[HexagonalKitten]

This is a pretty bad article.

Their expert isn't: "Butler, at the University of Florida, said making an IP address that appears to come from elsewhere isn't that complicated."

And the legal analysis is weak, but that's apparent from the title: "Experts: evidence to support search warrant on Rebekah Jones' home flimsy"

Yes, search warrants are to search for evidence. If the evidence wasn't flimsy they'd have had an arrest warrant.

It offers as a defense that there were no damages.

"What (Jones) did, didn't cause any damage," she continued. "Normally you don't see prosecutors prosecuting for computer crimes something that didn't cause any harm... it seems to be a very sketchy use of discretion to try to use this very serious statute against somebody who didn't cause any harm to your systems."

But it neglects to recognize that the damaging act is the message, and whatever actions or defamation it may cause, not the stolen CPU time.

It quotes the EFF to say that an IP alone isn't good evidence, "It's a thin read to just use the IP address, and it's one that we really, really discourage," said Cindy Cohn, the EFF's executive director. But it misses that they had an IP and it coincided with a small set of people who had access and motive.

They note that the police had an IP, but no linkage of IP/customer/date. This does allow challenging the warrant, but doesn't make it instantly null and void.

It says "Cybersecurity and digital rights experts also said the fact that the emergency system in question relied on a shared user name and password further complicates the case."

No, it doesn't. Fired people are not authorized users. And they have an IP address which points to a specific one of those users, so that's not complicated.

It then attempts to conflate misuse of data with unauthorized access of the system at all by claiming that this case is similar to Van Buren v. United States which is about a police officer using his authorized access to do something which was forbidden.

I have no opinion about the case but this article is trying to give me one. Not facts, it just wants to skip straight to opinions.

[cpncrunch]

>This is a pretty bad article.

The main problem I have with the article is that it's factually incorrect about it being easy to spoof an ip address in a situation like this. It's easy to send off a fake ip address if [1] your ISP permits spoofed ips (which it shouldn't) and [2] you don't care about a response. But in this case the user had to actually log into the system, which is pretty tricky to do with ip spoofing. (There is some debate about it potentially just requiring an email to be sent to a mailing list, but even SMTP requires various responses).

Given the level of technical difficulty to do this, it seems extremely implausible that someone would go to all that effort just to send out this message.

[craftinator]

> Given the level of technical difficulty to do this, it seems extremely implausible that someone would go to all that effort just to send out this message.

I agree. I think the two most plausible scenarios are that she too technologically illiterate to know that IP addresses are logged by ISPs and login systems, or the Governor has it out for her and hired someone to do it. I think both scenarios are totally feasible, though it's really hard to imagine she'd never heard of IP addresses before...

[passwordreset]

The original text from the parent post is "Butler, at the University of Florida, said making an IP address that appears to come from elsewhere isn't that complicated."

There is no specific mention of IP Spoofing, so I wouldn't assume that. By far the easiest method of making an IP address appear to come from somewhere else would be a proxy, but it's never precisely claimed, because that's not how rules of evidence work. The burden of proof is on the prosecutor, and we don't know exactly what is being alleged, nor how it will be defended. I assume that the search warrant is somewhere on the Internet, but without at least the warrant to add context, we fart into the wind.

[cpncrunch]

But a proxy would have the proxy server ip, unless Rebekah was hosting a tor node or some other proxy at her home. Even in that case the ip is still at her home.

[heisenbit]

The state may well have had her wifi password from her work laptop she may have used at home at one time. The technical difficulty would be driving to her home then. If it is still possible I would try to secure logs from that device.

[TheFinalDraw]

I get your points, but I disagree with your contention that the fact that all users of the system used a shared username and password doesn’t complicate the case. We’ve established that an IP address is not strong evidence for identifying an individual. IP address != authentication. What _could_ have established strong evidence tying the alleged unauthorized access to an individual’s identity would have been _actual_ authentication of the _specific_ user. But they don’t have that, either, since they shared one set of credentials.

You said, “they have an IP address which points to a specific one of those users,” but that’s not actually the case. They have an IP address which has somehow been related to the accused (though how is unclear to me since you note above there’s no linkage of IP/customer/date) — maybe they know she sent an email from that IP address at some point around the time of alleged crimes. But in any case, without providing evidence that the IP address is _only_ associated with the accused, and _not_ with any others with similar opportunity and motive (for example, any others with access to the shared username and password who might want to access the data for similar reasons, or wanted to frame the accused for hacking and put an end to the her very public/politicized efforts), then they don’t really have strong evidence of anything - basically only enough _not_ to rule the accused out of the probably large pool of possible suspects. How many other current or former employees had access to the shared username and password? When were they last changed? How many others who _weren’t_ ever authorized to access the system but could have compromised/gained access to these credentials since then? How many times have they been written down and left on a sticky note in some public or semi-public place? Do they ever have controls in place to prevent guessing/brute forcing the credentials (with one login for shared between all users, automatic account lockouts or resets seems very unlikely).

[HexagonalKitten]

> We’ve established that an IP address is not strong evidence for identifying an individual.

Well no, we haven't. There's one standard of evidence for conviction and another for a search warrant. You'd never get a conviction on that alone though.

> in any case, without providing evidence that the IP address is _only_ associated with the accused, and _not_ with any others with similar opportunity and motive

Because no other fired employee lives at her address? But that's not relevant because they got a warrant to search her address, not simply her person.

> I disagree with your contention that the fact that all users of the system used a shared username and password doesn’t complicate the case.

I do agree that it's not open and shut, but I don't think that the specific fact of the password being shared will complicate this case further.

Having the IP provides the linkage to her that is otherwise lacking because of the shared account.

> for example, any others with access to the shared username and password who might want to access the data for similar reasons, or wanted to frame the accused for hacking and put an end to the her very public/politicized efforts

There's even less evidence from which to come up with conspiracy theories than simply to blame the accused. Sure, it could have gone down in some complex and unlikely way, but why are we discussing zebras instead of horses?

And, any investigation of a conspiracy to frame her would necessarily start with the only clue - that the communication came from her IP.