Sunday, November 23, 2008

Why the RCMP dumped the CHRC wifi case (70.48.181.203)

The RCMP has decided to drop its investigation of allegations that the CHRC had hacked the wifi of an Ottawan woman. The RCMP itself has made no announcement, but the woman in question was interviewed by Joseph Brean of the National Post (here):
    In a phone interview on Thursday, the woman said the RCMP told her they do not have proof her account was hacked, nor proof that it was not, and to investigate further would involve going after technical data from a website based in the United States, stormfront.org, which they said is not possible.
What does all this mean? The basic problem is that the evidence did not sustain the accusation. To review:
  1. CHRC investigator Dean Steacey logged into Stormfront.org using the handle "jadewarr" several times, including on Dec. 8, 2006, the date of the alleged wifi-hacking.
  2. One of the other times that "jadewarr" logged-in at Stormfront was on Sept. 15, 2006, when he posted the one-and-only message that this account ever posted there (you can see the screen capture of that post here). The IP used to post was 70.48.181.203 (see #4, below).
  3. After it became known that "jadewarr" was Steacey's account, however, Stormfront administrator OdinPatrick publicly outed the account (see screen captures here), declaring both the IP that was used to register jadewarr (65.93.75.6) and the "IP used to post" (70.48.181.203).
  4. Since jadewarr had only ever posted one message (see #2, above), the IP use to post (70.48.181.203, #3) must have been for the message of Sept. 15, 2006.
  5. In March 2007, Marc Lemire emailed Stormfront founder and convicted terrorist Don Black to request jadewarr's Lemire asked Black for the "email address, IP-address, hostname, and access" of the jadewarr account (see Lemire's motion, here, and Black's affidavit, here). Apparently Lemire requested this information without specifying a date.
  6. Black informed Lemire that jadewarr's IP was 70.48.181.203 (see Black's affidavit paragraph iv, here).
  7. The IP that Black reported (70.48.181.203, above, #6) was the same one that jadewarr used to post on Sept. 15, 2006 (above, #3).
  8. Given that Black does not specify a date that jadewarr had used this IP (see #5 and #6, above), he must be giving the IP used for the post of Sept. 15, not the one used to log-in on Dec. 8: the software that he was using, vBulletin, only records the IPs of posts, and not those for log-ins (here).
  9. Lemire apparently did not realize that the IP was from the wrong date. On the basis of Black's information filed a motion to subpoena Bell to provide information about the IP for Dec. 8.
  10. In a CHRT hearing of March 25, 2008, a Bell technician testified that 70.48.181.203 (which jadewarr had used on Sept. 15) was assigned to an Ottawa woman on Dec. 8, 2006, the day on which jadewarr logged into Stormfront (obviously using some other IP).
  11. Once this became known, a theory was elaborated to explain how jadewarr might have accessed 70.48.181.203 on Dec. 8, a theory that including the allegation of wifi-hacking.
So, why did the RCMP drop the investigation? Because the evidence as presented didn't sustain the allegation, and a closer look at the evidence wasn't possible given jurisdictional issues.

Other posts relevant to this controversy: