Interesting People mailing list archives
more on Dynamic IP address confusion results in wrong family raided
From: David Farber <dave () farber net>
Date: Thu, 26 Oct 2006 11:42:55 -0400
Begin forwarded message: From: Matt Blaze <blaze () cis upenn edu> Date: October 26, 2006 11:36:22 AM EDT To: dave () farber netSubject: Re: [IP] Dynamic IP address confusion results in wrong family raided
Matching dynamic IP addresses to subscribers is a very hard problem for a third-party eavesdropper such as a law enforcement wiretap. Steve Bellovin and I talked about some of the risks associated with this in the context of the FBI's (subsequently renamed) "Carnivore" system back in 2000: http://www.crypto.com/papers/opentap.html More recently, some of my graduate students and I have been looking at the more general problem of reliably wiretapping Internet traffic. Ironically, although the Internet often makes it relatively easy to for a third party to intercept traffic, the protocols, architecture and software can make it difficult for an eavesdropper to recover accurately the content and origin of that traffic. Worse, many interception schemes make it relatively easy for a third party to frame someone by injecting incriminating- looking traffic that was never actually part of any exchange. See: http://www.crypto.com/papers/internet-tap.pdf Unfortunately, Internet-based evidence is often accepted uncritically by the legal system, and the associated risks are not well understood. In fact, collecting "high fidelity" transcripts of Internet activity may be very hard, and CALEA-like wiretapping capability mandates on the Internet are likely to be very difficult (and expensive) to implement properly (and may actually make the problem of unreliable evidence significantly worse, since many of the points at which these interfaces would have to be implemented will not be in a position to extract all the context required for an accurate reconstruction). -matt On Oct 25, 2006, at 19:41, David Farber wrote:
Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: October 25, 2006 6:48:18 PM EDT To: dave () farber net Cc: lauren () vortex com Subject: Dynamic IP address confusion results in wrong family raided Dave, This story should raise the red flag for virtually all Internet users, since everyone is at risk for this sort of potentially serious misadventure: http://arstechnica.com/news.ars/post/20061024-8062.html When an armed porn raid took place *at the wrong physical address* apparently based solely on ISP information derived from an IP address, the results could have been deadly. It appears that a dynamic IP address was incorrectly mapped to a subscriber. We've seen cases before where apparently nonsensical raids have been conducted for the MPAA based on IP addresses that may well have been incorrect. This isn't funny anymore, if it ever was. ISPs, search engines, and other sources of retained Internet user activity data are being treated as adjuncts of law enforcement, with the incredibly dangerous and faulty presumption that such data will always be accurate and reliable. In these kinds of situations, such errors involving retained data could get people killed. --Lauren-- Lauren Weinstein lauren () vortex com or lauren () pfir org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, IOIC - International Open Internet Coalition - http://www.ioic.net Co-Founder, CIFIP - California Initiative For Internet Privacy - http://www.cifip.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com ------------------------------------- You are subscribed as matt+ip () crypto com To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/interesting- people/
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Dynamic IP address confusion results in wrong family raided David Farber (Oct 26)