[vox-tech] Search Warrant Question re: IP Address Leases

Chris Jenks chris at jenks.us
Fri Jan 7 16:40:17 PST 2011 

   Dear Bob,

   I've set up Linksys routers for both my father and father-in-law which 
run OpenWRT. On the routers I run a cron job to periodically download a 
tiny file from my web site so I can see if the routers (and service) are 
up. Both connections are to Yahoo DSL, but I noticed that my father's 
connection keeps its IP address for weeks or months before changing, while 
my father-in-law's IP address changes about every day, randomly. I think 
the difference is in the reliability of the DSL modem or the amount of 
phone line noise - that the IP address would stay the same for a long 
time, unless the connection is interrupted, causing a new one to be 
assigned.

   Yours,

     Chris

On Fri, 7 Jan 2011, Bob Scofield wrote:

> I am in the process of analyzing a search warrant in a child porn case.
> Basically what happens is that the police search the web for child porn being
> downloaded by peer to peer programs.  They check the SHA 1 hashes against a
> database of known child pornography videos.  If the police see that child
> porn has been downloaded at an IP address they issue two search warrants.
>
> The first search warrant is directed at the ISP to see whom the subsciber was
> who had the IP address when the porn was downloaded.  After they get that
> information they then get a second search warrant to search all computers at
> the subscriber's address.
>
> This search warrant has challenged my understanding of dynamic IP addresses.
> I thought that a person was given an IP address each time he used the
> Internet.  I thought that after I left an Internet session my IP address was
> then made available to another customer of my ISP.  But in this case Comcast
> responded to the first search warrant with information about IP address
> leases.
>
> When I Google about IP address leases I'm reading about five and eight day
> leases.  But here is the information supplied by Comcast (IP address redacted
> by me):
>
> IP_Address	  Lease_Grant (UTC)	               Lease_Expire (UTC)
> xx.xxx.x.xxx     2010-08-23 02:56:44.0          2010-09-28 22:04:00.0
> xx.xxx.x.xxx     2010-04-08 06:28:58.0          2010-08-23 02:52:53.0
>
> I read this as saying that the defendant had the same IP address for about six
> months.  In fact the defendant may have had the same IP address for even
> longer as Comcast did not retain any records before April 8, 2010.
>
> So it seems to me that this dynamic IP address is like a static address.  Is
> this unusual?  Is the information provided by Comcast plausible?  Why would a
> lease be given for such a long period of time?  To track down people
> violating the law?
>
> Thank you.
>
> Bob
> _______________________________________________
> vox-tech mailing list
> vox-tech at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>

More information about the vox-tech mailing list