A similar example: the tests used to detect the presence of certain chemical substances ("narcotics field tests") are laughably unreliable[0], but police agencies across the USA continue to use them, and courts continue to accept their results as probable cause.
It is not difficult to explain to someone, in under 5 minutes, why IP addresses are insufficient to determine either identity or location, but the state chooses not the understand this information.
That is its nature, and also the reason to be optimistic that it is subject to deprecation in the information age.
0: https://www.washingtonpost.com/news/the-watch/wp/2015/02/26/...
Courts understand that they can never be subject matter experts, and give great deference to people who call themselves experts (doctors, etc.) The real failure is the mainstream scientific community's failure to police fields that hold themselves out as being "scientific."[1] The National Academy of Sciences did a paper several years ago, where they took a look at the state of forensic "science" and collectively gasped: https://www.ncjrs.gov/pdffiles1/nij/grants/228091.pdf. But then they kind of just let that go.
If scientists were as politically-involved about forensic science as they are about climate change, we'd see major changes in the system.
[1] Engineers and doctors, in contrast, have done an excellent job policing their fields through their professional organizations.
Otherwise it will inevitably lead to the use of junk science and to systemic and individual corruption.
In the case of IP addresses, such an arrangement should be structured to advise that a warrant should not be issued unless multiple sources of hard evidence point to a particular location.
The naive part of me still hopes this is just an unintended side effect.
1. Create something, copyright it and put an insane value on it (movie, book, music, something)
2. Put it on torrent sites.
3. Spoof the IP address of a ton of high profile people - hopefully executives at he kinds of places the sue for this crap.
4. Download that copyrighted content with the spoofed IPs, and make sure it's "Monitored" by one of the companies that monitor this junk
5. Sue them all for downloading your copyrighted content.
6. Likely in court they'll argue that an IP address does not equal an individual, thus ending this nonsense once and for all.
Thoughts?
I mean, it's pretty easy to create a log showing any given IP doing whatever you want. I seriously doubt that prosecutors are demonstrating a chain of custody and immutability in regards to such digital evidence.
If it's the government doing it you at least have the sworn testimony of the investigating LEOs but in civil court it seems like it would be merely the word of the prosecution which is basically no different than, "it happened because I said it happened."
"They will use that as evidence supporting a warrant to search a suspect's computer" Indeed, you won't be called to court just because your ip address in on a list. There will be further research which could result in: We found this video on the computer which was downloaded from [source] as shown in the logs from with this ip.
Article is about another real example of raiding the homes of innocent people based only on IP addresses.
It's a real nightmare for the people involved. It's scary that after all this time the legal system doesn't really understand that IP address does not mean physical address.
> 4. Download that copyrighted content with the spoofed IPs, and make sure it's "Monitored" by one of the companies that monitor this junk
How do you download using a spoofed IP address? Won't the three-way handshake to open a TCP connection with the server go awry because the server's SYN/ACK response to your SYN will go to the machine the really has the IP address you are spoofing? The server will then expect an ACK for that packet, and that ACK will have to give the sequence number that was in the server's SYN/ACK.
Since you won't have seen the server's SYN/ACK, you won't know the sequence number. If you can guess it, you could send a spoofed ACK to make the server happy, and the server should then start sending data packets. You'll have to send ACKs for them, but I suppose that could be done blindly.
So the question is, it seems, how do you guess the sequence number? It's 32 bits, and I believe most modern TCP implementations chose the initial sequence number for a connection, so blind guess seems a bit impractical.
Likely a more successful course of action would be to spearphish the targets and compromise one of their machines, so you can actually download the content as them. You might as well even plant child porn or whatever on their computers, while you're at it. In for a penny in for a pound I suppose.
Your declaration that your recording of your epic rock opera cycle is worth eighteen hundred million euro doesn't amount to anything unless you can get the court to agree.
You're going to need some kind of documentation of its "insane value".
Witnesses can be wrong or just lie, paperwork and signatures can be forged.
We can't live in a world where every conviction is somehow "mathematically proved", we live in a world of "beyond reasonable doubt". It's messy and imperfect, but seems (to me) to be better than the alternatives.
I'm not saying we should disregard those kind of virtual evidence, I'm just saying we might need to educate more about the risks of falsifications more.
Give a close read to their recommendations, and then map them back to the scenario you propose.
You can't get another expert to come in and say "bite mark analysis is unreliable." But given the wide variety of individual views among experts, a single opinion by one expert condemning an entire field doesn't carry much weight. In these situations courts look for scientific consensus. The problem is, the scientific community hasn't deigned to establish a concensus as to forensics. Not because they wouldn't mostly agree that it's pseudo-science, but because they don't consider it their responsibility.