A Digital Rumor Should Never Lead to a Police Raid

FWIW, the prospect of being suspected and questioned (but not necessarily raided) because of your IP location is one of the best metaphors to relate what it&#x27;s like as a minority to be searched just because you are of the same race as a suspect in an nearby active case.<p>It is <i>perfectly logical</i> to say that if there was an assault on a college campus and that the victim said the perp is an &quot;Asian male&quot;, for the police to <i>not</i> prioritize the questioning of all non-Asians in the area. And if the report was made within minutes of the incident and the suspect is on foot, it may be justifiable to target the 5 Asian males loitering around rather than the 95 people of other demographics. What logical person would argue otherwise?<p>But the problem creep comes in the many, many cases when police don&#x27;t have a threshold for how long and wide that demographic descriptor should be used. Within 1000 feet of the reported attack? A mile? Why not 2 miles? And why not 2 days or even 2 weeks after the incident, just to be safe?<p>The main difference in the ISP&#x2F;IP metaphor is that in the digital world, it&#x27;s possible to imagine search-and-question tactics that aren&#x27;t time-consuming for the police or for the suspect. Hell, the suspect might not even know their internet-records were under any suspicion. OTOH, there are definitely real-world places in which for the police (and their community and most specifically the politicians), hand-cuffing and patting someone down has been so streamlined and accepted by the powers-that-be that it isn&#x27;t a bother for them (the police) either.<p>edit: To clarify, I don&#x27;t mean to get in the very wide debate on racial profiling, etc. But when I worked at a newspaper, we had a policy to not mention race unless the police could provide 4 or 5 other identifiers. That led to readers cussing us out because, they&#x27;d argue, knowing that the suspect was black is better than nothing. My point here is that sometimes, nothing is not always better than something, and that is most explicitly clear when it comes to broad IP range searches.

A similar example, while not a raid, hit me closer to home a bit over a year ago.<p>I&#x27;m sure that if you follow US news at all, you heard about the looting and arson in Baltimore in the Spring of 2015. While the city was on edge in the wake of a citizen&#x27;s death in police custody, there had already been some minor demonstrations and a brawl between protesters, baseball fans, and provocateurs downtown earlier in the month.<p>Then, on the day of the funeral held for the man killed in custody, word started to spread of plans for some sort of riot or mass havoc being planned later in the day. Later, authorities pointed to a digital &quot;flyer&quot; being passed around yet nobody investigating this outside of the police has found any source or initial copy of this flyer that dates before this was published in the media. Trust me, we looked.<p>In response to this alleged threat to public order, cops with riot gear and a freaking mini-tank showed up at a major public transit hub right as school let out. Transit was shut down and everyone was corralled into a small area next to a busy street and without a way home for hours.<p>Eventually, tensions got high enough that when the first pissed off teenager or whoever chucked a bottle or a rock, it didn&#x27;t take long for others to join in. In the ensuing vandalism and arson, hundreds of thousands in damage was caused, people got hurt, the city was put under curfew for a week, and to this day, businesses and residents have suffered from the reputation gained (worsened?) that day.<p>Looking back, the part that really sticks out to me is how the whole thing was triggered (assuming you don&#x27;t think it was a deliberate provocation) by some &quot;social media flyer&quot; that claimed some teens were planning to run around starting shit after school. This rumor summoned riot police, shut down transit, stranded loads of adults and teens alongside the road, and facing down a phalanx of police plus one armored tactical vehicle.<p>Would those shops and homes still been damaged or those stores been looted and burned in a wave of unrest without this rumor-inspired flashpoint? No idea. But it sure didn&#x27;t help.

It starts off saying:<p>&gt; If police raided a home based only on an anonymous phone call claiming residents broke the law, it would be clearly unconstitutional... Yet EFF has found that police and courts are regularly conducting and approving raids based on the similar type of unreliable digital evidence: Internet Protocol (IP) address information.<p>I&#x27;m not sure that these two are equivalent. A better example would be the police raiding my home based on an illegal phone call that came from my phone number. Sure, the fact that it comes from my phone number doesn&#x27;t mean I did it, but it&#x27;s certainly evidence that points to me, just as an IP address can be.<p>In general, the summary linked to above makes it sound like police should never use IP addresses. To be fair, if you read the whitepaper itself, it doesn&#x27;t say this, but rather that police should be _careful_ in how they use IP addresses. Specifically, it recommends that police &quot;conduct additional investigation to verify and corroborate the physical location of a particular decive connect to the Internet whenever police have information about an IP address’ physical location, and providing that information to the court with the warrant application&quot;.

In the 1980&#x27;s, some powerful senator&#x27;s cell phone was snooped on, resulting in a major scandal when the contents of his phone calls was revealed in the press.<p>This resulted in Congress passing laws that made it illegal for radios to be capable of listening in on cell phone frequencies or being easily modified to allow them to do so.<p>It is likely that only similar widely publicized embarrassments and privacy violations of the rich and powerful will result in any meaningful legislative attempts to curtail the growth of the police state in the United State.<p>They clearly don&#x27;t intend to do much about it unless they themselves are the victims of such abuses of power. As long as it&#x27;s just &quot;nobodies&quot; or social or political outcasts who are the victims the police and surveillance aparatus, it&#x27;s doubtful that much will change.

A few more examples of botched attempts at IP-based raids:<p><a href="http:&#x2F;&#x2F;arstechnica.com&#x2F;tech-policy&#x2F;2011&#x2F;04&#x2F;fbi-child-porn-raid-a-strong-argument-for-locking-down-wifi-networks&#x2F;" rel="nofollow">http:&#x2F;&#x2F;arstechnica.com&#x2F;tech-policy&#x2F;2011&#x2F;04&#x2F;fbi-child-porn-ra...</a><p>The one I&#x27;m familiar with is the Sarasota, FL incident, where a married couple was raided in the middle of the night in response to alleged child pornography. Their unit was in a condominium, practically on the edge of Sarasota bay, where various boats moor and dock. After further investigation, it was discovered that the traffic had originated from some guy in a boat using a high gain antenna. If I remember correctly, he had cracked their WEP key and illegally accessed their network to obtain nasty images, lots of them. The insecurity of WEP has been known about for a long time, presumably by LE too.<p>It is conjecture on my part, but a few things come to mind regarding alternative methods of investigation that may have avoided this. 1. Contact the ISP first (in this case I think it may have been Verizon). I remember Verizon having the ability to remotely reset router passwords, which possibly suggests the ability to remotely view associated client data, e.g. MAC addresses and hostnames and maybe even OS. This may have provided valuable clues. 2. Note the protocol used by the wireless router. 3. Wardrive a bit. 4. Maybe check for logs of any accounts the boat guy logged into while on their network.<p>Regardless, the raid was botched and pretty traumatic for the couple, considering they were operating a legal AP probably secured with what they thought was adequate encryption. At the time of this event, WEP was standard default, straight from the ISP. They&#x27;d done nothing wrong.<p>More info: <a href="http:&#x2F;&#x2F;www.heraldtribune.com&#x2F;news&#x2F;20110131&#x2F;wireless-router-hijacked-for-child-pornography" rel="nofollow">http:&#x2F;&#x2F;www.heraldtribune.com&#x2F;news&#x2F;20110131&#x2F;wireless-router-h...</a>

Not great to start an article off with sloppy reasoning:<p>&gt; If police raided a home based only on an anonymous phone call claiming residents broke the law, it would be clearly unconstitutional.<p>&gt; Yet EFF has found that police and courts are regularly conducting and approving raids based on the similar type of unreliable digital evidence: Internet Protocol (IP) address information.<p>When police go after an IP address, it happens after there is evidence linking it to some crime. That makes the situation wholly unlike an anonymous phone call, where there is no evidence a crime has even been committed, and where the identifying information itself is trivial to falsify.<p>Also, IP addresses give a lot more information than the article implies. Especially these days now that everyone has a home router that probably keeps the same IP address for weeks at a time if not months. Not enough to trigger a police raid, of course (if we want to argue that the police have too low a standard of evidence for initiating a raid, I agree) but it&#x27;s probably a good lead to go on in the common case.<p>EDIT: I don&#x27;t disagree with the rest of the article.

A few examples suggesting that SWAT protocol may altogether need reform:<p>1. <a href="http:&#x2F;&#x2F;arstechnica.com&#x2F;tech-policy&#x2F;2012&#x2F;06&#x2F;swat-team-throws-flashbangs-raids-wrong-home-due-to-open-wifi-network&#x2F;" rel="nofollow">http:&#x2F;&#x2F;arstechnica.com&#x2F;tech-policy&#x2F;2012&#x2F;06&#x2F;swat-team-throws-...</a> 2. <a href="https:&#x2F;&#x2F;www.salon.com&#x2F;2013&#x2F;08&#x2F;29&#x2F;11_over_the_top_u_s_police_raids_that_victimized_innocents&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.salon.com&#x2F;2013&#x2F;08&#x2F;29&#x2F;11_over_the_top_u_s_police_...</a> 3. <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Swatting" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Swatting</a> 4. <a href="https:&#x2F;&#x2F;www.techdirt.com&#x2F;articles&#x2F;20150805&#x2F;19343431865&#x2F;no-immunity-cops-who-sent-swat-team-to-68-year-old-womans-house-threats-delivered-over-open-wifi-connection.shtml" rel="nofollow">https:&#x2F;&#x2F;www.techdirt.com&#x2F;articles&#x2F;20150805&#x2F;19343431865&#x2F;no-im...</a><p>I&#x27;ll refrain from posting dozens more supporting links.

&quot;If police raided a home based only on an anonymous phone call claiming residents broke the law, it would be clearly unconstitutional&quot;<p>I thought that was how SWATting worked - anonymous denunciation by untraceable phone call?

If the use of IP addresses in this manner disturbs you, you should look into the the proposed changes to Federal Rule Of Criminal Procedure 41.<p>This is the EFF&#x27;s article, which is either a highly overzealous or highly prescient: <a href="https:&#x2F;&#x2F;www.eff.org&#x2F;deeplinks&#x2F;2016&#x2F;04&#x2F;rule-41-little-known-committee-proposes-grant-new-hacking-powers-government" rel="nofollow">https:&#x2F;&#x2F;www.eff.org&#x2F;deeplinks&#x2F;2016&#x2F;04&#x2F;rule-41-little-known-c...</a>

&gt; If police raided a home based only on an anonymous phone call claiming residents broke the law, it would be clearly unconstitutional.<p>But they do this all the time, especially in low income areas. They just don&#x27;t call it a raid. They call it a &quot;welfare check&quot;.

&gt; Put simply: there is no uniform way to systematically map physical locations based on IP addresses or create a phone book to lookup users of particular IP addresses.<p>Maybe today, but when we have wide deployment of IPv6 (heh), won&#x27;t ISPs do away with NATing and give everyone their own block of IPs? Then I would think you could reliably tie a person to an IP address as long as the ISP cooperates.

Otherwise the police become the weapons of criminals which is, of course backwards.

(1) It&#x27;s unreliable (2) It&#x27;s unconstitutional assuming judges agree (3) It&#x27;s expensive if you screw it up, such as people die, lawsuits, or embarrassment. All of which is unlikely change behavior unless everyone agrees.

<i>&quot;A call is an unknown source, talking about unreliable information, about a location. It is NEVER to be trusted NEVER....&quot;</i> -- Michael A. Wood Jr<p>An unverified call can never to be trusted. Read the whole twitter thread by ex BPD, USMC Retd., Michael A. Wood Jr [0] to understand why.<p>[0] <a href="https:&#x2F;&#x2F;twitter.com&#x2F;MichaelAWoodJr&#x2F;status&#x2F;778813281376931840" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;MichaelAWoodJr&#x2F;status&#x2F;778813281376931840</a>

&gt;If police raided a home based only on an anonymous phone call claiming residents broke the law, it would be clearly unconstitutional.<p>Isn&#x27;t that exactly what happens when you get SWATted?

I&#x27;ll just point this out here. Reena Virk started as a rumour going around in schools. Until eight days later her body was found. A little bit of prudence is necessary, but don&#x27;t discount rumours out of hand.<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Murder_of_Reena_Virk" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Murder_of_Reena_Virk</a>

It&#x27;s as much a &quot;law and order&quot; issue as it is a civil rights issue.<p>Cops have limited resources to deal with a number of problems and if they don&#x27;t have the training and procedures to use internet evidence they are going to waste those resources tracking down stolen cars, child porn and whatever in the wrong places.

Why don&#x27;t we just regulate any Internet-connected device? When you purchase one, you register your name and address and are given the IP address in return.<p>Then, we can simply look up the physical address of the IP address holder.

&gt;<i>Law enforcement’s over-reliance on the technology is a product of police and courts not understanding the limitations of both IP addresses and the tools used to link the IP address with a person or a physical location.</i><p>You can most certainly narrow down an IP address to a particular ISP customer. Is it possible that they have an open wifi? Yes. Is it possible to narrow it down to a single member of the household? Depends! Is it possible that a computer at the destination is being used a proxy by the real attacker? Yes! But it&#x27;s certainly not the blackbox that the EFF is trying to portray it as.<p>It&#x27;s totally appropriate to execute a search warrant based on IP logs. A search warrant doesn&#x27;t mean that any particular person is guilty, just that there is probable cause that there is information about a crime at a certain location.

&gt; IP address information was designed to route traffic on the Internet, not serve as an identifier for other purposes.<p>I think you&#x27;re going to have a hard time here convincing a jury or judge with this argument. In general LOE isn&#x27;t concerned with the <i>intentional</i> of what an IP address was meant for. At least with today&#x27;s ISP an IP address can be a reasonable approximation of a person or persons.