Commentary

Citing “Wrong Door” Cases, Judge Blocks Use of IP Addresses to Identify Individuals

A federal judge in Illinois has refused to allow a plaintiff to match IP addresses to individual names in a piracy case, indicating that use of IP addresses without any other evidence is too unreliable in identifying actual perpetrators, and as such, violates the rights of those caught in what he termed a “fishing expedition.”

In his decision, Judge Harold Baker pointed to one of several recent cases where paramilitary-type police raids on the residences of persons suspected of downloading child pornography that turned up nothing. What had happened was that real culprit had used that household’s unsecured wireless Internet connection.

The circumstances of the case here were somewhat different, but the same principle applied. The attorney of VPR Internationale, an owner of a adult web site, sought the court’s permission to match names to ISP addresses suspected of illegal file sharing of the site’s content. Judge Baker concluded that an IP address, by itself, did not constitute reasonable grounds to subpeona records for use in targeting suspects, noting in particular how easy it is for unsecure wireless networks to by hijacked.

According to Ars Technica’s Nate Anderson, Baker already had rejected the request on two occasions. When the plaintiff sought leave to take the matter to an appeals court; Baker last week rebuffed him once more, saying it was totally improper to do expedited discovery against anonymous individuals with no representation of their own before the court.

“Could expedited discovery be used to wrest quick settlement, even from people who have done nothing wrong?” asked Baker. “The embarrassment of public exposure might be too great, the legal system too daunting and expensive, for some to ask whether [plaintiff porn company] VPR has competent evidence to prove its case.”

Baker then went on to cite a recent mistaken child porn raid, where an IP address was turned into a name—but the named person hadn’t committed the crime. “The list of IP addresses attached to VPR’s complaint suggests, in at least some instances, a similar disconnect between IP subscriber and copyright infringer… The infringer might be the subscriber, someone in the subscriber’s household, a visitor with her laptop, a neighbor, or someone parked on the street at any given moment.”

This sets a good precedent and I hope that it will soon be used to deny a warrant for another predawn SWAT raid on an unsuspecting homeowner whose only mistake was failing to lock down a router. Given the potential these “wrong door” raids have for violence and death, we need the sort of discretion Judge Baker showed here when it comes to policing Internet crime.