Posted on 08/09/2016 5:41:31 AM PDT by Auntie Mame
WICHITA, Kan. (CN) — An Internet protocol company turned a Kansas family's idyllic farm life into a "digital hell," assigning 600 million IP addresses to their property, sending police there at all hours looking for runaway children, stolen cars and pornographers, a married couple claims in court.
James and Theresa Arnold sued MaxMind on Friday in Federal Court. Maxmind, based in Waltham, Mass., provides Internet protocol intelligence and online fraud detection tools, through its GeoIP brand, the Arnolds say in the complaint.
Unfortunately, they add, "for the last 14 years, every time Maxmind's database was queried about a location in the United States it could not identify, it sent the inquiry the plaintiffs' address. There are now over 600 million IP addresses associated with the plaintiffs' leasehold. Over 5,000 companies draw information from MaxMind's database."
The trouble began the week the Arnolds rented their home in May 2011, and they had no idea why police and sheriff's officers showed up "countless times over the next 5 years" until a tech magazine reporter figured it out.
"They loved the home as it was out in the country, and the landlord gave the Arnolds and their two boys permission to hunt and fish on the surrounding 623 acres," the family says.
But the week they moved in, two Butler County sheriff's deputies came to the house looking for a stolen truck.
"This scenario repeated itself countless times over the next 5 years. The plaintiffs were repeatedly awakened from their sleep or disturbed from their daily activities by local, state or federal officials looking for a runaway child or a missing person, or evidence of a computer fraud, or call of an attempted suicide. Law enforcement officials came to the residence all hours of the day or night.
"Private individuals also sought out the plaintiffs' address. Angry business owners claimed that someone at the residence was sending their businesses thousands of emails and clogging their computer systems."
In 2013, the Butler County Sheriff's Department ran a background check on the Arnolds "because of all the activity taking place at the residence," and told them an LDNS server (local domain name server) was on their property.
There was no such thing, the Arnolds say, but that didn't stop law enforcement agencies from getting "weekly reports about fraud, scams, stolen Facebook accounts, missing person reports, suicide threats from the VA [Veterans Administration] that appeared to come from the address and stolen vehicles all related to the residence. Each incident brought law enforcement to the residence — at all hours of the night and day."
"Threats began to be made against the plaintiffs by individuals who were convinced that the perpetrator of internet scamming lived at the residence. State investigators — convinced that the plaintiffs had been involved in an identity theft — came to the residence to take pictures of assets."
Angry people trespassed; law enforcement showed up "at all hours of the night and day: [looking for] stolen cars, fraud related to tax returns and Bitcoin, stolen credit cards, suicide calls, private investigators, stolen social media accounts, fundraising events, and numerous other events."
After five years of this digitally inspired hell, Fusion.net reporter Kashmir Hill figured it out, in an April 10 article, "How an Internet Mapping Glitch Turned a Random Kansas Farm into a Digital Hell."
She traced the problem to MaxMind and GeoIP.
Internet Protocol (IP) is a unique identifier assigned to a computer or computer network. It plays an essential role in computers communicating with each other. But IP mapping is not an exact science. At its most precise, it can be mapped to a house. Or, the Arnolds say, 600 million accounts can be dumped on an unsuspecting family.
A spokesman for MaxMind said the company policy does not comment on pending litigation.
Among the false reports the Arnolds say they suffered, were that they were forcing girls to make pornography at their home, "email and website hacking, stealing identities, property crimes and subjecting others to electronic or physical harassment and cyber crimes."
When the Arnolds finally figured it out and informed MaxMind, the company changed its default location to "the middle of a lake somewhere," their attorney Randall Rathbun told Courthouse News.
"The problem is, it's still on 600 million computers out there," Rathbun said. "Once you run an address and find all this horrible stuff, it's not like it's just going to disappear. Once you have a footprint on the Internet, you're stuck."
The Arnolds seek punitive damages for reckless and grossly negligent conduct, emotional distress, fear for their safety and humiliation.
Rathbun is with Depew, Gillen, Rathbun & McInteer, in Wichita.
In her article in Fusion.net, Hill wrote that the occupants of the property "have been treated like criminals for a decade. And until I called them this week, they had no idea why."
I'm curious too.
Why didn’t they move? With those accusations being flung at their property, it’s a miracle they weren’t both thrown in the klink, their kids taken away, their computers all confiscated, and their life savings drained defending themselves.
I know we wouldn’t have stayed after the fourth or fifth incident.
A confusing article that keeps talking about IP addresses, which I don't think is the problem as most home users have a floating IP address assigned by the service provider (Comcast or whoever). It sounds more like the issue was that MaxMind geolocated to this couple's farm for any failed search. My guess is that being in Kansas, this farm's geo coordinates are some sort of mid-point in the U.S.
A beautiful example of a bit of bad coding leading to disastrous real-world results.
“the company changed its default location to “the middle of a lake somewhere,” “ Wait - why wouldn’t they put in their actual address where the server is instead of the middle of a lake? Isn’t this how the problem started in the first place? Why are they trying to hide their address?
It’s not the IP address, it’s the address listed on the IP domain registration. These folks deserve serious restitution. The company’s actions border on criminal negligence. Assigning a real address as the default for registrants? Who does that?
If it’s on the computer, it must be true. So thinks the ordinary idiot. The level of credibility given to online systems is extraordinary, and unwarranted.
Once erroneous data is entered into a system, it’s all over folks. Good luck trying to get it changed. You are just an innocent victim of stupid idiots designing systems that do not provide a means of correcting errors.
Yesterday I was trying to configure my cell phone for google talk. Once all was said and done, It was discovered that my phone company doesn’t like to work with google talk. During that process of discovery, I also learned that Google talk is routed through....would you believe....Washington, DC.
I wonder why that is?????
Default values are not your friend.
...IP mapping isn’t an exact science. At its most precise, an IP address can be mapped to a house. (You can try to map your own IP address here.) At its least precise, it can be mapped only to a country. In order to deal with that imprecision, MaxMind decided to set default locations at the city, state and country level for when it knows only roughly where the IP address lives. If it knows only that an IP address is somewhere in the U.S., and can’t figure out anything more about where it is, it will point to the center of the country.In fairness, when they set first this up in 2002, nobody dreamed that geolocation IP addresses would be used to track down criminals.As any geography nerd knows, the precise center of the United States is in northern Kansas, near the Nebraska border. Technically, the latitudinal and longitudinal coordinates of the center spot are 39°50′N 98°35′W. In digital maps, that number is an ugly one: 39.8333333,-98.585522. So back in 2002, when MaxMind was first choosing the default point on its digital map for the center of the U.S., it decided to clean up the measurements and go with a simpler, nearby latitude and longitude: 38°N 97°W or 38.0000,-97.0000.
As a result, for the last 14 years, every time MaxMind’s database has been queried about the location of an IP address in the United States it can’t identify, it has spit out the default location of a spot two hours away from the geographic center of the country. This happens a lot: 5,000 companies rely on MaxMind’s IP mapping information, and in all, there are now over 600 million IP addresses associated with that default coordinate. If any of those IP addresses are used by a scammer, or a computer thief, or a suicidal person contacting a help line, MaxMind’s database places them at the same spot: 38.0000,-97.0000.
Do you think you could have sold the house? I would imagine they would be sued for not disclosing this unwanted feature about a home.
I don’t understand why the police would keep going to the house...after a few false alarms, you’d think they would figure out something was screwed up.
In 2013, the Butler County Sheriff’s Department ran a background check on the Arnolds “because of all the activity taking place at the residence,” and told them an LDNS server (local domain name server) was on their property.
There was no such thing, the Arnolds say, but that didn’t stop law enforcement agencies from getting “weekly reports about fraud, scams, stolen Facebook accounts, missing person reports, suicide threats from the VA [Veterans Administration] that appeared to come from the address and stolen vehicles all related to the residence. Each incident brought law enforcement to the residence — at all hours of the night and day.”
And EVERY LAST ONE of them should be immediately FIRED FOR BEING STUPID!!!
She could just be tired and stressed.
No way.
1) Police follow procedures. Procedures are there so that police officers don't have to think, and also so they have something to cover their rear ends. When the procedures says to investigate any and all complaints, you do so, even if it's to the same address where 5000 other false complaints were already registered.
2) Your average police officer really isn't that smart, either. Critical and independent thinking are considered bad traits in police officers, which is why many departments use IQ testing (even if under some other name) to weed out applicants who are too intelligent, since they believe they'll get bored with the work and quit.
I understand what you’re saying, but although I generically referred to them as ‘police’, it appears these people live in the middle of nowhere, and a county sheriff deputy would be making the call. Rural sheriff’s departments seem to be infused with more common sense than large police departments.
I’d just think that at some point, after numerous long trips to this house, they would figure out these were false alarms.
If you fired every stupid LEO, there would be very few employed LEOs. And, surely, no democrat LEOs. That’s racist.
To understand what happened to the Taylor farm, you have to know a little bit about how digital cartography works in the modern era—in particular, a form of location service known as “IP mapping.”
IP refers to an Internet Protocol address, which is a unique identifier assigned to a computer or a computer network. IP addresses play an essential role in computers talking to each other, and every internet-connected device needs one. The device you’re using to read this article has an IP address, and when you visited this site, our servers wrote it down. So we now have a record that someone using that particular IP address read this story in our server logs. Sometimes, through some sophisticated sleuthing, you can find out more information about a specific IP address—for example, whether it’s been associated with a malicious device, or where in the world it’s located.
The trouble for the Taylor farm started in 2002, when a Massachusetts-based digital mapping company called MaxMind decided it wanted to provide “IP intelligence” to companies who wanted to know the geographic location of a computer to, for example, show the person using it relevant ads or to send the person a warning letter if they were pirating music or movies.
There are lots of different ways a company like MaxMind can try to figure out where an IP address is located. It can “war-drive,” sending cars around the U.S. looking for open wifi networks, getting those networks’ IP addresses, and recording their physical locations. It can gather information via apps on smartphones that note the GPS coordinates of the phone when it takes on a new IP address. It can look at which company owns an IP address, and then make an assumption that the IP address is linked to that company’s office.
But IP mapping isn’t an exact science. At its most precise, an IP address can be mapped to a house. (You can try to map your own IP address here.) At its least precise, it can be mapped only to a country. In order to deal with that imprecision, MaxMind decided to set default locations at the city, state and country level for when it knows only roughly where the IP address lives. If it knows only that an IP address is somewhere in the U.S., and can’t figure out anything more about where it is, it will point to the center of the country.
Or in simple terms, a glitch in the IP mapping tools that defaulted, incorrectly, to their physical address.
That’s mentioned by another victim in the article...disclosure laws would have made the house unsellable. Could you imagine the disclosure notice?
The one in Kansas was being rented by a family who loved the property. Renters, of course, have a lot more options than homeowners.
It’s amazing that the family and their dogs are still alive.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.