The Halifax Daily News
Thursday, January 9, 1997

Net users can leave trail on newsgroups

by David Rodenhiser,

When computer users log in to an Internet provider and download articles or images from newsgroups, they leave behind electronic fingerprints.

"It's not a direct record, but there is a trail that we can follow to get back and say that, on this day, at this time, you (downloaded this) article", Curtis Wambolt, a network services technician with Auracom Internet Services, said yesterday.

Halifax regional police arrested 42-year-old Stuart Friedman on Tuesday for possessing child pornography, including images downloaded from Internet newsgroups. Newsgroups are electronic bulletin boards, offering articles, opinions, photos and sound bites on thousands of topics.

Police got a warrant to search Friedman's personal files at his Internet provider Chebucto Community Net on Monday. Despite an earlier statement by a Chebucto representative that a warrant would not have been required, Chebucto does have a policy that guards the privacy of clients' files.

When Internet users log in, they are assigned a unique number called an "IP address". When a user downloads a newsgroup file from a provider's computer server, the server logs that IP number. At Auracom, those records are saved for about a week, Wambolt said.

* `Could be friend'

To find out who accessed a particular file, he said, all the provider has to do is check which IP number downloaded the file at what time, and then cross-reference that IP with log-in records to see which user that IP was assigned to at that time. However, doing so will only identify the user account that downloaded the file, not the person sitting in front of the computer terminal, Wambolt added.

"I've had the police call me and they want to track it to a specific residence, or something, but we don't use caller-line ID, so we don't know for sure that it's the person who owns the account", he explained. "If they divulge their user name and password to a friend, it could be the friend."

There hasn't been great demand for such investigations, Wambolt said, and most have been initiated by Auracom itself, not police. Auracom uses the procedure to track down "spammers" - people who abuse newsgroups with huge postings of articles - and suspend their accounts. The few times police have asked for assistance have been in cases of Internet death threats and computer hacking, Wambolt said.

Auracom regional manager Cliff Thomson said his company would likely only ask to see a search warrant if police wanted to look into a client's personal e-mail file.

"We will co-operate fully with the various police agencies when requested to do so - the thought being behind that that it is not something that those agencies do on a whim, of course", Thomson said.

Chebucto Community Net spokesman John van Gurp said files are never open to police without a warrant. He said the organization heard from many users yesterday who feared their privacy could be jeopardized.

* `Packet sniffers'

Tracking which World Wide Web sites a user is accessing is much more difficult, Wambolt said. "If you just go directly out on the Net and load Web pages, we don't have any record of you viewing those pages", he said.

But there is an exception to that rule. Monitoring software called "packet sniffers" could be used to follow a particular IP number as it jumps from Web page to Web page, Wambolt said. Auracom has never used packet sniffers to monitor an individual, but it has used them to analyse "traffic patterns" of Internet usage.

Copyright © 1997 by The Halifax Daily News. All Rights Reserved. Reprinted with permission.