the case is about, and (b) not following the premise through to its logical conclusion, which would be absurd, showing the premise is wrong in the first place.

Consider that the court drew the analogy to name and address information that can be found in the phone book, and wrote, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state." But then why would one draw any link between that, and information about the user's identity behind their IP address? The only similarity is that both pieces of information are "information about someone". But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book — users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP. When asking whether users have a "reasonable expectation of privacy" for a given type of information, if you parse that sentence literally, there are only two questions: (1) Do users have an expectation of privacy for that information, and (2) Is it reasonable? To determine if users have an expectation of privacy for something, you just ask them: Do you? You don't need to draw analogies to anything else — either users expect privacy (because of the analogies or the reasoning going on their own heads) or they don't. The remaining question is whether their expectation is reasonable, and it seems absurd to say that a user's expectation of privacy for their identity online (at least until a court issues a warrant) is "unreasonable".

Suppose a security company were to discover an exploit in Internet Explorer that could reveal your real name (as entered in your personal computer's Control Panel settings at setup time) to any Web site that you visited. This would be big news and would warrant Microsoft issuing a critical patch to fix the problem — because users expect that this information should not be available to a remote Web site, even though the Web site that they're visiting can of course see their IP address. And most would agree that this is a "reasonable" expectation.

On the other hand, try following the judges' ruling through to the end — if information about the user's real identity behind their IP address is not considered private, than what is? Justice Leitch stated that an address in the phone book and an IP address are both "biographical information" and hence that the analogy was proper. But by the same logic, virtually any fact that a company has on file about you would constitute "biographical information" just by virtue of the tautology that it's a fact about you, and so this would become meaningless as a standard by which to determine what facts should be kept secret from police without a warrant.

This line of argument raises two larger issues. First, this will have already provoked the ire of people with legally training, who are asking, "Who are you to disagree with a Superior Court Justice? Did you go to law school? Did you clerk with a judge?" The proper response to this is: If you're invoking your credentials to support a statement, then if I were to randomly poll 10 people with the same credentials, would at least 8 of them agree with you? If the answer to that question is No, then there's no point in bringing up credentials, because there is no strong majority of people with those credentials who agree on any particular to answer to that question, so it cannot be true that a strong majority agree on the "correct" answer to the question. The story about this case quotes Professor James Stribopoulos at the Osgoode Hall Law School in Toronto, as disagreeing with the judges' conclusion, for example: "It is not just your name, it is your whole Internet surfing history. Up until now, there was privacy. An IP address is not your name, it is a 10-digit number. A lot more people would be apprehensive if they knew their name was being left everywhere they went." If credentialed users are randomly divided on what the answer is, then that cannot be used as a guide to what the rest of us laypeople should think, because how do we know which group to side with? We have to rely on generic reasoning — looking for logical mis-steps in a judge's argument, or looking for premises that would be absurd if they were carried to their logical conclusion. If you're going to tell me that my reasoning is wrong, then mentioning a degree in mathematics or the hard sciences is just as relevant, if not more so, than mentioning a law degree — but in either case the logical argument should be evaluated on its merits, regardless of a person's "credentials". People who do well on those Martin Gardner brainteasers should be encouraged to take part in these debates.

Second, there is the question of whether such logical errors (if you accept the premise that the court made a logical error in drawing an analogy between IP addresses and street addresses in the phone book) could be avoided if the courts took a different approach to answering these questions. In the October article about the Virginia Supreme Court's ruling on IP addresses, I suggested that a judge could have avoided the technical mis-statement in the ruling if they had just convened some Internet technology experts in their courtroom and said, "Here's my reasoning so far. Is any part of it wrong on the technical facts? I'm not promising to change my mind in response to anyone's objections. But just tell me if you think some part of it is wrong." A large number of people e-mailed me objections that all boiled down to, "That's not how judges do things", or suggesting that I didn't know that because I'd ventured outside my own area of expertise.

Hello! I know that's not how judges do things, that was my point: that they might avoid certain types of errors if they did try it. On the other hand, just because a particular practice by a judge might have avoided one type of error, that doesn't mean it's a good idea. If the judge had tested their theory about IP addresses and street addresses by posting it on a message board somewhere and asking for feedback, that might have helped to avoid the particular mis-statements that they made about IP addresses in that case, but would that be a good idea generally? Almost certainly not — because users responding to the judge's request for help would not be under oath, so they'd be free to try and confuse the issue with lies to support whatever outcome they wanted for the case. That would be bad enough if it were a one-time case where a judge solicited feedback for their reasoning on a message board. If it became a regular practice by judges, and people knew in advance that judges were likely to solicit public feedback on their arguments before making their rulings official, then all parties with an agenda would have misinformation campaigns gearing up in advance to fool judges whenever possible.

That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information. (Of course, this depends on the court system's willingness to prosecute experts and other witnesses if they lie under oath. If the courts don't bother, then there's not much point in swearing in the experts before they testify anyway.)

So: an interesting counterargument would be: What is an example of a problem (a situation where a judge could be led to the wrong conclusion, or where a third party would have new incentives to spread false information) that would be created by judges running their opinions past experts who are assembled in their courtroom, that does not already exist under the current system? I can't immediately think of any, but some more imaginative people might be able to. I don't think it would be valid to say, for example, that this creates an incentive for biased experts to try and mislead the judge without technically lying — because biased experts in court already try and mislead the judge anyway, even without a "final round" where the judge asks what they think. But that's the form that an interesting argument would take. Not "I went to law school and that's not how we do stuff."

Meanwhile, regular users can use Tor and similar programs if they want their anonymity to be securely protected online. Tor can securely protect your identity from anyone, with or without a warrant. At least 8 out of 10 computer experts would agree; otherwise I wouldn't say that.
This discussion has been archived. No new comments can be posted.

Ontario Court Wrong About IP Addresses, Too

Comments Filter:
  • Justice is blind (Score:3, Insightful)

    by Pig Hogger (10379) <pig.hogger@NoSpAM.gmail.com> on Friday February 13, 2009 @11:35AM (#26844205) Journal
    Justice is blind, and even more so when technological cases are heard in an anglo-saxon setting, where customary law (precedents) is king.
    • Re:Justice is blind (Score:5, Interesting)

      by debrain (29228) on Friday February 13, 2009 @11:59AM (#26844597) Journal

      Justice is blind, and even more so when technological cases are heard in an anglo-saxon setting, where customary law (precedents) is king.

      I think you're mixing a number of references, there. Justice is blind is a reference to the notion that justice ought to be objective, a concept going back to (at least) the Babylons. I don't think objective (versus subjective) reasoning in any takes away from "justice", which seems to be what you are implying.

      "Customary law (precedents)" is presumably a reference to stare decisis [wikipedia.org], a concept of binding precedents which dates back to the Normans invading Britain around the 1100's I believe. Stare decisis generally occurs only when a "higher" Court (i.e. an appellate level Court) makes a decision. The lower Courts are bound to the decision of higher Courts, subject to law and fact that distinguishes the case at hand from the case of the higher Court. Courts of the same level are generally not bound (though it is generally considered polite not to change the law the same Court had previously made - case made law is in principle, after all, not creating law, but illuminating an already-existing truth).

      In terms of facts, though, appellate Courts generally defer to the Court of first instance (i.e. the trier of fact, or trial court), because the judge at the first instance will have heard the facts from experts first-hand. However, there is generally a discretion in appellate Courts to overturn rulings of the Court of first instance on the basis that the trier of fact made errors that were incorrect, unreasonable or patently unreasonable (depending on the nature of the appeal and the Court in question).

      In the Ontario case in question, I haven't read the reasons of Justice Leitch, but if she took "judicial notice" of the analogy between an IP and an address (i.e. no experts were called), a higher Court may alter that. However, if an expert posited that analogy, then it is very unlikely that the decision will be overturned by a higher Court (i.e. the Ontario Court of Appeal). In both scenarios, it's possible that subsequent decisions would be made on different facts, and this wayward analogy would be debunked.

      • This is a subtle misunderstanding of the purpose of a warrant. There are large swathes of information that police don't need search warrants to obtain. The purpose of a search warrant is to give police the power to search a particular thing by force - that is, over the objection of someone who wants the information to remain secret. Cops don't need search warrants in any other instance. They don't need a warrant for stuff that happens right in front of them, and cops don't need a warrant to ask witnesse
  • by BadAnalogyGuy (945258) <BadAnalogyGuy@gmail.com> on Friday February 13, 2009 @11:37AM (#26844225)

    "I think judges should get expert opinion outside the courtroom."

    There, that wasn't so hard, was it?

    May I suggest the following link [slashdot.org]

    • Re: (Score:3, Insightful)

      by lgw (121541)

      Responing to this well-worded summary:

      We use an adversarial system. No one (except the judge) is expected, or can be expected, to be neutral or disinterested. It's not the judge's job to be a technical expert, but for each side to bring technical experts who will testify under oath. The defense here erred in not bringing in an expert witness to testify about how IP addresses work.

      The solution to prevent this problem in future cases is exactly for the concerned party to hire an expert witness to explain t

  • by commodore64_love (1445365) on Friday February 13, 2009 @11:40AM (#26844283) Journal

    The police using an IP Number to locate my address is no different than if they did a Reverse Phone Number lookup. If the latter does not violate my rights, then the former does not violate my rights either.

    • by compro01 (777531) on Friday February 13, 2009 @11:53AM (#26844493)

      How about if the phone number is unlisted?

      Consider that if you do a WHOIS search on a non-business IP, you're likely going to get the ISP's info, not the info of the person using that IP, so I would consider that to be more like an unlisted number than a number in the phone book.

      Though I'm not able to find any precedents regarding whether a warrant is required to request unlisted phone numbers either, so this may be a moot argument.

      • I'm not able to find any precedents regarding whether a warrant is required to request unlisted phone numbers either, so this may be a moot argument.

        Since we're after 9-11, I assume that you they don't need a warrant for that. I can't believe that such a provision would have survived the hysterical police-state power grab that followed.

      • by Ironica (124657)

        How about if the phone number is unlisted?

        The police have never needed a warrant to capture the biographical information attached to a phone number that was used in committing a crime, whether that phone number was listed to the public or not. Similarly, they do not (and have never) needed a warrant to find out the physical address a PO Box is associated with (and the Post Office requires that physical address for you to sign up for a PO Box).

        This is the biggest mistake that Bennett Haselton makes in his article: the judge's decision said that an

    • by phorm (591458) on Friday February 13, 2009 @11:53AM (#26844495) Journal

      When I look up my phone # in a reverse directory, I get the a result like the following:

      Type: Cell Phone

      Provider: Someprovider

      Location: Somecity, SomeProvince

      There are plenty of reasons *NOT* to have your personal information linked to your phone #. The same should apply to your IP.

      • by dadragon (177695)

        The provider information is now often wrong. It just looks up the NXX, and tells you its code holder, but thanks to WNP it isn't guaranteed to be accurate.

    • Re: (Score:2, Insightful)

      No, it is different because users don't expect their identity to be revealed by their ip address. The whole point of a phone book is to link people with numbers and you can opt out if you don't want to be listed.
      • Re: (Score:3, Interesting)

        by whoever57 (658626)

        The whole point of a phone book is to link people with numbers and you can opt out if you don't want to be listed.

        Yes, but not to provide a way to look up a number and find the owner (reverse lookup). This is a relatively recent innovation and one that I doubt people considered twenty years ago when allowing their numbers to be listed. In other words, twenty years ago, people had a reasonable expecation that their number would not give away their identity even if they were listed in the phone book

        • In other words, twenty years ago, people had a reasonable expecation that their number would not give away their identity even if they were listed in the phone book

          You've never watched Rain Man, have you?

          • by sumdumass (711423)

            Rain man or the Grifters?

            I think one is about an autistic math guy and the other is about assuming identities, passing bad checks, and doing scams.

        • by Obfuscant (592200)
          Yes, but not to provide a way to look up a number and find the owner (reverse lookup). This is a relatively recent innovation and one that I doubt people considered twenty years ago ...

          Reverse lookup has been around for ages. Phone companies have published the reverse lookup books, but generally they were not available to users, only to telco staff and police agencies.

          Considering the number of people in my home town, it was not an impossible task to scan the entire forward listing looking for a number (i

        • by Ironica (124657)

          Yes, but not to provide a way to look up a number and find the owner (reverse lookup). This is a relatively recent innovation and one that I doubt people considered twenty years ago when allowing their numbers to be listed. In other words, twenty years ago, people had a reasonable expecation that their number would not give away their identity even if they were listed in the phone book

          Reverse directories have existed for as long as phone directories have. They just used to be on paper, and they've never been dumped on your front porch unbidden.

    • by Anonymous Coward on Friday February 13, 2009 @12:19PM (#26844937)

      If I, as a private citizen, cannot call up the ISP and get the same information; then that information should not be considered public by reasonable expectation; and should require a warrant.

      • by Abcd1234 (188840)

        If I, as a private citizen, cannot call up the ISP and get the same information

        Mmm... strawman. What makes you think you can't, aside from the ISP deciding to ignore you because you're annoying them? Further, there is nothing that prevents a third party from creating said database and making it available to the public (aside from, again, the ISPs simply refusing to give said party the data because they simply don't want to).

      • by Ironica (124657)

        If I, as a private citizen, cannot call up the ISP and get the same information; then that information should not be considered public by reasonable expectation; and should require a warrant.

        So, if I can't call up the DMV and find out who a particular license plate is registered to, the cops should need a warrant to get that information to follow a lead in a case?

        Law enforcement should have NO special privileges to biographical information at all without a warrant? They should have to get a warrant for every single witness they want to track down and question in a case?

        Do you know what's involved in getting a warrant? All of them are granted by a judge on a sworn affidavit. The process is of

    • It sure does have a difference. People already know their phone numbers are publicly listed information and act accordingly. People should routinely expect others to have Caller-ID or access to reverse directories.

      IP addresses are not published in a big white book that is handed out to every home in North America, and your IP identity is not something you assume will be public knowledge without good reason. As a result, people do expect privacy even though the data is obviously available to their ISP, us

    • by DarthVain (724186)

      Not the same thing at all.

      A) No expectation of Privacy. Your name and number is PUBLISHED in the phone book. You agree to this when you get a number, unless you get it unlisted, in which case they could not get at it.

      B) No Personal information attached. You address is covered off by A). You can't get a list of calls made, when you called them, who you talked to, what your conversations consisted of, etc... without a court order, or warrant I believe.

      This is the whole crux of the problem. You are basically a

      • by Ironica (124657)

        Not the same thing at all.

        A) No expectation of Privacy. Your name and number is PUBLISHED in the phone book. You agree to this when you get a number, unless you get it unlisted, in which case they could not get at it.

        But the cops still can. Even though I may not be able to call up 411 and get an unlisted phone number, law enforcement can.

        If an IP address is like an unlisted phone number, then why would we expect that law enforcement couldn't request its owner identity in the course of an investigation?

    • by bcwright (871193) on Friday February 13, 2009 @01:11PM (#26845779)

      The problem is that an IP address is NOT a unique identifier for an individual. In most cases, it's going to be a dynamically-allocated address that may map to many subscriber locations within your neighborhood or your city or even the entire country, depending on how your ISP allocates addresses. At any given moment in time, it will only map to one subscriber location, but the only one who has access to that information will be your ISP, possibly in conjunction with the telephone company if you're connected by modem.

      But even apart from that, an IP address can be multiplexed between many individuals or even other locations once the traffic for it reaches the subscriber location.

      So it's not like a phone number at all - there's not even approximately a one-to-one mapping between IP addresses and individuals, nor is the mapping that does exist stable over even fairly short spans of time.

      I'm not sure whether I think that the police should have the authority to do a reverse IP lookup without a warrant (though from a civil liberties standpoint it does make me distinctly uneasy, since this is in no sense "public" information and has serious potential for abuse), but the analogy with the phone system is badly flawed.

      • Re: (Score:3, Interesting)

        by azadrozny (576352)

        I recognize your point that an IP address is not always fixed to one user or machine, but I think the analogy works for this situation. If the police found a phone number logged on a caller ID near the scene of a crime, I would expect them to request the owner's name from the phone company. The same goes for an IP address discovered. I would expect them to follow the evidence. Now if the police attempted to prosecute using this IP evidence, then all of your other arguments apply.

        The question before the

        • by bcwright (871193)

          I'm not arguing that the IP address is useless information, or that the police shouldn't be able to use it for legitimate purposes; in fact it would probably be very easy to get a search warrant for this kind of situation. Clearly the IP address standing alone isn't very strong evidence of anything, but it's certainly a good place to start in tracking down the culprit in many criminal cases.

          The question is not whether the police can and should be able to do reverse IP tracking, but whether the police can

        • by Ironica (124657)

          I think this is the basic issue crystallized in the You are not a Lawyer article posted a few days ago. The argument that the techies make would be that "The IP address cannot be used to convict you!" but it's not. It's just used to find out who to investigate, so they can get all the *other* evidence used to convict.

      • by profplump (309017)
        There's not even approximately a one-to-one mapping of phone numbers or physical addresses to individuals either. For one thing, many people have more than one phone number. Alternatively, anyone without a cell phone likely doesn't have a number to themselves. And it's pretty common for more than one person to live at a physical address.

        The whole idea is ridiculous. Addresses, IP or otherwise, are necessarily public information; every packet you send out has your source IP address on it, and as a matter of
    • The major difference I see is exposure.

      Typically your phone number's only outgoing connections are ones that YOU initialize. If you phone someone and tell them about a sale at Zellers, they phone someone else, who phones someone else, etc. Unless the person you talked to discloses their source, nobody knows your phone number.

      Now, if you email them, and they forward it to their friends, who forward it, etc, etc, then EVERY person that EVER gets that email, will get your IP address!Don't even get me started o

      • Now, if you email them, and they forward it to their friends, who forward it, etc, etc, then EVERY person that EVER gets that email, will get your IP address!

        Come again?

        • by Ironica (124657)

          Now, if you email them, and they forward it to their friends, who forward it, etc, etc, then EVERY person that EVER gets that email, will get your IP address!

          Come again?

          Bennett Haselton's next article can be about the problems slashdotters have with understanding how IP information works.

  • tl; dr (Score:3, Interesting)

    by Eevee (535658) on Friday February 13, 2009 @11:41AM (#26844311)
    I did a quick search on "phone" and found no references to Canadian case law dealing with warrents and phone numbers--the obvious precedent for warrents and IP addresses. Why is this even posted if the most basic of research hasn't been done?
  • by Anonymous Coward on Friday February 13, 2009 @11:46AM (#26844383)

    A better analogy is: If police find a repair receipt with an order number, can the police go to the shop and ask for the name of the customer?

    A receipt number is neither public nor private, it is merely obscure. Can a business owner not voluntarily give information to the police? If the business has a privacy contract with the customer, a violation is a contract law issue between the customer and the business, and not a constitutional issue.

    If the business won't voluntarily provide the information, the police can use a search warrant to search the business. But that is a situation between the business and the police, not the customer. And if the business voluntarily gives the information the police haven't conducted a search.

    • Mod parent up!!! (Score:5, Interesting)

      by multimediavt (965608) on Friday February 13, 2009 @12:02PM (#26844651)

      This guy has it right, along with the reverse lookup comment for a phone number there was no violation of criminal law or established procedures for enforcement with what was done. Now, the ISP may have violated their privacy agreement, but privacy agreements usually contain verbiage that denies privacy if you are suspected of a crime, depending on the nature of information being divulged.

      Data that was traveling over the wire to and from the IP address was not obtained and would require a warrant to view, but simple subscriber information will-9 times out of 10-be given to law enforcement upon request. Now, if that information was somehow "unlisted at the user's request", like an unlisted phone number, then a warrant would be needed to obtain the information. I do not know of an ISP that provides "unlisted" Internet service.

        • ... and if you want to use one at some point in the future, use it regularly for no reason starting now so there's no obvious pattern to rely on.

      • Re: (Score:2, Insightful)

        by WiartonWilly (82383)

        Now, the ISP may have violated their privacy agreement, but privacy agreements usually contain verbiage that denies privacy if you are suspected of a crime, depending on the nature of information being divulged.

        ..........

        Now, if that information was somehow "unlisted at the user's request", like an unlisted phone number, then a warrant would be needed to obtain the information. I do not know of an ISP that provides "unlisted" Internet service.

        I do not know of an ISP that provides a "listed" internet service, either. I can't find personal addresses from IPs, so it's not listed.

        If the privacy agreement has a "suspected of a crime" loop-hole, a warrant would provide suitable, credible evidence of the suspicion. ISPs might be absolved by their clause, but law enforcement requires that judges validate that there is reasonable suspicion. This is standard procedure for modifying a citizen's privacy. An extra step, true, but not overly burdensome.

      • by noidentity (188756) on Friday February 13, 2009 @01:27PM (#26846001)

        Now, if that information was somehow "unlisted at the user's request", like an unlisted phone number, then a warrant would be needed to obtain the information. I do not know of an ISP that provides "unlisted" Internet service.

        unlisted-no-more.con: Find unlisted IP addresses "they" don't want you to know! For example, did you know that there are over ten million unlisted addresses that begin with 127? There might even be a machine in your own home with this unlisted address, perhaps put there unbeknownst to you!

    • by curunir (98273) *

      The best analogy for non-technical people about what an IP address represents is to compare it to a telephone number. In both cases, it's machine-friendly number that makes it possible for machines to route information from one machine to another. The only difference is that the user of an IP address changes a lot more frequently than that of a phone number. While many judges won't have grown up around computers and won't understand internet concepts in the detail necessary to rule correctly, they will be f

    • by JWSmythe (446288) *

      I don't know about Canadian law, but in the US, there are some interesting variations.

      Can the police raid your house because they think there are drugs inside? No. Not without a warrant.

      Now say a police officer walks up to your house and knocks on the door. He could be there for any reason. "Have you seen anything suspicious lately?" When you open the door, he sees several kilos of what appears to be drugs, and an uzi sitting on the coffee table, can he rai

  • by DoofusOfDeath (636671) on Friday February 13, 2009 @11:51AM (#26844447)

    It strikes me that "reasonable expectation" would mean, "reasonable by those in the community in question".

    Was this judge a regular Internet user? If not, is his opinion about what's a "reasonable expectation" relevant, or should he poll, for example, 1000 high-school and college kids regarding whether or not they expect their IP#'s to be tied back to them as people?

    • Re: (Score:3, Funny)

      by droopycom (470921)

      Yeah right... he was not a pedophile suspect either ....

      Should the judge ask 1000 pedophiles suspect what their expectation of privacy be...

  • by number17 (952777) on Friday February 13, 2009 @11:54AM (#26844499)
    Lets take a different analogy. A credit card number.

    Like an IP address, that number is handed out by a company and is linked to my name at a particular point in time. I am responsible for it during that period of time.

    Both credit card number and name are kept in a database, just like the MAC address of my modem and subscriber information. How does this make it public information that can be published?
  • by dmomo (256005) on Friday February 13, 2009 @11:54AM (#26844515) Homepage

    Your phone number and address specify where you live. Your IP address in an apache log specifies:

    Where you were at what time and what you were doing.

    Big difference.

    Yes, my home address might be public info (arguably).. but what I am doing inside is NOT!

    • by BadAnalogyGuy (945258) <BadAnalogyGuy@gmail.com> on Friday February 13, 2009 @11:57AM (#26844561)

      We all know what you're doing, pervert.

    • by Piranhaa (672441)

      Exactly.. It's like asking someone to enable GPS and walk around with a camera strapped to their foreheads and recording their actions 24/7. The recordings get put on tape for as long as the medium is backed up (so technically indefinitely). There's little to no chance that websites will start anonymizing log files - it just doesn't happen very often. So what's to stop police from going back 5+ years and saying "Well, you visited X and Y on these days... Because you KNOW about X and Y, we suspect you are gu

    • Well, your IP address doesn't tell the police what you were doing INSIDE either. A second piece of information is needed: the servers you were connecting to OUTSIDE of your home. Probably not owned by you. If you were doing anything entirely inside of your home, then your IP is irrelevant.

      Which gets to the root of the issue. On one side there are those who believe that because you are sitting in the privacy of your home, your online activities should be private.

      On the other side are those who point out you'

    • by canajin56 (660655)
      If you use your OMG PRIVATE PHONENUMBER to call in a bomb threat against your place of work, they don't need a warrant to perform a reverse phone lookup and find the name of the account holder. Explain how your phone number only specifies where you live, where the calledID at the business you called with a bomb threat specifies "where you were at what time and what you were doing." Nobody is saying that they don't need a warrant for server logs. They already have the server logs that they obtained with a
      • by Piranhaa (672441)

        But how do you know the server logs needed a search warrant to obtain? Some sites are resistant at giving out logs, while others will blatantly give them out if there is ANY indication at legal action. RIAA lawsuits anyone?

        While I can partially see where you're coming from, I just don't see how this can be justified. If there is enough of a reason to care, a search warrant should be required IMHO.

        This could also just be a baby step to "security". Next year we could be seeing a similar article, but the polic

    • by nurb432 (527695)

      While i agree with you, they could take that analogy to the point that what you do with your connection is similar to what you do in front of an open window facing the street.

  • by redelm (54142) on Friday February 13, 2009 @11:56AM (#26844551) Homepage
    There are no exact Miranda Rights in Canada, nor "fruit of the poisoned vine" doctrine nor 9th Amendment "expectation of privacy". There is a Candian constitution, and it says different things, mostly with "reasonable" exemptions.

    Canadian Courts and police operate differently from the US. The individuals are generally more professional and competant, and less ambitious for higher office.

    A Canadian court might will find (and even presume) police are acting reasonably, so evidence is admissible.

    Exactly how is a Reverse IP lookup is different from using a Criss-Cross telephone directory?

    Chill!

    • by Nikker (749551)
      Then I guess as a private citizen I should have a resource I can look up IP's as well ?
  • by MisterSquirrel (1023517) on Friday February 13, 2009 @12:01PM (#26844639)

    Several people use my computer at home. Plus, I use computers at several different IP addresses, some of which are in turn used by other people. So how can any IP address, by itself, be biographical information about me in particular?

    More importantly, how can an IP address be identified with me directly? If "my" IP address is used to download porn, how do they know whether I did it, or someone else at my computer did it? How do they know it wasn't some Russian Mafia's botnet that took over my computer and did it?

    • "Several people use my computer at home. Plus, I use computers at several different IP addresses, some of which are in turn used by other people. So how can any IP address, by itself, be biographical information about me in particular? "

      Probably in the same way that a physical address is. For most people, they live at an address with one or more other people (spouse, kids, parents, etc.). Some people also have a country home (second address) which may be shared with additional other people (brothers, pare
    • First, I want to start by stating that I agree with the basic premise of the original Op-Ed piece that these comments are attached to - namely that there is no good reason why police/prosecutors shouldn't get a warrant or subpoena for this information - users should have a reasonable expectation of privacy when using the Internet.

      That said, with regards to your questions about an IP address not proving that any particular person is responsible for traffic, while you are correct, it is still necessary for th

  • That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information.

    Expert evidence is often used in many different trials, for many different issues. However, the law in Canada requires that judges do not abdicate their decision-making authority to the experts. The proper role of the expert is to provide information to the judge that is outside of the judge's own area of expertise. On any given trial, there will usually be two experts (one for each side) who have completely contradictory opinions. It is the judge's job to weigh each expert's opinion against the rest o

  • If there's a more hidebound, out-of-touch, bunch of rich old white men on the continent than a meeting of Ontario judges, I'd be surprised. Even the few who happen to have vaginas fit the profile.

  • But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book -- users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP.

    i don't know about you, but i have no expectation of privacy for my identity online, and frankly, i don't know why anyone, especially the technically astute on slashdot, would hav

  • by segedunum (883035) on Friday February 13, 2009 @12:21PM (#26844977)
    As a previous Slashdot article claimed, us technology people are not lawyers. What would we know about this stuff? Of course you can identify one person via one IP address in a one-to-one mapping. Everyone knows that. I got modded down for suggesting this kind of idiocy, because this is internet and networking 101. If you can't present the facts of what an IP address actually is then you have a real problem.

    Child pornography is serious (OK, it's used as a politically correct example sometimes) and I'm not suggesting for a second people should get off on technicalities, but if courts are going to gather evidence and convict then they need to get some clue about the facts and understand what it is that they're talking about. Unless they do I can see massive claims for damages at some point in the future. This happens all over the world as well.
    • > us technology people are not lawyers. What would we know about this stuff?

      You're right that most slashdotters are not lawyers. We're citizens. Citizenship is an office that holds much more responsibility, including keeping lawyers and courts in line.

  • ..like 127.0.0.1

  • An IP address is not like a street address (which is fairly permanent). It's more like a hotel room number (transitory). The identity of the occupants of room 128 are not public knowledge like in a phone book, but must be obtained through a 3rd party (the hotel's front desk).

    Do police need a warrant to look at the front desk's guest log?

    The hotel room analogy also explains why IP addresses are insufficient evidence of criminal activity. If they know that criminal activity took place in room 128 last week

  • Ontario is a country called Canada.
    Virginia is in a country called The United States of America.

    Comparisons between the laws of two separate countries are useless, because they have their own separate laws, governments and courts.

    • Ontario is a country called Canada. Virginia is in a country called The United States of America.

      Comparisons between the laws of two separate countries are useless, because they have their own separate laws, governments and courts.

      They most certainly are not useless, because the country called Canada and the country called the United States and the jurisdictions called Ontario and Virginia are all common law systems and their legal systems are not just derived from, but are direct descendants and continuations from the English legal system. It is not unusual for courts in one common law system to look to the reasoning given for a decision from other common law systems for insight into how to consider a case in a new area.

      Certainly

    • But isn't the legal system in both places based on Common Law? So therefore precedent can be set by judges, which makes any discussion of case law in either place highly relevant to the other. No?

  • ISPs deliberately go out of their way to stop you from establishing a link between your IP address and any sort of identity.

    By sheer luck, some people manage to get semi-static IPs, if you want it guaranteed you pay hand-over-fist. The rest of us? Bounced from one DHCP lease to the next in case we actually run some services on our machines.

    You can count me in for a "reverse IP phone book" if they'll let me have ronald-dumsfeld.myisp.com
  • Let's be perfectly frank here: the reason the court gave a free pass to the police is because this was a "child pornography" case. All logic flies out the window as soon as you mention CP, particularly so in Ontario for some reason. I don't know if it's the rampant conservative values that are to blame, but 'round here people have no spine unless children are "in danger". They will beat and harass released pedophiles (who have served their sentence), go on month-long searches for missing children (but no

  • I thought this was breathtaking:

    users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP. When asking whether users have a "reasonable expectation of privacy" for a given type of information, if you parse that sentence literally, there are only two questions: (1) Do users have an expectation of privacy for that information, and (2) Is it reasonable? To determine if users have an expectation of privacy for something, you just a

Take care of the luxuries and the necessities will take care of themselves. -- Lazarus Long

Working...