The Rozzers don't know what they're on about
It's techie versus bobby
[We criticised the police for their inability to trace emails. A Chief Inspector took issue with us. And our readers took issue with him.]
Just read the mail you got from Chief Inspector R M Crorie where he stated:
And what is wrong with "good policing" if she DID conceal the originating IP address (probably allocated dynamically - and do you have any idea how difficult it is to get any information out of an ISP or to get a warrant to force them?)
First of all, she was in a cybercafe (apparently), which generally have a leased line. Leased lines generally have static IPs. In fact, if somebody had told the police where to look in the headers to get the IP address, and then did a reverse lookup on it, it would probably resolve to something like townname.cyberia.net or somesuch.
In fact, the IP address probably wouldn't be required, because mail headers or so full of information that it would probably have the resolved name in it anyway. SMTP is clever like that. The Police evidently are not.
Secondly, as somebody who has worked for a few ISPs, I take exception to the Chief Inspector claiming that it is difficult to get information out of us. I have in the past helped several Police forces track down and arrest a whole host of people using the Internet to commit crime (think children/sex, ex-husbands scaring ex-wifes, bomb threats, etc.).
Unfortunately there are a few laws under the Data Protection Act which state that we have to protect our customers information - in other words you need to have a 'release' from the Police (not a warrant). This kind of helps us make sure that some random Police officer doesn't demand the address of the bloke who has been net-sexing his missus and then goes and beats him up. If the Chief Inspector is advising that we should start breaking the law, then perhaps I should be writing to my MP rather than you.
All an ISP requires is the appropriate documentation signed by a senior officer and most, if not all, ISPs will be happy to help. If the Chief Inspector (or indeed any officer or policeman reading this) need to find out how all this works, I would suggest that they contact the Manchester Obscene Publications Unit, who know this procedure inside out, and whom I have had the pleasure of assisting on several occasions back when I was working for Telinco as a sysadmin/security officer/scapegoat.
Let's see, I have an IP address that's dynamically allocated; let's pick one at random within the .co.uk TLD... Let's say 188.8.131.52
So, I run up Sam Spade (because I'm too sodding lazy to use a DOS or UNIX command line to do the same thing) and search for the owner of the IP. Turns out that belongs to CYBERZONE-LTD and it's assigned to www.cyberzone.co.uk (obviously not an actual dynamic IP, but I haven't much time to waste showing up the police for the network boneheads they appear to be).
One more mouse click in Sam Spade (personal version 1.14 for whatever that's worth - I find it faster than the Web version most of the time) shows me that CYBERZONE.CO.UK is registered by email@example.com so we go look up UK.PSI.COM and find they are owned by PSI.COM in Herndon, VA, USA. Well, police budgets being what they are, a transatlantic call is out of the question, so let's look closer to home. Going to the Cyberzone Web page, we find them in Croydon, and the entire sordid story of their location, how to reach them by phone, fax, or email, and who's in charge, is right there on the "contact" link.
Took me, oh, 15 minutes, while answering the Hell Desk phone and wiping users' files off the server. Surely Cheshire's Finest could do that much? After all, they managed to find www.theregister.co.uk didn't they?
Rich Tietjens ®
Sponsored: Today’s most dangerous security threats