It's great that the EFF has outlined this material in such detail, but, as with many issues of legal epistemology, we need to remember that the state has an interest in not understanding these things, and it will continue to fail to understand until political pressure forces a different course.
A similar example: the tests used to detect the presence of certain chemical substances ("narcotics field tests") are laughably unreliable[0], but police agencies across the USA continue to use them, and courts continue to accept their results as probable cause.
It is not difficult to explain to someone, in under 5 minutes, why IP addresses are insufficient to determine either identity or location, but the state chooses not the understand this information.
That is its nature, and also the reason to be optimistic that it is subject to deprecation in the information age.
I think your analysis failed to identify the root causes. Based on my observation having worked within the court system, the biggest problem is that courts have too low a standard for the submission of "expert" evidence. That precludes courts from distinguishing between real science and fake science (e.g. most forensic "science").
Courts understand that they can never be subject matter experts, and give great deference to people who call themselves experts (doctors, etc.) The real failure is the mainstream scientific community's failure to police fields that hold themselves out as being "scientific."[1] The National Academy of Sciences did a paper several years ago, where they took a look at the state of forensic "science" and collectively gasped: https://www.ncjrs.gov/pdffiles1/nij/grants/228091.pdf. But then they kind of just let that go.
If scientists were as politically-involved about forensic science as they are about climate change, we'd see major changes in the system.
[1] Engineers and doctors, in contrast, have done an excellent job policing their fields through their professional organizations.
Yes, but as a practical matter, the accused have little credibility when challenging an entire field of forensics. Both because the obvious self-interest and because of the lack of any scientific credentials on the part of the lawyer challenging the expert.
You can't get another expert to come in and say "bite mark analysis is unreliable." But given the wide variety of individual views among experts, a single opinion by one expert condemning an entire field doesn't carry much weight. In these situations courts look for scientific consensus. The problem is, the scientific community hasn't deigned to establish a concensus as to forensics. Not because they wouldn't mostly agree that it's pseudo-science, but because they don't consider it their responsibility.
It looks like kind of an uphill battle when discrediting your opponent is based on discrediting their field rather than just them as an individual (and it's a field that courts have become used to relying on for evidence).
All kinds of evidence analysis belong outside of police agencies and prosecutors' offices. Evidence analysis should be independent and not beholden to the criminal justice system. It should serve the cause of exculpation is that is where analysis leads. Perhaps it should be a branch of a state science office that also serves environmental protection enforcement and other functions.
Otherwise it will inevitably lead to the use of junk science and to systemic and individual corruption.
In the case of IP addresses, such an arrangement should be structured to advise that a warrant should not be issued unless multiple sources of hard evidence point to a particular location.
It does, however, allow those wealthy enough to hire a stream of expert witness to cast doubt on the technique in front of a jury and thereby win at trial while still convicting those who can't afford that.
The naive part of me still hopes this is just an unintended side effect.
It's fraudulent. You'd have to claim under oath/affidavit that you believe the people you are suing are in fact infringing on you copyright, and that you have suffered a monetary loss as a result. As you know with certainty that neither of those statements is true you'd be committing perjury and fraud.
> 3. Spoof the IP address of a ton of high profile people - hopefully executives at he kinds of places the sue for this crap.
> 4. Download that copyrighted content with the spoofed IPs, and make sure it's "Monitored" by one of the companies that monitor this junk
How do you download using a spoofed IP address? Won't the three-way handshake to open a TCP connection with the server go awry because the server's SYN/ACK response to your SYN will go to the machine the really has the IP address you are spoofing? The server will then expect an ACK for that packet, and that ACK will have to give the sequence number that was in the server's SYN/ACK.
Since you won't have seen the server's SYN/ACK, you won't know the sequence number. If you can guess it, you could send a spoofed ACK to make the server happy, and the server should then start sending data packets. You'll have to send ACKs for them, but I suppose that could be done blindly.
So the question is, it seems, how do you guess the sequence number? It's 32 bits, and I believe most modern TCP implementations chose the initial sequence number for a connection, so blind guess seems a bit impractical.
Don't know much about torrent technology, but it seems you can download torrents over UDP. Not sure how convincing you can be, though, like, can you pretend to be seeding from that address?
Likely a more successful course of action would be to spearphish the targets and compromise one of their machines, so you can actually download the content as them. You might as well even plant child porn or whatever on their computers, while you're at it. In for a penny in for a pound I suppose.
You can do that, but not even the EFF is saying that the uncertainty of your machine being compromised by a targeted attacker should prevent LEOs from being able to obtain a search warrant for it.
Give a close read to their recommendations, and then map them back to the scenario you propose.
Your declaration that your recording of your epic rock opera cycle is worth eighteen hundred million euro doesn't amount to anything unless you can get the court to agree.
You're going to need some kind of documentation of its "insane value".
Another aspect of IP addresses in court cases I never understood is in regards to copyright infringement. When someone shows up in court with a log showing your IP doing "something bad" how do you know the log wasn't entirely fabricated?
I mean, it's pretty easy to create a log showing any given IP doing whatever you want. I seriously doubt that prosecutors are demonstrating a chain of custody and immutability in regards to such digital evidence.
If it's the government doing it you at least have the sworn testimony of the investigating LEOs but in civil court it seems like it would be merely the word of the prosecution which is basically no different than, "it happened because I said it happened."
To the contrary, prosecutors do (with various degrees of success) establish chain of custody for digital evidence. Moreover, no prosecutor is going to build a case on just an IP address in a log file. They will use that as evidence supporting a warrant to search a suspect's computer. At that point, law enforcement will usually collect a physical hard drive, which will be considered the "original evidence" and subject to the usual chain-of-custody protections.
Forensics is a way to do things (procedure) so that you can use your findings in court.
It is up to the opponent to challenge certain methods, like "you used md5 hashing which is proven unreliable", or something like that.
"They will use that as evidence supporting a warrant to search a suspect's computer"
Indeed, you won't be called to court just because your ip address in on a list. There will be further research which could result in: We found this video on the computer which was downloaded from [source] as shown in the logs from with this ip.
Witnesses can be wrong or just lie, paperwork and signatures can be forged.
We can't live in a world where every conviction is somehow "mathematically proved", we live in a world of "beyond reasonable doubt". It's messy and imperfect, but seems (to me) to be better than the alternatives.
signatures are hard to fake. virtual logs, not so much. Planting evidence in there is so easy it hurts. And people might not know how easy it is to fake that evidence, whereas it's pretty obvious to anyone that a witness can lie...
I'm not saying we should disregard those kind of virtual evidence, I'm just saying we might need to educate more about the risks of falsifications more.
So it's up to the defense to introduce resonable doubt then. Such as: a plausible motive to fake the log entries. A demonstration of how easy it is to do. A convincing argument that there was an opportunity to do it.
Article is about another real example of raiding the homes of innocent people based only on IP addresses.
It's a real nightmare for the people involved. It's scary that after all this time the legal system doesn't really understand that IP address does not mean physical address.
A similar example: the tests used to detect the presence of certain chemical substances ("narcotics field tests") are laughably unreliable[0], but police agencies across the USA continue to use them, and courts continue to accept their results as probable cause.
It is not difficult to explain to someone, in under 5 minutes, why IP addresses are insufficient to determine either identity or location, but the state chooses not the understand this information.
That is its nature, and also the reason to be optimistic that it is subject to deprecation in the information age.
0: https://www.washingtonpost.com/news/the-watch/wp/2015/02/26/...