- When the FBI and police tracked down suspected serial
killer Maury Troy Travis, they didn't need bloodhounds, lab tests, fingerprints
or other standard tools of criminal investigations.
- Instead, agents simply tapped into the wealth of information
that Microsoft Corp. and other Internet companies keep on people who visit
their Web sites and use their services.
- The stunning breakthrough in what had seemed a difficult
case underscored why such information is a valuable resource for police
-- and sometimes a concern for civil libertarians.
- Travis' arrest June 7 was set in motion two weeks earlier,
when a Post-Dispatch reporter received an anonymous letter praising a story
profiling a slain prostitute. Accompanying the letter was a map of part
of West Alton, marked with an "X" to show where a body could
- After finding a skeleton there, authorities focused on
the map, which appeared to have a come from an Internet service. Detectives
found an apparent match on Expedia.com, according to affidavit by FBI agent
- On May 30, Expedia told Jimenez that Microsoft, based
in Redmond, Wash., provides the information for its map site.
- So the FBI, using a subpoena, requested records of any
maps of West Alton made between May 18, the date of the newspaper story
that spurred the letter, and May 21, the postmark on the envelope. It took
four days to get an answer.
- On June 3, Microsoft reported back that only one computer
had done it. The company said that on May 20, the computer had "zoomed
in on the map of the West Alton, Missouri, area approximately 10 times
in a chronological order to end with an exact match of the map" sent
to the Post-Dispatch, Jimenez said in the affidavit.
- But Microsoft could provide no name. Just an address
that is meaningless to most people: It was the Internet Protocol address
- To translate the IP number, the FBI turned to WorldCom
Inc., which provides local telephone numbers to connect Internet services
to their dial-up customers. WorldCom assigns a temporary IP address to
each customer for each Internet session. The question wasn't just who used
126.96.36.199, but who used it at the time in question.
- The next day, on June 4, WorldCom's Internet division,
UUnet, identified the user the evening of May 20 as MSN/maurytravis, Jimenez
said. The MSN stands for Microsoft Network.
- The FBI went back to Microsoft Network later the same
day to identify the customer. It was Maury Troy Travis of Ferguson.
- That was the groundwork for surveillance and, on June
7, an arrest and search warrant that authorities said helped solidify the
case with DNA and tire tread evidence linking Travis, a 36-year-old waiter,
to some of the killings. He was charged with two counts of kidnapping in
federal court documents that also linked him to seven murders overall.
Police think he may have killed 10 or more.
- On June 17, without ever admitting guilt, Travis hanged
himself in jail.
- Tracks left on the Web
- It appeared that Travis had been unaware of the ease
with which Internet use can be traced. In fact, it is that lack of awareness
- coupled with the easy use of technology by law enforcement and the sheer
abundance of information on the Web - that troubles civil libertarians.
- "Many users are not aware of the tracks that are
left behind when they surf the Web and visit various sites," said
David Sobel, general counsel of the Electronic Privacy Information Center
- "Most users have an illusion of anonymity when they
use the Internet, which a case like this demonstrates is not well-founded
because there is quite a bit of traceability on the Internet," he
said. Sobel said that is why he supports strengthening the protections
already in federal law.
- The Electronic Communications Privacy Act of 1986 requires
federal law enforcement agencies to take various steps to obtain information
from Internet companies. The law requires prosecutors to issue a subpoena
or obtain a court order or a search warrant from a judge for certain types
- It also allows prosecutors to accept information given
voluntarily by an Internet company.
- Even the Department of Justice described the law as "unusually
complicated" in a manual for prosecutors published last year. "Navigating
through ECPA requires agents and prosecutors to apply the various classifications
devised by ECPA's drafters to the facts of each case before they can figure
out the proper procedure for obtaining the information sought," the
- The law left unclear whether a simple subpoena could
obtain an IP address or if a prosecutor needed an order signed by a judge,
said Cindy Cohn, attorney for the Electronic Frontier Foundation. It is
a civil liberties group based in San Francisco.
- Cohn said the lack of clarity meant prosecutors did need
a judge's order. But Justice Department spokesman Mark Corallo said the
agency believed only a subpoena was necessary.
- The debate was resolved after the Sept. 11 attacks, when
President George W. Bush signed the USA Patriot Act, giving the Justice
Department new powers to fight terrorism. It provides prosecutors clear
authority to obtain temporarily assigned IP addresses and other information
from Internet companies through use of a subpoena.
- "No check and balance"
- In the Travis case, the FBI and the U.S. attorney's office
in Illinois have not revealed how they obtained the information from Microsoft
and WorldCom - whether by subpoena, search warrant or neither.
- But Microsoft said Thursday that federal prosecutors
had issued a subpoena.
- Sobel said that given the strong link between the map
sent to the Post-Dispatch and the crimes, there is little doubt that prosecutors
were right to pursue the information and could easily have obtained a search
- Even so, he said, permitting prosecutors to obtain such
information through use of a subpoena - a unilateral step that does not
require the oversight of a judge - is not sufficient protection for the
- "There's no check and balance," he complained.
"If law enforcement says, 'We want this information, and all we need
is a subpoena,' there are not many (Internet service providers) that are
going to say, 'No, you need a warrant.' There's a high level of cooperation."
- Corallo, the Justice Department spokesman, declined to
comment on whether a subpoena sufficiently protects privacy. "The
Patriot Act was passed by bipartisan majorities of the House and Senate
and it is now the law of the land," he said.
- Few legal precedents
- At least part of the confusion comes from the fact that
the Electronic Communications Privacy Act has not been widely tested in
the courts, and there are few legal precedents, Sobel said.
- But one high-profile case was that of Timothy McVeigh,
a sailor of no relation to the Oklahoma City bomber with the same name.
McVeigh's sexual orientation was discovered when a Navy investigator asked
America Online Inc. for information from McVeigh's user profile.
- The Navy sought to discharge McVeigh on the grounds that
he had identified himself to America Online as gay. But in 1998, a federal
judge in Washington said America Online had violated McVeigh's rights under
the Electronic Communications Privacy Act by releasing the information
without McVeigh's permission.
- The judge, Stanley Sporkin, also barred the Navy from
discharging McVeigh, a highly decorated master chief petty officer. America
Online also agreed to pay unspecified damages to settle a lawsuit brought
by McVeigh and agreed to adopt policies aimed at protecting the privacy
rights of customers.
- Microsoft, which critics have often accused of failing
to protect customers' privacy, warns that it may have to reveal customer
may disclose personal information if required to do so by law or in the
good faith belief that such action is necessary to: (a) conform to the
edicts of the law or comply with legal process served on Microsoft or the
- Tonya Klause, a Microsoft spokeswoman, said the FBI had
a subpoena for the information that identified Travis.
- Microsoft does not sell such information or share it
with business partners, Klause said. Asked how long the company retains
data on an individual's use of Expedia's mapping site, Klause said in a
written reply only "a very short time period."
- WorldCom spokeswoman Sudie Nolan said, "WorldCom
makes every effort to assist law enforcement agencies, but always subject
to the appropriate legal processes."
- Nolan said WorldCom does not reveal how long it retains
information identifying the IP addresses used by computer users. WorldCom
does not sell the IP address information, she said.
- Nicolas Terry, a professor at St. Louis University School
of Law, says he is less concerned about prosecutors' access to Internet
data than about what Internet companies are doing with the data they collect.
- He said other developed countries had online privacy
laws that were more stringent than those in the United States. For instance,
the European Union passed a law in 1995 that permits Internet companies
to use information given to them only for the purpose intended when a consumer
first gives the information.
- "What is to stop a Web site from collecting information
about the maps we access - and anything else we do online - and selling
it to other persons," Terry asked. "That is what is going on
much more than catching serial killers."
- = = = =
- WHAT IS AN IP ADDRESS?
- Sources: FBI, Microsoft Corp., The Computer Glossary
- The IP address, written as four numbers separated by
periods, identifies a particular computer's location on the Internet. Computers
linked to a network through a fixed connection typically have a permanent
address, while computers that dial over a telephone line to reach the internet
are assigned an IP address for each session.
- THE MATCHING IP ADDRESS
- 65 . 227 . 106 . 78
- (First set of numbers ex. 65:) Identifies network to
which a computer belongs
- (Rest of numbers: ex. 227.106.78) Identifies the actual
computer on that network
- A map downloaded from the Internet led the FBI to suspected
serial killer Maury Troy Travis.
- 1. THE DOWNLOAD
- MAY 20: Someone dials up MSN and downloads a map from
Expedia.com. The map is mailed to the Post-Dispatch.
- 2. INVESTIGATION BEGINS
- MAY 24: The Post-Dispatch gives the Illinois state police
the map and letter. They identify the map as from Expedia.com.
- 3. THE FBI GETS INVOLVED
- MAY 30: Expedia.com informs the FBI that records of access
to the map can be obtained through Microsoft Corp.
- 4. THE IP ADDRESS
- JUNE 3: Microsoft tells the FBI that only one computer
downloaded a map of the area during the time in question. Microsoft provides
the IP address of that computer.
- 5. THE USER NAME
- JUNE 4: The FBI asks WorldCom Inc. to identify the user
name for the computer assigned the IP address on May 20. WorldCom provides
the user name MSN/maurytravis.
- 6. THE INFORMATION
- JUNE 4: The FBI asks Microsoft for the account information
on MSN/maurytravis. Microsoft provides the name Maury Travis along with
his address and phone number.
- 7. THE ARREST
- JUNE 7: After round-the-clock surveillance reveals that
Travis lives at the house, he is arrested.
- Reporter Peter Shinkle: