Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Government Networking The Courts News Your Rights Online

Judge Rules IP Addresses Not "Personally Identifiable" 436

yuna49 writes "Online Media Daily reports that a federal judge in Seattle has held that IP addresses are not personal information. 'In order for "personally identifiable information" to be personally identifiable, it must identify a person. But an IP address identifies a computer,' US District Court Judge Richard Jones said in a written decision. Jones issued the ruling in the context of a class-action lawsuit brought by consumers against Microsoft stemming from an update that automatically installed new anti-piracy software. In that case, which dates back to 2006, consumers alleged that Microsoft violated its user agreement by collecting IP addresses in the course of the updates. This ruling flatly contradicts a recent EU decision to the contrary, as well as other cases in the US. Its potential relevance to the RIAA suits should be obvious to anyone who reads Slashdot."
This discussion has been archived. No new comments can be posted.

Judge Rules IP Addresses Not "Personally Identifiable"

Comments Filter:
  • Yup (Score:5, Insightful)

    by FredFredrickson ( 1177871 ) * on Wednesday July 08, 2009 @10:52AM (#28623365) Homepage Journal
    So on one end of the stick, you've got privacy advocates who hate Microsoft, who are thinking that collecting our IP addresses is wrong and violates our privacy.

    There's more to it, though. Any sys admin could explain... Imagine trying to have a conversation with somebody by mail. They couldn't respond if they didn't take note of the return address, no? Fact of the matter is, for strictly technical reasons, use of the IP address is required.

    But... For statistical and anti-abuse reasons, a log of IP addresses is kept (on any server, really). But don't get all pissy at microsoft for doing so. I mean, almost every site on the net keeps an http log, it's the default setting! The fact is, if you don't want them knowing who you are- I've got an idea- don't contact their servers.

    You have a reasonable right to privacy, but you lose that right when you're in public. You don't get to get pissy when a store's security cameras capture your image. I rarely hear anybody complain about other people seeing you while you're at the grocery store. But the fact is: these small dings in privacy are neccessary to operate. You don't need to go in public. And you don't need to connect to somebody's server.

    Now the real problem TM
    An IP address DOES identify a computer- but not the way the judge thinks. My IP address identifies my router, which in turn owns 5 to 6 computers. With the wireless open, it could refer to the whole neighborhood, for all I know/care. They need to revise, an IP address identifies a NETWORK, but not neccessarily conclusively any particular computer.

    So there's another level there. Not only is an IP address not good for identifying a person, but it's rather useless to discover a particular computer either. (Now, there are cookies and other tracking mechanisms, but they're not fool proof..)

    But hey, at least this is a step in the right direction. Anyway, it doesn't really matter whose computer an IP address identifies, if the feds pick up on your ip they'll just take every machine in your house anyway.
    • Re: (Score:3, Insightful)

      by Jugalator ( 259273 )

      They need to revise, an IP address identifies a NETWORK, but not neccessarily conclusively any particular computer.

      A network endpoint, yes.

      So there's another level there. Not only is an IP address not good for identifying a person, but it's rather useless to discover a particular computer either.

      I agree about this, and that's why I think the methodology RIAA is using *should* not really hold in court. They should really provide them with name and date ranges, forget about the IP addresses, it's just an Internet Protocol technicality and should be treated as such.

      • I agree about this, and that's why I think the methodology RIAA is using *should* not really hold in court. They should really provide them with name and date ranges, forget about the IP addresses, it's just an Internet Protocol technicality and should be treated as such.

        In the only case that's gone to a verdict, as far as I know, the IP address was one point of several. The IP address is useful as a tool to limit the range of people you're likely to be talking about. Combine that with other information,

    • Re:Yup (Score:5, Funny)

      by sakdoctor ( 1087155 ) on Wednesday July 08, 2009 @11:01AM (#28623499) Homepage

      IPv6 addresses should be like MAC addresses for people.
      Issued at birth, and tattooed onto your ass.

      Actually I hope the RIAA aren't reading this. It will give them ideas.

    • Re: (Score:3, Informative)

      An IP address DOES identify a computer- but not the way the judge thinks. My IP address identifies my router, which in turn owns 5 to 6 computers. With the wireless open, it could refer to the whole neighborhood, for all I know/care. They need to revise, an IP address identifies a NETWORK, but not neccessarily conclusively any particular computer.

      A router is still a computer. An IP address identifies a computer. Whether that computer has other computers connected to it, and forwards traffic from those computers using its IP address, is an entirely separate matter.

    • Re: (Score:2, Funny)

      by R0UTE ( 807673 )

      An IP address DOES identify a computer- but not the way the judge thinks. My IP address identifies my router, which in turn owns 5 to 6 computers.

      That's a kick ass router, I wish my router would get a job and buy more computers.

    • You don't get to get pissy when a store's security cameras capture your image.

      This is Slashdot. Hell yes people here get upset here with any cameras that record them in public, much less a private store owned by someone else...

      • Re: (Score:3, Insightful)

        by Volante3192 ( 953645 )

        Yes, we do get to get pissy.

        We just can't do anything about it other than choose not to shop there.

    • Now the real problem TM
      An IP address DOES identify a computer- but not the way the judge thinks. My IP address identifies my router, which in turn owns 5 to 6 computers. With the wireless open, it could refer to the whole neighborhood, for all I know/care. They need to revise, an IP address identifies a NETWORK, but not neccessarily conclusively any particular computer.

      So there's another level there. Not only is an IP address not good for identifying a person, but it's rather useless to discover a particular computer either. (Now, there are cookies and other tracking mechanisms, but they're not fool proof..)

      This sounds like a good argument for the RIAA to pressure the adoption of IPv6.

    • Re: (Score:3, Interesting)

      by hedwards ( 940851 )
      I've got mixed feelings about this. On the one hand I would consider this sort of monitoring questionable in terms of privacy issues. But on the other hand if this interpretation is upheld it represents a serious set back to the RIAA in its endeavor to bring lawsuits against alleged pirates.

      At some point there'll have to be a determination as to which is it, evidence that somebody in particular was online or not a form of identifying people. We can't have it both ways. So, all in all it's probably a good
  • Anonymous Coward (Score:2, Insightful)

    by Anonymous Coward

    Addresses aren't personal information! They point to a house or an apartment, not a person!

    • by Nutria ( 679911 )

      Addresses aren't personal information! They point to a house or an apartment, not a person!

      Correct. But (just as with IP addresses, iff ISPs store dates and times in their MAC/IP logs) it point investigators in the right direction.

  • by AtomicDevice ( 926814 ) on Wednesday July 08, 2009 @10:55AM (#28623417)
    If this is true, I suppose addresses and license plates aren't personal either, they just identify cars and houses, it's not as though those things usually contain the same people. Or what about phone numbers, that really only identifies my phone, not me the individual. And when you stop to think about it, my email is really just a code so the mailserver knows where to put some bytes it receives, it doesn't really have anything to do with me.
    • good analogy.
      • Re: (Score:3, Interesting)

        by idontgno ( 624372 )

        And the network equivalent of the "It was my car, but I wasn't driving" defense is "someone haxx0red my (system|network)". Or, maybe, the "secure my wireless network? what do you mean?" defense.

        Historically, how well has the "I wasn't driving" defense worked out?

        • the network equivalent of the "It was my car, but I wasn't driving" defense is "someone haxx0red my (system|network)".

          it seems like an an obvious defense since it's a trivial hack.
        • I think the "it's my car, but it wasn't me" is a valid defense, and why I so loathe red light cameras and photo radar. All an investigator can say from either of these is that a specific car was captured on film. The likelihood might be great that the accused was driving the car, but unless there is corroborating evidence, there's reasonable doubt.

          The same applies to an IP address. Even if you can identify via DHCP logs that the MAC address in question was given that specific IP, you're identifying a dev

          • Re: (Score:3, Informative)

            by zarmanto ( 884704 )

            I think the "it's my car, but it wasn't me" is a valid defense, and why I so loathe red light cameras and photo radar. All an investigator can say from either of these is that a specific car was captured on film.

            Quite so... and in some jurisdictions, red light cameras can be disputed very readily, specifically because of this issue. If your car is caught running a red light, and your teenage kid was the one driving the car, then the ticket can be invalidated by a very simple process: You (as in, the vehicle owner) sign a notarized affidavit stating that you were not the person driving the vehicle at the time of the traffic infraction, and you mail that back to the address indicated on the ticket that was mailed to

        • by AK Marc ( 707885 )
          Historically, how well has the "I wasn't driving" defense worked out?

          It works out great if you can identify someone else that was. If you say "I loaned my $20,000 car to a complete stranger and don't know what they did with it, but they brought it back 5 hours later fully gassed" they will think you are a liar. They apply the "reasonable man" standard, and reasonable men don't loan their car out to strangers who do not identify themselves. But Interent? I'll loan that out to a stranger without ID. Wh
        • "Historically, how well has the "I wasn't driving" defense worked out?"

          Fairly well in many of the red light and speeding camera cases. The ones where they don't/can't take a picture of the drivers face..

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      I feel as though your tone is completely sarcastic, but perhaps it isn't. However, yes indeed your license plate and address are not personal information with an implicit right to privacy. They are public records. I can go to the DMV and look up your license plate to get owner information, and I can go to your local municipality and get owner information about your address. Do you get where this is going?

    • by Reason58 ( 775044 ) on Wednesday July 08, 2009 @11:05AM (#28623581)
      A license plate, street address and phone number are both unique and tied to a specific person until the person chooses to end that connection. An IP address (dynamic) is randomly assigned to a user and then changed with little or no control from the user's end. This isn't IPv6. Everyone can't be issued a permanent address when they sign up for an ISP.

      Beyond that, you are aware that cars and the like can't be ticketed, right? If you run a red light and are caught on camera they have to be able to determine who is driving the car for it to be valid. Simply having the plate will not work. The same does not apply to IPs, however. They do not have to prove that it was actually you who committed the act, only that at one point in time you had been randomly assigned that IP.
      • by gcatullus ( 810326 ) on Wednesday July 08, 2009 @11:15AM (#28623739)

        Depending on state law (at least in the US) you can be ticket for certain things on the basis of license plate. You can be ticketed as the owner of the vehicle. The most obvious ticketing here would be for parking. The meter maid doesn't care who parked your car by the fire hydrant. you will still have to pay fines. This is the same principle as charging the owner of an internet account for nefarious deeds done using an IP address that was assigned to him.

        • I don't think that a parking ticket is a proper analogy (though I do commend you for using a car). A parking ticket doesn't go on any record, and you pay $25 or whatever the fine is and you are done.

          You IP being used as proof of identify can cost you pretty much your entire life as we have seen time and again in RIAA/MPAA cases.
      • by 0racle ( 667029 )
        I purchased a static IP, it is as unique and identifies me as much as my address and my license plate identify myself or my wife. ISP records can also correlate IP's to customers again identifying you as closely as your address identifies you.
        • by Nutria ( 679911 )

          I purchased a static IP, it is as unique and identifies me as much as my address and my license plate identify myself or my wife.

          But that's the key.

          If a cop sees a car with your license plate is used in a crime, then they'll naturally come after you. But if you and your wife have reasonable alibis, then it's reasonable to assume that the car might have been stolen (especially if there's a big gash in the steering column).

          Anyway, a static IP address identifies you as the person who's responsible for the bil

      • RICO would disagree with your argument that objects can't be charged/ticketed.

        It allows objects to commit crimes and since objects have no rights they can be seized without due process.

        Anyone could stick your address as the return address on anything they send. There's nothing physically stopping them from doing so. Also, it doesn't really matter when you stop using an address since their will still be mail sent to that address that should have been yours but is now the current occupant's. Same idea with ca

      • Beyond that, you are aware that cars and the like can't be ticketed, right? If you run a red light and are caught on camera they have to be able to determine who is driving the car for it to be valid. Simply having the plate will not work.

        Here in Texas, the owner of a car that goes through a toll booth receives a bill in the mail, and is required to pay it, regardless of who was driving the car. I'm not sure if this has been tested with a stolen car, but I know it has been with a car that was sold but not yet transferred with the state.

        • by Svartalf ( 2997 )

          That's how NTTA, HCTRA, and TxDOT is running it right at the moment, but nobody's been in a position that it would be worth the trouble to run the defense up the flagpole. It's cheaper to pay the toll in question and go on. Seriously.

          Heh... Why run the toll booth anyhow? It's cheaper to go get a pre-paid TxTag or to get a TollTag than to run the booths or do ZipCash- by about 30% now, and 45% soon...

      • This post is not true for the following reasons:
        1) Your car/license pops up on speed camera. The registered owner, the person responsible for the car, will receive a ticket in the mail. That person is being charged w/ the crime. You are also asked that if you were not the driver of the car you are responsible for, that you identify the person who was at that date/time. This is real. What you said about how you can't get ticketed is simply false. In 2004, my company, who had rented a car to me, had be

      • A license plate, street address and phone number are both unique and tied to a specific person until the person chooses to end that connection.

        That's a fair summary, and far better than uncessarily mixing in technical terms like "network endpoint" which is domain-specific.

        An IP address should more correctly be identified as a lease, or more generically, an assignment. Hardly a legal term, but it'll do for most discussions.

        A house address can, therefore, be viewed as an assignment of a given plot of land to

    • by wtfamidoinghere ( 1391517 ) on Wednesday July 08, 2009 @11:05AM (#28623597)

      Addresses are not personal. They can be connected to you in some ways, but are not personal per se. For instance, when you get a bill by mail, you have the mail address AND the person name to whom the service is registered. Imagine a situation like this: gunshots are reported as being shot from address x; does that automatically implies the owner did the shooting?

      License plates and phone numbers are more or less the same. I'm sure you can come up with some examples of your own to illustrate.

      As for your email, that one is on a diferent level. With email you're supposed to have identification AND authentication. (name + password)

    • by selven ( 1556643 )
      So license plates and addresses frequently change, often without the consent or even knowledge of the user? There are services which allow you to randomize your car's license plate every time you take a drive? Apartment buildings frequently change the numbers of the apartments inside them?
      IP addresses are much less fixed than anything that represents a physical object.
    • While that is true, I'm betting your phone number, license plate, and email address do not change on a monthly basis.

    • by moon3 ( 1530265 )
      Bad analogy. Internet is not a car. After your grandma clicks smiley that installs Trojan to serve some terrible content, virus that does spam, DOS or similar thing from your IP. Then your family might be investigated by authorities.. you will then thank that good Judge, the Jury and the God almighty for this very resolution.
    • by dilute ( 74234 )

      Yeah, I got a ticket because someone who was driving a car with my plate number went through a light and the plate was automatically photographed. Now I have an airtight defense! Whoopee!

    • I suppose addresses and license plates aren't personal either, they just identify cars and houses, it's not as though those things usually contain the same people.

      I have 6 people living at my address. Which one do you want?

      If I had a car, at least 3 of those 6 people could be driving it. Which one do you want?

    • by AK Marc ( 707885 )
      If this is true, I suppose addresses and license plates aren't personal either, they just identify cars and houses, it's not as though those things usually contain the same people.

      That's incorrect. I have filed official government documents, signed, with my name and license plate on them, identifying me as the person responsible for that car and the associated plate. It's called "vehicle registration." It's an official government document. My IP is some randomly handed out number that isn't even tied
    • license plates and addresses are not personally identifying information. They can point you to where someone is but just because a license plate or an address was involved in illegal activity does not mean the people associated with it are involved. Someone who had their car stolen (or say their network hacked) and that car (or network) was used in an illegal activity does not mean the owner of said car (or network) was complicite in the crime in anyway.

      The use of IP address is to help track someone.
  • A question... (Score:5, Interesting)

    by geminidomino ( 614729 ) * on Wednesday July 08, 2009 @10:57AM (#28623441) Journal

    Could this decision be referenced to disqualify the IP as evidence when the MAFIAA goes after someone based on IP addresses they got from WhateverMediaSentryIsCalledNow?

    • It seems like it should be a viable argument, but I doubt it will be accepted. From the news I read, it seems like somehow the judicial branch is as anti-consumer as the other branches of government.

      The thing is, I think they have this totally backward. They allow IPs as evidence of who was committing copyright infringement, but disallow the argument that IP collection is an invasion of privacy. However, an IP address is personally identifiable of the person who is paying for Internet service*** and not

      • branch is as anti-consumer as the other branches of government

        Which applies how, to pirating music and movies? "Consumers" are the people who are actually doing business with the artist (or the artist's chosen agents) in keeping with the way that the artist has offered their work up for sale/use. Someone who rips it off is not a consumer in the normal sense of that word, any more than a shoplifter is a consumer of the they stuff they rip off from a store.

        If I own a plot of land and a dead body is foun
        • by tepples ( 727027 )
          In cases of "the author's chosen agent doesn't want to take my money", who is the consumer?
    • by GigG ( 887839 )
      It could be referenced then the the RIAA would just then then make some move to find out everyone that had access to the IP address in question and go after all of them.
    • by AmiMoJo ( 196126 )

      Unfortunately it probably won't help, because the judge made an error in his judgement. He said that an IP address identifies a computer, and since a computer has an owner who can (to some extent) be held liable for what is done with it then civil cases will continue.

      An IP address only identifies a modem or router. Beyond that, there could be any number of computers, especially if wireless access is possible.

      The issue for how liable you are for things done with your PC is a bit of a grey area too. If it bec

  • So, if a particular illegal or actionable activity is traced to a particular IP address, can this ruling be used to indicate:

    "It wasn't me, an IP address identifies a computer, not a person, re: so-and-so vs. so-and-so"

    or is that just silliness?

    • Only if your case is in the same circuit that the original case w/ ruling was.

      Otherwise, you have to present your evidence, etc. When 2 circuits in a state have differing opinions, some lucky bastard gets to go to the state supreme court and present evidence there, etc. And then the state supreme court makes a ruling. Multiple state supreme courts make a ruling? Goes to district court. Multiple districts? The SCOTUS.

      IANAL, but this is how it was 'splained to me by a lawyer.

    • If I were the prosecutor, I would go after WHO is responsible for the hardware. And if they claim to not be the perpetrator, then I would require them to identify who it is (since they are responsible for their connections/hardware/etc).

      Don't mod me down for making sense... I don't like the system either...

  • Sure (Score:2, Insightful)

    by ringm000 ( 878375 )
    A vehicle registration number identifies a car, not a person.

    A phone number identifies a phone, not a person.

    A postal address identifies the location of a building, not a person.

  • I'm confused... (Score:3, Interesting)

    by clone53421 ( 1310749 ) on Wednesday July 08, 2009 @11:01AM (#28623501) Journal

    Identifying my computer doesn't identify me personally by inference?

    I'm sure this could come in handy in court eventually.

    • Re: (Score:2, Redundant)

      by The Moof ( 859402 )

      I'm sure this could come in handy in court eventually.

      It could come into play immediately with all of those P2P cases going on with the *AA groups. If an IP address isn't personally identifiable (according to the judge), how can you come after me based on that address?

  • I suppose this only makes sense. After all, we know that an address isn't personal information - it identifies a house, not a person. Neither is a phone number, which identifies a phone. License plate numbers identify a car. In fact, one could even argue that SSN/SIN numbers identify a card or record in a government database instead of a person. Privacy solved! There is no personal information.

    • by guruevi ( 827432 )

      An SSN or TIN number identifies an entity. In case of SSN that entity is a person. The SSN just gives you a serial number and that serial number is only owned by you and cannot (legally) be used by anyone else. Your birth certificate also identifies you as a person.

      A phone however identifies a location, usually the end of the line in the vicinity where the phone is (whether tethered to a hardline or not). It's your phone number because you pay for it but your mom could pick it up, or a burglar that's in you

  • Am I the only one? (Score:4, Interesting)

    by DarrenBaker ( 322210 ) on Wednesday July 08, 2009 @11:05AM (#28623595)

    Seems logical to me. An IP address no more identifies a person than a house address identifies one. It's tying those two together for investigative purposes that should be illegal without a warrant.

    • That's handy from an *IAA fighting perspective, but kind of sucks from a general privacy perspective. This ruling is in reference to the later, specifically that companies can keep track of ip addresses and essentially use it to track your movements around the net if they want to.

      When you think about it though, if the police suspect illegal activity at your address, you're probably going to be the one to get in some kind of trouble. At least questioned and detained for a while. I don't think "I leave my

    • Hahahah, yea, thats great logic, thats why drug dealers always get off when they bust a drug house.

      They take the house to jail, but leave the people that live there in the now empty lot.

      Most of the time, an IP will narrow the list of possible people to the point that with very little extra outside information it becomes clear who was using the IP at that time.

      What I want to know is why everyone is in such a big hurry to pretend an IP isn't useful for figuring out who is doing something.

      Admins have been usin

  • by Junior J. Junior III ( 192702 ) on Wednesday July 08, 2009 @11:09AM (#28623641) Homepage

    I am 192.168.0.1!

    No, I am 192.168.0.1!
    No, I am 192.168.0.1!
    No, I am!
    I am!

  • Comment removed based on user account deletion
    • Re: (Score:2, Insightful)

      by _avs_007 ( 459738 )
      IP address identifies "a" computer, but not "whose" computer... For all the RIAA/ISP/etc knows the IP address could've been spoofed. Similar to dropping a letter in the mail at the post office with a forged return address. RIAA can say the letter contains pirated copyrighted material and go after the person who owns the house address listed as the return address, but that doesn't meant they got the right person.
  • If this holds up (meaning not overturned) this can hold up in other cases (not all good) such as:
    1) RIAA/MPAA sueing people they tracked via IP numbers
    2) Pedophiles tracked via IP numbers
    3) Online harassment cases tracked via IP numbers (e.g. the mom who harassed some girl until the girl committed suicide)
    4) Spammers who are tracked via IP numbers

    There are other cases this would effect but basically anything where they link someone via an IP number would be invalidated. I agree with the judge that
    • I reject your argument solely on the basis that you post on slashdot, and therefore do not have a girlfriend.
      • I reject your argument solely on the basis that you post on slashdot, and therefore do not have a girlfriend.

        Yes I do. I even have receipts from plasticgirlfriends.com...hmm err i met her at a bar!

  • by Grond ( 15515 ) on Wednesday July 08, 2009 @11:15AM (#28623731) Homepage

    It is true that an ip address identifies a computer or possibly, as another poster pointed out, a router behind which could be many computers, but that fact is largely irrelevant to file sharing litigation. The plaintiffs in those cases do not have to have ironclad evidence that it was the defendant sitting at the computer sharing the files. Instead, the plaintiffs merely have to show that it is more likely than not (aka preponderance of the evidence, 50% + 1) that it was the defendant.

    Thus, if the defendant lives at home and only rarely has guests that use his or her computer, it's very likely that a jury will accept that it is more likely than not that the defendant was the one who shared the files, not a guest or an unauthorized user of the wireless network, especially if the files are found on the defendant's hard drive. More complex situations come closer to the line, of course, but in most cases it's fairly clear who the most likely culprit was.

    But, even if the defendants live in an apartment with a communal computer or network shared equally by multiple long-term residents, all of whom use the same file-sharing user account, it is not necessarily up to the plaintiff to prove which specific defendant shared the files. A long standing rule in tort law from the case Summers v. Tice, 33 Cal.2d 80 (1948) establishes that where the plaintiff can prove that multiple defendants were negligent, the burden shifts to the defendants to prove which one actually committed the injury. It is quite possible that the file sharing case plaintiffs will be able to successfully argue that it is up to the various users of a computer to prove who actually shared the files or else they will all be jointly liable. This is especially likely if it can be shown that all of the defendants were aware of the file sharing program and the infringing nature of the files.

    • Not that I agree with the RIAA or their shady methods... But it would be nice to see a person who claimed not to have been file sharing, to actually be directly proven to have done so, and be charged for lying in court.

      There is a difference between defending privacy and defending one's ability to escape legal process and/or 'get away with shit'. When reading on slashdot I often wonder which side people are coming from... self interest, or a sense of true right/wrong.

  • by Kupfernigk ( 1190345 ) on Wednesday July 08, 2009 @11:15AM (#28623747)
    private static String getRuling(LitigationObject individual, RichLitigationObject evilCorporation) throws NYCLException {
    if(individual.sues(evilCorporation)) {
    return "IP address is not personal identification";
    } else if(evilCorporation.sues(individual) {
    return "IP address is personal information";
    } else return "Please submit amount available to donate to my election campaign";
    }
    • Re: (Score:2, Funny)

      by Anonymous Coward

      Q: How do you make a RichLitigationObject?
      A: Inherit from a LitigationObject.

  • by Millennium ( 2451 ) on Wednesday July 08, 2009 @11:18AM (#28623779)

    Think about it: according to this judge, an IP address identifies a computer (as others have pointed out, "network endpoint" would be a more correct term), not the person behind it. Although this makes it easier for the **AA to collect IP-address information, it also makes such information a lot less useful, because by itself it leaves a hole big enough to establish reasonable doubt. The IP address can establish what computer was used, but it does not prove that the defendant was the one operating the computer in that capacity. Especially in an age of botnets and malware, there's a lot of doubt here unless you can establish a stronger link, and the IP address won't help you on that score.

    That leaves open the question: does this really strengthen the **AA, or does it actually hamstring their tactics? This may remain to be seen.

  • by istartedi ( 132515 ) on Wednesday July 08, 2009 @11:21AM (#28623861) Journal

    If all they have is a picture of your license plate, that doesn't prove you were driving. We should use this ruling as precedent to get out of automated tickets when there is no clear picture of your face.

    • All they have is a picture of a fake license plate changed to look like mine on someone else's car which is purposefully running redlight cameras.
      Golram teenagers.
    • by RevMike ( 632002 )

      If all they have is a picture of your
      license plate, that doesn't prove you were
      driving. We should use this ruling as precedent
      to get out of automated tickets when there is
      no clear picture of your face.

      In places where photo enforcement is used, the laws are generally adjusted to implicate the person who registers the vehicle, and the license plate does tie directly to the vehicle registration. Your crime is not "running a red light", it is "allowing your vehicle to be used by some unknown person to run a red light". If your car was stolen, you can defend yourself using the police report to that effect. Otherwise you are SOL.

  • by billlava ( 1270394 ) on Wednesday July 08, 2009 @11:26AM (#28623923) Homepage
    If the court ruled that IP addresses aren't personally identifiable, then couldn't some crafty lawyer argue that it can't be used to personally identify any defendant? I can hear the courtroom defenses now... "I didn't download and share 10 million hours of music, your honor. The computer located at 10.187.13.37 did."
  • I have to say this is one of the better rulings. The judge is enlightened to know that multi-tasking computers can serve many users at once. The idea that one IP=one user is completely a windows-centric perspective, which is even less true since windows 2000 (ish, not exact).

    Now this should raise the bar for RIAA and MPAA, who only collect IP addresses. Now they need to associate the activity with the user's account. Given that this information is not usually available, it is a coffin nail for those organiz

  • PII is any information that can be used to identify a person, directly or indirectly. In most cases, it is information about activities such that correlations can be used to derive the activities of individuals or information about those individuals. IP addresses certainly fall into this category. PII is NOT particular data fields: it is data that can be correlated to infer information about individuals or their activities. That is the new view of PII.

    Organizations often - indeed almost always - need to sto

  • I get the whole notion, that the best you can hope for in relating an IP to a specific entity is, most narrowly, a computer, or, more broadly, a network. I wonder what the practical effect of the ruling will be?

    If an IP is suspected of criminal activity, and it can be related to only a particular network/house, the case may not be a slam dunk. However, it may well be enough to create all sorts of joy for that network/house. It's probably enough probably cause for a warrant which will then find all compute

We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. -- Larry Wall

Working...