Hello,
My name is Daniel Boyd and I am a Police Detective with the Petaluma Police Department in California.
I am conducting an investigation into a bomb threat at a local high school. The threat came in via STOP IT, which is an anonymous reporting app the school uses to report bullying and things of that nature.
A search warrant was served on STOP IT to discover the IP address of the person who made the threat. The address came back to company called Nuclear Fallout or NFO Servers. They were served with a search warrant and provided the email address of [Redacted] as the customers email address associated with the IP address. We reached out to [Redacted] and he advised “Although this server is associated with his NFO Servers account, it is actually entirely managed by the Courvix Network” Would there be a way to trace back the IP Address associated with the STOP IT tip to an actual person? Or would there be a way you could provide us with individuals who use the Courvix service in our area so we can narrow down who may have sent the bomb threat?
I have included the IP address , it is “74.91.113.23 Login on 09/29/2021 at 05:40 PM PST”
Please find my contact information below (desk).
Thank you in advance.
Detective Daniel Boyd
Petaluma Police Department
969 Petaluma Boulevard North
Petaluma, Ca. 94952
[Censored] (main)
[Censored] (desk)
[Censored]
Hello, thanks for contacting me.
It is true that this IP addresses is managed by our network as a VPN server. The one you specified is an IP address used to handle some of our TCP traffic for our 'Chicago 1' server.
It is impossible for us to narrow down the specific user responsible for said threat as our VPN servers do not keep any activity logs and all users share the same login authentication key. Furthermore, our log only contains connections in real time and not any historical ones.
Now, regarding your question in which you ask if we can forward you a list of individuals who use Courvix Network in your area. We believe this has the ability to put the privacy of many users at risk and this would also require starting an active data collection for all IP addresses that connect to a particular server and is something that we are unwilling to do without first having received a signed subpoena compelling us to do so.
Additionally, for any server outside of the United States, we ourselves would require a Mutual Legal Assistance request be filed for the United Kingdom, as that is where the network is managed from.
One last thing I'd like to make you aware of is our transparency policy as located on the Privacy Policy page of our website (https://wiki.courvix.com/privacy#transparency). Our policy is to publish all legal inquiries within 7 days of receipt unless otherwise forbidden by a gagging order. Should you choose to peruse a legal order for us to begin logging connection histories of our users on a particular server, we will require that we also receive a legally binding gagging order that compels us to keep the request private as we will not voluntarily do so due to the nature of this request.
Feel free to keep in contact with me as your investigation progresses. I'm happy to provide any assistance possible as it conforms to our policies, rights, and legal obligations.
Regards,
Courvix Network Administrator.
[email protected]
PGP Key: https://courvix.com/pgp.txt
Good morning, thank you for your response
I do have a few questions though. So understanding that the likelihood of obtaining any useful information from the IP address is essentially non-existent, I believe the only way would could potentially narrow down who sent the threat would be to filter through potential Courvix users in the area. Like you had said, it would definitely require a subpoena/warrant before that information would be released which is absolutely understandable. However, before I go down that road, I am curious if it would be worth it. Specifically, if you had 1,000 users in my area, it would not be reasonable for me to request that information via a warrant, but let's say if there were 5 users, that would be an easier amount of data to filter through. With all that being said, would you first be able to provide me with just the amount of user you have registered within my area without providing any other identifying information? That way I can gauge whether or not it would be worth it to follow up with a warrant. If you are willing to do that, the area I would request the number of users for would be the city of Petaluma, California 94954/94952
My other question would be about your mutual legal assistance request. This request would be for within the US, but by your response, it sounds like your server is maintained outside of the US. If I am understanding that correctly, any information request would require this form as you would need to seek the server which is in the UK?
Thank you for all of your help on this,
Detective Daniel Boyd
Petaluma Police Department
969 Petaluma Boulevard North
Petaluma, Ca. 94952
[Censored] (main)
[Censored] (desk)
[Censored]
Hello,
First of all, because the VPN servers are public and require no registration to use, we do not know beforehand where our users are from. We can only inform you of this information after the data collection has started because it would be based on the geolocation of the IP addresses, which is not always accurate. So with that in mind, we'd also need some kind of accuracy allowance. So for example, Petaluma +20 miles.
To summarize this: we don't know how many users there are from any specified location on any of our servers; we'd need to begin the collection first.
Secondly, the server in question is inside the United States; it is only us, the administrators, that are based in the UK.
Regards,
Courvix Network Administrator.
[email protected]
PGP Key: https://courvix.com/pgp.txt