[vox-tech] Search Warrant Question re: IP Address Leases

Alex Mandel tech_dev at wildintellect.com
Fri Jan 7 15:54:22 PST 2011 

Back in the day when people connected by modem this made a little more
sense. An ISP could expect that there would be some turn over rate and
each time a new person connected a IP would be assigned from the pool of
available numbers.

With high speed Internet, most people's modems are connected to the ISP
24/7. So in essence these days a dynamic IP just means that if the ISP
needs to shift you to a different IP (say to do service on some part of
the network) then they can just shift you around. Another way to put it,
they don't guarantee your IP to stay the same though in most cases it
will for very long periods of time.

So really it varies by ISP and by the method of connection.

Alex

On 01/07/2011 12:24 PM, Bob Scofield wrote:
> I am in the process of analyzing a search warrant in a child porn case.  
> Basically what happens is that the police search the web for child porn being 
> downloaded by peer to peer programs.  They check the SHA 1 hashes against a 
> database of known child pornography videos.  If the police see that child 
> porn has been downloaded at an IP address they issue two search warrants.
> 
> The first search warrant is directed at the ISP to see whom the subsciber was 
> who had the IP address when the porn was downloaded.  After they get that 
> information they then get a second search warrant to search all computers at 
> the subscriber's address.
> 
> This search warrant has challenged my understanding of dynamic IP addresses.  
> I thought that a person was given an IP address each time he used the 
> Internet.  I thought that after I left an Internet session my IP address was 
> then made available to another customer of my ISP.  But in this case Comcast 
> responded to the first search warrant with information about IP address 
> leases.
> 
> When I Google about IP address leases I'm reading about five and eight day 
> leases.  But here is the information supplied by Comcast (IP address redacted 
> by me):
> 
> IP_Address	  Lease_Grant (UTC)	               Lease_Expire (UTC)
> xx.xxx.x.xxx     2010-08-23 02:56:44.0          2010-09-28 22:04:00.0
> xx.xxx.x.xxx     2010-04-08 06:28:58.0          2010-08-23 02:52:53.0
> 
> I read this as saying that the defendant had the same IP address for about six 
> months.  In fact the defendant may have had the same IP address for even 
> longer as Comcast did not retain any records before April 8, 2010.
> 
> So it seems to me that this dynamic IP address is like a static address.  Is 
> this unusual?  Is the information provided by Comcast plausible?  Why would a 
> lease be given for such a long period of time?  To track down people 
> violating the law?
> 
> Thank you.
> 
> Bob

More information about the vox-tech mailing list