On the net, red herring
It was one morning that changed the life of Lakshmana Kailash K forever.In the wee hours of August 31,2007, Kailash,a techie in Bangalore,was woken up by cops from Pune.They told him he had posted images derogatory to Chhatrapati Shivaji on Orkut,and whisked him away to Maharashtra.The police had used the IP address provided by the internet service provider and information from Google,to find that the image was posted from a computer owned by Kailash.
It was one morning that changed the life of Lakshmana Kailash K forever.In the wee hours of August 31,2007,Kailash,a techie in Bangalore,was woken up by cops from Pune.They told him he had posted images derogatory to Chhatrapati Shivaji on Orkut,and whisked him away to Maharashtra.The police had used the IP address provided by the internet service provider and information from Google,to find that the image was posted from a computer owned by Kailash.
The Maharashtra cops are not the only ones to get it wrong.There is a widespread belief that IP addresses are akin to a smoking gun in most cyber crime cases.Tracing the IP address is also considered one of the easiest ways to crack a case.The result: even four years after what Kailash went through,investigators,internet service providers,private companies filtering web traffic and social networking websites,continue to jump to a conclusion on the basis of IP addresses.
There is a tendency to oversimplify the process, says Sunil Abraham,executive director of Centre for Internet and Society.While I have seen that courts have been always careful in cases where IP addresses are involved as a tool of investigation,I cant say the same about the local police.
In theory,IP addresses can be useful since they provide a link to individual computers.The address is a numerical string for example,192.168.1.1 that is assigned to any computing device connected to a network.However,given the dynamic and interlinked nature of the internet,using them as clinching evidence is fraught with dangers.
The second reason,according to Patnaik,is the presence of open wi-fi networks.Most people have no clue about technology.This means unsecured or poorlyconfigured wi-fi networks are common.The result: someone may park his car in a residential colony,scan for open wi-fi networks and use the open connection for sending a threatening or abusive email to his boss before leaving, he says.If the mail is traced,it will lead to the person who owns the wi-fi network and not the guy who used it illegally.
But police officers say that,to start with,the IP address is often the only clue thats there.Investigating cyber-crime is difficult because its all virtual, says Ranjit Narayan,special commissioner (crime).There are no clues other than the IP address.The investigation starts with it. Now,though,after their widespread abuse,there is a growing realization about the fallacy of the IP approach.A judge in the US recently said there was a very real disconnect between an IP address and a copyright infringer.Organizations like Electronic Frontier Foundation,which deals with matters related to cyber liberty and free speech on the web,have also taken up the issue in earnest. Perhaps,there is hope for the Kailashs of the future.
The original story was published in the Times of India, it can be read here