FWIW, the prospect of being suspected and questioned (but not necessarily raided) because of your IP location is one of the best metaphors to relate what it's like as a minority to be searched just because you are of the same race as a suspect in an nearby active case.
It is perfectly logical to say that if there was an assault on a college campus and that the victim said the perp is an "Asian male", for the police to not prioritize the questioning of all non-Asians in the area. And if the report was made within minutes of the incident and the suspect is on foot, it may be justifiable to target the 5 Asian males loitering around rather than the 95 people of other demographics. What logical person would argue otherwise?
But the problem creep comes in the many, many cases when police don't have a threshold for how long and wide that demographic descriptor should be used. Within 1000 feet of the reported attack? A mile? Why not 2 miles? And why not 2 days or even 2 weeks after the incident, just to be safe?
The main difference in the ISP/IP metaphor is that in the digital world, it's possible to imagine search-and-question tactics that aren't time-consuming for the police or for the suspect. Hell, the suspect might not even know their internet-records were under any suspicion. OTOH, there are definitely real-world places in which for the police (and their community and most specifically the politicians), hand-cuffing and patting someone down has been so streamlined and accepted by the powers-that-be that it isn't a bother for them (the police) either.
edit: To clarify, I don't mean to get in the very wide debate on racial profiling, etc. But when I worked at a newspaper, we had a policy to not mention race unless the police could provide 4 or 5 other identifiers. That led to readers cussing us out because, they'd argue, knowing that the suspect was black is better than nothing. My point here is that sometimes, nothing is not always better than something, and that is most explicitly clear when it comes to broad IP range searches.
It's hard to construct a principled, narrow argument against profiling. If you have a single piece of exclusionary information, it's ludicrous to conduct a bunch of searches which are guaranteed to be worthless in the name of equality. (Leaving aside the accuracy of the tip for now.) And yet on a broader level, it's apparent that profiling can have all kinds of awful side effects.
An obvious example (and the metaphor carries) is secondary crimes discovered in the course of an investigation. There's another narrowly sensible rule: if a cop stops you for a broken taillight, they shouldn't have to ignore a corpse sitting in your passenger's seat. But combined with profiling, it produces a system where often-profiled people get the law enforced against them far more harshly than other groups. Add to that the cost and stigma of being investigated (a day in jail while innocent is a great way to lose a job), and you have a system where utterly sensible enforcement produces consistently biased harms.
The metaphor here carries really well. Imagine if those Kansas farmers torrented a bunch of movies, or that Seattle privacy advocate had a bit of marijuana. Well, those things are illegal, but it's still not fair that shoddy profiling amounts to selective enforcement against the profiled.
Even if you never, ever get incorrect data or wrongfully convict someone, profiling with limited data causes all kinds of secondary harms. This is a great non-racial example of why we should worry about it regardless of accuracy.
> If you have a single piece of exclusionary information, it's ludicrous to conduct a bunch of searches which are guaranteed to be worthless in the name of equality. (Leaving aside the accuracy of the tip for now.) And yet on a broader level, it's apparent that profiling can have all kinds of awful side effects.
The problem is that the main true benefit of the information is to exclude people, but that isn't how people use it.
Suppose there are 2 million people in an area and you know some demographic information about the perpetrator that will allow 95% of them to be excluded. That is useful information.
But the probability that a random person in the relevant demographic is the perpetrator is now 0.001%. The demographic contains 100,000 people and one perpetrator.
The fallacy is in assuming that just because not being in the relevant demographic is enough to exclude you, that being in the relevant demographic should by itself be enough to suspect you.
No, it's not. BRF has two components: Generic information about the frequency of events and specific information about the case in question. The item in question doesn't contain these. The item in question is a much simpler point.
> But the probability that a random person in the relevant demographic is the perpetrator is now 0.001%. The demographic contains 100,000 people and one perpetrator.
That's still a much higher probability than 1/(2 000 000) so I am not sure what is your point there to use numbers.
the point is that it's not a useful indicator for stopping random people.
"Oh, to catch the thief we are going to stop 100000 people" sounds absurd, after all.
Of course you can use the clue to exclude a bunch of people, but were you going to go around arresting random people on the street without this? Of course not, so why do it after.
Just to say something eye witness reports for race and any other characteristics are horribly inaccurate.
There are more than enough documented cases of rape, assault and other crime in which the victim could not identify the perpetrator with any degree of certainty.
Profiling is an important tool in law enforcement but it works when it's built on proper evidence and statistical models not sketchy witness reports.
I skipped accuracy to observe that even correct profiling has problems, but it's hugely important to see that over-reliance on profiling is a threat to solving cases.
> (Leaving aside the accuracy of the tip for now.)
You hand-wave this part away too easily. It's precisely the reason that all protections in the legal system need to exist. If you hand-wave away uncertainty about facts, then there's no need to have warrants, reasonable suspicion, right to an attorney, trials, etc.
That's kind of his point. Even if you have absolute certainty about the factual accuracy of the tip, it skews law enforcement towards what is essentially discrimination by selective enforcement. Throw in uncertainty due to latent racism in the witness, poor lighting conditions, or a general bias against minorities and you've got the perfect storm for a discriminatory justice system incapable of fairness at all levels.
Perhaps an interesting anecdote is the profiling of performance vehicles where I am from.
Modifications to vehicles here are mostly not permitted or have to be certified by an engineer, including engine modifications.
Now it is clear to anyone that say, a Nissan Skyline, is much more likely to be modified with non-permitted modifications than the station wagon taking the kids to school.
Yet there are many complaints from Skyline drivers that they are constantly being stopped and it's not fair treatment.
So the argument from one side is "We know these cars are often modified, so we use that information to inform who we stop for spot checks". The argument from the drivers is of course "I did nothing wrong so I shouldn't have to deal with constantly being pulled over".
The challenge for me is that both sides make sense, yet there is clearly downsides to cattering to either side too.
Without the informed stops you will get less illegal cars off the road, with the stops you incur on peoples privacy and ability to go about their day.
The unbiased solution would be to stop more cars but randomly. The Skyline drivers still get stopped just as often, but so does everyone else so they can't say it's unfair.
But that is dumb, and only really solves the problem of political correctness.
The other option is to just accept that more modified cars will get away with it for longer.
Now there are other options in this circumstance, like mandatory vehicle inspections each year for example.
But thisbone thought experiment really made me think deeply about racial profiling and how complex the issue really is, and how damaging it can be to the individuals being profiled.
To be clear, I think racial profiling is far too damaging to be a solution to anything. But I can see the logic path people take to get to it. Even if they do not make the next step to seeing the damage it causes.
>> a Nissan Skyline, is much more likely to be modified with non-permitted
modifications than the station wagon taking the kids to school. (a)
>> We know these cars are often modified, (b)
Note that those are not the same: (a) means "of all cars modified, more are
Nissan Skylines than station-wagons"; (b) means "of all Nissan Skylines many
are modified".
Police officers will want to know whether (b) is true, so that they can decide
whether stopping Nissan Skylines disproportionally often is justified.
Unfortunately, (b) really does not follow from (a). For instance, (a) is true
even if there are 0 modified station-wagons and a single modified Nissan
Skyline. If only a small fraction of Nissan Sklyines is modified, cops are
going to have to stop many, many Skylines before they hit one of the few
modified ones.
Even worse, the only way to know how many Skylines are modified is to check
each and every one of them (or stop "enough" of them and extrapolate).
On the other hand, cops will want to catch any illegally modified car. So
they have to wonder how many other modified cars they let slip by if they're
going after Nissan Skylines more than other cars.
If the cops wanted (or were able) to do proper data-driven policing or
whatsitcalled, they should make a list of all the types of car they found
modified in a particular time period, count how many times each type was
modified, divide by the total and go after the ones with the highest ratio,
and that only if the ratio is "high enough"- which again depends on exactly
how many cars were modified in that time period.
But of course, all this is hard to do and costly, so cops will go by instinct
and probably apply unwarranted prejudice- and get very sub-optimal results.
I think you make some very salient and insightful points here. (I am also appalled by your newspaper readers :/)
I'd love to see a cultural narrative and expectational shift in the US, through which the act of simply arresting anyone at all is seen as a gross affront that only occurs on a preponderance of evidence of provable wrongdoing, else LEO is seen as having failed to do their job, serve their community, and are held accountable. A raise in the standards of policing that includes significant penalties for arrests that lead to dropped charges, no prosecutions, provable errors, etc. I also think we need to ban layering on charges like resisting arrest and other such nonsense that have become obvious tactical weapons in LEO misbehavior with citizens. We need a serious shift from automatically granting LEO the benefit of the doubt and nearly impenetrable immunity. Hell, treat it more like we treat politicians—term limits of wielding power and renewal via community review and acceptance of officers and their behavior. This would obviously be more difficult with federal LEO, but if we could change the local forces, perhaps that'd be a good enough start in people's lives.
Non-violently resisting arrest is a crime in several states. It's ridiculous, you'd just about have to arrest yourself in order to avoid a charge like that.
It is perfectly logical to say that if there was an assault on a college campus and that the victim said the perp is an "Asian male", for the police to not prioritize the questioning of all non-Asians in the area.
This is not to disagree with you per se, because I do see your edited clarification at the bottom, but one of the problems here is assuming that the eye witness is correct in labeling the individual as "an Asian male" (per your example). Perhaps this is not true. Perhaps he is a short male with black hair, but not necessarily Asian. Perhaps he has some other ethnicity and will actually be overlooked by the police because of the assumption that the witness/victim has labeled them accurately when this may not be the case at all. (I will add: People are also sometimes misgendered.)
This is the best analogy I've ever heard for the experience of being racially profiled. As a white, male American, I can't say I've ever had the experience, but this helps me relate to the experience in a more personal way. Thanks for this.
As an East Asian, being racially profiled is not something I can naturally empathize with, at least in America. The closest I can imagine is being a tourist in Paris, and having what feels like decidedly more scammers come my way (I literally had 3 people try the "oh look at this ring I found!" scam within a distance of 2 blocks). And who can blame them, it most definitely is the efficient strategy.
It also helps if you've ever been stopped by a police officer for any reason, such as a traffic stop. I've been on a couple of ride-alongs so I've also witnessed it from the officer side. When you hear of someone complaining about just being searched (as opposed to being beaten/arrested/shot), it can sound like whining. Unless you've been the target yourself and you've at least experienced how damn inconvenient it is (regardless of any racial motives from the officer). You really have to be the model of patience to go through that process and think, at the time, "Nevermind me being late, he's just doing his job!"
Imagine being stopped like that as a not-uncommon part of life, just because someone of your general descriptor did some assholish thing. Besides the search/frisk/force part, I think the most annoying thing is how hard it is to argue against that logic without sounding like a politically-correct whiner.
Yeah that's it, and there are several variations. I know it seems easy to just say no to buying a stupid ring, but it's much, much easier to not even open that door because, from what I've heard from a friend, they will just so aggressively be in your face that giving them even anything will seem worth it after the scene they create. I know pre-googling a country sounds so tech-bubbley a tactic, but that scam is not at all I would of anticipated so I'm glad I stumbled on it.
(note in the link above, the writer says it happened to her 3 times in an hour. I had it happen one right after another, as if the second/third person didn't see me push the first one aside. So it's not just an Asian thing, I was just saying the rate that I perceived is how I empathize with being stereotyped at a quick glance)
I remember a different variation from the 1990s: a wallet instead of the ring, and an offer to split the cash. While you talk with the baiter, the "owner" shows up saying you stole it and threatens with police or just hints a violent payback. The baiter then begs the victim "we both" have to pay the "owner", or else.
There has to be a site somewhere listing them all.
"Oh well we better contact the police and have them sort this out" pulls out phone and dials the local equivalent 911 before waiting for a response. Any responsible traveler should have this number memorized for where they are going an be sure they get a phone that works in their destination.
It's clearly possible to get out of, just as most scams like these are based on combo of intimidation and greed. You just have to stand your ground. Outright mugging is a whole different thing and typically less subtle.
>"But the problem creep comes in the many, many cases when police don't have a threshold for how long and wide that demographic descriptor should be used. Within 1000 feet of the reported attack? A mile? Why not 2 miles? And why not 2 days or even 2 weeks after the incident, just to be safe?"
The big difference being the cumulative nature of peoples' experiences. If the same police are repeatedly exposed to a disproportionate amount of crimes being performed-by(or accused) by a specific group, then it would only be logical for them to naturally stop/search that specific group more often. It's a game of numbers, and I see no reason for it to be demonized as much as it has been as some "systemic oppression". As long as the police don't falsify reports that exaggerate those numbers, and behave in a civil manner towards complying citizens, then it should be "okay".
Personally, I would say that profiling by race and gender alone is way to wide of a search-criterion. For all we know, the police are actually using other side-properties of the individuals in order to profile them more specifically, yet on the surface to others it appears crass and simply based off crude properties such as race/gender. I.e. it may even be a layered approach where they "back-off" when they hit a dead-end in their search through the "good indicators for being a criminal or have just committed a crime".
E.g.: Broken tail-light -> hiding face behind hoodie -> oh, well spoken individual that just lost a family-member, must be fine.
Or: Broken tail-light -> hiding face behind hoodie -> hmm's and haw's when asked to leave vehicle for DUI test -> acting aggressive -> etc.
The big difference being the cumulative nature of peoples' experiences.
Your post focused on the cumulative nature of the police experience, but completely neglected the cumulative nature of the minority's experience. Therefore I downvoted you.
I'm part of a different targeted-minority. The only times I felt it weighing on me more than as a nuisance, was when I actually had something to hide. Which shouldn't have a bearing on whether or not the police should target me or not, as long as they behave and I as a citizen don't escalate.
>> If the same police are repeatedly exposed to a disproportionate amount of crimes being performed-by(or accused) by a specific group, then it would only be logical for them to naturally stop/search that specific group more often.
The "accused" part is the whole point. If police accuse a particular group disproportionally on the basis that they accused them disproportionally in the past, then we have a problem.
And that seems to be the case with racial profiling- that it builds upon the misconceptions of the past and therefore perpetuates them into the future.
It's really a case of GIGO, "garbage" in this case being historically prejudiced, and therefore bad, data on who should be suspected.
Of course, as others said, if you suspect and so search a particular group disproportionally often you may reasonably expect to also charge that group disproportionally often, even if that group has the same amount of perps as every othe group (which you leave well enough alone).
>> As long as the police don't falsify reports that exaggerate those numbers, and behave in a civil manner towards complying citizens, then it should be "okay".
Another objection: there's no good reasons for police to be un-civil, even if someone is not complying. If the citizen is being a bit difficult and the police office responds in kind you can bet the situation is going to get out of hand - and who knows where it will stop? And because it's the officer that has the clear upper hand in an aggression situation (they can call backups, and their backups can call backups -with armored cars) it's the officer that has to remember to put their personal feelings aside and be professional.
Also, cops aren't the only ones who have to deal with rude and unprofessional behaviour at work. Everyone learns to deal with that sort of thing and the best way is always to set your ego aside and avoid escalation.
>> Or: Broken tail-light -> hiding face behind hoodie -> hmm's and haw's when asked to leave vehicle for DUI test -> acting aggressive -> etc.
And a last objection: that's a crap (sorry) way to profile people. A kid with a hoodie talking trash to a cop is most probably a teenager trying to grow up -and failing, currently. Give them the time to succeed and go bust someone actually doing some harm. Everyone 'll be the better off in a world with more adults than juvenile idiots.
How often do you guess real perps go looking for trouble with the police? I'd guess, not very.
> FWIW, the prospect of being suspected and questioned (but not necessarily raided) because of your IP location is one of the best metaphors to relate what it's like as a minority to be searched just because you are of the same race as a suspect in an nearby active case.
That's an absurd analogy. An IP address isn't perfect, but it's far more specific than knowing the perp is an "asian male." What's the size of the universe of people who might have had the same IP address over a given period of time? A few?
The point is that an IP address is not part of a physical person in the same way that their race is.
Anyone can use my laptop and "have" the same IP as myself.
In truth, nobody "has" an IP address. A computer has an IP address. Who can tell who is using a particular computer at a given time just by looking at an IP address?
In that sense an IP address is a way, way more tenuous connection to a physical person than a description of (apparent) race and gender.
I made this argument in a different comment [0], but often the IP address only points to a router. The router then routes the traffic to devices on an opaque LAN (opaque from the WAN side).
In residential settings, there's a collation that whoever owns the router is likely to own the devices on the LAN - but there are also enough cases where this isn't true. Hotels, universities, cafes. Also, Tor exit nodes or people with compromised Wifi. I'm sure it's possible to come up with more scenarios. As for a statistical probability, no idea. Is 80% or 95% acceptable? I think that's EFF's argument, that there's still enough room for error.
Seems I remember a previous article estimating 1.5 million Tor exit nodes, but I may be wrong. And in another article from memory, active ip address estimates were in the 100's of billions maybe. My bet is most illicit activity from a perpetrator would go through Tor, but I wonder how many of the police raids are due to people being 'swatted'?
I think it depends on the discriminatory value of the "profile". If the profile is "male", I don't think it's OK to stop and search every male found, because it's just not enough of an indicator by itself. If the profile on the other hand is "person wearing a neon-green jacket with pictures of lolcats", it seems perfectly fine to use that as the sole indicator needed to stop someone who was to be sighted wearing such a thing.
These kind of issues would be a lot simpler if people were able to use Bayes' law to actually estimate how likely someone is guilty.
There have been way to many discussions with one side claiming using certain kinds of evidence is unethical, and another side claiming the evidence does have some statistical power.
As far as I'm concerned most of those issues would be resolved if people actually cared to check they had a probable cause before doing anything, most objectionably evidence fails that test, and if it doesn't it shouldn't be ignored.
It's from the UK, which I know has a very different situation to the US for race relations, but after 10 years of reform of the stop and search laws (to reduce racism and needless profiling) the UK recently found 25% of all stops illegal. One of the reforms required the police to record the reason for a stop - they either hadn't recorded anything or it was inadequate for 1 in 4.
Given the hugely higher number of stops of minorities, it's easy to see that they'd be identified in more crime - stop 10x more people of a group and you'll find more weed etc.
What hasn't been shown yet is evidence it's an effective crime fighting tactic, and it's easy to see why it causes minorities to distrust the police.
I'm an American and I am not a minority, but I have been profiled and stopped many times over the years. Each time I'm ask if I have anything in the vehicle, and do I mind if they search. It seems one or two younger white guys driving commercial vehicles are more apt to transport contraband. I don't know how effective this is, but it does happen often.
Perhaps, but building a list of all kinds of evidence insufficient to act on would take a lot of effort, and I fear it won't take away the underlying problems.
Telling someone to ignore the fact that group X is Y% more likely to commit a crime is very unlikely to work (since purposely ignoring something is somewhat contradictory). You'd likely get better results by asking someone why they did something despite lacking sufficient evidence.
There is nothing inherently discriminatory in questioning, the discrimination can creep when you build the profile not when apply it.
By definition every investigation technique is designed to be discriminatory in the proper sense of the word since you discriminate using the evidence you have so far.
A similar example, while not a raid, hit me closer to home a bit over a year ago.
I'm sure that if you follow US news at all, you heard about the looting and arson in Baltimore in the Spring of 2015. While the city was on edge in the wake of a citizen's death in police custody, there had already been some minor demonstrations and a brawl between protesters, baseball fans, and provocateurs downtown earlier in the month.
Then, on the day of the funeral held for the man killed in custody, word started to spread of plans for some sort of riot or mass havoc being planned later in the day. Later, authorities pointed to a digital "flyer" being passed around yet nobody investigating this outside of the police has found any source or initial copy of this flyer that dates before this was published in the media. Trust me, we looked.
In response to this alleged threat to public order, cops with riot gear and a freaking mini-tank showed up at a major public transit hub right as school let out. Transit was shut down and everyone was corralled into a small area next to a busy street and without a way home for hours.
Eventually, tensions got high enough that when the first pissed off teenager or whoever chucked a bottle or a rock, it didn't take long for others to join in. In the ensuing vandalism and arson, hundreds of thousands in damage was caused, people got hurt, the city was put under curfew for a week, and to this day, businesses and residents have suffered from the reputation gained (worsened?) that day.
Looking back, the part that really sticks out to me is how the whole thing was triggered (assuming you don't think it was a deliberate provocation) by some "social media flyer" that claimed some teens were planning to run around starting shit after school. This rumor summoned riot police, shut down transit, stranded loads of adults and teens alongside the road, and facing down a phalanx of police plus one armored tactical vehicle.
Would those shops and homes still been damaged or those stores been looted and burned in a wave of unrest without this rumor-inspired flashpoint? No idea. But it sure didn't help.
That sounds like poor police work as much as digital rumors being the problem.
When you're expecting a riot, concentrating a bunch of people together and removing any way for anyone to leave (even people not kettled couldn't leave due to transit being shut down I presume) sounds like you're trying to make a riot.
It sounds like they read the textbook on dealing with riots, but forgot to read the part where you're only meant to do it when people are actually rioting.
A spoiler is contained in the following reference.
This reminds me of Ghost in the Shell: Standalone Complex: 2nd Gig, wherein a single actor causes an AI to rotate military forces within a refugee area, with the explicit intention of increasing anti-police sentiment among refugees.
The world is a stage and, without proper leadership, crowds will behave in ways they believe are allowed within the hard constraints of the social order. This is at the core of the BLM movement, and a pillar of the Occupy movement: police must not view themselves as separate from the policed. For cybernetic reasons as well as pathos ones. Otherwise, from the perspective of the social order, the distinction between the two is error.
I actually did not miss this, I simply did not have the space to say it, nor was it relevant to the point I was making.
It is strange to tell someone you have likely never met that they have missed something, based on very little information provided to you. This might be a sign of a cognitive impairment on your part, or perhaps a broken worldview. I don't have time to discuss either of these points, but it may be helpful for you to consider why you believe you can "read the minds" of people over the Internet.
So the police received a tip or a lead that people were planning on inciting riots or mass violence, and people then went on to incite violence and mass riots? It sounds like the police response was validated.
How did the police incite a riot? Did they throw stones at themselves, break windows, and overturn cars? Were plain-clothes officers planted in the crowd as provocateurs? Are the rioters automatons with no control over their own actions, who are irresistibly compelled by the presence of police to start rioting?
The people responsible for mob violence are the individuals in the mob.
Ultimately, sure, someone can get up in your face and yell at you and try to get you to throw a punch but ultimately, it's your job not to throw that punch. I get that.
But in terms of maintaining peace and preventing brawls or riots, you don't want to go out of your way to instigate them. In this case, on the strength of an alleged photo being passed around (again, nobody has a copy of this photo dated before it hit the news), you had riot police shut down transit and corral hundreds of teenagers for hours, unable to leave because you were worried that some teenagers were planning to start trouble.
Watching it all unfold was very frustrating at the time. Basically, the riot cops were there before there was a riot and where there likely wouldn't have been one until they rounded up these hundreds of people and kept them there for hours.
My point isn't that it's someone else's "fault". It's that digital rumors and overreaction to them can be counterproductive if the goal is to keep the peace and not escalate. Just as in my earlier analogy, if you eventually get fed up at the guy screaming threats in your face and punch him, sure, you were the one who threw the punch. But I don't really want to have the screaming guy on my payroll as a guy hired to prevent fights either.
> If police raided a home based only on an anonymous phone call claiming residents broke the law, it would be clearly unconstitutional... Yet EFF has found that police and courts are regularly conducting and approving raids based on the similar type of unreliable digital evidence: Internet Protocol (IP) address information.
I'm not sure that these two are equivalent. A better example would be the police raiding my home based on an illegal phone call that came from my phone number. Sure, the fact that it comes from my phone number doesn't mean I did it, but it's certainly evidence that points to me, just as an IP address can be.
In general, the summary linked to above makes it sound like police should never use IP addresses. To be fair, if you read the whitepaper itself, it doesn't say this, but rather that police should be _careful_ in how they use IP addresses. Specifically, it recommends that police "conduct additional investigation to verify and corroborate the physical location of a particular decive connect to the Internet whenever police have information about an IP address’ physical location, and providing that information to the court with the warrant application".
> A better example would be the police raiding my home based on an illegal phone call that came from my phone number.
That's broadly overestimating the reliability of IP addresses, though. Consumer IP addresses change on a random basis, based on whatever obscure policies an ISP has set up at the time.
Police get the physical address from the ISP. The ISP knows which IP was assigned to each customer at any particular time because they log it. Yeah, it's theoretically possible they don't keep the logs, but IRL they always do.
> Police get the physical address from the ISP. The ISP knows which IP was assigned to each customer at any particular time because they log it. Yeah, it's theoretically possible they don't keep the logs, but IRL they always do.
That isn't the source of the uncertainty though. It's part of it in the sense that cost-cutting ISPs may have inaccurate records, but the fundamental issue is that IP addresses are completely unauthenticated.
Some people turn off their modems when they're not using them. One way to steal internet service on some ISPs is to clone the MAC of your neighbor's cable modem (and then the ISP thinks you're them).
People have guests who use their WiFi. Some people use WEP, or weak passwords, or are just nice people who intentionally leave their WiFi open for public use.
Anyone who controls (or compromises) a router can spoof any IP address that routes through it. Same with compromised client devices that can be turned into proxy servers.
Even so, the probability that any given traffic is actually from the person whose name is on the bill is still pretty good, unless that traffic is illegal. Because people engaged in illegal activity have the incentive to do one of those things or any of a hundred other ways to get an IP address not tied to your name.
And it isn't that hard to do those things. Which means there is a high probability that an IP address associated with illegal activity belongs to an innocent party rather than the perpetrator.
Taking all of that as given... when law enforcement sees illegal activity from an IP address, what are they to do? Use a search warrant to gather more specific evidence? Or just give up?
...especially when their favorite form of "raid" is busting doors at 5:30 AM, shooting dogs, and shoving guns in children's faces. If the preference were, rather, to wait until a suspect left for work, detain her when she got to the sidewalk, have her call the house and arrange for all remaining residents to take a walk, and then enter the residence in non-destructive fashion, all sorts of speculative policing might be better justified.
Not only that, notice that the tenuous thing is the link between the IP address and particular a person or endpoint location. You have the IP address, get a warrant to wiretap the IP address.
See if the illicit traffic to that IP address is really going to that residence. See if the traffic pattern looks like the traffic going in is coming right back out and being relayed somewhere else. Put a van full of government WiFi hardware on the street in front of the building and if the relevant traffic correlates to traffic to a wireless device, triangulate the exact location of that device and see whether it's actually inside the residence. See if anything at that IP address is in communication with C&C servers that imply it has been compromised.
Any of which can be done without shooting a single innocent dog.
You have to remember that the ISP might have a physical location if this is a paying customer on a landline, but that's not usually the case. Reverse IP address location lookups are unreliable as worst and inaccurate at best. That house in Kansas that they mentioned? It's the default "middle of the US" location that is returned when they don't actually know where you are.
Any ISP is going to have a more accurate idea of which customer has an IP than a generic geolocation service. An ISP in Ohio is not going to return a latitude and longitude that happens to be in Kansas.
A threat, insider trading information, transfer of copyright material by modem, planning to commit a crime, harassing someone, instructing someone to commit a crime. There are so many ways to break the law by saying the wrong thing. Speech isn't actually free.
That's a better definition then, but it's really not so much the phone call that's illegal but making threats, planning a crime, or whatever activity is being discussed or carried out via a phone call.
Simply making a phone call is not illegal even in the case where that phone could trigger an explosive device.
Remember the phone companies are immune from prosecution in these cases because they're a common carrier, something that also applies to internet service companies now.
If you know that the number you're dialing is a detonator, why isn't the phone call itself illegal? If it doesnt detonate, doesn't that make the call an illegal act itself (attempted murder) and if so, why isn't a call resulting in successful detonation illegal by the same reasoning? IANAL but I'd think the former would be just as illegal as the latter except that the successful phone call would be lumped into the greater charges of terrorism/homicide alongside any violations for actually building and placing the explosive device.
I don't know much (or anything) about the prevailing criminal justice philosophies among the judiciary but this sounds like a question that can only be answered by a thorough review of the criminal code and precedent. Wire fraud, for example, is one of those felonies that you can be guilty of in the process of committing other more serious crimes so obviously some components can be broken out of the larger crimes.
I think he's saying that the act of detonating a bomb, or attempting to detonate one, is illegal all by itself. The fact that it was done by a phone call doesn't change anything, so, the phone call itself was not illegal. The charges would be identical if they used a phone or a timer or a hand switch.
That's why I brought up the example of wire fraud, which is basically any fraud committed using electronic communications. This charge is usually added on top of the main fraud felonies despite the fact that the only difference is the medium of communication. In the case of wire fraud, a phone call does change the crime in the eyes of the court.
But as a police officer, if you see something coming from an IP associated with me, it's probably wise to look into me further; even if IP address in and of itself may not be adequate evidence to justify a raid of my home. Similarly, if I saw your phone number associated with a bomb threat... yeah, I'd definitely have my suspicions and would want to look into you further, even if a phone number isn't definitive _proof_ of identity.
Look into further is far, far different than using it as sole evidence for a raid. IP address coupled with additional evidence would be perfectly valid.
In the 1980's, some powerful senator's cell phone was snooped on, resulting in a major scandal when the contents of his phone calls was revealed in the press.
This resulted in Congress passing laws that made it illegal for radios to be capable of listening in on cell phone frequencies or being easily modified to allow them to do so.
It is likely that only similar widely publicized embarrassments and privacy violations of the rich and powerful will result in any meaningful legislative attempts to curtail the growth of the police state in the United State.
They clearly don't intend to do much about it unless they themselves are the victims of such abuses of power. As long as it's just "nobodies" or social or political outcasts who are the victims the police and surveillance aparatus, it's doubtful that much will change.
Your example shows why that doesn't work. The correct solution to people eavesdropping on calls is end-to-end encryption, which we still don't have for phone calls. Which means that bad people can still eavesdrop.
But meanwhile we now have a stupid law that prevents honest people from buying interesting radio hardware and makes it even less likely that we will ever have open cellphone baseband processors etc.
The one I'm familiar with is the Sarasota, FL incident, where a married couple was raided in the middle of the night in response to alleged child pornography. Their unit was in a condominium, practically on the edge of Sarasota bay, where various boats moor and dock. After further investigation, it was discovered that the traffic had originated from some guy in a boat using a high gain antenna. If I remember correctly, he had cracked their WEP key and illegally accessed their network to obtain nasty images, lots of them. The insecurity of WEP has been known about for a long time, presumably by LE too.
It is conjecture on my part, but a few things come to mind regarding alternative methods of investigation that may have avoided this. 1. Contact the ISP first (in this case I think it may have been Verizon). I remember Verizon having the ability to remotely reset router passwords, which possibly suggests the ability to remotely view associated client data, e.g. MAC addresses and hostnames and maybe even OS. This may have provided valuable clues. 2. Note the protocol used by the wireless router. 3. Wardrive a bit. 4. Maybe check for logs of any accounts the boat guy logged into while on their network.
Regardless, the raid was botched and pretty traumatic for the couple, considering they were operating a legal AP probably secured with what they thought was adequate encryption. At the time of this event, WEP was standard default, straight from the ISP. They'd done nothing wrong.
most police, especially in smaller areas, don't have the people on hand or on call to explain all this "techy" stuff to the people who make these decisions OR those people choose to ignore them... it seems like it takes 10+ years for cops to catch up and improve their investigation techniques, at least in the smaller areas with fewer resources.
Not disputing that necessarily, but take note that SPD has been very very busy[1] with their Stingray IMSI catchers and a host of other fairly sophisticated equipment. Even for an entry-level officer, an Associate degree or several years of military service is required. From my personal observations, the average SPD officer or deputy is pretty bright and even well informed. The chief of Police here has a masters degree and went to an FBI National Academy, although she wasn't chief back then. Also, I believe the FBI was involved in the above mentioned raid. And while I enjoy cynicism, the FBI is anything but stupid.
Not great to start an article off with sloppy reasoning:
> If police raided a home based only on an anonymous phone call claiming residents broke the law, it would be clearly unconstitutional.
> Yet EFF has found that police and courts are regularly conducting and approving raids based on the similar type of unreliable digital evidence: Internet Protocol (IP) address information.
When police go after an IP address, it happens after there is evidence linking it to some crime. That makes the situation wholly unlike an anonymous phone call, where there is no evidence a crime has even been committed, and where the identifying information itself is trivial to falsify.
Also, IP addresses give a lot more information than the article implies. Especially these days now that everyone has a home router that probably keeps the same IP address for weeks at a time if not months. Not enough to trigger a police raid, of course (if we want to argue that the police have too low a standard of evidence for initiating a raid, I agree) but it's probably a good lead to go on in the common case.
EDIT: I don't disagree with the rest of the article.
Huh, how is that sloppy reasoning unless you take that out of context? I don't think the EFF is saying that the IP address should never be used as information. It seems they are in perfect agreeance that if there is enough corroborating evidence in addition to the IP information, then the police can consider action.
The EFF's problem is when IP information, as with an anonymous phone call, is used to spur action without enough additional evidence. This is the anecdote they cite in their whitepaper:
edit: I responded to someone who clearly pointed out that I misunderstood raynier's argument. The comment was deleted by the time I hit Reply, but here is my reply:
I now agree that I'm at fault for short-shrifting raynier's argument. The whitepaper also includes up on top a story of a place being raided for being a Tor node, which may feel similar to the vagueness of justification that comes from a anonymous phone call, but that's not completely analogous either.
Perhaps the closer analogy would have been SWATting, but I don't think law enforcement supports that as a practice (because it's a result of them getting actively deceived). But I feel that's part of the EFF's overall point: SWATting is clearly a bad thing, whereas the specious reasoning the police sometimes uses to justify a raid based on IP information is not scrutinized enough, because of general tech ignorance.
> Huh, how is that sloppy reasoning unless you take that out of context? I don't think the EFF is saying that the IP address should never be used as information. It seems they are in perfect agreeance that if there is enough corroborating evidence in addition to the IP information, then the police can consider action.
Shouldn't it depend on the action? An IP address alone would not justify going to the location it was assigned to and arresting, charging, and holding in jail until trial the person(s) found there.
However, if the action is just to get a search warrant to search that location for more evidence, that seems OK to me. With nothing else other than that the IP address was used for some criminal activity, that is pretty good evidence that something related to the crime took place at the location the IP address was assigned to at the time.
Without first going to the ISP and filing a warrant to get the information regarding whom had that ip address its not even enough for a warrant.
If you've been following some of the recent stupidity police have opted repeatedly to just use some sort of resource to correlate ip address to physical location. This could be because this provides instant gratification or because they lack enough evidence as of yet to even justify THAT warrant.
As an example one such resource used to list a single coord for all unknown addresses in the US. This led to parties at that address dealing with hundreds of cases of unpleasant police contact wherein each officer individually learned that this address wasn't the center for criminality on planet earth. Unfortunately this knowledge didn't percolate upward.
So we aren't dealing with just proxies, tor exit nodes, open networks, many users connecting to the same router and other relatively complex matter. We are dealing with the fact that the police can't even be bothered to confirm with the ISP which customer even had that address at a given time.
In that context, without an initial warrant to gather the most basic of information IP addresses rarely are sufficient for anything at all except further research.
>>> if the action is just to get a search warrant to search that location for more evidence, that seems OK to me
So you believe based on nothing more than your IP address showing up connected to alleged criminal activity, the police should be allowed to batter ram your door at 3am, shoot your dog dead, detonate explosive in your living room, and potentially kill you if you are not fully awake instantly and follow their commands to the letter with perfect accuracy?
Because that is how the US Police force "serves" a search warrant in 2016.
If I'm looking into an internet-related crime, the IP address of the offender is gonna be one of the first things I look at. Can someone falsify it? Yes. But not every offender _will_ falsify it, and so it's useful information to at least look into further, even if IP address by itself shouldn't be adequate evidence for a police raid.
You can send packets with a fake source IP, but you won't get any response back, so it's of extremely limited utility. If there's traffic back and forth between two IPs going through ISP infrastructure, then it's a safe bet that it's the real deal.
"collect more evidence" means they take your hardware or other property that they want and you will not get it back for many years. Even if there is no criminal charge. If its computer hardware that was taken, it will be obsolete by the time you get it back.
..., break down your front door in the middle of the night, shoot your dog or someone from your household, throw in flash grenades... You know simply ruin your life.
That's why we don't issue them without probable cause. Probable cause doesn't mean "proof beyond a reasonable doubt"; if it did, we could dispense with the pesky trials.
Those pesky trials are dispensed with in something like 90%+ of the cases in the US. The accused just wind up accepting a plea bargain.
Some might argue that that's how it should be, and is an example of the effectiveness of prosecutors, who save the state a lot of trouble and money in trying people who clearly are guilty by their own admission.
Others might call it a travesty of justice, and a mockery of the judicial process and the Constitution of the United States.
The problem in the Aaron Swartz case was that MIT IT employees decided to make a federal case out of a trespass event with zero property damage, and MIT refused to release the names of those people. Subsequently there were many other sins of omission. MIT's senior leadership could have come out against the prosecution, for example. The enablers and excuse-makers disgust me.
The word "probability" is right there in the term. I don't think you're going to find a lot of experts that will look a the data on how likely residential IP addresses are to correspond to actions at their addresses and say that the correlation is weak.
Yes but there are plenty of cases where police departments aren't even bothering to get the service address from the ISP. Look at the case of the farm in Kansas or the house in Atlanta, The police don't have some independent source testifying that that IP address was in use by a customer at that service address, they're literally just using a geolocation service and raiding wherever the marker lands on the map.
This is the one thing that irks me the most, I don't expect law enforcement to understand the technical side of things but this is just a complete failure to do good old fashioned police work. If a judge was asked to sign a search warrant predicated around the results of a homemade drug test tutorial on Wikihow there's no chance that they would ever consider granting it yet when the same thing is asked in regards to an IP address somehow that passes muster.
At a minimum, police should be required to contact the IANA to figure out which AS an IP belongs to and then contact the AS to figure out what the service address is for the customer. Academia is built around citing any kind of source information, why is that too much to ask for from law enforcement?
Ideally, law enforcement would contact IANA to get the AS, look and verify that that AS was the only one advertising that IP block at the time in question, get the serial number of the modem in question from the AS if the subscriber is using a DOCSIS modem, go to the service address and confirm that the modem is actually present at the service address by doing a disconnect at the road, and then execute the warrant. I get that most of this is pie in the sky wishful thinking, but omitting any of those steps could result in raiding an innocent person needlessly and a lot of those steps could be executed concurrently. Heck, you could also throw in looking for signs that the IP address in question is being used as a Tor node or any other simple proxy and sniffing wireless traffic and trying to correlate the timing of wireless frames to the traffic from the modem in question. You could even do the wireless sniffing at the same time you go out to verify where a modem is on the node.
Even though this would be extra work for law enforcement, wouldn't it be worth it many times over if it just saves a small proportion of innocent citizens from a dangerous police raid?
Here's the problem: what do you do when somebody has managed to describe, over the phone, a convincing scenario that demands an immediate and severe response. Like "people are dying in that room right now and will continue to die if nobody stops them".
Fundamentally, there is no good answer to that. Both options can result in lives lost. One is an active shooter being allowed to continue killing freely, the other is sending police officers ready to deal and face lethal force.
Obviously no-knock raids on suspected drug-dealers are a different matter - those are unacceptable by any sane metric. But you include swatting in your list. Swatting generally involves a violent emergency where delaying for verification would cost lives.
For that case, all I think we can do is treat the swatters as people committing aggravated kidnapping or even attempted murder. They're attempting to send men to detain somebody at gunpoint.
Swat teams, police, secret service, etc tend to degenerate as just enforcers of the rich and powerful.
The following one was highly suspicious and looked like a hit done by a swat team covered as a 'mistake'.
The US has a several hundred billion dollar revenue generating illicit drugs market, and that doesn't happen without alot of involvement from US agencies.
> For that case, all I think we can do is treat the swatters as people committing aggravated kidnapping or even attempted murder.
Absolutely. In fact - if swatting results in the death of a person, then the swatter should be charged with first degree murder.
The problem, however, is that the swatters are not always in the US, so even identifying the swatter can be quite difficult; let alone extraditing them.
Thus, the swat teams also need to, in one way or another, tone down their violent, no-knock raids.
If I told an easily-angered person that her spouse had intimate relations with someone I didn't like, could I be charged with the resulting murder? Why don't the police have agency?
Intent matters. The intent was to send a group of dangerous and heavily armed men in to detain an innocent person. That's aggravated kidnapping.
In common law, if somebody is killed in the commission of a violent felony even if the death was unplanned, it's "felony murder". In most of the USA, "felony murder" is first-degree murder.
I don't have sure answers to your question, but I can speculate. The response time between the report and arrival of LE is not instant, implying an inevitable delay. This might be reason to not necessarily rush in too quickly, i.e. the situation may have changed. In such an immediate scenario as you've proposed, there is definitely a maximum priority, and multiple factors to consider, e.g. hostages?; number of victims/assailants; style and material of attack; reliability of report and probably much more. I'll admit that I am not qualified to evaluate this variety of scenario. However, from what I've observed, most botched SWAT raids don't involve such a critical priority - and that is a problem. Oddly, there was, by some standards, a highly dubious delay in the SWAT response to the Orlando Pulse event, where things may or may not have ended very differently.
I wholly concur that a much greater burden of responsibility is needed. In so many situations, there is no substantial accountability and either someone's life or dignity is lost for no legitimate reason. Not good for citizen morale.
The rational thing might be to let the people in the room die.
It depends on how many outwardly hidden death rooms there really are and how often the existence of these rooms is revealed by anonymous phone calls. You don't need much of a ratio there for urgent action against false calls to create more harm than the hidden death rooms.
And it doesn't have to be a binary choice; upon receiving notification of a hidden death room, the police could choose to investigate cautiously rather than escalating to extreme force. This will likely still have the effect of reducing the number of hidden death rooms without much risk of shooting innocent people in a raid.
Yeah, is this just an urban legend? Fake videos, etc.? It's always seemed absurd to me that you can send men with guns to raid someone's house just with an anonymous phone call.
> Put simply: there is no uniform way to systematically map physical locations based on IP addresses or create a phone book to lookup users of particular IP addresses.
Maybe today, but when we have wide deployment of IPv6 (heh), won't ISPs do away with NATing and give everyone their own block of IPs? Then I would think you could reliably tie a person to an IP address as long as the ISP cooperates.
NAT isn't the only or even the most important source of errors here. The article cites two examples, one where imprecise IP location information was being represented as precise, and one where a Tor exit node was mistaken as the actual originator. Neither one would have been fixed by using IPv6.
Well, location will be fixed to an extent with IPv6. All you need to do is contact the ISP that owns the appropriate /48 or whatever they were given, ask them the address of the customer with said /64 and there you go. Of course, this is the same thing they should already be doing with v4, carrier-grade NAT is fairly uncommon for anything but mobile use except in Asian countries.
Still, you can't tie an IP address to a specific person or computer, v4 has NAT to contend with and privacy extensions with v6 (which Microsoft and Apple use by default, most Linux distributions do as well) - so regardless if you can get the physical location where that IPv4 address or IPv6 prefix is assigned it does you no good on determining who was actually behind that address (unsecured wifi or easy to crack passwords, malware, the list goes on).
The first example isn't due to an inability to get the location, but using a source of data that didn't have it, and didn't adequately explain that fact. It'll happen just as easily with IPv6.
One more reason I disagree with the current anti ipv6nat sentiment. I understand the reasons people are against it, but when I try to explain my reasoning it gets casually dismissed.
IPv6 privacy addresses solve this for the most part, NATv6 isn't going to do anything for you above that they provide as far as people trying to identify your location by the IPv6 prefix or address (if you've been given a /128 to NAT).
(1) It's unreliable (2) It's unconstitutional assuming judges agree (3) It's expensive if you screw it up, such as people die, lawsuits, or embarrassment. All of which is unlikely change behavior unless everyone agrees.
I'll just point this out here. Reena Virk started as a rumour going around in schools. Until eight days later her body was found. A little bit of prudence is necessary, but don't discount rumours out of hand.
It's as much a "law and order" issue as it is a civil rights issue.
Cops have limited resources to deal with a number of problems and if they don't have the training and procedures to use internet evidence they are going to waste those resources tracking down stolen cars, child porn and whatever in the wrong places.
Why don't we just regulate any Internet-connected device? When you purchase one, you register your name and address and are given the IP address in return.
Then, we can simply look up the physical address of the IP address holder.
I know you're just sarcastic trolling, but since your post seems to be generating some discussion without anyone pointing out the technical implications on a technical forum...
We already do this, but it's called the MAC address. And it can be used to trace back the piece of hardware to the purchaser.
Unfortunately it can't solve the problem for innumerable reasons. For one, it turns out to be pointless to route internet packets or police raids to the location of my computer, knowing it has a unique number (currently the MAC) that can identify it as made in China and sold in Virginia...Better to use the dynamically assigned address (currently IP) of my home router which, with a call to Comcast, can give you my physical address in Hawaii.
Of course that physical address might serve any of my neighbors, but then again my computer's MAC also serves any guest in my house that asks nicely to use my computer or anyone tech savy enough to clone it.
I'm not sure if you're trying to make a sarcastic analogy to gun registration or not, but if you are, they aren't quite the same, given that a gun is a physical object and an IP can change without the user knowing or being responsible for that change.
Haha nah, I didn't put those two together. I guess gun registry is a big topic in the states right now. I was just pretending to be a politician since that's the sort of response I feel they would come up with.
>Law enforcement’s over-reliance on the technology is a product of police and courts not understanding the limitations of both IP addresses and the tools used to link the IP address with a person or a physical location.
You can most certainly narrow down an IP address to a particular ISP customer. Is it possible that they have an open wifi? Yes. Is it possible to narrow it down to a single member of the household? Depends! Is it possible that a computer at the destination is being used a proxy by the real attacker? Yes! But it's certainly not the blackbox that the EFF is trying to portray it as.
It's totally appropriate to execute a search warrant based on IP logs. A search warrant doesn't mean that any particular person is guilty, just that there is probable cause that there is information about a crime at a certain location.
I mean, it's reasonable to link it with a physical location, but only to the extent that there's obviously A computer at the location that is being used for some purpose. The problem is when they use it to try to identify an individual, which is completely unreasonable.
> obviously A computer at the location that is being used for some purpose
Well "A computer" could be any TCP/IP enabled device nowadays, including a router. So no, it's not reasonable to look at traffic coming from an IP, and say that traffic originated from the physical location of that IP, just because the LAN beyond that router is opaque.
I mean, several ISP IP addresses are involved with routing, but "everybody knows" they're shared machines. But again, simply because a trace route stops at a certain machine doesn't mean the routing actually terminates there - for most cases this is not true. It's just that the person behind the router with NAT often owns all devices on the LAN/opaque side. Using this correlation alone is dangerously inaccurate.
I never implied that a system in that network was the origin of the traffic, but if a traceroute ends there then obviously SOMETHING at that location is involved, knowingly or not.
A search warrant leading to a malware infected machine is acceptable in my eyes. Again, tying traffic to a location is fine, as long as the correlation ends at the computer that originally appears to be the source of the traffic (even if it ultimately isn't) is all that is targeted until evidence can determine the individual behind it.
> A search warrant leading to a malware infected machine is acceptable in my eyes.
Search warrant for what? All TCP/IP enabled devices? Or the router? An IP address doesn't even uniquely identify a single device.
(Also given how search warrants are executed in the US and how long they can seize these devices for, I don't know if I'd say it's "acceptable". I'm in favour of setting the bar high to protect the innocent.)
You can usually only narrow it down by getting the ISP to give up the person using an IP address at a given point in time which may itself require a warrant. Police are frequently failing to do even this.
> IP address information was designed to route traffic on the Internet, not serve as an identifier for other purposes.
I think you're going to have a hard time here convincing a jury or judge with this argument. In general LOE isn't concerned with the intentional of what an IP address was meant for. At least with today's ISP an IP address can be a reasonable approximation of a person or persons.
It is not a reasonable approximation of a person or persons. That's the point.
An IP address is merely an end point to some internet traffic. There's a nearly infinite number of reasons why traffic could originate from an IP that was not initiated by the current responsible party. Anything from hacked machines to clever redirects to shared IPs to just plain network trickery.
It is so ambiguous at this point that you can't even make an analogy that it is like a home housing a dozen people. Because even in that situation it just means there's n more devices that could've been hacked and they've shared their wifi with n more guests.
An IP address by itself should never be used for anything but starting an investigation. For a warrant it had better be surrounded by corroborating evidence.
I totally agree with you in principle. However, ultimately the EFF is the one making the argument and I don't personally believe it's going to convince a judge and a jury.
And it's important to sometimes be skeptical, because if they use this argument in a trial and lose then it sets a precedent that can be used in future cases.
And the prosecuting attorneys have plenty of examples where IPs successfully led directly to the perpetrator of a crime. Think of all of the people who have been arrested and prosecuted for online crimes and took a plea bargain.
It's a very uphill battle. I wish the EFF all of the best luck (I myself am a contributor and believer), but I don't think they're going to make much progress with this one.
It is perfectly logical to say that if there was an assault on a college campus and that the victim said the perp is an "Asian male", for the police to not prioritize the questioning of all non-Asians in the area. And if the report was made within minutes of the incident and the suspect is on foot, it may be justifiable to target the 5 Asian males loitering around rather than the 95 people of other demographics. What logical person would argue otherwise?
But the problem creep comes in the many, many cases when police don't have a threshold for how long and wide that demographic descriptor should be used. Within 1000 feet of the reported attack? A mile? Why not 2 miles? And why not 2 days or even 2 weeks after the incident, just to be safe?
The main difference in the ISP/IP metaphor is that in the digital world, it's possible to imagine search-and-question tactics that aren't time-consuming for the police or for the suspect. Hell, the suspect might not even know their internet-records were under any suspicion. OTOH, there are definitely real-world places in which for the police (and their community and most specifically the politicians), hand-cuffing and patting someone down has been so streamlined and accepted by the powers-that-be that it isn't a bother for them (the police) either.
edit: To clarify, I don't mean to get in the very wide debate on racial profiling, etc. But when I worked at a newspaper, we had a policy to not mention race unless the police could provide 4 or 5 other identifiers. That led to readers cussing us out because, they'd argue, knowing that the suspect was black is better than nothing. My point here is that sometimes, nothing is not always better than something, and that is most explicitly clear when it comes to broad IP range searches.