A few days ago, Google was ordered to reveal the
identity of an otherwise anonymous blogger as part of a defamation court case. And of course, said no-longer-anonymous blogger is
now planning on suing Google in return.
One of the very common topics here on Ask Leo! is, in fact, privacy, along with its companion
topics anonymity and security. As a result,I think it’s very important that everyone consider carefully what all this implies.
I am not a lawyer, and I’m in no way going to suggest that laws were or were not broken, that one side or the other is right or
wrong. This is about understanding what’s possible and realizing that the things you say on the internet – even “anonymously” – can
often be traced back to you.
I get questions all the time about the ability to trace back an IP address to an address, a phone, or a person. My answer: you can’t do it. The information that’s required to do all that is simply not available to the average consumer. Anyone that tells you otherwise is either lying or misinformed.
But… that doesn’t mean it can’t be done.
The second half of my response to these kinds of queries is exactly that: “you’d need a court order”.
That’s exactly what Google was responding to … a court order. And that’s where the blogger lost their anonymity. (I realize that I may be comparing apples and oranges somewhat here: in addition to IP information Google probably had the blogger’s account login information to the Google-owned service – blogger.com – being used. That just made the technical steps involved slightly easier for Google. The point and the concerns are the same, regardless.)
So what does all this mean for the “average” person using the internet?
In short: be aware of what you say realizing that you may not be as protected as you think. Not necessarily from any legal perspective – laws can change and can be quite different from place to place – but from a technical perspective.
Let’s use an example. Say you post an inflammatory comment here on Ask Leo!. Something that is clearly slanderous or threatening someone, for which you include no information that would personally identify yourself.
That person you’ve slandered then contacts law enforcement or just hires a lawyer to file suit against you – the “anonymous commenter”.
I get served with a court order to release any information pertaining to the comment. I then turn over the server logs that include the IP address from which the comment was posted, and the date and time on which it was done.
The investigators then use that IP address to locate your ISP, whom they then serve with another court order to release any and all information about that IP address on that date and time. The ISP turns over their log information that says on that day and time that IP address was connected to this physical location, or via that telephone number.
That’s a simplified case, and indeed sites and your ISP may not have, or may not have kept, the very logs that this back trace relies on, but then again – many sites and ISPs do. You just don’t know which. Similarly, if a school or a business is involved, the respective IT department may get involved to narrow the search with whatever logs they have available.
Ultimately, there’s a very real risk that with sufficient motivation and resources and with enough legal backing or ambiguity you can be found. Absolute “they’ll never find me” privacy is nearly impossible to achieve. You can certainly make it harder using various techniques and technologies, but you’re putting a lot of faith in whatever those techniques might be.
The bottom line is simply this: the internet has enabled a level of public discourse that’s allowed people to speak out and be heard with ease to a degree never before seen. Not unexpectedly, the boundaries of what is and is not legal and protected, and perhaps even moral, are constantly being tested.
If you’re one to push the envelope, realize that sometimes the envelope breaks.