Slashdot Mirror
Judge Rules IP Addresses Not "Personally Identifiable"
yuna49 writes "Online Media Daily reports that a federal judge in Seattle has held that IP addresses are not personal information. 'In order for "personally identifiable information" to be personally identifiable, it must identify a person. But an IP address identifies a computer,' US District Court Judge Richard Jones said in a written decision. Jones issued the ruling in the context of a class-action lawsuit brought by consumers against Microsoft stemming from an update that automatically installed new anti-piracy software. In that case, which dates back to 2006, consumers alleged that Microsoft violated its user agreement by collecting IP addresses in the course of the updates. This ruling flatly contradicts a recent EU decision to the contrary, as well as other cases in the US. Its potential relevance to the RIAA suits should be obvious to anyone who reads Slashdot."
So on one end of the stick, you've got privacy advocates who hate Microsoft, who are thinking that collecting our IP addresses is wrong and violates our privacy.
There's more to it, though. Any sys admin could explain... Imagine trying to have a conversation with somebody by mail. They couldn't respond if they didn't take note of the return address, no? Fact of the matter is, for strictly technical reasons, use of the IP address is required.
But... For statistical and anti-abuse reasons, a log of IP addresses is kept (on any server, really). But don't get all pissy at microsoft for doing so. I mean, almost every site on the net keeps an http log, it's the default setting! The fact is, if you don't want them knowing who you are- I've got an idea- don't contact their servers.
You have a reasonable right to privacy, but you lose that right when you're in public. You don't get to get pissy when a store's security cameras capture your image. I rarely hear anybody complain about other people seeing you while you're at the grocery store. But the fact is: these small dings in privacy are neccessary to operate. You don't need to go in public. And you don't need to connect to somebody's server.
Now the real problem TM
An IP address DOES identify a computer- but not the way the judge thinks. My IP address identifies my router, which in turn owns 5 to 6 computers. With the wireless open, it could refer to the whole neighborhood, for all I know/care. They need to revise, an IP address identifies a NETWORK, but not neccessarily conclusively any particular computer.
So there's another level there. Not only is an IP address not good for identifying a person, but it's rather useless to discover a particular computer either. (Now, there are cookies and other tracking mechanisms, but they're not fool proof..)
But hey, at least this is a step in the right direction. Anyway, it doesn't really matter whose computer an IP address identifies, if the feds pick up on your ip they'll just take every machine in your house anyway.
Belief? Hope? Preference?The Existential Vortex
Addresses aren't personal information! They point to a house or an apartment, not a person!
If this is true, I suppose addresses and license plates aren't personal either, they just identify cars and houses, it's not as though those things usually contain the same people. Or what about phone numbers, that really only identifies my phone, not me the individual. And when you stop to think about it, my email is really just a code so the mailserver knows where to put some bytes it receives, it doesn't really have anything to do with me.
Ze Atomic Device! It iz Ztolen!
That is fine as long as they take that statement to its logical conclusion. If IP addresses cannot be used to identify people then just an IP address is insufficient to bring charges against anyone, IP addresses would in effect be useless to the mobsters of collection agents and they have no need or right to subpoena them.
Could this decision be referenced to disqualify the IP as evidence when the MAFIAA goes after someone based on IP addresses they got from WhateverMediaSentryIsCalledNow?
Now RIAA has to sue your computer if it is caught downloading tunes since you're not personally tied to it!
So, if a particular illegal or actionable activity is traced to a particular IP address, can this ruling be used to indicate:
"It wasn't me, an IP address identifies a computer, not a person, re: so-and-so vs. so-and-so"
or is that just silliness?
"Flame away, I wear asbestos underwear"
Does this ruling mean that Microsoft 'bought' the Seattle judge, to get this ruling that favors them, but didn't succeed in buying the one in Europe?
Regardless, I personally think that an IP address can't even always identify a computer (much less a person), since Internet Service Providers are known to assign different numbers to the same computer at different times, as the user connects the computer to the ISP.
A phone number identifies a phone, not a person.
A postal address identifies the location of a building, not a person.
An IP does not identify the user but it will identify that it's someone's computer doing to sharing (once you've a court order getting the User's details).
After that it's the same arguments as before: is making available sharing, can you say they weren't part of a botnet and so on and so forth. This ruling doesn't really change any of the arguments put forth by the prosecution or defendants. If anything, it cements the right of media sentry to log IP addresses sharing content on p2p networks without falling foul of privacy laws.
Identifying my computer doesn't identify me personally by inference?
I'm sure this could come in handy in court eventually.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Would the judge be ok if his license plate number and house address get publicly posted? After all, it only identifies a car and a house, not a person!
Did you read the summery?
Its potential relevance to the RIAA suits should be obvious to anyone who reads Slashdot.
It's fine if they take that statement to its logical conclusion, if IP addresses are not identifying information then there is no need or right for the mobsters to subpoena them. It is partially true in that you may be able to say that it came from this computer, but with all the possibilties of wifi being co-opted, a misconfigured proxy server, malicious software routing requests that computer you can never be 100% sure that even the IP address is bound to that computer.
So in a sense the judge is right and no one should need to have your IP.
I suppose this only makes sense. After all, we know that an address isn't personal information - it identifies a house, not a person. Neither is a phone number, which identifies a phone. License plate numbers identify a car. In fact, one could even argue that SSN/SIN numbers identify a card or record in a government database instead of a person. Privacy solved! There is no personal information.
Alphanos
Seems logical to me. An IP address no more identifies a person than a house address identifies one. It's tying those two together for investigative purposes that should be illegal without a warrant.
Judge Jones sided with Microsoft (which most slashdotters hate), but sided with personal ambiguity - thus not being identified a "file sharer" by the MPAA/RIAA.
Sounds like a good ruling for the majority of internet users to me.
But we don't know how!
I am 192.168.0.1!
No, I am 192.168.0.1!
No, I am 192.168.0.1!
No, I am!
I am!
You see? You see? Your stupid minds! Stupid! Stupid!
While I think this could be handy in regards to avoiding the RIAA to an extent, the problem is that in the end they will hold the IP owner responsible for the content that's coming from it, not the user.
Take for example an actual server (not just P2P server). There is frequently no single person responsible for the content on that server. Whoever owns the IP, usually a company, is responsible for the content coming from that computer.
So although an IP doesn't identify a specific user/person, you are still responsible for what happens from your IP (At least, I'd assume with most providers). This means that you'd have to take reasonable steps to secure your network from outside users as in the wireless example above. So it's kind of a mixed bag in terms of future implications, the whole Network/IP/Computer/Server/User relationship is a very grey-area for legal purposes in my opinion.
Actually, no. I clicked on the link to RTFA before I finished. Having an ADD day, evidently. :)
I know, I know. I'm leaving.
the IP does not even identify a computer, as those of us with portable network cards can attest.
Comment removed based on user account deletion
If this holds up (meaning not overturned) this can hold up in other cases (not all good) such as:
1) RIAA/MPAA sueing people they tracked via IP numbers
2) Pedophiles tracked via IP numbers
3) Online harassment cases tracked via IP numbers (e.g. the mom who harassed some girl until the girl committed suicide)
4) Spammers who are tracked via IP numbers
There are other cases this would effect but basically anything where they link someone via an IP number would be invalidated. I agree with the judge that an IP is not personally identifiable information (my g/f uses my laptop more then i do...which uses my home network...if she does something illegal it does not mean *I* did it or am remotely responsible for what she did.) It's a tricky situation so hopefully the judge wrote a thoughtful brief.
I do not support "The Man". I also do not support your irrational stupidity
It is true that an ip address identifies a computer or possibly, as another poster pointed out, a router behind which could be many computers, but that fact is largely irrelevant to file sharing litigation. The plaintiffs in those cases do not have to have ironclad evidence that it was the defendant sitting at the computer sharing the files. Instead, the plaintiffs merely have to show that it is more likely than not (aka preponderance of the evidence, 50% + 1) that it was the defendant.
Thus, if the defendant lives at home and only rarely has guests that use his or her computer, it's very likely that a jury will accept that it is more likely than not that the defendant was the one who shared the files, not a guest or an unauthorized user of the wireless network, especially if the files are found on the defendant's hard drive. More complex situations come closer to the line, of course, but in most cases it's fairly clear who the most likely culprit was.
But, even if the defendants live in an apartment with a communal computer or network shared equally by multiple long-term residents, all of whom use the same file-sharing user account, it is not necessarily up to the plaintiff to prove which specific defendant shared the files. A long standing rule in tort law from the case Summers v. Tice, 33 Cal.2d 80 (1948) establishes that where the plaintiff can prove that multiple defendants were negligent, the burden shifts to the defendants to prove which one actually committed the injury. It is quite possible that the file sharing case plaintiffs will be able to successfully argue that it is up to the various users of a computer to prove who actually shared the files or else they will all be jointly liable. This is especially likely if it can be shown that all of the defendants were aware of the file sharing program and the infringing nature of the files.
private static String getRuling(LitigationObject individual, RichLitigationObject evilCorporation) throws NYCLException {
if(individual.sues(evilCorporation)) {
return "IP address is not personal identification";
} else if(evilCorporation.sues(individual) {
return "IP address is personal information";
} else return "Please submit amount available to donate to my election campaign";
}
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
If IP addresses are not "Personally Identifiable", what widely broadcast piece of information on the internet is?
If nothing, does that mean that users are generally anonymous, unless they choose to identify themself?
If yes, does that mean users have a reasonable expectation of privacy?
Think about it: according to this judge, an IP address identifies a computer (as others have pointed out, "network endpoint" would be a more correct term), not the person behind it. Although this makes it easier for the **AA to collect IP-address information, it also makes such information a lot less useful, because by itself it leaves a hole big enough to establish reasonable doubt. The IP address can establish what computer was used, but it does not prove that the defendant was the one operating the computer in that capacity. Especially in an age of botnets and malware, there's a lot of doubt here unless you can establish a stronger link, and the IP address won't help you on that score.
That leaves open the question: does this really strengthen the **AA, or does it actually hamstring their tactics? This may remain to be seen.
If all they have is a picture of your license plate, that doesn't prove you were driving. We should use this ruling as precedent to get out of automated tickets when there is no clear picture of your face.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Identifies a HOUSE!
Not personally identifiable? Right! No reasonable analogy?
The Judge needs a head check.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
If the court ruled that IP addresses aren't personally identifiable, then couldn't some crafty lawyer argue that it can't be used to personally identify any defendant? I can hear the courtroom defenses now... "I didn't download and share 10 million hours of music, your honor. The computer located at 10.187.13.37 did."
I have to say this is one of the better rulings. The judge is enlightened to know that multi-tasking computers can serve many users at once. The idea that one IP=one user is completely a windows-centric perspective, which is even less true since windows 2000 (ish, not exact).
Now this should raise the bar for RIAA and MPAA, who only collect IP addresses. Now they need to associate the activity with the user's account. Given that this information is not usually available, it is a coffin nail for those organizations.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
IP address identifies "a" computer, but not "whose" computer... For all the RIAA/ISP/etc knows the IP address could've been spoofed. Similar to dropping a letter in the mail at the post office with a forged return address. RIAA can say the letter contains pirated copyrighted material and go after the person who owns the house address listed as the return address, but that doesn't meant they got the right person.
PII is any information that can be used to identify a person, directly or indirectly. In most cases, it is information about activities such that correlations can be used to derive the activities of individuals or information about those individuals. IP addresses certainly fall into this category. PII is NOT particular data fields: it is data that can be correlated to infer information about individuals or their activities. That is the new view of PII.
Organizations often - indeed almost always - need to store PII. It is their responsibility to safeguard that information. We can't expect that they won't store it, but we can expect them to treat it as highly sensitive. That means compartmentalizing it (breaking it up so that if some is stolen it is not the whole set), encrypting it, limiting access to it, etc.
You don't get to get pissy when a store's security cameras capture your image.
This is Slashdot. Hell yes people here get upset here with any cameras that record them in public, much less a private store owned by someone else...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If an IP is suspected of criminal activity, and it can be related to only a particular network/house, the case may not be a slam dunk. However, it may well be enough to create all sorts of joy for that network/house. It's probably enough probably cause for a warrant which will then find all computer attached to that network confiscated. If they can pin the behavior to a specific machine, then anyone who had access to that machine could be under suspicion.
If you run an open WiFi site, the net could be broadened to any computer the the radius of your signal--the neighbors will love you. Even though one can make the arguement that some random car with a laptop might have parked in front of your house, and you might carry the day in court, you'll still have a lot of hassle and legal fees.
(And that doesn't include anything that might shake out from what's on those computers (child porn, etc.), discovered as a consequence of the search. For that matter, how are charges filed for such a thing on a shared computer?)
I'm not sure the RIAA would be able to get such warrants/subpoena based solely on an IP address. While it will prevent them from simply creating suits based only on IP address, at the end of the day it's just one more hoop to jump through.
At the end of the day, that's my point: while it definitely raises the bar for legal action, I'm not sure it does much more than that in practice.
Note that I'm not a lawyer--this could be 100% bunk (or more!).
but notice how the courts supported the large corporations in both cases.
I'm not sure if it is because they just support corporations (and want campaign donations in some cases- or invites to cool parties at the country club in others) or if wealthy corporations have more money so they get more (as in entire legal teams- not just one lawyer) of better (more researchers, more experts, experts willing to basically perjure themselves) which also says our "justice" system is really about money-- where a lady who pirates 24 songs is fined 1.8 million and a rich man who murders someone serves 24 days in jail.
It will be interesting to see how the justice system holds that both an I.P. address uniquely identifies a person and does not uniquely identify a person.
If you ever get on a jury, remember your right to jury nullification and remember to NOT tell any of the other juries about it (or answer the innappropriate lawyer questions designed to strike you from the jury).
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
An IP address identifies exactly one Internet node. However, that node may well be forwarding traffic to the Internet from an unspecified number of private-network nodes.
Under the established laws, is a phone number considered personal information or not?
If it's not, then this ruling makes perfect sense. If it is, then there is a double standard here.
So if my IP address isn't personally identifiable does that make my ESSN number on my cell phone also not personally identifiable?
only identifies a phone, not a person. Anybody could be carrying a phone with that number, and for all we know they've cloned the number so you'd better get your best detectives on it RIGHT NOW!
People should not fear their government. Governments should fear their people.
Comment removed based on user account deletion
Double-edge sword for big business. The RIAA in their suits try to identify individuals based on the IP addresses and such so now they will not be able to do so based on this FEDERAL court ruling.
They only identofy the "car" right? And not the person? Let's say we get the judge's car's license plate information and see if he doesn't feel that identifies him too personally or not?
I think the parallel is close enough to accurate to be effective in this case. Identify a person's possession and you identify the person as well in the process.
There, fixed that for you.
Did it bother no one else that a judge has taken it upon himself to rule something as true that is a provable fact?
What would we have done if he ruled that it does personally identify a person?
Why was a ruling even needed when this is utterly provable?
Is a judge next going to rule that gravity pulls thing towards earth? I'll admit that one seems a bit absurd, but is actually harder to prove than the fact that an IP address does not reliably identify a person. So why does the more easily proven fact get a ruling?
Question everything
My 'IP Address" is not even a real IP Address. It is owned and shared by my ISP (Comcast unfortunately) with many customers. They doll these IPs out to many customers. If Comcast has a couple of Class C groups of IP addresses then they do not have enough addresses for all their customers and equipment (HD Set top boxes are rumored to also run on IP addresses thru Comcast). Thus my address is an Internal Comcast IP address also. So the RIAA should only be able to find Comcast's outward facing IP address which Comcast would have a corresponding log that shows its' equivalency to my rented IP, which I as my home's ISP share across my network and 'rent' it to all the local computers.
So if the FBI comes and takes your house of computers. The defense attorney should be able to seize the Comcast network for the defense exhibit. That might limit ISPs desire to freely share logs with anyone.
Computers don't hack people... People hack people.
They already do - it's called a Social Security number.
Funny thing - it's personally identifiable all right... "virtually stamped" for life.
So the judge issued a fairly complex ruling. An IP is not identifiable in all cases, cue the sysadmins.
So the NEXT ruling down the pike is something like "neither is an IP wholly disconnected and may be contributory to identifiable info."
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
The RIAA reference is obvious. Also should mean if a neighbor uses my wireless AP for some kind of crime, I'm not liable.
It's like the fact that a car license plate is not personal info because it identifies a car, not the driver. That's why photoradar installations have to take mug shots for evidence of who was driving.
How am I going to read my own IPV6 address when I forget it when it's tattooed on my ass? Much better to tattoo it on the forehead or the hand
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Some people reference car license plates and the such. Perhaps, off the cuff reasoning suggesting that from experience from having to pay a photo-captured ticket from running a red light, that the license plate is 'personally identifiable'. Technically, it's not the court saying that your license plate identifies you as the driver, but rather that the license plate identifies you as responsible for your car; this is a big difference. There is a law allowing traffic violations to only need personal identification in regards to the vehicle itself (as in, the license plate), and the penalty shall rest on who it's registered too. This is why, covering your face while running a red light won't save you... and this is why it doesn't matter who drives your car through red lights downtown... and this is why, the person the vehicle is registered to is who will pay the fine.
At a minimum, 350 USD, at least in San Diego for getting photographed at a stop light, best make sure your pissed off girlfriend doesn't grab the keys to your car as she storms out.
The judge probably considered the fact that while a block of IP addresses can certainly be registered to a person, who is actually in control or representing any individual IP address may not be one in the same. In fact, scratch the in control for a moment. A spoofed connection attempt might not even be indicative of route, path or physical lines from which the connection originated; with this in mind, it wouldn't even make sense to hold responsible the person registered to the IP address, as it's not even feasible to suggest they have control. See, with the actual traffic violation, it's assumed you have the keys to your own car and that you willfully allowed the person who ran the red light to use your car; on the flip side, if your car was stolen and the suspect ran red lights with your stolen car, can you guess why you wouldn't have to pay a fine? A network administrator has no reasonable level of control over his registered network in relative to other networks, not like a person who owns a car having a reasonable amount of control in the manner of physical keys and physical access to the vehicle.
The control we are talking about, in part is inherent to the fact the car is a physical item, which carries all the laws of physics with it (it can't be in the same place as another car, depending on precise measurement it can be shown to be unique to all other cars even if off an assembly line etc). In regards to the Internet, it's just protocols, ambiguous electron patterns that are precise and exact every time. 192.168.1.1 becomes interpretations of bit patterns parsed from a set of standard fields... there is no way to isolate the message as universally unique, and having only been able to be received from any origin.
It's this inability to be unique, which obfuscates origin. If something is unique, it's origin or position is a matter of accountability. Tracing an internet connection really boils down to following what accounting is available for the physical electron flow. The connection came in on this connection, which is connected to this phone line, which opened a circuit... at the end of that circuit is a device, that opened another circuit and at the end of that is another device... and so on. It's the assumption that most connections, tasks, operations, hacks will need constant two-communications, so somewhere a reliable link can be found. So we often put a lot of faith in the reported IP in the logs as being a "real" IP address. But there are hacks, intrusion techniques that aren't two way, but simply one way... injections and such which need not phone home. Kinda like dumping bait into the river and walking away, if your objective is simply to poison the fish, it's a perfectly reasonable approach.
The point is, there's no way to personally identify a person from an IP address. And there's not enough inherent uniqueness or expected control to hold responsible whoever might be registered for an IP in some log file.
It's like talking to a mirror with a delay effect.
-
A (127.0.0.1): I am 127.0.0.1!
B (127.0.0.1): I am 127.0.0.1!
-
A (127.0.0.1): No, I am 127.0.0.1!
B (127.0.0.1): No, I am 127.0.0.1!
-
A (127.0.0.1): You wanna mess with me?!
B (127.0.0.1): You wanna mess with me?!
-
A (127.0.0.1): DO YOU?!!!!
B (127.0.0.1): DO YOU?!!!!
-
A (127.0.0.1): No...
B (127.0.0.1): No...
-
A (127.0.0.1): Ok then...
B (127.0.0.1): Ok then...
-
A (127.0.0.1): Idiot.
B (127.0.0.1): Jerk.
At best an IP address identifies a computer; and as other have said that single computer could be (i) a router, behind which there are other computers, (ii) a single computer with one OS, (iii) a single computer with multiple OS's (e.g. virtual machines), or more. Additionally, there is not necessarily a 1:1 ratio of computers to humans where the computer resides; thus, even if you can identify the computer you cannot necessarily identify the person behind it, even if you use a login - someone else could login as you and do stuff and you wouldn't know it.
So it's kind of somewhere between what RIAA wants and what the judge ruled here. RIAA wants it to identify a specific individual - not gonna happen - but it does identify more than the judge ruled. So privacy still needs to be held and IP addresses should still be considered private information, though not personally identifiable information.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
This will have no effect on RIAA cases. I believe the RIAA investigators use an IP address to identify an alleged lawbreaker, then grabs their hard drives and looks for evidence of file sharing, illegal downloads, etc. You cannot simply convict someone for illegal online activity simply because they have the same IP address as an alleged abuser. In this context, an IP address is like a license plate. Example: someone is involved in a hit-and-run. The cops track the license plate to your house and checks your car for damage.
And My Checking Account Just Describes My Money. nothing personal.....jeeze
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
"Yes, that is the computer that I use for my daily activities."
"Yes, according to what you have found, that computer was downloading copyrighted material illegally."
"I don't follow, sir. Why are you accusing me? That IP address that you found only identifies the computer. Can you prove that I told the computer to download those files?"
This will be fun. Or horrible, copyright-law-induced torture. Either way, I'm gonna sit back and watch.
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
I recall past discussions here about a movement to make IP addresses portable, in the way that phone numbers currently are. In other words, the idea would be that you would "own" an IP address, and you could use that address with any ISP you wanted. Granted, it could cause some interesting problems, but that is aside the point for the moment.
As the current system is setup, with IP4 addresses, IP addresses essentially belong to an organization - for most home users that organization is their ISP. If you switch to a different ISP you can expect a different address. However, it would seem that if we did have IP address portability, then addresses would have some relevance for identifying a user (or at least a user's computer).
So while the fans of IP address portability lost their fight years ago, they may have inadvertently won a battle for privacy.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I don't think this particular ruling would be relevant to such a case, and at any rate, you don't need this ruling to argue that.
Basically, try to think of how a murder case for a drive-by shooting would go, where a witness noted down the license plate of the car, but didn't see the shooters. The license plate can and will be used to track down the car's owner. This person and various of their associates and acquaintances will be interviewed by the police. If the police and the prosecutor think that the car owner committed the crime, they will bring charges against him, and the license plate number will be part of the evidence that the prosecution uses to make the case that the accused committed the crime. But the police will try to gather more evidence than just the license plate; they will try to establish things like motive, too.
It's not really much different with IP addresses. There's a possibility that the person who the IP address was assigned to at the moment of the crime isn't the one who actually did it. But the IP address will be used to tie that person as a suspect to the crime, obtain search warrants, confiscate computer equipment and search it. Then if a case is brought against the holder of the IP address, the IP address will be used as evidence along with other results of the investigation.
Note that the big problem with the RIAA's court cases is that they're not law enforcement, and thus, they're not really doing a lot of investigation about what the IP address holders in their complaints actually did.
Are you adequate?
I wonder if the judge would see things differently if someone planted a tracking devide on his car, to track the car.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
If a person cannot be identified solely by IP address that the RIAA cannot sue someone because copyrighted material was alleged download from an IP address.
rant
Let me first say, Fuck!, do I hate slashdot at this point. Can they make it harder to load or comment on this site than they do. Let's wait for ever for the scripting crap to load, let's watch firefox spin and do all kind of weird shit before being able to do anything, and don't consider for even a minute looking at it on your phone's web browser, I think last time I did flames started to shoot and out and I had to dowse it with my coffee. Really?, floating window!?, I really really don't need slashdot's clippy around, thank you
Sorry , back to your normal station, this is a horrible analogy
Home address, you either are moving around a lot and the address is a poor indicator of I.D. or you,
Rent: and have been credit checked, pay monthly, and tend to live at a location for years at a time. Extremely connected to you
Buy, you have a mortgage, even more connected to you.
Car, you purchased a car, probably have a loan, the car is registered with the state based on your I.D, car's Vin# , licence #, etc... If you live in a state with regular car examinations (i.e. smog checks here), this info is also periodically checked. Extremely connected to you.
IP address, if I have a static address, it is connected to me in some way. See wireless networks and NAT however for how I may be only remotely and unknowingly connected personally to whatever is going on. More often though, these are dynamic and again you may have wireless and NAT. Or I pop into a coffee shop and what address did I just get?, or I use a different network card in my notebook, or wait... I just changed the MAC address on one of the cards or.... you get the idea. As other's have mentioned, IP's only really reference a network node for a certain period of time. This could be very identifiable: static IP to a DNS'd address that's consistent for years or it could be almost completely anonymous: some various network card with a handset MAC at a coffee shop.
If you want an analogy, how about your current location? If you're at home, it might be good indicator of who you are (although it could be anyone who lives with you or is visiting), If you're some place crowded or that you've never been to before, it's a horrible indicator.
Chewbacca Defense!!!
It was Chewbacca with a wap and a netbook in the garage!
With Colonel Mustard on the side!
It is incredibly rare that a PC just "gets" botted. The user almost always does something, voluntarily, that they knew would result in other people potentially having control over their computer.
For example, I know a guy who bought a computer that came with Microsoft Windows. He connected to the Internet and turned it on, without installing Linux over it first. (This was in 2009, not 1996, so it's not like he can plausibly deny he didn't know what the consequences of his act would be.)
So, an IP address does not identify a person if it's a privacy concern about large corporations, yet can be used that way if the RIAA is involved. Sounds about right for our system of 0wned laws.
One can only guess that the Judge was bought off. Clearly his ruling contradicts reality. Collection of the IP address is collecting personally identifiable information.
In example:
1) you have a social security number.
2) by looking at that number you can't tell much about the person. You can't identify them.
3) By tying that number to something personal you can identify them, thus making it personally identifiable.
In the case of the IP address you can't see anything personal by just looking at the number, just as is the case with the SSN, but you can tell about the person if you tie it to a date and time and then look at the account information. Just like looking at the SSN in relation to the decade/year/month/day it is active and then looking at the database that identifies who the person is.
This Judge was bought because you can't make that ruling without thinking to yourself that you are defying common sense.
Saying that the IP address is not personally identifiable is like saying that the SSN isn't personally identifiable. If both are the same type of system then the judge is saying neither is, so the question then becomes: what is personally identifiable? His definition doesn't hold water. It's a circular reference.
You can lead a man with reason but you can't make him think.
I don't get this. So I should be angry that Microsoft won, but be happy that this means the RIAA will lose... What am I supposed to be, angry or happy?
You seem to be suggesting that an artist should, rather, be a pet entertainment slave for anyone who thinks that artist isn't making personal decisions in a way that someone else wants.
They already are. U.S. copyright has a compulsory mechanical licensing regime for cover versions of the latest hit single. What would be so dramatic about extending this to other classes of works that are no longer commercially exploited?
You want to dictate when and how an artist's work can be distributed, rather than leaving that up to the work's creator.
In a way, it's already not up to the author. U.S. copyright gives anyone who buys a lawfully made copy the right to resell said copy. And if it really is about control, then who would benefit from controlling the right to propagate a work if the public does not know who owns the copyright in the work? You say Sonny Bono; I say cui bono?
"RIAA can say the letter contains pirated copyrighted material and go after the person who owns the house address listed as the return address, but that doesn't meant they got the right person."
Doesn't mean they care they got the wrong person, either.
This sig is false.
Collecting home addresses should be legal because it's not personally-identifiable information. They identify real property! This should be obvious to anyone who has a brain!!!
A NYC lawyer blogs. http://www.chuangblog.com/
judge is obviously a tool.
We could make the same argument about whether the his american social security number identifies him. No it doesn't - it is only the key to data in some rows in a database of the entity which issued the number (the government). It identifies those rows, not him personally.
substitute, 'IP address' for 'social security number', and 'the ISP' for 'the government' and the statement is no less true.
sadly, from the rulings I've seen over the last few years, it seems that american judges really are stupid enough to come out with bullshit like this and actually believe it, and blind enough to not see the obvious parallels with other forms of identifying information.
An IP address DOES identify a computer- but not the way the judge thinks. My IP address identifies my router, which in turn owns 5 to 6 computers. With the wireless open, it could refer to the whole neighborhood, for all I know/care. They need to revise, an IP address identifies a NETWORK, but not neccessarily conclusively any particular computer.
You say that "an IP address does identify a computer" and then argue that it does not. It's much less confusing to just say that an IP address DOES NOT identify a computer--and it does not identify a computer, a customer, or anything other than a logical endpoint of a tcp/ip network. This is especially true when the IP address is not statically assigned. A lot of people like to think about IP addresses as accounting tools, when they are really not meant to serve as such. People also like to think that a DHCP server's logs can be used as a way to make IP addresses into accounting tools, but they would also be wrong. For example, a cable internet subscriber can usually make use of his internet connection regardless of being assigned an IP address as long as his cable modem is authorized and his computer assumes an IP address that is valid for his network segment (and isn't a duplicate of another address currently in-use). In such a case (and it does happen quite often), there would be no accountability for that subscriber to the ISP as far as IP addresses in the DHCP server logs are concerned.
+= E
I guess my address isn't personal information since it refers to a building and not a person.
If I could a range of 6 IPs and all you need to get my real name, then, yes, my IP address is peronally identifiable. You say that's not always the case and you don't know when it is? So you better not track any IP.