Friday, February 13, 2009

Ontario Court Wrong About IP Addresses

Check out Bennett Haselton's analysis of Ontario's regrettable decision to allow police to obtain information about users identities by using their IP addresses:

Last October I wrote about a the Virginia Supreme court's ruling that forged IP addresses in spam headers were constitutionally protected, because they were necessary to protect anonymous speech. I said that misconstrued facts about IP addresses for two main reasons:

(a) there are protocols for secure anonymous speech on the Internet, so it's not true that forged IP addresses are "necessary";

(b) forging your IP in mail headers doesn't actually hide the sender's real IP anyway.

Now an Ontario Superior Court Justice has ruled that IP addresses are no more private than "[o]ne's name and address or the name and address of your spouse", suggesting another instance where a court may not have realized the implications of how IP addresses work. In the current case, Canadian police had determined the IP address of a user allegedly accessing child pornography, and faxed the ISP a request for the user's identifying information, which the ISP provided, without a warrant.

The defendant had argued that the evidence should be in admissible because the police should have been required to obtain a warrant first, but Justice Lynne Leitch rejected that argument, drawing an analogy to the public listings in a phone book and writing, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state."

Even if the court had ruled that the evidence were inadmissible, that doesn't mean the police couldn't have caught this defendant if they'd followed the warrant procedure from the beginning — if the police had evidence that the user was accessing child pornography, presumably they could have gotten a warrant if they'd asked for one.

So excluding this evidence probably would have only set a precedent that defendants would occasionally get off because of procedural screw-ups (similar to police forgetting to read a defendant his Miranda rights), not that huge numbers of child pornographers would have now been able to evade police, because the police could usually get a warrant in cases where they had evidence against them. What is troubling is the analogy that the court drew between IP addresses and "one's name and address".

Unlike the statements made by the Virginia Supreme Court, this may not be a case of getting technical facts wrong about IP addresses, but logical errors in the analogy, namely: (a) concluding that two things are similar when they are perceived differently, when perceptions are what the case is about, and (b) not following the premise through to its logical conclusion, which would be absurd, showing the premise is wrong in the first place. Consider that the court drew the analogy to name and address information that can be found in the phone book, and wrote, "One's name and address or the name and address of your spouse are not biographical information one expects would be kept private from the state." But then why would one draw any link between that, and information about the user's identity behind their IP address?

The only similarity is that both pieces of information are "information about someone". But if you're trying to determine whether a user has a "reasonable expectation of privacy" for their identity online, the whole point is that it's not like a street address in the phone book — users do expect that their identity cannot be discovered by someone who knows their IP address, at least not without subpoenaing their ISP.

When asking whether users have a "reasonable expectation of privacy" for a given type of information, if you parse that sentence literally, there are only two questions: (1) Do users have an expectation of privacy for that information, and (2) Is it reasonable? To determine if users have an expectation of privacy for something, you just ask them: Do you? You don't need to draw analogies to anything else — either users expect privacy (because of the analogies or the reasoning going on their own heads) or they don't.

The remaining question is whether their expectation is reasonable, and it seems absurd to say that a user's expectation of privacy for their identity online (at least until a court issues a warrant) is "unreasonable". Suppose a security company were to discover an exploit in Internet Explorer that could reveal your real name (as entered in your personal computer's Control Panel settings at setup time) to any Web site that you visited.

This would be big news and would warrant Microsoft issuing a critical patch to fix the problem — because users expect that this information should not be available to a remote Web site, even though the Web site that they're visiting can of course see their IP address. And most would agree that this is a "reasonable" expectation. On the other hand, try following the judges' ruling through to the end — if information about the user's real identity behind their IP address is not considered private, than what is?

Justice Leitch stated that an address in the phone book and an IP address are both "biographical information" and hence that the analogy was proper. But by the same logic, virtually any fact that a company has on file about you would constitute "biographical information" just by virtue of the tautology that it's a fact about you, and so this would become meaningless as a standard by which to determine what facts should be kept secret from police without a warrant. This line of argument raises two larger issues.

First, this will have already provoked the ire of people with legally training, who are asking, "Who are you to disagree with a Superior Court Justice? Did you go to law school? Did you clerk with a judge?" The proper response to this is: If you're invoking your credentials to support a statement, then if I were to randomly poll 10 people with the same credentials, would at least 8 of them agree with you? If the answer to that question is No, then there's no point in bringing up credentials, because there is no strong majority of people with those credentials who agree on any particular to answer to that question, so it cannot be true that a strong majority agree on the "correct" answer to the question.

The story about this case quotes Professor James Stribopoulos at the Osgoode Hall Law School in Toronto, as disagreeing with the judges' conclusion, for example: "It is not just your name, it is your whole Internet surfing history. Up until now, there was privacy. An IP address is not your name, it is a 10-digit number. A lot more people would be apprehensive if they knew their name was being left everywhere they went." If credentialed users are randomly divided on what the answer is, then that cannot be used as a guide to what the rest of us laypeople should think, because how do we know which group to side with?

We have to rely on generic reasoning — looking for logical mis-steps in a judge's argument, or looking for premises that would be absurd if they were carried to their logical conclusion. If you're going to tell me that my reasoning is wrong, then mentioning a degree in mathematics or the hard sciences is just as relevant, if not more so, than mentioning a law degree — but in either case the logical argument should be evaluated on its merits, regardless of a person's "credentials".

People who do well on those Martin Gardner brainteasers should be encouraged to take part in these debates. Second, there is the question of whether such logical errors (if you accept the premise that the court made a logical error in drawing an analogy between IP addresses and street addresses in the phone book) could be avoided if the courts took a different approach to answering these questions. In the October article about the Virginia Supreme Court's ruling on IP addresses, I suggested that a judge could have avoided the technical mis-statement in the ruling if they had just convened some Internet technology experts in their courtroom and said, "Here's my reasoning so far.

Is any part of it wrong on the technical facts? I'm not promising to change my mind in response to anyone's objections. But just tell me if you think some part of it is wrong." A large number of people e-mailed me objections that all boiled down to, "That's not how judges do things", or suggesting that I didn't know that because I'd ventured outside my own area of expertise. Hello! I know that's not how judges do things, that was my point: that they might avoid certain types of errors if they did try it. On the other hand, just because a particular practice by a judge might have avoided one type of error, that doesn't mean it's a good idea.

If the judge had tested their theory about IP addresses and street addresses by posting it on a message board somewhere and asking for feedback, that might have helped to avoid the particular mis-statements that they made about IP addresses in that case, but would that be a good idea generally? Almost certainly not — because users responding to the judge's request for help would not be under oath, so they'd be free to try and confuse the issue with lies to support whatever outcome they wanted for the case.

That would be bad enough if it were a one-time case where a judge solicited feedback for their reasoning on a message board. If it became a regular practice by judges, and people knew in advance that judges were likely to solicit public feedback on their arguments before making their rulings official, then all parties with an agenda would have misinformation campaigns gearing up in advance to fool judges whenever possible.

That's why I suggested that you'd have the best of both worlds if the judges presented their argument first to experts in court, who were testifying under oath. This would present a opportunity for experts to spot any factual errors or what they consider to be logical mis-steps that the judge can then take into consideration. At the same time, because the experts are testifying under oath, they can't lie outright to try and trick the judge into basing their ruling on wrong information. (Of course, this depends on the court system's willingness to prosecute experts and other witnesses if they lie under oath.

If the courts don't bother, then there's not much point in swearing in the experts before they testify anyway.) So: an interesting counterargument would be: What is an example of a problem (a situation where a judge could be led to the wrong conclusion, or where a third party would have new incentives to spread false information) that would be created by judges running their opinions past experts who are assembled in their courtroom, that does not already exist under the current system?

I can't immediately think of any, but some more imaginative people might be able to. I don't think it would be valid to say, for example, that this creates an incentive for biased experts to try and mislead the judge without technically lying — because biased experts in court already try and mislead the judge anyway, even without a "final round" where the judge asks what they think. But that's the form that an interesting argument would take. Not "I went to law school and that's not how we do stuff."

Meanwhile, regular users can use Tor and similar programs if they want their anonymity to be securely protected online. Tor can securely protect your identity from anyone, with or without a warrant. At least 8 out of 10 computer experts would agree; otherwise I wouldn't say that.


This is front-page news on the National Post


  1. Your phone number and address specify where you live. Your IP address in an apache log specifies:

    Where you were at what time and what you were doing.

    Big difference.

    Yes, my home address might be public info (arguably).. but what I am doing inside is NOT!

  2. There is a difference between obscuring one's identity (which Tor and anonymous remailers allow you to do), and actively trying to frame an existing third party by using forged headers to make the mail appear that it came from somewhere else

  3. Not really related, but since you haven't posted in a while:

    When You Pick An Author To Represent Swedish Authors Angry At The Pirate Bay, Maybe Don't Pick A Pirate Bay Fan

    Who knows who is actually going to win the trial of The Pirate Bay in Sweden, but you have to admit that the prosecution has been screwing up left and right. The latest is almost comical in its ridiculousness. Apparently the lawyer representing the movie industry, Monique Wadsted, asked a novelist friend of hers, named Carina Rydberg, to gather up some quotes from other authors on how evil The Pirate Bay was for their careers. The idea was to use those quotes in her closing remarks. Rydberg, ever the good friend, posted to a Facebook group of Swedish authors:

    "My friend Monique Wadsted, who represents the movie and gaming industry in the trial against The Pirate Bay, needs comments from creators and authors on these issues. She is currently preparing her closing arguments and would like to end it with a message from Swedish authors. It can't be long -- only 30 seconds -- so we're talking one-liners here."

    "Since I know that we the authors are affected by file-sharing, I think this is an excellent chance to take a stand. [...] I'll try to write something and would like to encourage members to do the same. [...] Furthermore, Monique would love to see us coming to the court in person. As things look now, the whole situation is dominated by the pirates."
    That all seems reasonable enough. As TorrentFreak points out in the link above, there are probably plenty of authors out there who haven't realized how to leverage file sharing to their own advantage, and they have every right to have their say. The problem, however, is that Rydberg doesn't appear to be in that camp. In that very same Facebook group, Rydberg has previously talked about using The Pirate Bay and how it's been helpful to her, even encouraging people to pirate her own out of print books. Torrent Freak highlights some of her earlier comments:
    "Because I want to watch movies that can neither be rented anymore nor bought on the Internet. I want to read books that are out of print and will cost you 750 British pounds on eBay. For that reason, I want The Pirate Bay to stay. At the moment, I'm trying to download John Schlesinger's 'The Day of the Locust'; it takes time and it's not even certain I'll get a copy that is watchable - but at the same time I have no idea how to get the damn flick any another way...."

    "The Pirate Bay is an invaluable source for content that publishers, record labels and movie studios for some reason can't or won't offer. If someone on The Pirate Bay chose to download the book I wrote in 1989 I would have no objection to that. That novel is practically impossible to get hold of and as an author I want to be read."
    Not exactly the "spokesperson" the movie industry was probably looking for. Rydberg has apparently been rushing around trying to edit those old posts, but, of course, copies live on, elsewhere -- and she's also found to have commented similarly elsewhere. Perhaps she should have brought that up with Wadsted before agreeing to make statements trashing The Pirate Bay for court proceedings.