On December 4th I contacted the owner of the site where JKOnTheRun is hosted, Six Apart, and asked them for confirmation or denial that the post was or was not made from the IP address. After several emails and a certified letter sent to their offices, the ultimate answer was that they would not release that information without a subpoena.
At the beginning of December I contacted a lawyer to see what could be done and the recommendations were pay $200-400 to have him send a warning letter to the likely perpetrator telling him to stop the harassment or pay $2,000-3,000 each to subpoena the server logs of Comcast and/or Six Apart so that legal action could proceed against the person responsible. I wasn’t ready to spend that kind of money at the time so I continued to attempt to get positive identification in other ways.
By December 5th I hadn’t received any response to what was now two emails to email@example.com and so did some digging and obtained the phone number for their abuse department. Their normal support people won’t give that out but you can find it by doing a DNS lookup on comcast.net. I called on the evening of the 5th and left a short message about the problem I was having with one of their subscribers. On December 6th I received a phone call from Joe in the abuse department asking for more information on the problem. I sent the latest information and waited for a response. After a several more emails between me and Joe, I was assigned a ticket number and given a contact in their legal department on December 12th. I was also contacted on the 12th by a higher level abuse tech named Mike, where I was given the option of having Comcast warn off the IP user or holding off in favor of filing a harassment complaint with my local law enforcement. Mike cautioned me against having Comcast call and warn the user off as that sometimes causes people like that to raise the level of harassment even more. He also would not tell me how often their server logs are purged, saying that information was private and that I should definitely treat this issue as time sensitive. Unfortunately I took his advice and contacted the Plano Police Department (PPD) to file a harassment charge. This was unfortunate because the delay caused by going through the PPD meant that the Comcast server log entries I needed were purged by the time I found out how often that purging is done.
Along with speaking to Mike on December 12th I also called the PPD to file a complaint. By the 16th I was put in contact with the detective assigned to my case and filled him in on the situation and forwarded my summary of the investigation I had done to date. He was more than willing to help me out but was also clear that according to the law this probably wouldn’t fall under the heading of harassment since the perpetrator hadn’t called me directly, stalked me or threatened me with bodily harm. The detective was willing to go to the grand jury and try to get a subpoena for the Comcast server logs, which he expected I had be able to retrieve according to the open records act. He asked me to put a written statement together and bring it in to the station on the following Wednesday. I prepared the statement over the weekend and went in on the 21st to give it to him along with 1/3” of printed documentation I had on the problem.
On December 22nd I contacted Comcast legal to tell them that I had given a statement to the PPD and I would like to have them warn off their customer. It was at this point that I was informed that their logs are purged monthly as well as that information not being at all private. I had lost any chance of obtaining the server logs for that IP address on November 19th and 20th.
I attempted to get the PPD to send a letter to Comcast to preserve the remaining logs for the 22nd and 23rd but since the harassment happened on the 19th they weren’t willing to do this and it later turned out the grand jury wasn’t willing to issue a subpoena to Comcast or Six Apart since the perpetrator wasn’t the one sending the emails, making the phone calls to me or actively signing me up for the various subscriptions I had received. The law around here still hasn’t quite caught up with the times. I have since also found out that you cannot get subpoenaed information through the open records act unless charges are filed. Even if I had confirmation that a particular person was leased that IP address at the time the impersonation started, the police wouldn’t be able to say that a specific person was using the computer at the time and they wouldn’t issue charges. Since charges wouldn’t be issued, there would be no records available for me to request.
The phone call rate has dwindled to a trickle of one or two a week but I have received more than 3000 spam emails since November 19 and the tide hasn’t begun to turn. I know other people get more spam than this in the same period of time but up to this point I had been able to keep my rate of spam down by changing my email address a few years ago and taking great care how I release it. Now I am back to the same place I was a few years ago thanks to this person.
To date I have been signed up for the following subscriptions:
- BMG music club at home and work.
- Columbia House DVD club once at home and twice at work.
- Sprint wireless service three different times.
- My non-existent daughter Sara was signed up for Brighter Vision Learning Adventures.
- Reader Service book club.
- Black Enterprise magazine (I am white) at home and work.
- A nationwide vmail fee was tacked onto our phone bill through CoolSavings.
- ESPN magazine at home and work.
- Better Homes and Gardens at work.
- Readers Digest at work.
Scans and photos of several of these items are available here.
I have sent these all back with a note that I did not request their product and to remove me from their databases. So far all seem to have complied. Time will tell.
While the evidence appears to converge on a particular computer in Oregon, I do not have confirmation from Comcast of which of their subscribers was using the IP address on the day this all began. On the other hand based on accesses over several months from that IP address to my own web site, basic knowledge of how IP address leases are obtained and verification of my own Comcast IP usage it is very unlikely that any other person could be responsible for the impersonation and harassment. The reason for the end of accesses on the 23rd of November is most likely that the user turned off his cable modem long enough to lose his IP lease. In any case, it is an interesting set of coincidences that lead from the harassing IP address in Oregon to very specific articles in my blog, comments left in that blog and emails I have received.
If this sort of thing happens to you and you’re able to get an IP address as well as the date and time of impersonation, make sure you get the relevant ISP to reprimand their user according to the ISPs Terms of Service. Comcast at least will not look up the IP subscriber information unless they intend to penalize their subscriber, and doing this will help to preserve the log information you’ll need for final identification. I would also recommend that you simultaneously contact the IC3, FBI, the harasser’s ISP and your local law enforcement. Don’t wait for any avenue to dead end before moving to another. Get them all moving on your case as soon as possible so that the culprit is less likely to get away.
If any of you have any further recommendations on how to handle this sort of situation I would be grateful to hear from you.