Jackie,
"It is really this simple (this is how they did it to ASPD) - they take the time stamp on the review, contact the upstream ISP for a log of all IP addresses routed to that server or down that pipe at that specific time . . they wash those through a geotagged database and use other resources to narrow down to within usually four or five IP addresses that may have been responsible for the posting. They then contact those respective ISPs specific to those IP addresses they suspect and ask for subscriber information. They then look for someone with a prior or in a database on a watch list, etc. (client, provider, etc.) and then they drive to their house and knock on the door. Amazing what a gentleman will say when his child answers and Mommy is looking from behind the curtains while uniformed officers are on the lawn."
I'm not questioning your information, I'm just trying to understand the process.
The first question that comes to mind is why don't these review sites stop time stamping reviews? Instead of stamping the review as 01/10/2010 7:45pm, why not just stamp it with the date 01/10/2010? That would at least make it much more difficult to trace. Or even just have a policy of stamping it with the week that it was posted (01/03/2010 thru 01/09/2010). It sounds like the timestamping by the review site is the major problem here.
Another question is about the IP addresses that they narrow it down to. If me and 30 other people in Pittsburgh are viewing ECCIE at a certain time and someone else from Pittsburgh posts a review at that time then how would they know which of the 32 people posted that particular review unless they got the review site logs?
It seems like they wouldn't be able to narrow it down that much, wouldn't they have to question all 32 people? Even then they wouldn't know who posted the review unless the person confessed. Is that the key element, harassing clients in the hope that they will confess? It really seems like unless they contact the review web site and get their logs then there's no way to definitively identify the reviewer unless they confess.
It seems like a lot of legwork for LE and to identify 1 reviewer they would have to potentially embarrass 31 others in the process.
Like someone else pointed out, if the cops show up to question you just say nothing. It's your right and it's also the best thing you can do in that situation. I saw a lecture in a law class, part of it was given by a cop, he actually gave that same advice.
Originally Posted by mca9276
I agree that the timestamps should be changed, however, if they DO go after the Website's records and not just the upstream ISP's log files, they're still going to match you . .
Plus, please gentlemen, don't misunderstand me, I specifically stated this wasn't a common practice, just that it exists and that they've been known to do it . . yes, usually to support other charges or to follow a string of crumbs up the ladder to trafficking, drugs, racketeering, etc. My statement was
"Do I believe it happens regularly, no. Does it happen, absolutely. Will they do this to support just one case hit or miss, no, probably not - but in support of a larger investigation, I've read discovery where they have done just as I have outlined."
What they look for in Platte County (which was in the report that was made public to a local alternative newspaper), are IP addresses of people already on paper or with a license plate that frequents certain areas or recorded at local hotels, motels etc.
MOST people (even though they claim to know their rights) just talk . . they don't (can't) just say NOTHING (pardon my English).
Kisses,
- Jackie
