Peek-a-Boo…we
can find you! People often mistakenly believe they can surf and communicate
anonymously online. The reality is that no one is truly anonymous online. As
Parry Aftab always says, we leave a trail of cyber-breadcrumbs behind us
wherever we go, whatever we do online. Most times, no one cares about piercing
the veil of anonymity—unless they are the recording industry, an irate spouse,
or someone being cyberbullied.
Young people think that by creating a fake Facebook account, YouTube account or Gmail account, they can hide their identity. But, most of the time, they can't.
Luckily,
these cyber-breadcrumbs almost always lead you to the cyberbully. Each e-mail
(and IM) and every cyber-communication contains an IP address. Most online
games and social networks grab the IP address for every account formation,
everything posted and uploaded, and all comments and friend access. The IP
address (Internet protocol) tracks back to the IP address owner, and sometimes
to the Ethernet card in a computer in an office, school, or home network.
When
you have your own server, or use certain ISPs (Internet service providers), you
have a static IP address. That means it’s always your IP as long as you use the
same computer and the same ISP access. Tracking you is then as simple as
tracking your IP address. Most larger companies, especially technology-based
companies, educational institutions, and governmental agencies, have their own
static IP addresses.
When
you use a standard Internet service provider to access the Internet (which most
of us do), such as Optimum, Verizon, Earthlink and others, you typically have a
dynamic IP address, which means it’s yours for the period you are logged on,
like subletting from the server’s IP address pool. It can only be tied to you
by asking the service provider for certain information. They will need to know
when the IP address was recorded to be able to track which subscriber was using
it at that time. The cooperation of the ISP or online service is essential to
check their records to tie the IP address to you, as their customer.
The
privacy policy (which few of you have read) tells you how and under which
circumstances the service provider, network, or site will turn information over
when requested by legal process or otherwise. It tells you what information
they collect and store, as well. Whether they want to or not, if the legal
demand is made in the right way, they have to comply.
Given
how many subscribers they have and the high turnover of IP address assignments,
many ISPs only retain the subscriber/IP address records for a short period of
time, usually ranging from three weeks to three months. (Some mobile IP
information is online kept for a few days.) Problems arise when someone needs
those IP records and they are no longer being stored by the ISP. Unless the
situation and IP address is discovered quickly, important evidence linking the
suspect to the cyberabuse and possible cybercrime may be lost.
Most
leading ISPs will retain these records for longer periods of time if requested
to do so by a litigant or law enforcement official. Some statutes permit law
enforcement and lawyers to send a letter to the ISPs (a “retention letter”)
requesting that they maintain their records on a particular user for 30 days;
that request can be extended for additional 30 day-periods, if necessary.
But
even with extended retention periods, this requires that the victim of a
cyberbullying moves quickly. Law enforcement agencies can move very quickly and
the ISP typically will not notify the subscriber or user when information about
their account or profile is requested.