Ontario Court Wrong About IP Addresses, Too 258
Frequent Slashdot contributor Bennett Haselton comments on a breaking news story out of the Canadian courts:
"An Ontario Superior Court Justice has ruled that Canadian police can obtain the identities of Internet users without a warrant, writing that there is 'no reasonable expectation of privacy' for a user's online identity, and drawing the analogy that 'One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state.' But why in the world is it valid to compare an IP address with a street address in the phone book?"
Read on for Bennett's analysis.
Last October I wrote about a the Virginia Supreme court's ruling that forged IP addresses in spam headers were constitutionally protected, because they were necessary to protect anonymous speech. I said that misconstrued facts about IP addresses for two main reasons: (a) there are protocols for secure anonymous speech on the Internet, so it's not true that forged IP addresses are "necessary"; (b) forging your IP in mail headers doesn't actually hide the sender's real IP anyway. Now an Ontario Superior Court Justice has ruled that IP addresses are no more private than "[o]ne's name and address or the name and address of your spouse", suggesting another instance where a court may not have realized the implications of how IP addresses work.
In the current case, Canadian police had determined the IP address of a user allegedly accessing child pornography, and faxed the ISP a request for the user's identifying information, which the ISP provided, without a warrant. The defendant had argued that the evidence should be in admissible because the police should have been required to obtain a warrant first, but Justice Lynne Leitch rejected that argument, drawing an analogy to the public listings in a phone book and writing, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state."
Even if the court had ruled that the evidence were inadmissible, that doesn't mean the police couldn't have caught this defendant if they'd followed the warrant procedure from the beginning — if the police had evidence that the user was accessing child pornography, presumably they could have gotten a warrant if they'd asked for one. So excluding this evidence probably would have only set a precedent that defendants would occasionally get off because of procedural screw-ups (similar to police forgetting to read a defendant his Miranda rights), not that huge numbers of child pornographers would have now been able to evade police, because the police could usually get a warrant in cases where they had evidence against them. What is troubling is the analogy that the court drew between IP addresses and "one's name and address".
Unlike the statements made by the Virginia Supreme Court, this may not be a case of getting technical facts wrong about IP addresses, but logical errors in the analogy, namely: (a) concluding that two things are similar when they are perceived differently, when perceptions are what the case is about, and (b) not following the premise through to its logical conclusion, which would be absurd, showing the premise is wrong in the first place.
Consider that the court drew the analogy to name and address information that can be found in the phone book, and wrote, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state." But then why would one draw any link between that, and information about the user's identity behind their IP address? The only similarity is that both pieces of information are "information about someone". But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book — users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP. When asking whether users have a "reasonable expectation of privacy" for a given type of information, if you parse that sentence literally, there are only two questions: (1) Do users have an expectation of privacy for that information, and (2) Is it reasonable? To determine if users have an expectation of privacy for something, you just ask them: Do you? You don't need to draw analogies to anything else — either users expect privacy (because of the analogies or the reasoning going on their own heads) or they don't. The remaining question is whether their expectation is reasonable, and it seems absurd to say that a user's expectation of privacy for their identity online (at least until a court issues a warrant) is "unreasonable".
Suppose a security company were to discover an exploit in Internet Explorer that could reveal your real name (as entered in your personal computer's Control Panel settings at setup time) to any Web site that you visited. This would be big news and would warrant Microsoft issuing a critical patch to fix the problem — because users expect that this information should not be available to a remote Web site, even though the Web site that they're visiting can of course see their IP address. And most would agree that this is a "reasonable" expectation.
On the other hand, try following the judges' ruling through to the end — if information about the user's real identity behind their IP address is not considered private, than what is? Justice Leitch stated that an address in the phone book and an IP address are both "biographical information" and hence that the analogy was proper. But by the same logic, virtually any fact that a company has on file about you would constitute "biographical information" just by virtue of the tautology that it's a fact about you, and so this would become meaningless as a standard by which to determine what facts should be kept secret from police without a warrant.
This line of argument raises two larger issues. First, this will have already provoked the ire of people with legally training, who are asking, "Who are you to disagree with a Superior Court Justice? Did you go to law school? Did you clerk with a judge?" The proper response to this is: If you're invoking your credentials to support a statement, then if I were to randomly poll 10 people with the same credentials, would at least 8 of them agree with you? If the answer to that question is No, then there's no point in bringing up credentials, because there is no strong majority of people with those credentials who agree on any particular to answer to that question, so it cannot be true that a strong majority agree on the "correct" answer to the question. The story about this case quotes Professor James Stribopoulos at the Osgoode Hall Law School in Toronto, as disagreeing with the judges' conclusion, for example: "It is not just your name, it is your whole Internet surfing history. Up until now, there was privacy. An IP address is not your name, it is a 10-digit number. A lot more people would be apprehensive if they knew their name was being left everywhere they went." If credentialed users are randomly divided on what the answer is, then that cannot be used as a guide to what the rest of us laypeople should think, because how do we know which group to side with? We have to rely on generic reasoning — looking for logical mis-steps in a judge's argument, or looking for premises that would be absurd if they were carried to their logical conclusion. If you're going to tell me that my reasoning is wrong, then mentioning a degree in mathematics or the hard sciences is just as relevant, if not more so, than mentioning a law degree — but in either case the logical argument should be evaluated on its merits, regardless of a person's "credentials". People who do well on those Martin Gardner brainteasers should be encouraged to take part in these debates.
Second, there is the question of whether such logical errors (if you accept the premise that the court made a logical error in drawing an analogy between IP addresses and street addresses in the phone book) could be avoided if the courts took a different approach to answering these questions. In the October article about the Virginia Supreme Court's ruling on IP addresses, I suggested that a judge could have avoided the technical mis-statement in the ruling if they had just convened some Internet technology experts in their courtroom and said, "Here's my reasoning so far. Is any part of it wrong on the technical facts? I'm not promising to change my mind in response to anyone's objections. But just tell me if you think some part of it is wrong." A large number of people e-mailed me objections that all boiled down to, "That's not how judges do things", or suggesting that I didn't know that because I'd ventured outside my own area of expertise.
Hello! I know that's not how judges do things, that was my point: that they might avoid certain types of errors if they did try it. On the other hand, just because a particular practice by a judge might have avoided one type of error, that doesn't mean it's a good idea. If the judge had tested their theory about IP addresses and street addresses by posting it on a message board somewhere and asking for feedback, that might have helped to avoid the particular mis-statements that they made about IP addresses in that case, but would that be a good idea generally? Almost certainly not — because users responding to the judge's request for help would not be under oath, so they'd be free to try and confuse the issue with lies to support whatever outcome they wanted for the case. That would be bad enough if it were a one-time case where a judge solicited feedback for their reasoning on a message board. If it became a regular practice by judges, and people knew in advance that judges were likely to solicit public feedback on their arguments before making their rulings official, then all parties with an agenda would have misinformation campaigns gearing up in advance to fool judges whenever possible.
That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information. (Of course, this depends on the court system's willingness to prosecute experts and other witnesses if they lie under oath. If the courts don't bother, then there's not much point in swearing in the experts before they testify anyway.)
So: an interesting counterargument would be: What is an example of a problem (a situation where a judge could be led to the wrong conclusion, or where a third party would have new incentives to spread false information) that would be created by judges running their opinions past experts who are assembled in their courtroom, that does not already exist under the current system? I can't immediately think of any, but some more imaginative people might be able to. I don't think it would be valid to say, for example, that this creates an incentive for biased experts to try and mislead the judge without technically lying — because biased experts in court already try and mislead the judge anyway, even without a "final round" where the judge asks what they think. But that's the form that an interesting argument would take. Not "I went to law school and that's not how we do stuff."
Meanwhile, regular users can use Tor and similar programs if they want their anonymity to be securely protected online. Tor can securely protect your identity from anyone, with or without a warrant. At least 8 out of 10 computer experts would agree; otherwise I wouldn't say that.
Justice is blind (Score:3, Insightful)
Learn to summarize, Tolstoy (Score:5, Insightful)
"I think judges should get expert opinion outside the courtroom."
There, that wasn't so hard, was it?
May I suggest the following link [slashdot.org]
Is it valid to compare an IP to address book? (Score:3, Insightful)
The police using an IP Number to locate my address is no different than if they did a Reverse Phone Number lookup. If the latter does not violate my rights, then the former does not violate my rights either.
Re:Learn to summarize, Tolstoy (Score:1, Insightful)
Re:tl;dr (Score:5, Insightful)
What is it with people today? You want to know stuff, but can't be bothered reading something that IS a summary, of a lengthy court proceeding involving lots of debate on principles, history, etc.?
You want summaries of summaries? OK, we're all screwed. Feel informed now?
Re:Is it valid to compare an IP to address book? (Score:5, Insightful)
How about if the phone number is unlisted?
Consider that if you do a WHOIS search on a non-business IP, you're likely going to get the ISP's info, not the info of the person using that IP, so I would consider that to be more like an unlisted number than a number in the phone book.
Though I'm not able to find any precedents regarding whether a warrant is required to request unlisted phone numbers either, so this may be a moot argument.
Good, it should be the same (Score:5, Insightful)
When I look up my phone # in a reverse directory, I get the a result like the following:
Type: Cell Phone
Provider: Someprovider
Location: Somecity, SomeProvince
There are plenty of reasons *NOT* to have your personal information linked to your phone #. The same should apply to your IP.
Comment removed (Score:5, Insightful)
It's not the same because... (Score:5, Insightful)
Your phone number and address specify where you live. Your IP address in an apache log specifies:
Where you were at what time and what you were doing.
Big difference.
Yes, my home address might be public info (arguably).. but what I am doing inside is NOT!
Re:Is it valid to compare an IP to address book? (Score:2, Insightful)
An IP address is not biographical (Score:5, Insightful)
Several people use my computer at home. Plus, I use computers at several different IP addresses, some of which are in turn used by other people. So how can any IP address, by itself, be biographical information about me in particular?
More importantly, how can an IP address be identified with me directly? If "my" IP address is used to download porn, how do they know whether I did it, or someone else at my computer did it? How do they know it wasn't some Russian Mafia's botnet that took over my computer and did it?
Re:Is it valid to compare an IP to address book? (Score:5, Insightful)
If I, as a private citizen, cannot call up the ISP and get the same information; then that information should not be considered public by reasonable expectation; and should require a warrant.
commentary boils down to this: (Score:2, Insightful)
But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book -- users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP.
i don't know about you, but i have no expectation of privacy for my identity online, and frankly, i don't know why anyone, especially the technically astute on slashdot, would have such an expectation. if i wanted to hide my identity, i would use Tor... just like the commentary says. if i don't use Tor, i have no expectation that what i am doing online is private. why do you?
and i'm not talking about policies and procedures of the government, i'm talking about any random yahoo of questionable motivation and privy to ip logs. this can be the government, it can also be a miscreant like a hacker who breaks into a webserver, it can be a webmaster of questionable ethics, it can also be a website i do business with interested in selling my private information. i know for a fact that if i make a purchase online, that my ip address is being explicitly logged for fraud purposes. i don't believe, in any way, that i have any privacy on the internet
in fact, one of the worst offenders here is google. think about what you've typed into google in the past 3 months. random musings, personal concerns, professional interests... as a running list, its a pretty good profile of some of the deepest secrets of your identity. anyone reading that list can even triangulate psychological truths about yourself perhaps in ways better than even you yourself understand yourself. and google is explicitly keeping this information. and maybe you use gmail, which represents even a larger treasure trove of such insights. put it all together: you have no privacy on the internet
the internet, in fact, pretty much represents the great assault on the very notion of privacy ever to exist in human history. honestly, if you want privacy, stop using the internet, or surf in complete incognito (which can be a pain in the ass at times)
i think the commentator is fighting a war which has long been lost, regardless of how the government operates. what the government thinks and how it operates CAN and SHOULD be attacked, by all means. but the idea of a "reasonable expectation of privacy" about anything you do on the internet is absurd. i know what i search for and what i visit is recorded and can be stitched back together, by all sorts of entities, not just the government
What Would we Know? We're not :Lawyers (Score:3, Insightful)
Child pornography is serious (OK, it's used as a politically correct example sometimes) and I'm not suggesting for a second people should get off on technicalities, but if courts are going to gather evidence and convict then they need to get some clue about the facts and understand what it is that they're talking about. Unless they do I can see massive claims for damages at some point in the future. This happens all over the world as well.
Re:As long as there's reasonable cause (Score:3, Insightful)
Anyway, it's not like anyone can spoof an IP address anyway, right? (j/k we know better) so then what if someone does, and the cops don't figure it out and they go after the wrong guy? Suddenly someone could be accused of being a child pedophile and then his neighbors find out. Even AFTER he is found innocent because the police could screw up ( AND THEY DO ), his life will NEVER be the same. Once someone is tagged pedophile even if they are not a pedophile society does not change it's thoughts towards them.
In theory this sounds like the right idea, but in practice, ANY TIME the government is involved ( and police are part of the government ) things can go amuck.
Re:Mod parent up!!! (Score:2, Insightful)
Now, the ISP may have violated their privacy agreement, but privacy agreements usually contain verbiage that denies privacy if you are suspected of a crime, depending on the nature of information being divulged.
Now, if that information was somehow "unlisted at the user's request", like an unlisted phone number, then a warrant would be needed to obtain the information. I do not know of an ISP that provides "unlisted" Internet service.
I do not know of an ISP that provides a "listed" internet service, either. I can't find personal addresses from IPs, so it's not listed.
If the privacy agreement has a "suspected of a crime" loop-hole, a warrant would provide suitable, credible evidence of the suspicion. ISPs might be absolved by their clause, but law enforcement requires that judges validate that there is reasonable suspicion. This is standard procedure for modifying a citizen's privacy. An extra step, true, but not overly burdensome.
Re:Is it valid to compare an IP to address book? (Score:4, Insightful)
The problem is that an IP address is NOT a unique identifier for an individual. In most cases, it's going to be a dynamically-allocated address that may map to many subscriber locations within your neighborhood or your city or even the entire country, depending on how your ISP allocates addresses. At any given moment in time, it will only map to one subscriber location, but the only one who has access to that information will be your ISP, possibly in conjunction with the telephone company if you're connected by modem.
But even apart from that, an IP address can be multiplexed between many individuals or even other locations once the traffic for it reaches the subscriber location.
So it's not like a phone number at all - there's not even approximately a one-to-one mapping between IP addresses and individuals, nor is the mapping that does exist stable over even fairly short spans of time.
I'm not sure whether I think that the police should have the authority to do a reverse IP lookup without a warrant (though from a civil liberties standpoint it does make me distinctly uneasy, since this is in no sense "public" information and has serious potential for abuse), but the analogy with the phone system is badly flawed.
Re:Learn to summarize, Tolstoy (Score:3, Insightful)
Responing to this well-worded summary:
We use an adversarial system. No one (except the judge) is expected, or can be expected, to be neutral or disinterested. It's not the judge's job to be a technical expert, but for each side to bring technical experts who will testify under oath. The defense here erred in not bringing in an expert witness to testify about how IP addresses work.
The solution to prevent this problem in future cases is exactly for the concerned party to hire an expert witness to explain the technical facts.
got it (Score:3, Insightful)
you think the internet is like a telephone conversation
he said in a wide open thread
that anyone navigating to slashdot can read
on the internet
seriously, wtf is wrong with you?
Re:i think i understand you (Score:3, Insightful)
"Anonymous" means that you do not know the identity of the speaker (writer, communicator). Your description of "anonymous" is not even close. You could not take someone into another room, close the door, and speak into their ear anonymously, because they know who you are! That directly contradicts the very definition of the word.
But in fact my writing to you right now is completely anonymous. You do not know who I am. Nor do other people in this forum. Nor do the people at Slashdot. Even if you, personally, could get the IP address that is the source of this communication, it would not identify me. So yes, as far as you are concerned, I am completely anonymous.
I agree that it is a very simple concept. But it is one you are going to have to look up, because you do not have it right.
However, if you want to go back to the discussion of privacy, I still disagree because we are talking about two different kinds of privacy. I was referring to legally private, while you were referring to absolute physical privacy. And of course, as you yourself have mentioned, absolute physical privacy is not possible while using the internet. That is a given. But, we can pass laws such that those who do violate our privacy and are caught, suffer harsh punishment. In a real world, that is the best you can ever get.
But again, I will state that your insistence on absolute physical privacy is out of place in a discussion of the internet anyway. If I were an intolerant kind of person, I would accuse you of trolling.