[vox-tech] Search Warrant Question re: IP Address Leases

[Bob Scofield]

I am in the process of analyzing a search warrant in a child porn case.  
Basically what happens is that the police search the web for child porn being 
downloaded by peer to peer programs.  They check the SHA 1 hashes against a 
database of known child pornography videos.  If the police see that child 
porn has been downloaded at an IP address they issue two search warrants.

The first search warrant is directed at the ISP to see whom the subsciber was 
who had the IP address when the porn was downloaded.  After they get that 
information they then get a second search warrant to search all computers at 
the subscriber's address.

This search warrant has challenged my understanding of dynamic IP addresses.  
I thought that a person was given an IP address each time he used the 
Internet.  I thought that after I left an Internet session my IP address was 
then made available to another customer of my ISP.  But in this case Comcast 
responded to the first search warrant with information about IP address 
leases.

When I Google about IP address leases I'm reading about five and eight day 
leases.  But here is the information supplied by Comcast (IP address redacted 
by me):

IP_Address	  Lease_Grant (UTC)	               Lease_Expire (UTC)
xx.xxx.x.xxx     2010-08-23 02:56:44.0          2010-09-28 22:04:00.0
xx.xxx.x.xxx     2010-04-08 06:28:58.0          2010-08-23 02:52:53.0

I read this as saying that the defendant had the same IP address for about six 
months.  In fact the defendant may have had the same IP address for even 
longer as Comcast did not retain any records before April 8, 2010.

So it seems to me that this dynamic IP address is like a static address.  Is 
this unusual?  Is the information provided by Comcast plausible?  Why would a 
lease be given for such a long period of time?  To track down people 
violating the law?

Thank you.

Bob