Federal Internet Law & Policy
An Educational Project

Forensics / Evidence / Discovery

Dont be a FOOL; The Law is Not DIY

Let's assume that one wishes to learn how to contact an author or those responsible for online content or an online site. There are a number of ways to attempt to achieve this, ranging for easy to difficult.

Encrypted Traffic

Even where traffic is encrypted, a monitor of the traffic can learn a great deal from the traffic, either from the metadata (aka transactional data) or from fingerprinting the data. Encrypted traffic can be significantly deanonymized.


Contact Us: Many sites have either "About Us" or "Contact Us" links on their website which will tell you who they are and how to contact them (don't forget to look for a copyright statement which may tell you who the owner of the content is - there may also be a DMCA statement with a point of contact for copyright concerns). This would be the easy method.


When individuals set up website or other online presences, they generally set up accounts with the host. Hosts generally like to get paid for their business and therefore their records may accurately reflect how to extract money out of the individual using their website. The problem is that Hosts may have privacy policies saying that they will not simply hand their clients information over to just anyone. except when in receipt of proper legal authority. Legal authority in a civil case may come in the form of a civil subpoena.

Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal InvestigationsPDF Computer Crime and Intellectual Property Section, Criminal Division, DOJ (2009) "In another scenario, a defendant establishes an account with an online service-such as a Web-based email service or a pornography site-and the credit card information or contact information associated with that account is used to identify the defendant and support probable cause to search computer media in the defendant's home. For example, in United States v. Kelley, 482 F.3d 1047, 1053 (9th Cir. 2007), an affidavit established probable cause through the real name and physical address associated with several America Online "screen names" used to receive child pornography. Similarly, in United States v. Terry, 522 F.3d 645, 648 (6th Cir. 2008), probable cause to search a home was established by demonstrating that an AOL email account was used to send child pornography, that the account's owner lived in that home, and that the account's owner had a computer in that home that he had used to send email through that account in the past. See also United States v. Wilder, 526 F.3d 1, 6 (1st Cir. 2008) ("it was a fair inference from his subscription to the Lust Gallery website, as described in the affidavit, that downloading and preservation in his home of images of child pornography might very well follow").Frequently, this scenario arises when investigators have discovered a child pornography website or email group and have successfully obtained its membership list. In United States v. Gourde, 440 F.3d 1065, 1070-71 (9th Cir. 2006) (en banc), the affidavit established probable cause through the defendant's membership in a known child pornography website, without independent evidence such as an IP address. Several other courts have also held that it is reasonable to infer from a defendant's voluntary membership in a child pornography website or "e-group" (a hybrid of an email discussion list and web forum) that the defendant downloaded or kept child pornography, although many of these courts pointed to corroborating evidence as well. See, e.g., United States v. Wagers, 452 F.3d 534, 539-40 (6th Cir. 2006); United States v. Shields, 458 F.3d 269, 279 (3d Cir. 2006) (membership in on-line child pornography Yahoo group, combined with "suggestive" email address of "LittleLolitaLove" supported probable cause); United States v. Martin, 426 F.3d 68, 77 (2d Cir. 2005) ("those who view are likely to download and store child pornography"); United States v. Froman, 355 F.3d 882, 890-91 (5th Cir. 2004) (considering factors of joining a group, remaining a member for a month, and using screen names "that reflect his interest in child pornography").Not all courts, however, have agreed that membership alone supports probable cause. In United States v. Coreas, 419 F.3d 151 (2d Cir. 2005), a Second Circuit panel sharply disagreed with the panel in Martin. Coreas involved an affidavit that, after false accusations were excised, contained "[s]imply" the allegation that the defendant, "by clicking a button, responded affirmatively to a three-sentence invitation . to join [a child pornography] e-group." Coreas, 419 F.3d at 156. The court held that this allegation "does not remotely satisfy Fourth Amendment standards" because "a 'person's mere propinquity to others independently suspected of criminal activity does not, without more, give rise to probable cause to search that person.'" Id. (quoting Ybarra v. Illinois, 444 U.S. 85, 91 (1979)). Similarly, in United States v. Falso, 544 F.3d 110, 121 (2d Cir. 2008), the Second Circuit held that there was no substantial basis for probable cause in a warrant that alleged only that it "appear[ed]" that the defendant "gained access or attempted to gain access" to a child pornography site."

Social Media