Slashdot Mirror

← Back to Stories (view on slashdot.org)

Judge Rules IP Addresses Not "Personally Identifiable"

Posted by Soulskill on from the what-about-the-ip-on-the-chip-in-my-head dept.

yuna49 writes "Online Media Daily reports that a federal judge in Seattle has held that IP addresses are not personal information. 'In order for "personally identifiable information" to be personally identifiable, it must identify a person. But an IP address identifies a computer,' US District Court Judge Richard Jones said in a written decision. Jones issued the ruling in the context of a class-action lawsuit brought by consumers against Microsoft stemming from an update that automatically installed new anti-piracy software. In that case, which dates back to 2006, consumers alleged that Microsoft violated its user agreement by collecting IP addresses in the course of the updates. This ruling flatly contradicts a recent EU decision to the contrary, as well as other cases in the US. Its potential relevance to the RIAA suits should be obvious to anyone who reads Slashdot."

21 of 436 comments (clear)

  1. Yup by FredFredrickson · · Score: 5, Insightful

    So on one end of the stick, you've got privacy advocates who hate Microsoft, who are thinking that collecting our IP addresses is wrong and violates our privacy.

    There's more to it, though. Any sys admin could explain... Imagine trying to have a conversation with somebody by mail. They couldn't respond if they didn't take note of the return address, no? Fact of the matter is, for strictly technical reasons, use of the IP address is required.

    But... For statistical and anti-abuse reasons, a log of IP addresses is kept (on any server, really). But don't get all pissy at microsoft for doing so. I mean, almost every site on the net keeps an http log, it's the default setting! The fact is, if you don't want them knowing who you are- I've got an idea- don't contact their servers.

    You have a reasonable right to privacy, but you lose that right when you're in public. You don't get to get pissy when a store's security cameras capture your image. I rarely hear anybody complain about other people seeing you while you're at the grocery store. But the fact is: these small dings in privacy are neccessary to operate. You don't need to go in public. And you don't need to connect to somebody's server.

    Now the real problem TM
    An IP address DOES identify a computer- but not the way the judge thinks. My IP address identifies my router, which in turn owns 5 to 6 computers. With the wireless open, it could refer to the whole neighborhood, for all I know/care. They need to revise, an IP address identifies a NETWORK, but not neccessarily conclusively any particular computer.

    So there's another level there. Not only is an IP address not good for identifying a person, but it's rather useless to discover a particular computer either. (Now, there are cookies and other tracking mechanisms, but they're not fool proof..)

    But hey, at least this is a step in the right direction. Anyway, it doesn't really matter whose computer an IP address identifies, if the feds pick up on your ip they'll just take every machine in your house anyway.

    --
    Belief? Hope? Preference?The Existential Vortex
    1. Re:Yup by sakdoctor · · Score: 4, Funny

      IPv6 addresses should be like MAC addresses for people.
      Issued at birth, and tattooed onto your ass.

      Actually I hope the RIAA aren't reading this. It will give them ideas.

    2. Re:Yup by cml4524 · · Score: 3, Insightful

      Contradict just means to take a contrary position. The multiple definitions of contrary allow for the word to be used accurately in this context, in the sense that the opinions are opposite of one another. It does not necessitate, however, that those opinions cause any sort of conflict.

      In other words, they are contradictory in the sense that they stake opposite positions, but not in the sense that one opinion will overrule or clash with the other.

    3. Re:Yup by Anonymous Coward · · Score: 4, Funny

      tattooed onto your ass

      Your butt crack can then be interpreted as the :: part in the middle of abbreviated addresses.

    4. Re:Yup by fredklein · · Score: 3, Informative

      In case of your examples that is not too hard to prove/disprove: did the person keep the computer reasonably up to date? Can't expect installing patches the minute they are released but at least within a reasonable time span. Did the person have anti-virus, anti-spyware or other security software installed, running and kept up to date? Did they read the manual that came with said wireless device before plugging it in?

      Gaddammit, I paid $200 for this 'Winders XP' thing. Now you're tellin me I gotta 'Update' my 'Patches' and thingerwhoose why whatzits?? Anti-spy ware? What am I , a secret Agent? I paid a lotta money for it! It should just work!! I shouldn't have to buy anything else! I shouldn't have to READ anything. It should work right when I plug it in!!

      (If you think I'm exaggerating, you don't work in techsupport or any kind of Customer Service).

    5. Re:Yup by zmollusc · · Score: 5, Funny

      ... but my butt crack only has one colon. :-(

      --
      They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
  2. Sure, it's not personal at all by AtomicDevice · · Score: 5, Insightful

    If this is true, I suppose addresses and license plates aren't personal either, they just identify cars and houses, it's not as though those things usually contain the same people. Or what about phone numbers, that really only identifies my phone, not me the individual. And when you stop to think about it, my email is really just a code so the mailserver knows where to put some bytes it receives, it doesn't really have anything to do with me.

    --
    Ze Atomic Device! It iz Ztolen!
    1. Re:Sure, it's not personal at all by Anonymous Coward · · Score: 3, Interesting

      I feel as though your tone is completely sarcastic, but perhaps it isn't. However, yes indeed your license plate and address are not personal information with an implicit right to privacy. They are public records. I can go to the DMV and look up your license plate to get owner information, and I can go to your local municipality and get owner information about your address. Do you get where this is going?

    2. Re:Sure, it's not personal at all by Reason58 · · Score: 5, Insightful

      A license plate, street address and phone number are both unique and tied to a specific person until the person chooses to end that connection. An IP address (dynamic) is randomly assigned to a user and then changed with little or no control from the user's end. This isn't IPv6. Everyone can't be issued a permanent address when they sign up for an ISP.

      Beyond that, you are aware that cars and the like can't be ticketed, right? If you run a red light and are caught on camera they have to be able to determine who is driving the car for it to be valid. Simply having the plate will not work. The same does not apply to IPs, however. They do not have to prove that it was actually you who committed the act, only that at one point in time you had been randomly assigned that IP.

    3. Re:Sure, it's not personal at all by wtfamidoinghere · · Score: 4, Insightful

      Addresses are not personal. They can be connected to you in some ways, but are not personal per se. For instance, when you get a bill by mail, you have the mail address AND the person name to whom the service is registered. Imagine a situation like this: gunshots are reported as being shot from address x; does that automatically implies the owner did the shooting?

      License plates and phone numbers are more or less the same. I'm sure you can come up with some examples of your own to illustrate.

      As for your email, that one is on a diferent level. With email you're supposed to have identification AND authentication. (name + password)

    4. Re:Sure, it's not personal at all by gcatullus · · Score: 5, Insightful

      Depending on state law (at least in the US) you can be ticket for certain things on the basis of license plate. You can be ticketed as the owner of the vehicle. The most obvious ticketing here would be for parking. The meter maid doesn't care who parked your car by the fire hydrant. you will still have to pay fines. This is the same principle as charging the owner of an internet account for nefarious deeds done using an IP address that was assigned to him.

    5. Re:Sure, it's not personal at all by zarmanto · · Score: 3, Informative

      I think the "it's my car, but it wasn't me" is a valid defense, and why I so loathe red light cameras and photo radar. All an investigator can say from either of these is that a specific car was captured on film.

      Quite so... and in some jurisdictions, red light cameras can be disputed very readily, specifically because of this issue. If your car is caught running a red light, and your teenage kid was the one driving the car, then the ticket can be invalidated by a very simple process: You (as in, the vehicle owner) sign a notarized affidavit stating that you were not the person driving the vehicle at the time of the traffic infraction, and you mail that back to the address indicated on the ticket that was mailed to you. The ticket is immediately dismissed without question.

      Of course, in my example above (and frankly, in most cases) the owner of the vehicle knows perfectly well who the driver of the vehicle was... so the premise behind these mailed out tickets is that the owners outrage at the person who ran through the red light is going to exceed their outrage at the system which misidentified the owner as the person who violated the law. So the number of people who avoid the fine by taking the trouble to actually get a signed affidavit is likely negligible compared to the profitability of the cameras overall.

      (Unfortunately, I can't really find a good way to relate all of that to the primary discussion about IP addresses...)

  3. A question... by geminidomino · · Score: 4, Interesting

    Could this decision be referenced to disqualify the IP as evidence when the MAFIAA goes after someone based on IP addresses they got from WhateverMediaSentryIsCalledNow?

  4. Am I the only one? by DarrenBaker · · Score: 3, Interesting

    Seems logical to me. An IP address no more identifies a person than a house address identifies one. It's tying those two together for investigative purposes that should be illegal without a warrant.

  5. Spartacus-1138 by Junior+J.+Junior+III · · Score: 4, Funny

    I am 192.168.0.1!

    No, I am 192.168.0.1!
    No, I am 192.168.0.1!
    No, I am!
    I am!

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
    1. Re:Spartacus-1138 by crimsonknave · · Score: 3, Funny

      I am 127.0.0.1!

      No, I am 127.0.0.1!

      No, I am 127.0.0.1!

      No, I am!

      I am!

      There, fixed that for you.

  6. Largely irrelevant to RIAA litigation by Grond · · Score: 5, Interesting

    It is true that an ip address identifies a computer or possibly, as another poster pointed out, a router behind which could be many computers, but that fact is largely irrelevant to file sharing litigation. The plaintiffs in those cases do not have to have ironclad evidence that it was the defendant sitting at the computer sharing the files. Instead, the plaintiffs merely have to show that it is more likely than not (aka preponderance of the evidence, 50% + 1) that it was the defendant.

    Thus, if the defendant lives at home and only rarely has guests that use his or her computer, it's very likely that a jury will accept that it is more likely than not that the defendant was the one who shared the files, not a guest or an unauthorized user of the wireless network, especially if the files are found on the defendant's hard drive. More complex situations come closer to the line, of course, but in most cases it's fairly clear who the most likely culprit was.

    But, even if the defendants live in an apartment with a communal computer or network shared equally by multiple long-term residents, all of whom use the same file-sharing user account, it is not necessarily up to the plaintiff to prove which specific defendant shared the files. A long standing rule in tort law from the case Summers v. Tice, 33 Cal.2d 80 (1948) establishes that where the plaintiff can prove that multiple defendants were negligent, the burden shifts to the defendants to prove which one actually committed the injury. It is quite possible that the file sharing case plaintiffs will be able to successfully argue that it is up to the various users of a computer to prove who actually shared the files or else they will all be jointly liable. This is especially likely if it can be shown that all of the defendants were aware of the file sharing program and the infringing nature of the files.

  7. Legal code for this by Kupfernigk · · Score: 5, Funny

    private static String getRuling(LitigationObject individual, RichLitigationObject evilCorporation) throws NYCLException {
    if(individual.sues(evilCorporation)) {
    return "IP address is not personal identification";
    } else if(evilCorporation.sues(individual) {
    return "IP address is personal information";
    } else return "Please submit amount available to donate to my election campaign";
    }

    --
    From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
  8. The IP is a lot like a license plate by istartedi · · Score: 4, Insightful

    If all they have is a picture of your license plate, that doesn't prove you were driving. We should use this ruling as precedent to get out of automated tickets when there is no clear picture of your face.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  9. And a STREET Address? by Philip+K+Dickhead · · Score: 5, Insightful

    Identifies a HOUSE!

    Not personally identifiable? Right! No reasonable analogy?

    The Judge needs a head check.

     

    --
    "Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
  10. Couldn't this be a potentially good thing? by billlava · · Score: 3, Funny

    If the court ruled that IP addresses aren't personally identifiable, then couldn't some crafty lawyer argue that it can't be used to personally identify any defendant? I can hear the courtroom defenses now... "I didn't download and share 10 million hours of music, your honor. The computer located at 10.187.13.37 did."