An IP address is not a person - Macleans.ca

An IP address is not a person

by

‘Skooky840’ is a good neighbour; he or she doesn’t lock their WiFi. When my Internet connection is out, I hop on theirs until I get things sorted. I’m not sure why they don’t protect their signal with a password. Maybe they can’t figure out how to. Maybe they can’t be bothered. Or maybe, like some folks I know, Skooky840 leaves their signal open to be polite, as a courtesy to neighbours like me. As long as we don’t abuse it and run up their bills, hey- why not? I’d love to thank Skooky840 for making my life a little easier and our street a little friendlier, but I don’t know who they are. A WiFi signal, like the Internet Protocol (IP) address associated with it, is not a person.

Try telling the cops that. If I were to abuse my neighbour’s politeness and/or carelessness (and if I were a criminal and/or creep) then this might happen: Skooky840 might be swarmed by a SWAT team in their own home because a predator hijacked their hospitality.

When a crime is committed online, tracking it to an IP address is a good place for police to start their investigation, much like how tracking a gun to the person who registered it is a good and obvious way to embark on a murder investigation. But it’s just a start. One Internet connection might be shared by different people who might live in different homes. If the signal is not password protected, any stranger walking or driving by could potentially have committed the online crime. If I were intent on committing a crime online, that’s probably how I’d do it. Alternatively, if I were the least bit afraid of being accused of a crime linked to my own connection, I might choose to remove password protection in order to gain plausible deniability—if my WiFi is open to the world, I guess it could have been anyone!  Of course, even if I use a password, it still could have been anyone—millions of computers are infected with botnets that allow third parties from any part of the world to access the Internet through someone else’s IP address, often without the host’s knowledge.

Of course, the Internet is still relatively new, and there are plenty of dumb criminals out there who won’t take any of these easily available precautions to cover their tracks. Track a child porn download to its IP address, and there’s a good chance that the perpetrator will be physically nearby. But for how long? And as criminals become more technically savvy, will the police, laws and courts evolve as well?

At some point, seizing the computer of someone because they’ve had access to an implicated IP address will be sloppy policing, and a violation of privacy to boot.