Swedish Court Says IP Numbers Privacy Protected

← Back to Stories (view on slashdot.org)

Swedish Court Says IP Numbers Privacy Protected

Posted by CmdrTaco on Thursday June 18, 2009 @12:49AM from the then-how-can-i-ping-you dept.

oh2 writes "The highest applicable Swedish court, Regeringsrätten, has ruled that IP numbers are protected (in Swedish) since they can be traced to individuals. This means that only government agencies are allowed to track and store IP addresses, leaving 'anti-piracy' advocates with no legal way to find possible copyright infringers." Update: 06/18 14:42 GMT by KD : The original linked article had been pulled due to factual errors and a new article has been posted (link replaced above). Here is a Google translation. The new article makes clear that the ruling does not affect the anti-piracy efforts of rights-holders.
Update: 06/18 15:08 GMT by KD : Behind the link below is a summary in English of the article sent in by the submitter, oh2.
This autumn Datainspektionen will start monitoring how the IPRED law is applied when it comes to disclosure of personal information. A recent verdict in the Regeringsrätten, Sweden's highest applicable court, has upheld Datainspektionens decision that IP addresses are to be considered personal information and therefore protected under law.

In 2005 Datainspektionen ruled that collecting and storing personal information online like copyright advocates were doing was a breach of the Swedish PUL, Personal information act, that regulates how and what kind of information that can be traced to a single individual that can be stored. The anti-piracy organizations were quickly granted an exemption though, that expired March 31st. Starting April 1st this year IPRED allows holders of copyright to apply to the courts for this information.

Datainspektionen will now monitor closely how any personal information acquired from the courts in this manner is used by copyright holders.

21 of 108 comments (clear)

bad rule by gmack · 2009-06-18 00:54 · Score: 4, Insightful

And no way for server admins to track what virus infected bots are trying to break into their systems.
This rule will hurt more than it will help.
1. Re:bad rule by jtev · 2009-06-18 01:01 · Score: 4, Insightful
  
  First thing I thought of too. That, and almost all servers already log connections by IP address. I mean, I look at /var/log/secure and what I see is a list of IP addresses that have connected to my machine, with what they have been trying to do. Someone didn't have their thinking caps on when they wrote this law.
  
  --
  That which is done from love exists beyond good and evil
2. Re:bad rule by polle404 · 2009-06-18 01:07 · Score: 5, Informative
  
  the first article has been removed, since it was wrong on several points.
  http://www.dn.se/kultur-noje/nyheter/ny-dom-paverkar-inte-ipredlagen-1.894500
  the court says: IP's are personal information, therefore you can only get this information through a court of law, and this ruling does not affect the Ipred law
  http://en.wikipedia.org/wiki/IPRED
  so a sysadm is not prohibited in managing his own network.
  
  --
  
  ~men are from earth. women are from earth. deal with it.~
3. Re:bad rule by Narpak · 2009-06-18 01:16 · Score: 4, Informative
  
  "The highest applicable Swedish court, RegeringsrÃtten, has ruled that IP numbers are protected (in Swedish) since they can be traced to individuals. This means that only government agencies are allowed to track and store IP adresses, leaving "anti-piracy" advocates with no legal way to find possible copyright infringers."
  This is pretty much the way things are, and have been, in Norway now for many years. And so far I have heard none of my friends in IT, nor anyone in the media, complain about "And no way for server admins to track what virus infected bots are trying to break into their systems."being a problem.
  
  --
  The Long Now Foundation
4. Re:bad rule by Anonymous Coward · 2009-06-18 01:23 · Score: 2, Insightful
  
  And no way for server admins to track what virus infected bots are trying to break into their systems.
  This rule will hurt more than it will help.
  Can I use that BS rule next time my system has any problems? What a load of horse .... Any compentent admin can take care of the system without knowing who did it. Yes I would like to know what little snot nosed 13yr old kid is doing the evilness but it could just as well be your grandma that got owned and doesn't know she's doing it.
  So your real statement should say, "And no way for server admins to track down WHO is trying to break into there system. This rule will hurt the accountability process more than it will help.
  I agree with the second statement, but only in so much as it will hurt accountabily, there are many sides to the IP coin. If you had to live with RIAA and MIAA being total over the top BS artists to sue some 79yr old grandmother who doesn't own a computer then you might look at this from a different perspective.
5. Re:bad rule by CarpetShark · 2009-06-18 01:26 · Score: 2, Insightful
  
  What are you talking about? People attack your servers, and you hunt them down and kill them? When people attack your server, you find the responsible network block's admins abuse address, and report the IP and the problem. If they fail to act, and you continue to see attacks from that ISP, then you report that ISP upstream. None of that requires you knowing the individual(s) involved, and rightly so, since it could be the ISP pretending to be the individuals, for instance.
  As for hurting more than helping... a swedish feminist politician recently compared (very directly, in a short post about that subject alone) file sharing to rape. Are you really saying you don't value privacy of your IP address in a world like that, considering that people have been killed in mob violence when they were mistakenly believed to be child molesters, for instance?
  Please think a little more about what you're saying. It's often said, but nonetheless true, that those who would sacrifice freedom for security deserve neither.
6. Re:bad rule by Rakshasa+Taisab · 2009-06-18 01:34 · Score: 3, Informative
  
  It's not a problem as while the agency responsible for pushing companies to secure, delete or reorganize the information they hold on individuals, they haven't really gone after web-server logs and systems used to track virus infected bots. But if you try using logs to catch filesharers, you might suddenly get in trouble. I guess we're just a bit more flexible when it comes to applying common sense.
  
  --
  - These characters were randomly selected.
Far reaching consequences by bjourne · 2009-06-18 00:55 · Score: 2, Interesting

This decision doesn't only affect anti-piracy hunters. Virtually all web companies track user ip addresses for various purposes.

--
Football Odds
1. Re:Far reaching consequences by Anonymous Coward · 2009-06-18 01:41 · Score: 2, Informative
  
  Note that it applies to IP numbers as a means to identify individuals.
  The law in question is called , loosely translated "the personal information law" and basically says that it is illegal to record data that can be tied to an individual without that individuals consent.
  If you connect to a server, your consent is implicit, and the IP address as such is fairly anonymous. But stuff like doubbleclicks cookie tracking is illegal.
No, sorry. by richie2000 · 2009-06-18 00:57 · Score: 2, Informative

There's an exception to this law in the recently enacted IPRED-law (based on an EU directive) that basically allows rightsholders to gather IP-addresses anyway.

--
Money for nothing, pix for free
1. Re:No, sorry. by L4t3r4lu5 · 2009-06-18 01:18 · Score: 3, Funny
  
  Don't you know anything about IT? "Deny" automatically overrules "Allow"
  
  From http://en.wikipedia.org/wiki/Supreme_Administrative_Court_of_Sweden
  
  ... [T]he court as an institution is independent of the Riksdag, and the government is not able to interfere with the decisions of the court.
  That's the IPRED law out the window, then.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
Article has been replaced by mattj452 · 2009-06-18 00:58 · Score: 5, Informative

The article had a lot of errors and DN has replaced it with a new article: http://www.dn.se/kultur-noje/nyheter/ny-dom-paverkar-inte-ipredlagen-1.894500 In short: They can still do what they want, but they need a permit for it.
Re:Exemption... by oh2 · 2009-06-18 01:01 · Score: 2, Informative

Yes, there was a couple of factual errors in the original article. The upside is that IP numbers ARE now regarded as personal information in Sweden, the downside is that the IPRED law is still an abomination and a major infringement on our civil rights. Even more so now, really.

--
Now the world has gone to bed, Darkness won't engulf my head, I can see by infra-red, How I hate the night.
But aren't they addresses? by LaminatorX · 2009-06-18 01:04 · Score: 2, Insightful

Isn't the whole point of a publicly routable address to trace to a specific host or gateway? I sense some significant unintended consequences here. A ton of services will have real problems if this gets enforced thoroughly.
I'm comparing this to phone numbers in my head. Even if you have an unlisted number, should it be illegal for someone to write down your number if it shows up on caller ID when you call them?
Double edged sword? by wamatt · 2009-06-18 01:08 · Score: 4, Insightful

I think overall this is a win for Copyright lobby and not the other way around.
1) Legitimises IP address being tied to account holder. IE lessens the "TOR/ Wifi Defense"
2) APB have gotten an exemption and are now allowed to track IP's.
Privacy in Sweden by Biotech9 · 2009-06-18 01:14 · Score: 3, Interesting

Sweden has some strange privacy norms. Asking what someone votes for politically is close to a serious faux pa. In fact some people I know have absolutely no idea how their parents or even partners vote. That is a very private thing. But you can look up car owners on a free and public website by registration number, you can go and check tax returns for anyone in Sweden, and see what they earn. On the other hand, religion is another area that you very much leave alone and don't ask about.
Hopefully the IP information will be considered something a little more private, and after the Pirate party did so well in the European elections maybe there is a chance that common sense will prevail and rules like IPRED will be struck down anyway.
1. Re:Privacy in Sweden by mikael_j · 2009-06-18 01:25 · Score: 5, Interesting
  
  This is thanks to something called "offentlighetsprincipen" which is basically the idea that anything related to the government (taxes, car registration, legislation, police records and so on) should be available to the public. One of the main criticism of the EU that tends to be get brought up in Sweden is actually that the EU doesn't work the same way, that there are a lot of things that are withheld from the public in the EU (or at least kept out of reach by bureaucracy and pointless paperwork).
  Personally I rather like our system, if its not explicitly classified as secret then anyone can access it.
  /Mikael
  
  --
  Greylisting is to SMTP as NAT is to IPv4
that's pretty retarded by buddyglass · 2009-06-18 01:32 · Score: 2, Interesting

So if I'm running an online forum or game of some sort, I can't drop IP-bans on offensive parties since that would constitute tracking an IP address?
I'm pretty much of the opinion that if you visit my website then you're volunteering your IP address. It's just like if you mailed me a letter or sent me an email. In either case you're supplying a return address.
1. Re:that's pretty retarded by jonwil · 2009-06-18 01:52 · Score: 3, Insightful
  
  Theres a BIG difference between an IP address (which is public information) and account details i.e. the link between an IP address and the account holder that is holding that account at the time (which should NOT be available to anyone without a valid court order or warrant)
Short summary by oh2 · 2009-06-18 01:57 · Score: 2, Informative

The original article has been pulled, new one available (In swedish) here
A short summary in english.
This autumn Datainspektionen will start monitoring how the IPRED law is applied when it comes to disclosure of personal information. A recent verdict in the RegeringsrÃtten, Swedens highest applicable court, has upheld Datainspektionens decision that IP adresses are to be considered personal information and therefore protected under law.
In 2005 Datainspektionen ruled that collecting and storing personal information online like copyright advocates were doing was a breach of the Swedish PUL, Personal information act, that regulates how and what kind of information that can be traced to a single individual that can be stored. The antipiracy organizations were quickly granted an exemption though, that expired march 31st. Starting april 1st this year IPRED allows holders of copyright to apply to the courts for this information. Datainspektionen will now monitor closely how any personal information aquired from the courts in this manner is used by copyright holders.

--
Now the world has gone to bed, Darkness won't engulf my head, I can see by infra-red, How I hate the night.
The privacy contradiction... by Glasswire · 2009-06-18 03:47 · Score: 2, Funny

Your IP lease expired by DHCP server because the DHCP server violated privacy policy. You will be asked to go to the ISPs website to "opt-in" to have that data persistnant but - whoops - you have no IP to connect with...