Kashmir Hill has a fascinating story today on what can go wrong when you solely rely on IP address in a crime investigation — also highlighting how often police resort to IP addresses. In the story she follows a crime investigation that led police to raid a couple’s house at 6am in the morning, because their IP address had been associated with the publication of child porn on notorious 4chan porn. The problem was, Hill writes: the couple — David Robinson and Jan Bultmann — weren’t the ones who had uploaded the child porn. All they did was voluntarily use one of their old laptops as a Tor exit relay, a software used by activists, dissidents, privacy enthusiasts as well as criminals, so that people who want to stay anonymous when surfing the web could do so. Hill writes: Robinson and Bultmann had specifically operated the riskiest node in the chain: the exit relay which provides the IP address ultimately associated with a user’s activity. In this case, someone used Tor to make the porn post, and his or her traffic had been routed through the computer in Robinson and Bultmann’s house. The couple wasn’t pleased to have helped someone post child porn to the internet, but that’s the thing about privacy-protective tools: They’re going to be used for good and bad purposes, and to support one, you might have to support the other.Robinson added that he was a little let down because police didn’t bother to look at the public list which details the IP addresses associated with Tor exit relays. Hill adds: The police asked Robinson to unlock one MacBook Air, and then seemed satisfied these weren’t the criminals they were looking for and left. But months later, the case remains open with Robinson and Bultmann’s names on police documents linking them to child pornography. “I haven’t run an exit relay since. The police told me they’d be back if it happened again, ” Robinson said; he’s still running a Tor node, just not the end point anymore. “I have to take the threat seriously because I don’t want my wife or I to wake up with guns in our faces.”Technologist Seth Schoen, and EFF Executive Director Cindy Cohn in a white paper aimed at courts and cops. “For many reasons, connecting an individual to a crime linked to an IP address, without any additional investigation, is irresponsible and threatens the civil liberties of innocent people.” Read more of this story at Slashdot.
See the original post:
Cops Are Raiding Homes of Innocent People Based Only On IP Addresses
An anonymous reader writes: London’s Met Police has missed its deadline for abandoning the out-of-date operating system Windows XP, as findings reveal 27, 000 computers still run on the software two years after official support ended. Microsoft stopped issuing updates and patches for Windows XP in Spring 2014, meaning that any new bugs and flaws in the operating system are left open to attack. A particularly risky status for the UK capital’s police force – itself running operations against hacking and other cybercrime activity. The figures were disclosed by Conservative politician Andrew Boff. The Greater London Assembly member said: ‘The Met should have stopped using Windows XP in 2014 when extended support ended, and to hear that 27, 000 computers are still using it is worrying.’ As in similar cases across civil departments, the core problem is bespoke system development, and the costs and time associated with integrating a new OS with customized systems. Read more of this story at Slashdot. 
mi writes from a report via news9.com KWTV: KWTV writes, “You may have heard of civil asset forfeiture. That’s where police can seize your property and cash without first proving you committed a crime; without a warrant and without arresting you, as long as they suspect that your property is somehow tied to a crime. Now, the Oklahoma Highway Patrol has a device that also allows them to seize money in your bank account or on prepaid cards. If a trooper suspects you may have money tied to some type of crime, the highway patrol can scan any cards you have and seize the money.” But do not worry: “If you can prove that you have a legitimate reason to have that money it will be given back to you. And we’ve done that in the past, ” said Oklahoma Highway Patrol Lt. John Vincent. Read more of this story at Slashdot. 
An anonymous reader writes: “Federal agents are planting microphones to secretly record conversations, ” reports CBS Local, noting that for 10 months starting in 2010, FBI agents hid microphones inside light fixtures, and also at a bus stop outside the Oakland Courthouse, to record conversations without a warrant. “They put microphones under rocks, they put microphones in trees, they plant microphones in equipment, ” a security analyst and former FBI special agent told CBS Local. “I mean, there’s microphones that are planted in places that people don’t think about, because thats the intent!” Federal authorities are currently investigating fraud and bid-rigging charges against a group of real estate investors, and the secret recordings came to light when they were submitted as evidence. “Private communication in a public place qualifies as a protected ‘oral communication’…” says one of the investor’s lawyers, “and therefore may not be intercepted without judicial authorization.” Read more of this story at Slashdot. 
An anonymous reader writes from an article posted on iDownloadBlog: The DoJ is demanding that Apple create a special version of iOS with removed security features that would permit the FBI to run brute-force passcode attempts on the San Bernardino shooter’s iPhone 5c. Meanwhile, President Barack Obama has made public where he stands on the Apple vs. FBI case, which has quickly become a heated national debate. In the court papers, DoJ calls Apple’s rhetoric in the San Bernardino standoff as “false” and “corrosive” because the Cupertino firm dared suggest that the FBI’s court order could lead to a “police state.” Footnote Nine of DoJ’s filing reads: For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter’s iPhone without access to the source code and Apple’s private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers. As Fortune’s Philip-Elmer DeWitt rightfully pointed out, that’s a classic police threat. “We can do this [the] easy way or the hard way. Give us the little thing we’re asking for — a way to bypass your security software — or we’ll take [the] whole thing: your crown jewels and the royal seal too, ” DeWitt wrote. “With Apple’s source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple’s electronic signature, the Bureau’s versions of iOS could pass for the real thing, ” he added. Read more of this story at Slashdot.