Thinking of launching a hate campaign against a rival? Or illegally downloading copyright-protected films via the internet? If you believe Hollywood or even some quasi-government spin then you’d think that the police can reliably trace suspects via their IP addresses. Well apparently they can, but not necessarily with any accuracy.
We obviously don’t want to promote criminal activity but we are all about educating the population mis-informed about cyber-issues by PR puff and propaganda.
Over on PC Pro an interesting article by Davey Winder uncovers just why IP tracking is flawed as a crime detection method. Whilst it has become a key tool in anti-piracy and criminal investigations, the English courts recently cast some doubt over the ‘tried and tested validity’ of the method after the tactic was employed by copyright-protection chasing law firm ACS Law.
What is an IP address?
Before you understand why your IP address can’t actually personally identify you need first to understand what an IP address is. Every connection to the internet has an internet protocol (IP) address – a numerical identity that enables the correct delivery of data. Every domain name is basically a literary translation of an IP address. It is what makes the system work.
Your public IP address is allocated by your ISP (internet service provider) and may be permanent (static) or temporary (dynamic), the latter meaning each time you login you will be allocated an IP for that session from a pool of available addresses owned by the ISP. Behind that public IP address within your own network you will have a private IP address, that further complicates matters.
The problem is that IP tracing assumes that every address is traceable back to an individual, but it quite often isn’t. In fact if you know what you are doing you can quite easily hide your IP address. The more hops and connections made to reach the internet backbone using proxies and the like, the more difficult it becomes to track or resolve the original IP, meaning a super-cyber criminal needs only to know how to bounce around the internet a few times to cloud the water behind them.
The police and other agencies now have the right to demand ISPs reveal who’s behind an IP address and IP logs under the Regulation of Investigatory Powers Act. Yet in practice most ISPs delete these after a few days anyway. Therefore even if an IP can be traced back to an ISP by then the logs are normally destroyed by then. So, other than catching careless cyber-criminals caught in a matter of hours, the tracing of IP addresses is pretty hit and miss. More Hollywood illusions shattered.
Read Davey Winder’s post for a more detailed account.