On Apr 26, 2018, at 5:14 AM, Dave O'Reilly <[email protected]> wrote: > In my experience it’s a pretty poor investigator that would rely on IP > address only for the purposes of identifying a real-world identity. I mention > this point in both of the draft documents that I have published. Any remotely > experienced defence expert would have a relatively simple job stomping on a > prosecution case that relied on an argument that IP address equals real-world > person, if there were no other supporting lines of evidence. That’s not to > say that the IP address might not be a crucial piece of evidence, it’s just > that it would need to be taken in the context of the other aspects of the > investigation.
It occurs to me that an IETF informational RFC that discusses this subject with investigators, prosecutors and defenders in mind could be useful, although also risky. The problem is that yes, it's a pretty poor investigator who would do this, but there are lots of pretty poor investigators out there, and lots of courts that make really dumb decisions (the latest, for example: https://www.engadget.com/2018/04/25/eric-lundgren-e-waste-recycler-jail-windows-restore-disks-microsoft/ <https://www.engadget.com/2018/04/25/eric-lundgren-e-waste-recycler-jail-windows-restore-disks-microsoft/>) So if we do something it has to be with that in mind. We have to assume that there will be Clouseaus as well as Holmses.
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
