Serial Killer Caught By His Own
Internet Footprint
By Peter Shinkle
St. Louis Post-Dispatch

When the FBI and police tracked down suspected serial killer Maury Troy Travis, they didn't need bloodhounds, lab tests, fingerprints or other standard tools of criminal investigations.
Instead, agents simply tapped into the wealth of information that Microsoft Corp. and other Internet companies keep on people who visit their Web sites and use their services.
The stunning breakthrough in what had seemed a difficult case underscored why such information is a valuable resource for police -- and sometimes a concern for civil libertarians.
Travis' arrest June 7 was set in motion two weeks earlier, when a Post-Dispatch reporter received an anonymous letter praising a story profiling a slain prostitute. Accompanying the letter was a map of part of West Alton, marked with an "X" to show where a body could be found.
After finding a skeleton there, authorities focused on the map, which appeared to have a come from an Internet service. Detectives found an apparent match on, according to affidavit by FBI agent Melanie Jimenez.
On May 30, Expedia told Jimenez that Microsoft, based in Redmond, Wash., provides the information for its map site.
So the FBI, using a subpoena, requested records of any maps of West Alton made between May 18, the date of the newspaper story that spurred the letter, and May 21, the postmark on the envelope. It took four days to get an answer.
On June 3, Microsoft reported back that only one computer had done it. The company said that on May 20, the computer had "zoomed in on the map of the West Alton, Missouri, area approximately 10 times in a chronological order to end with an exact match of the map" sent to the Post-Dispatch, Jimenez said in the affidavit.
But Microsoft could provide no name. Just an address that is meaningless to most people: It was the Internet Protocol address of
To translate the IP number, the FBI turned to WorldCom Inc., which provides local telephone numbers to connect Internet services to their dial-up customers. WorldCom assigns a temporary IP address to each customer for each Internet session. The question wasn't just who used, but who used it at the time in question.
The next day, on June 4, WorldCom's Internet division, UUnet, identified the user the evening of May 20 as MSN/maurytravis, Jimenez said. The MSN stands for Microsoft Network.
The FBI went back to Microsoft Network later the same day to identify the customer. It was Maury Troy Travis of Ferguson.
That was the groundwork for surveillance and, on June 7, an arrest and search warrant that authorities said helped solidify the case with DNA and tire tread evidence linking Travis, a 36-year-old waiter, to some of the killings. He was charged with two counts of kidnapping in federal court documents that also linked him to seven murders overall. Police think he may have killed 10 or more.
On June 17, without ever admitting guilt, Travis hanged himself in jail.
Tracks left on the Web
It appeared that Travis had been unaware of the ease with which Internet use can be traced. In fact, it is that lack of awareness - coupled with the easy use of technology by law enforcement and the sheer abundance of information on the Web - that troubles civil libertarians.
"Many users are not aware of the tracks that are left behind when they surf the Web and visit various sites," said David Sobel, general counsel of the Electronic Privacy Information Center in Washington.
"Most users have an illusion of anonymity when they use the Internet, which a case like this demonstrates is not well-founded because there is quite a bit of traceability on the Internet," he said. Sobel said that is why he supports strengthening the protections already in federal law.
The Electronic Communications Privacy Act of 1986 requires federal law enforcement agencies to take various steps to obtain information from Internet companies. The law requires prosecutors to issue a subpoena or obtain a court order or a search warrant from a judge for certain types of information.
It also allows prosecutors to accept information given voluntarily by an Internet company.
Even the Department of Justice described the law as "unusually complicated" in a manual for prosecutors published last year. "Navigating through ECPA requires agents and prosecutors to apply the various classifications devised by ECPA's drafters to the facts of each case before they can figure out the proper procedure for obtaining the information sought," the manual says.
The law left unclear whether a simple subpoena could obtain an IP address or if a prosecutor needed an order signed by a judge, said Cindy Cohn, attorney for the Electronic Frontier Foundation. It is a civil liberties group based in San Francisco.
Cohn said the lack of clarity meant prosecutors did need a judge's order. But Justice Department spokesman Mark Corallo said the agency believed only a subpoena was necessary.
The debate was resolved after the Sept. 11 attacks, when President George W. Bush signed the USA Patriot Act, giving the Justice Department new powers to fight terrorism. It provides prosecutors clear authority to obtain temporarily assigned IP addresses and other information from Internet companies through use of a subpoena.
"No check and balance"
In the Travis case, the FBI and the U.S. attorney's office in Illinois have not revealed how they obtained the information from Microsoft and WorldCom - whether by subpoena, search warrant or neither.
But Microsoft said Thursday that federal prosecutors had issued a subpoena.
Sobel said that given the strong link between the map sent to the Post-Dispatch and the crimes, there is little doubt that prosecutors were right to pursue the information and could easily have obtained a search warrant.
Even so, he said, permitting prosecutors to obtain such information through use of a subpoena - a unilateral step that does not require the oversight of a judge - is not sufficient protection for the public.
"There's no check and balance," he complained. "If law enforcement says, 'We want this information, and all we need is a subpoena,' there are not many (Internet service providers) that are going to say, 'No, you need a warrant.' There's a high level of cooperation."
Corallo, the Justice Department spokesman, declined to comment on whether a subpoena sufficiently protects privacy. "The Patriot Act was passed by bipartisan majorities of the House and Senate and it is now the law of the land," he said.
Few legal precedents
At least part of the confusion comes from the fact that the Electronic Communications Privacy Act has not been widely tested in the courts, and there are few legal precedents, Sobel said.
But one high-profile case was that of Timothy McVeigh, a sailor of no relation to the Oklahoma City bomber with the same name. McVeigh's sexual orientation was discovered when a Navy investigator asked America Online Inc. for information from McVeigh's user profile.
The Navy sought to discharge McVeigh on the grounds that he had identified himself to America Online as gay. But in 1998, a federal judge in Washington said America Online had violated McVeigh's rights under the Electronic Communications Privacy Act by releasing the information without McVeigh's permission.
The judge, Stanley Sporkin, also barred the Navy from discharging McVeigh, a highly decorated master chief petty officer. America Online also agreed to pay unspecified damages to settle a lawsuit brought by McVeigh and agreed to adopt policies aimed at protecting the privacy rights of customers.
Microsoft, which critics have often accused of failing to protect customers' privacy, warns that it may have to reveal customer information to comply with the law. Its privacy policy says, in part, "Microsoft may disclose personal information if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Microsoft or the site."
Tonya Klause, a Microsoft spokeswoman, said the FBI had a subpoena for the information that identified Travis.
Microsoft does not sell such information or share it with business partners, Klause said. Asked how long the company retains data on an individual's use of Expedia's mapping site, Klause said in a written reply only "a very short time period."
WorldCom spokeswoman Sudie Nolan said, "WorldCom makes every effort to assist law enforcement agencies, but always subject to the appropriate legal processes."
Nolan said WorldCom does not reveal how long it retains information identifying the IP addresses used by computer users. WorldCom does not sell the IP address information, she said.
Nicolas Terry, a professor at St. Louis University School of Law, says he is less concerned about prosecutors' access to Internet data than about what Internet companies are doing with the data they collect.
He said other developed countries had online privacy laws that were more stringent than those in the United States. For instance, the European Union passed a law in 1995 that permits Internet companies to use information given to them only for the purpose intended when a consumer first gives the information.
"What is to stop a Web site from collecting information about the maps we access - and anything else we do online - and selling it to other persons," Terry asked. "That is what is going on much more than catching serial killers."
= = = =
Sources: FBI, Microsoft Corp., The Computer Glossary
The IP address, written as four numbers separated by periods, identifies a particular computer's location on the Internet. Computers linked to a network through a fixed connection typically have a permanent address, while computers that dial over a telephone line to reach the internet are assigned an IP address for each session.
65 . 227 . 106 . 78
(First set of numbers ex. 65:) Identifies network to which a computer belongs
(Rest of numbers: ex. 227.106.78) Identifies the actual computer on that network
A map downloaded from the Internet led the FBI to suspected serial killer Maury Troy Travis.
MAY 20: Someone dials up MSN and downloads a map from The map is mailed to the Post-Dispatch.
MAY 24: The Post-Dispatch gives the Illinois state police the map and letter. They identify the map as from
MAY 30: informs the FBI that records of access to the map can be obtained through Microsoft Corp.
JUNE 3: Microsoft tells the FBI that only one computer downloaded a map of the area during the time in question. Microsoft provides the IP address of that computer.
JUNE 4: The FBI asks WorldCom Inc. to identify the user name for the computer assigned the IP address on May 20. WorldCom provides the user name MSN/maurytravis.
JUNE 4: The FBI asks Microsoft for the account information on MSN/maurytravis. Microsoft provides the name Maury Travis along with his address and phone number.
JUNE 7: After round-the-clock surveillance reveals that Travis lives at the house, he is arrested.
Reporter Peter Shinkle:


This Site Served by TheHostPros