Knowing someone’s IP address will get you almost nothing to knowing the area down to a city with a dial up account. With DSL and cable modems it will get you general area like city and maybe sections of the city. My dynamically given IP address from my cable company does not change very often as I have a router connected to it that does not turn off ever so there is never a reason to be given a different one. But I will often get ads targeted to San Diego which is probably not a coincidence.
If you can correlate that IP address with other activity like posting to various message boards or usenet you can probably determine the individual.
Here’s a thread on a message board where some guy talks a lot about subpoena powers and limitations and says a lot of the same things: Questions about subpoenaes…
I’d suggest it depends on the thoroughness of your ISP’s record-keeping.
If the DHCP logs are archived daily, for example, then I could say definitively that 66.12.126.77 was leased to a device with MAC address 0E12F44A4691 on June 21 at 9:34 AM. And if I can show that you own a router with MAC address 0E12F44A4691, and you owned it on June 21, then I would argue that I’ve met the foundational standard required to say that a posting from 66.12.126.77 on June 21 at 9:37 AM was from you.
I was mostly posting about what you could do with IP addresses independently of getting such info from the ISP. It is public knowledge that range of IP addresses that I get assigned at home come from Time Warner and are used in San Diego.
I have seen a few episodes of Law & Order and I agree with Campion, Gfactor, Random & Bricker.
In practice, it is extremely easy to issue a subpoena in civil litigation. Under New York practice rules (with the federal rules being similar), an attorney representing a party in a case can issue a supoena requiring testimony, documents or an inspection of thing to any third party on any subject at all relevant to the litigation (and a if a party is unrepresented, the party can ask the court clerk to issue a subpoena). There are some technical requirements on the form of the subpoena, how it may be served, whether an appearance fee must be served with the subpoena, what notice must be given to the other side, and other matters.
For instance, if I were in litigation and I thought a message board post was an admission of my opponent (or otherwise relevant), I might subpoena the message board’s owner to determine the IP address used, the e-mail used at sign-up, the credit card number (or Paypal account) used to pay, and any other relevant information I could think of. I could then subpoena the ISP to which the IP is assigned to identify what customer was using that IP at the relevant time and to whom the e-mail address is assigned. I could subpoena the credit card company (or Paypal) to identify the customer whose account the registration was made from. If it were a dial-up connection, I could subpoena the phone company to show that there was a phone connection between the ISP and the home of my opponent at the time at issue. I could use all of these in various combinations together to show that a particular post at a particular time was made by a particular person.
Most of the time when subpoening large companies like banks, phone companies and major ISPs about third-party accounts, the reciepient complies with the subpoena without the required details like formal service. Moreover, most large companies will respond to out-of-state subpoenas even though they are not required to unless the requesting party goes through the potentially annoying process of getting them issued through a local court. Further, in cases of fraud or wrongdoing, many companies are happy to assist but will ask for the issuance of a formal subpoena to cover their backsides.
Oh, and I just noticed an omission in one of my earlier replies that may have confused some people. It should have been “yes, no, yes, yes*, yes*, and yes.”
I know it’s a digression on the OP but just to clarify. I work for a large world wide ISP. I routinely have to track down a particular IP address to its exact location in the world to aid in ending various illegal activities on the internet. Mostly spoof sites and such out of the Asia Pacific or African regions. Its not at all hard to do.
Maybe some other companies don’t keep careful records of where their IPs are being assigned. I really don’t know but I would think that it would be in their financial interest to know exactly where each IP is being used.
As for the OP we do require a subpoena to release the information. However that’s just to cover our liability. Now we are an ISP so maybe a message board would have less qualms releasing info without the need for a subpoena.
Not all ISPs own their own network for customer connectivity. Some of us have contracts with OPNs, so the IPs assigned to our customers when they log on actually belong to an OPN, not to us. It isn’t impossible for OPN contracts to have geographically relevant dedicated IP ranges allocated by the OPN to the client ISP for such arrangements, but it is uncommon for such measures to be taken at the contractual level, in my experience.
Also, with the rising saturation of botnets, geographically explicit IP assignments become diluted in importance. Being able to track an IP allocation with a GPS will merely show you the physical location of some octegenarian’s compromised windoze box. That knowlege is not very usefull for taking action against the 19 year old Brazilian botnet operator who is using the machine to send spam.
I’ve seen a lot of episodes of Law and Order - Criminal Intent, and I am therefore highly qualified to report that ISPs and message boards first say they don’t want to provide this info and then the detectives point out how annoying it will be when they get a search warrant and a subpoena and by the way, I heard your son smokes dope, and very soon there is a lot of voluntary provision of information. In fact, from a PC in their office, as soon as the suspect is logged on to the service or site, they will narrow down the location to a borough, then a few blocks, then the exact address, and then, magically, the exact room where the suspect’s computer is located, as well as his astrological sign and his mother’s maiden name just for the heck of it. Just about then, Goren and Eames, accompanied by an entire SWAT team, are pushing into the room. “You’re under arrest – for MURDER!”
In retrospect, I really didn’t answer the question; jackelope was right. In my defense, I couldn’t tell whether the question was about fact patterns that would give rise to a situation where a MB would have to divulge the information, or whether it was just a procedural question. Also, I was drinking. Kids, let that be a lesson to you: drinking and the law don’t mix. Except at bar functions.
As a procedural matter, as I said, the information would be divulged pursuant to a subpoena. In California, in civil cases, the standard for seeking the information is whether the information “is reasonably calculated to lead to the discovery of admissible evidence.” In other words, the information doesn’t itself have to be “it.” The information simply could lead to important stuff. For example:
That information doesn’t all have to come from one source. (Bricker makes that plain, but it’s worth emphasizing.) If I can aggregate the essential information from a variety of sources, I’m there. Around my watercooler, we call that “building it.” As in, “It doesn’t exist now, but I can build it.” So I can issue subpoenas for each piece of the puzzle, which I’ll pull together for trial.
Huh. So the same issues keep coming up, but in different factual contexts? Who knew?
By the way, I miss Cliffy. I’m sorry he didn’t re-up. Other than that, this thread has almost all my fave law geeks in it. By the way, I agree with Billdo: issuing a subpoena is darn easy. Defending it, on the other hand…
jackelope, if you’re a law student, shame on you. You’ve had Civ Pro and should be able to answer this question yourself. If you’re an undergrad, good issue spotting. But be aware that your cyberlaw class is unlikely to cover procedural matters, which I think this question is. You’re more likely to go over substantive law.
I am indeed a law student, for about four more months. After that I’ll be known as Some Dude with More Debt Than Sense, Esq.
As for CivPro, I have only recently heard that there are people who learned stuff in there. I’m not one of those “I blame the professor” types (I’ve taught at the university level myself), but… I blame the professor. As does everyone else who has taken this professor’s CivPro course over the last 20-30 years. I miraculously escaped with a grade that meant I didn’t have to take it again (I think about 20% of the class did have to retake it), and that was all I wanted for Christmas.
Anyway: Your answer was what I suspected it would be, based mostly on what I learned in CrimPro and Evidence; I’m glad to have it confirmed, but I’m still not quite comfortable enough with procedural matters to give my opinion. Not when there’s real live lawyers around to call me on my mistakes, anyway.
