[thephyber]

> You can ask the ISP. They are supposed to store metadata.

What you say is true, but prosecutors/investigators have little incentive to jump through another hoop. If they are willing to prosecute someone with just circumstantial evidence of an IP address, they aren't really looking to find the perpetrator, only a fall guy.

[aceofspad4s]

There's no way a prosecutor/investigator can correlate an IP address to a person without asking the ISP so I don't see your point.

[russh]

As an ISP there's no way I can correlate an IP address to a person. I can only correlate it to one or more pieces of equipment.

[aceofspad4s]

Which are owned by a person. That's like saying you can only correlate a licence plate to a car, not to the owner of a car. Don't be ridiculous.

[manfredo]

It's not ridiculous. Some countries (and States, iirc) require that speeding and red light tickets have to be issued to the driver of the car, so traffic cameras capture both the licence plate and the driver's face.

Similarly, if I torrent pirated media in a Starbucks, should the store be charged?

[FireBeyond]

Yes, but that's only partially the reason, or rather, in some cases.

In my state, that was specifically to cover "well, if you deny driving the vehicle..." situations, where people would say "Oh, it wasn't me, I lent my car to someone/my kids drove/whatever", and law enforcement replying "Who?" "Oh, I don't know. Sorry."

Now it's to increase the burden of proof. It's reasonable to assume that if you own a vehicle, you were driving it. It's furthermore reasonable to assume that you should be able to identify who was driving the vehicle, from the face, even if you do have multiple people driving.

If you then refuse to identify the person, or "I don't know", then it's tantamount (in the law's eyes) to saying you weren't taking due regard to the care of operation of your vehicle (after all, if you don't even know their name, how do you know they're licensed?).

[manfredo]

The assumption that the owner of a piece of equipment (be it cars or computers)know is always responsible for how it is used is not valid. Cars are stolen with significant frequency, for example. People also drive them without permission (e.g. a spouse gives the keys to a visiting in-law). There are plenty of situations where somebody may not be able to identify who was using the car.

Computer crimes are the same way. It may be possible to prove what equipment it's implicated in a crime, but that's rarely sufficient to make any individual responsible without other evidence. People give WiFi passwords to their guests, equipment is hacked, etc. Establishing that an owner of a router or computer is responsible for anything it is used for unless proven otherwise opens a massive attack surface for blackmail, extortion, etc.

[aceofspad4s]

I expect something like the dmca "safe harbor" if you're a Starbucks.