Ontario Court Wrong About IP Addresses, Too 258
Frequent Slashdot contributor Bennett Haselton comments on a breaking news story out of the Canadian courts:
"An Ontario Superior Court Justice has ruled that Canadian police can obtain the identities of Internet users without a warrant, writing that there is 'no reasonable expectation of privacy' for a user's online identity, and drawing the analogy that 'One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state.' But why in the world is it valid to compare an IP address with a street address in the phone book?"
Read on for Bennett's analysis.
Last October I wrote about a the Virginia Supreme court's ruling that forged IP addresses in spam headers were constitutionally protected, because they were necessary to protect anonymous speech. I said that misconstrued facts about IP addresses for two main reasons: (a) there are protocols for secure anonymous speech on the Internet, so it's not true that forged IP addresses are "necessary"; (b) forging your IP in mail headers doesn't actually hide the sender's real IP anyway. Now an Ontario Superior Court Justice has ruled that IP addresses are no more private than "[o]ne's name and address or the name and address of your spouse", suggesting another instance where a court may not have realized the implications of how IP addresses work.
In the current case, Canadian police had determined the IP address of a user allegedly accessing child pornography, and faxed the ISP a request for the user's identifying information, which the ISP provided, without a warrant. The defendant had argued that the evidence should be in admissible because the police should have been required to obtain a warrant first, but Justice Lynne Leitch rejected that argument, drawing an analogy to the public listings in a phone book and writing, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state."
Even if the court had ruled that the evidence were inadmissible, that doesn't mean the police couldn't have caught this defendant if they'd followed the warrant procedure from the beginning — if the police had evidence that the user was accessing child pornography, presumably they could have gotten a warrant if they'd asked for one. So excluding this evidence probably would have only set a precedent that defendants would occasionally get off because of procedural screw-ups (similar to police forgetting to read a defendant his Miranda rights), not that huge numbers of child pornographers would have now been able to evade police, because the police could usually get a warrant in cases where they had evidence against them. What is troubling is the analogy that the court drew between IP addresses and "one's name and address".
Unlike the statements made by the Virginia Supreme Court, this may not be a case of getting technical facts wrong about IP addresses, but logical errors in the analogy, namely: (a) concluding that two things are similar when they are perceived differently, when perceptions are what the case is about, and (b) not following the premise through to its logical conclusion, which would be absurd, showing the premise is wrong in the first place.
Consider that the court drew the analogy to name and address information that can be found in the phone book, and wrote, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state." But then why would one draw any link between that, and information about the user's identity behind their IP address? The only similarity is that both pieces of information are "information about someone". But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book — users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP. When asking whether users have a "reasonable expectation of privacy" for a given type of information, if you parse that sentence literally, there are only two questions: (1) Do users have an expectation of privacy for that information, and (2) Is it reasonable? To determine if users have an expectation of privacy for something, you just ask them: Do you? You don't need to draw analogies to anything else — either users expect privacy (because of the analogies or the reasoning going on their own heads) or they don't. The remaining question is whether their expectation is reasonable, and it seems absurd to say that a user's expectation of privacy for their identity online (at least until a court issues a warrant) is "unreasonable".
Suppose a security company were to discover an exploit in Internet Explorer that could reveal your real name (as entered in your personal computer's Control Panel settings at setup time) to any Web site that you visited. This would be big news and would warrant Microsoft issuing a critical patch to fix the problem — because users expect that this information should not be available to a remote Web site, even though the Web site that they're visiting can of course see their IP address. And most would agree that this is a "reasonable" expectation.
On the other hand, try following the judges' ruling through to the end — if information about the user's real identity behind their IP address is not considered private, than what is? Justice Leitch stated that an address in the phone book and an IP address are both "biographical information" and hence that the analogy was proper. But by the same logic, virtually any fact that a company has on file about you would constitute "biographical information" just by virtue of the tautology that it's a fact about you, and so this would become meaningless as a standard by which to determine what facts should be kept secret from police without a warrant.
This line of argument raises two larger issues. First, this will have already provoked the ire of people with legally training, who are asking, "Who are you to disagree with a Superior Court Justice? Did you go to law school? Did you clerk with a judge?" The proper response to this is: If you're invoking your credentials to support a statement, then if I were to randomly poll 10 people with the same credentials, would at least 8 of them agree with you? If the answer to that question is No, then there's no point in bringing up credentials, because there is no strong majority of people with those credentials who agree on any particular to answer to that question, so it cannot be true that a strong majority agree on the "correct" answer to the question. The story about this case quotes Professor James Stribopoulos at the Osgoode Hall Law School in Toronto, as disagreeing with the judges' conclusion, for example: "It is not just your name, it is your whole Internet surfing history. Up until now, there was privacy. An IP address is not your name, it is a 10-digit number. A lot more people would be apprehensive if they knew their name was being left everywhere they went." If credentialed users are randomly divided on what the answer is, then that cannot be used as a guide to what the rest of us laypeople should think, because how do we know which group to side with? We have to rely on generic reasoning — looking for logical mis-steps in a judge's argument, or looking for premises that would be absurd if they were carried to their logical conclusion. If you're going to tell me that my reasoning is wrong, then mentioning a degree in mathematics or the hard sciences is just as relevant, if not more so, than mentioning a law degree — but in either case the logical argument should be evaluated on its merits, regardless of a person's "credentials". People who do well on those Martin Gardner brainteasers should be encouraged to take part in these debates.
Second, there is the question of whether such logical errors (if you accept the premise that the court made a logical error in drawing an analogy between IP addresses and street addresses in the phone book) could be avoided if the courts took a different approach to answering these questions. In the October article about the Virginia Supreme Court's ruling on IP addresses, I suggested that a judge could have avoided the technical mis-statement in the ruling if they had just convened some Internet technology experts in their courtroom and said, "Here's my reasoning so far. Is any part of it wrong on the technical facts? I'm not promising to change my mind in response to anyone's objections. But just tell me if you think some part of it is wrong." A large number of people e-mailed me objections that all boiled down to, "That's not how judges do things", or suggesting that I didn't know that because I'd ventured outside my own area of expertise.
Hello! I know that's not how judges do things, that was my point: that they might avoid certain types of errors if they did try it. On the other hand, just because a particular practice by a judge might have avoided one type of error, that doesn't mean it's a good idea. If the judge had tested their theory about IP addresses and street addresses by posting it on a message board somewhere and asking for feedback, that might have helped to avoid the particular mis-statements that they made about IP addresses in that case, but would that be a good idea generally? Almost certainly not — because users responding to the judge's request for help would not be under oath, so they'd be free to try and confuse the issue with lies to support whatever outcome they wanted for the case. That would be bad enough if it were a one-time case where a judge solicited feedback for their reasoning on a message board. If it became a regular practice by judges, and people knew in advance that judges were likely to solicit public feedback on their arguments before making their rulings official, then all parties with an agenda would have misinformation campaigns gearing up in advance to fool judges whenever possible.
That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information. (Of course, this depends on the court system's willingness to prosecute experts and other witnesses if they lie under oath. If the courts don't bother, then there's not much point in swearing in the experts before they testify anyway.)
So: an interesting counterargument would be: What is an example of a problem (a situation where a judge could be led to the wrong conclusion, or where a third party would have new incentives to spread false information) that would be created by judges running their opinions past experts who are assembled in their courtroom, that does not already exist under the current system? I can't immediately think of any, but some more imaginative people might be able to. I don't think it would be valid to say, for example, that this creates an incentive for biased experts to try and mislead the judge without technically lying — because biased experts in court already try and mislead the judge anyway, even without a "final round" where the judge asks what they think. But that's the form that an interesting argument would take. Not "I went to law school and that's not how we do stuff."
Meanwhile, regular users can use Tor and similar programs if they want their anonymity to be securely protected online. Tor can securely protect your identity from anyone, with or without a warrant. At least 8 out of 10 computer experts would agree; otherwise I wouldn't say that.
Justice is blind (Score:3, Insightful)
Re:Justice is blind (Score:5, Interesting)
Justice is blind, and even more so when technological cases are heard in an anglo-saxon setting, where customary law (precedents) is king.
I think you're mixing a number of references, there. Justice is blind is a reference to the notion that justice ought to be objective, a concept going back to (at least) the Babylons. I don't think objective (versus subjective) reasoning in any takes away from "justice", which seems to be what you are implying.
"Customary law (precedents)" is presumably a reference to stare decisis [wikipedia.org], a concept of binding precedents which dates back to the Normans invading Britain around the 1100's I believe. Stare decisis generally occurs only when a "higher" Court (i.e. an appellate level Court) makes a decision. The lower Courts are bound to the decision of higher Courts, subject to law and fact that distinguishes the case at hand from the case of the higher Court. Courts of the same level are generally not bound (though it is generally considered polite not to change the law the same Court had previously made - case made law is in principle, after all, not creating law, but illuminating an already-existing truth).
In terms of facts, though, appellate Courts generally defer to the Court of first instance (i.e. the trier of fact, or trial court), because the judge at the first instance will have heard the facts from experts first-hand. However, there is generally a discretion in appellate Courts to overturn rulings of the Court of first instance on the basis that the trier of fact made errors that were incorrect, unreasonable or patently unreasonable (depending on the nature of the appeal and the Court in question).
In the Ontario case in question, I haven't read the reasons of Justice Leitch, but if she took "judicial notice" of the analogy between an IP and an address (i.e. no experts were called), a higher Court may alter that. However, if an expert posited that analogy, then it is very unlikely that the decision will be overturned by a higher Court (i.e. the Ontario Court of Appeal). In both scenarios, it's possible that subsequent decisions would be made on different facts, and this wayward analogy would be debunked.
A fundamental misperception about warrants (Score:3, Interesting)
Re: (Score:2)
Justice is blind, and even more so when technological cases are heard in an anglo-saxon setting, where customary law (precedents) is king.
Look up. See that big swooshy thing that just went over your head. It is called ironic humor. The mixed references certainly appear to be done on purpose (at least that's how I read it).
The test for irony I use is to take the meaning of the words in their normal sense, and then convert them to the the opposite meaning. The potential opposites of the OP would be either:
* Customary law (precedents) is not "king", which doesn't add anything.
* Justice is not blind, which has no meaning in this context
* Justice is less blind in technological cases, which has merit if the OP was suggesting that Justice is more subjective when dealing with technological cases. I doubt this was the OP's meaning fo
Learn to summarize, Tolstoy (Score:5, Insightful)
"I think judges should get expert opinion outside the courtroom."
There, that wasn't so hard, was it?
May I suggest the following link [slashdot.org]
Re: (Score:3, Insightful)
Responing to this well-worded summary:
We use an adversarial system. No one (except the judge) is expected, or can be expected, to be neutral or disinterested. It's not the judge's job to be a technical expert, but for each side to bring technical experts who will testify under oath. The defense here erred in not bringing in an expert witness to testify about how IP addresses work.
The solution to prevent this problem in future cases is exactly for the concerned party to hire an expert witness to explain t
Re: (Score:3, Funny)
According to Wikipedia, he has a graduate degree in math but no law degree. This is too bad, because a name like "Bennett Haselton" seems like it was made for a law office door.
Is it valid to compare an IP to address book? (Score:3, Insightful)
The police using an IP Number to locate my address is no different than if they did a Reverse Phone Number lookup. If the latter does not violate my rights, then the former does not violate my rights either.
Re:Is it valid to compare an IP to address book? (Score:5, Insightful)
How about if the phone number is unlisted?
Consider that if you do a WHOIS search on a non-business IP, you're likely going to get the ISP's info, not the info of the person using that IP, so I would consider that to be more like an unlisted number than a number in the phone book.
Though I'm not able to find any precedents regarding whether a warrant is required to request unlisted phone numbers either, so this may be a moot argument.
Re: (Score:2)
I'm not able to find any precedents regarding whether a warrant is required to request unlisted phone numbers either, so this may be a moot argument.
Since we're after 9-11, I assume that you they don't need a warrant for that. I can't believe that such a provision would have survived the hysterical police-state power grab that followed.
Re: (Score:2)
How about if the phone number is unlisted?
The police have never needed a warrant to capture the biographical information attached to a phone number that was used in committing a crime, whether that phone number was listed to the public or not. Similarly, they do not (and have never) needed a warrant to find out the physical address a PO Box is associated with (and the Post Office requires that physical address for you to sign up for a PO Box).
This is the biggest mistake that Bennett Haselton makes in his article: the judge's decision said that an
Good, it should be the same (Score:5, Insightful)
When I look up my phone # in a reverse directory, I get the a result like the following:
Type: Cell Phone
Provider: Someprovider
Location: Somecity, SomeProvince
There are plenty of reasons *NOT* to have your personal information linked to your phone #. The same should apply to your IP.
Re: (Score:2)
The provider information is now often wrong. It just looks up the NXX, and tells you its code holder, but thanks to WNP it isn't guaranteed to be accurate.
Re: (Score:2, Insightful)
Re: (Score:3, Interesting)
Yes, but not to provide a way to look up a number and find the owner (reverse lookup). This is a relatively recent innovation and one that I doubt people considered twenty years ago when allowing their numbers to be listed. In other words, twenty years ago, people had a reasonable expecation that their number would not give away their identity even if they were listed in the phone book
Re: (Score:2)
In other words, twenty years ago, people had a reasonable expecation that their number would not give away their identity even if they were listed in the phone book
You've never watched Rain Man, have you?
Re: (Score:2)
Rain man or the Grifters?
I think one is about an autistic math guy and the other is about assuming identities, passing bad checks, and doing scams.
Re: (Score:2)
Reverse lookup has been around for ages. Phone companies have published the reverse lookup books, but generally they were not available to users, only to telco staff and police agencies.
Considering the number of people in my home town, it was not an impossible task to scan the entire forward listing looking for a number (i
Re: (Score:2)
Yes, but not to provide a way to look up a number and find the owner (reverse lookup). This is a relatively recent innovation and one that I doubt people considered twenty years ago when allowing their numbers to be listed. In other words, twenty years ago, people had a reasonable expecation that their number would not give away their identity even if they were listed in the phone book
Reverse directories have existed for as long as phone directories have. They just used to be on paper, and they've never been dumped on your front porch unbidden.
Re:Is it valid to compare an IP to address book? (Score:5, Insightful)
If I, as a private citizen, cannot call up the ISP and get the same information; then that information should not be considered public by reasonable expectation; and should require a warrant.
Re: (Score:2)
If I, as a private citizen, cannot call up the ISP and get the same information
Mmm... strawman. What makes you think you can't, aside from the ISP deciding to ignore you because you're annoying them? Further, there is nothing that prevents a third party from creating said database and making it available to the public (aside from, again, the ISPs simply refusing to give said party the data because they simply don't want to).
Re: (Score:2)
If I, as a private citizen, cannot call up the ISP and get the same information; then that information should not be considered public by reasonable expectation; and should require a warrant.
So, if I can't call up the DMV and find out who a particular license plate is registered to, the cops should need a warrant to get that information to follow a lead in a case?
Law enforcement should have NO special privileges to biographical information at all without a warrant? They should have to get a warrant for every single witness they want to track down and question in a case?
Do you know what's involved in getting a warrant? All of them are granted by a judge on a sworn affidavit. The process is of
Re: (Score:2)
It sure does have a difference. People already know their phone numbers are publicly listed information and act accordingly. People should routinely expect others to have Caller-ID or access to reverse directories.
IP addresses are not published in a big white book that is handed out to every home in North America, and your IP identity is not something you assume will be public knowledge without good reason. As a result, people do expect privacy even though the data is obviously available to their ISP, us
Re: (Score:2)
Not the same thing at all.
A) No expectation of Privacy. Your name and number is PUBLISHED in the phone book. You agree to this when you get a number, unless you get it unlisted, in which case they could not get at it.
B) No Personal information attached. You address is covered off by A). You can't get a list of calls made, when you called them, who you talked to, what your conversations consisted of, etc... without a court order, or warrant I believe.
This is the whole crux of the problem. You are basically a
Re: (Score:2)
Not the same thing at all.
A) No expectation of Privacy. Your name and number is PUBLISHED in the phone book. You agree to this when you get a number, unless you get it unlisted, in which case they could not get at it.
But the cops still can. Even though I may not be able to call up 411 and get an unlisted phone number, law enforcement can.
If an IP address is like an unlisted phone number, then why would we expect that law enforcement couldn't request its owner identity in the course of an investigation?
Re:Is it valid to compare an IP to address book? (Score:4, Insightful)
The problem is that an IP address is NOT a unique identifier for an individual. In most cases, it's going to be a dynamically-allocated address that may map to many subscriber locations within your neighborhood or your city or even the entire country, depending on how your ISP allocates addresses. At any given moment in time, it will only map to one subscriber location, but the only one who has access to that information will be your ISP, possibly in conjunction with the telephone company if you're connected by modem.
But even apart from that, an IP address can be multiplexed between many individuals or even other locations once the traffic for it reaches the subscriber location.
So it's not like a phone number at all - there's not even approximately a one-to-one mapping between IP addresses and individuals, nor is the mapping that does exist stable over even fairly short spans of time.
I'm not sure whether I think that the police should have the authority to do a reverse IP lookup without a warrant (though from a civil liberties standpoint it does make me distinctly uneasy, since this is in no sense "public" information and has serious potential for abuse), but the analogy with the phone system is badly flawed.
Re: (Score:3, Interesting)
I recognize your point that an IP address is not always fixed to one user or machine, but I think the analogy works for this situation. If the police found a phone number logged on a caller ID near the scene of a crime, I would expect them to request the owner's name from the phone company. The same goes for an IP address discovered. I would expect them to follow the evidence. Now if the police attempted to prosecute using this IP evidence, then all of your other arguments apply.
The question before the
Re: (Score:2)
I'm not arguing that the IP address is useless information, or that the police shouldn't be able to use it for legitimate purposes; in fact it would probably be very easy to get a search warrant for this kind of situation. Clearly the IP address standing alone isn't very strong evidence of anything, but it's certainly a good place to start in tracking down the culprit in many criminal cases.
The question is not whether the police can and should be able to do reverse IP tracking, but whether the police can
Re: (Score:2)
I think this is the basic issue crystallized in the You are not a Lawyer article posted a few days ago. The argument that the techies make would be that "The IP address cannot be used to convict you!" but it's not. It's just used to find out who to investigate, so they can get all the *other* evidence used to convict.
Re: (Score:2)
The whole idea is ridiculous. Addresses, IP or otherwise, are necessarily public information; every packet you send out has your source IP address on it, and as a matter of
Re: (Score:2)
The major difference I see is exposure.
Typically your phone number's only outgoing connections are ones that YOU initialize. If you phone someone and tell them about a sale at Zellers, they phone someone else, who phones someone else, etc. Unless the person you talked to discloses their source, nobody knows your phone number.
Now, if you email them, and they forward it to their friends, who forward it, etc, etc, then EVERY person that EVER gets that email, will get your IP address!Don't even get me started o
Re: (Score:2)
Now, if you email them, and they forward it to their friends, who forward it, etc, etc, then EVERY person that EVER gets that email, will get your IP address!
Come again?
Re: (Score:2)
Now, if you email them, and they forward it to their friends, who forward it, etc, etc, then EVERY person that EVER gets that email, will get your IP address!
Come again?
Bennett Haselton's next article can be about the problems slashdotters have with understanding how IP information works.
tl; dr (Score:3, Interesting)
Better analogy: Receipt number (Score:5, Interesting)
A better analogy is: If police find a repair receipt with an order number, can the police go to the shop and ask for the name of the customer?
A receipt number is neither public nor private, it is merely obscure. Can a business owner not voluntarily give information to the police? If the business has a privacy contract with the customer, a violation is a contract law issue between the customer and the business, and not a constitutional issue.
If the business won't voluntarily provide the information, the police can use a search warrant to search the business. But that is a situation between the business and the police, not the customer. And if the business voluntarily gives the information the police haven't conducted a search.
Mod parent up!!! (Score:5, Interesting)
This guy has it right, along with the reverse lookup comment for a phone number there was no violation of criminal law or established procedures for enforcement with what was done. Now, the ISP may have violated their privacy agreement, but privacy agreements usually contain verbiage that denies privacy if you are suspected of a crime, depending on the nature of information being divulged.
Data that was traveling over the wire to and from the IP address was not obtained and would require a warrant to view, but simple subscriber information will-9 times out of 10-be given to law enforcement upon request. Now, if that information was somehow "unlisted at the user's request", like an unlisted phone number, then a warrant would be needed to obtain the information. I do not know of an ISP that provides "unlisted" Internet service.
an ISP that provides "unlisted" Internet service (Score:2)
they are callewd "anonymous proxy" services.
http://en.wikipedia.org/wiki/Anonymous_proxy#Anonymizing_proxy_server [wikipedia.org]
Re: (Score:2)
... and if you want to use one at some point in the future, use it regularly for no reason starting now so there's no obvious pattern to rely on.
Re: (Score:2, Insightful)
Now, the ISP may have violated their privacy agreement, but privacy agreements usually contain verbiage that denies privacy if you are suspected of a crime, depending on the nature of information being divulged.
Now, if that information was somehow "unlisted at the user's request", like an unlisted phone number, then a warrant would be needed to obtain the information. I do not know of an ISP that provides "unlisted" Internet service.
I do not know of an ISP that provides a "listed" internet service, either. I can't find personal addresses from IPs, so it's not listed.
If the privacy agreement has a "suspected of a crime" loop-hole, a warrant would provide suitable, credible evidence of the suspicion. ISPs might be absolved by their clause, but law enforcement requires that judges validate that there is reasonable suspicion. This is standard procedure for modifying a citizen's privacy. An extra step, true, but not overly burdensome.
Re:Mod parent up!!! (Score:5, Funny)
unlisted-no-more.con: Find unlisted IP addresses "they" don't want you to know! For example, did you know that there are over ten million unlisted addresses that begin with 127? There might even be a machine in your own home with this unlisted address, perhaps put there unbeknownst to you!
Re: (Score:2)
The best analogy for non-technical people about what an IP address represents is to compare it to a telephone number. In both cases, it's machine-friendly number that makes it possible for machines to route information from one machine to another. The only difference is that the user of an IP address changes a lot more frequently than that of a phone number. While many judges won't have grown up around computers and won't understand internet concepts in the detail necessary to rule correctly, they will be f
Re: (Score:2)
I don't know about Canadian law, but in the US, there are some interesting variations.
Can the police raid your house because they think there are drugs inside? No. Not without a warrant.
Now say a police officer walks up to your house and knocks on the door. He could be there for any reason. "Have you seen anything suspicious lately?" When you open the door, he sees several kilos of what appears to be drugs, and an uzi sitting on the coffee table, can he rai
Isn't it based on commuity expectations? (Score:3, Interesting)
It strikes me that "reasonable expectation" would mean, "reasonable by those in the community in question".
Was this judge a regular Internet user? If not, is his opinion about what's a "reasonable expectation" relevant, or should he poll, for example, 1000 high-school and college kids regarding whether or not they expect their IP#'s to be tied back to them as people?
Re: (Score:3, Funny)
Yeah right... he was not a pedophile suspect either ....
Should the judge ask 1000 pedophiles suspect what their expectation of privacy be...
Comment removed (Score:5, Insightful)
It's not the same because... (Score:5, Insightful)
Your phone number and address specify where you live. Your IP address in an apache log specifies:
Where you were at what time and what you were doing.
Big difference.
Yes, my home address might be public info (arguably).. but what I am doing inside is NOT!
Re:It's not the same because... (Score:5, Funny)
We all know what you're doing, pervert.
Re: (Score:2)
Exactly.. It's like asking someone to enable GPS and walk around with a camera strapped to their foreheads and recording their actions 24/7. The recordings get put on tape for as long as the medium is backed up (so technically indefinitely). There's little to no chance that websites will start anonymizing log files - it just doesn't happen very often. So what's to stop police from going back 5+ years and saying "Well, you visited X and Y on these days... Because you KNOW about X and Y, we suspect you are gu
Re: (Score:2)
Well, your IP address doesn't tell the police what you were doing INSIDE either. A second piece of information is needed: the servers you were connecting to OUTSIDE of your home. Probably not owned by you. If you were doing anything entirely inside of your home, then your IP is irrelevant.
Which gets to the root of the issue. On one side there are those who believe that because you are sitting in the privacy of your home, your online activities should be private.
On the other side are those who point out you'
Re: (Score:2)
I would agree with you on the wire-tapping issue. But there is also the chance that one party gave the information to the police.
For example, an hosting company finds that one of their customers is hosting illegal files so they shut them down and turn over the logs to the police. Or the police could have raided someone hosting illegal files and captured the logs during that raid. It's the same as busting a whore house and finding a book of clients.
The basic fact remains that while using the internet you are
Re: (Score:2)
Re: (Score:2)
But how do you know the server logs needed a search warrant to obtain? Some sites are resistant at giving out logs, while others will blatantly give them out if there is ANY indication at legal action. RIAA lawsuits anyone?
While I can partially see where you're coming from, I just don't see how this can be justified. If there is enough of a reason to care, a search warrant should be required IMHO.
This could also just be a baby step to "security". Next year we could be seeing a similar article, but the polic
Re: (Score:2)
While i agree with you, they could take that analogy to the point that what you do with your connection is similar to what you do in front of an open window facing the street.
C A N A D A -- is different from the US ! (Score:4, Interesting)
Canadian Courts and police operate differently from the US. The individuals are generally more professional and competant, and less ambitious for higher office.
A Canadian court might will find (and even presume) police are acting reasonably, so evidence is admissible.
Exactly how is a Reverse IP lookup is different from using a Criss-Cross telephone directory?
Chill!
Re: (Score:2)
Re: (Score:2)
Umm. Yeah. Why not?
Re: (Score:2)
There is nothing incriminating or even directly informative about an IP address, any more than there is about a street address. But knowing that IP has porn or that street number has drugs is the content.
Re: (Score:2)
However, there remains a _huge_ fundamental difference: the US was founded on mistrust of ALL government while the Cr
Re: (Score:2)
However, there remains a _huge_ fundamental difference: the US was founded on mistrust of ALL government while the Crown is still presumed to have a right to govern.
True - in theory. And yet, we have the institution of Governor General, which in practical terms can provide much more accountability and balance to government. While the prime minister has more centralized authority than, say, the US president, this unelected and generally non-partisan GG who is the representative of the Crown can dissolve the government if it oversteps its bounds. As we have recently seen, it is more than a ceremonial position, it is a kind of sword hanging over the head of the government
An IP address is not biographical (Score:5, Insightful)
Several people use my computer at home. Plus, I use computers at several different IP addresses, some of which are in turn used by other people. So how can any IP address, by itself, be biographical information about me in particular?
More importantly, how can an IP address be identified with me directly? If "my" IP address is used to download porn, how do they know whether I did it, or someone else at my computer did it? How do they know it wasn't some Russian Mafia's botnet that took over my computer and did it?
Re: (Score:2)
Probably in the same way that a physical address is. For most people, they live at an address with one or more other people (spouse, kids, parents, etc.). Some people also have a country home (second address) which may be shared with additional other people (brothers, pare
Account Holder (Score:2)
First, I want to start by stating that I agree with the basic premise of the original Op-Ed piece that these comments are attached to - namely that there is no good reason why police/prosecutors shouldn't get a warrant or subpoena for this information - users should have a reasonable expectation of privacy when using the Internet.
That said, with regards to your questions about an IP address not proving that any particular person is responsible for traffic, while you are correct, it is still necessary for th
Expert evidence at trial (Score:2)
That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information.
Expert evidence is often used in many different trials, for many different issues. However, the law in Canada requires that judges do not abdicate their decision-making authority to the experts. The proper role of the expert is to provide information to the judge that is outside of the judge's own area of expertise. On any given trial, there will usually be two experts (one for each side) who have completely contradictory opinions. It is the judge's job to weigh each expert's opinion against the rest o
Ignorant Old White Men (Score:2)
If there's a more hidebound, out-of-touch, bunch of rich old white men on the continent than a meeting of Ontario judges, I'd be surprised. Even the few who happen to have vaginas fit the profile.
commentary boils down to this: (Score:2, Insightful)
But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book -- users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP.
i don't know about you, but i have no expectation of privacy for my identity online, and frankly, i don't know why anyone, especially the technically astute on slashdot, would hav
completely absurd (Score:2)
the issue is not legal. it is technical and philosophical
in your house, you have privacy. there are walls, and doors, and any access to that area is controlled by you. you can expect privacy there and intrusions on that privacy are real and outrageous. expectation of privacy in your home is philosophically real and valid, since it is a space you control and usurping that natural control is obviously morally wrong. it is from this obvious and natural arrangement being imposed upon by government authorities d
your scenario is still absurd (Score:2)
you want to shout things in the train station, and no one will notice what you are saying is extremely private and powerful, and perhaps can be used against you or to profit. you expect completely random anonymous people to also be 100% virtuous in their interaction with you. surely, most will be. but not everyone. someone will notice what you are shouting can be used for some sort of profit on their part, and then go ahead and profit from you at your expense. or perhaps you are talking about the complete m
got it (Score:3, Insightful)
you think the internet is like a telephone conversation
he said in a wide open thread
that anyone navigating to slashdot can read
on the internet
seriously, wtf is wrong with you?
Re: (Score:3, Insightful)
"Anonymous" means that you do not know the identity of the speaker (writer, communicator). Your description of "anonymous" is not even close. You could not take someone into another room, close the door, and speak into their ear anonymously, because they know who you are! That directly contradicts the very definition of the word.
But in fact my writ
What Would we Know? We're not :Lawyers (Score:3, Insightful)
Child pornography is serious (OK, it's used as a politically correct example sometimes) and I'm not suggesting for a second people should get off on technicalities, but if courts are going to gather evidence and convict then they need to get some clue about the facts and understand what it is that they're talking about. Unless they do I can see massive claims for damages at some point in the future. This happens all over the world as well.
Re: (Score:2)
> us technology people are not lawyers. What would we know about this stuff?
You're right that most slashdotters are not lawyers. We're citizens. Citizenship is an office that holds much more responsibility, including keeping lawyers and courts in line.
There's no place... (Score:2)
..like 127.0.0.1
Not street address (Score:2)
An IP address is not like a street address (which is fairly permanent). It's more like a hotel room number (transitory). The identity of the occupants of room 128 are not public knowledge like in a phone book, but must be obtained through a 3rd party (the hotel's front desk).
Do police need a warrant to look at the front desk's guest log?
The hotel room analogy also explains why IP addresses are insufficient evidence of criminal activity. If they know that criminal activity took place in room 128 last week
To the author (Score:2)
Ontario is a country called Canada.
Virginia is in a country called The United States of America.
Comparisons between the laws of two separate countries are useless, because they have their own separate laws, governments and courts.
Re: (Score:2)
Ontario is a country called Canada. Virginia is in a country called The United States of America.
Comparisons between the laws of two separate countries are useless, because they have their own separate laws, governments and courts.
They most certainly are not useless, because the country called Canada and the country called the United States and the jurisdictions called Ontario and Virginia are all common law systems and their legal systems are not just derived from, but are direct descendants and continuations from the English legal system. It is not unusual for courts in one common law system to look to the reasoning given for a decision from other common law systems for insight into how to consider a case in a new area.
Certainly
Re: (Score:2)
But isn't the legal system in both places based on Common Law? So therefore precedent can be set by judges, which makes any discussion of case law in either place highly relevant to the other. No?
Uniquely identifying someone from an IP address (Score:2)
By sheer luck, some people manage to get semi-static IPs, if you want it guaranteed you pay hand-over-fist. The rest of us? Bounced from one DHCP lease to the next in case we actually run some services on our machines.
You can count me in for a "reverse IP phone book" if they'll let me have ronald-dumsfeld.myisp.com
Stating the obvious (Score:2)
Let's be perfectly frank here: the reason the court gave a free pass to the police is because this was a "child pornography" case. All logic flies out the window as soon as you mention CP, particularly so in Ontario for some reason. I don't know if it's the rampant conservative values that are to blame, but 'round here people have no spine unless children are "in danger". They will beat and harass released pedophiles (who have served their sentence), go on month-long searches for missing children (but no
changing expectations (Score:2)
Re:tl;dr (Score:5, Insightful)
What is it with people today? You want to know stuff, but can't be bothered reading something that IS a summary, of a lengthy court proceeding involving lots of debate on principles, history, etc.?
You want summaries of summaries? OK, we're all screwed. Feel informed now?
Re: (Score:2)
What is it with people today? You want to know stuff, but can't be bothered reading something that IS a summary, of a lengthy court proceeding involving lots of debate on principles, history, etc.?
It was commentary on the decision, NOT a summary of the decision. I read it, so I know this. You? I'm left wondering.
Summary: (Score:5, Funny)
can someone please summarize?
Court: intertubes = phonebook
Summary (Score:5, Informative)
Bennett Hasleton thinks that education and legal training have no impact on how legitimate a person's opinion on legal matters is. His style of writing is very flawed in that it contains fallacies, appeals to emotion, and numerous grammatical errors. He doesn't link to the actual case file, so I can only assume that all of his commentary is based solely on the National Post article. This type of second-hand analysis is unreliable, as it relies on the interpretation of the journalist in question. He also does not recognize how the legal system views expert evidence - that is, it treats it as "opinion evidence" as opposed to "real evidence", the differences between which I will not delve into here.
I'm not going to go further, as I think it would be unnecessary and a complete waste of time. This is basically a very long rant on a subject in which he is nowhere near qualified to provide an in-depth analysis. I am not a lawyer, but I am a Criminology student at the University of Toronto, studying under one of the more prominent defence lawyers in the country (one of Maher Arar's lawyers) on legal procedure. Of course, if you're Bennett Hasleton though, that doesn't mean anything.
Re: (Score:3, Funny)
.. and numerous grammatical errors...
I stopped reading at, "than what is?". I can stand the occasional than/then mistake, but then/than? No way.
Re: (Score:2)
I think that what he was saying is "a flawed argument is a flawed argument regardless of who puts it forth." If you think that an education and legal training make a mistake in logic unimportant, then you are the idiot.
You state in your post that his style of writing is flawed and criticize it for various specific reasons. I can't say that any of them are false, but frankly, I it doesn't make any difference. The issue isn't his writing skill, but rather whether or not the judge has caused a problem by accep
Re: (Score:2)
Re: (Score:2)
In decimal, it's 8 to 10 digits. As an IP, it's anywhere from 4 to 12 digits.
1.0.0.0 is 16777216 in decimal (assuming the first octet must start with at least 1, not 0, for those who will argue it)
255.255.255.255 is 4294967295 in decimal
They're all 32 bit numbers.
1.0.0.0 is 00000001000000000000000000000000
255.255.255.255 is 11111111111111111111111111111111
So, your IP is anywhere from 4 to 32 numbers. I
Re: (Score:2)
Police generally do not need such a warrant. They can get one, everyone knows they can get one, so the actual necessity of getting one is usually waived.
This is pretty much identical to the situation of a cop standing on your doorstep wanting to search your home. They have probably cause, you know they have probable cause, they know they have probable cause. The cop says if you want them to get a warrant it will just be a hassle and if you put them through that extra step it will certainly happen and eve
Re: (Score:2)
Also, just fyi, Ayn Rand was never opposed to sharing your life with someone else. She held that if being with someone else whom you respect brings you joy, then it would be foolish to deny yourself that selfish desire. Just because you are selfish does not mean tha
Re: (Score:2)
Ayn Rand was not a religion-building nutball - that happened around her, and she merely didn't stop it, as to do so would have violated her core beliefs. The "strict adherance" stuff mostly came from the cult created by her followers, except in the simple way that if she didn't think you were being rational, she'd say so. *Caring* whether she thought you were being rational was your own problem.
She was a bit nuts about positive protrayal of communism in the American media, but that's understandable give h
Re: (Score:2)
Re: (Score:2)
Whether you agree or disagree with her on this, there is merit to it. Ayn Rand's concept of selfishness is that it's healthy and that it shouldn't make you feel guilty. Let's be honest, you enjoy b
Re:A phone book listed by phone number. Useful... (Score:4, Informative)
Wrong. Reverse directories were published and could be found in just about any library. Police stations had them on hand. Phone companies offered services whereby the name and address would be read off to the caller for any phone number, if the number was listed.
Re: (Score:3, Insightful)
Anyway, it's not like anyone can spoof an IP address anyway, right? (j/k we know better) so then what if someone does, and the cops don't figure it out and they go after the wrong guy? Suddenly someone could be accused of being a child pedophile and then his neighbors find out. Even AFTER he is found innocent because the police could screw up ( AND THEY DO ), his life will NEVER be the same. Once someone is tagged
Re: (Score:2)
So what you are saying is that the police should only have access to your information if you are already suspected of breaking the law using a given IP address?
If only we had a legal process in place whereby the police could be given permission to access said information in such a situation. A warrant, if you will.
Re: (Score:2)
One day, while installing Windows at home, it wanted a company name. Wouldn't let me continue without one. So I put in 'Defenders of Justice.'
A while later, while checking a resume written in Word 2000, I couldn't help but notice that 'Defenders of Justice' was auto-embedded in the file metadata.
Re: (Score:2)
That was left as an exercise to the reader
Re: (Score:2)
Re: (Score:2)
He's making it clear that he sees no obligation for anyone to consume what he produces. That he produces somehting is his own buissess, and no one owes him anything because he chose to produce something. What he produces is only "valuable" because someone is willing to trade for it for mutual advatage. The trade, not the production, creates value - both for the person on the other side of the trade, and for John Galt.
Re: (Score:2)