Judge Rules IP Addresses Not "Personally Identifiable" 436
yuna49 writes "Online Media Daily reports that a federal judge in Seattle has held that IP addresses are not personal information. 'In order for "personally identifiable information" to be personally identifiable, it must identify a person. But an IP address identifies a computer,' US District Court Judge Richard Jones said in a written decision. Jones issued the ruling in the context of a class-action lawsuit brought by consumers against Microsoft stemming from an update that automatically installed new anti-piracy software. In that case, which dates back to 2006, consumers alleged that Microsoft violated its user agreement by collecting IP addresses in the course of the updates. This ruling flatly contradicts a recent EU decision to the contrary, as well as other cases in the US. Its potential relevance to the RIAA suits should be obvious to anyone who reads Slashdot."
A question... (Score:5, Interesting)
Could this decision be referenced to disqualify the IP as evidence when the MAFIAA goes after someone based on IP addresses they got from WhateverMediaSentryIsCalledNow?
evidence of foul play? (Score:1, Interesting)
Regardless, I personally think that an IP address can't even always identify a computer (much less a person), since Internet Service Providers are known to assign different numbers to the same computer at different times, as the user connects the computer to the ISP.
I'm confused... (Score:3, Interesting)
Identifying my computer doesn't identify me personally by inference?
I'm sure this could come in handy in court eventually.
Re:Sure, it's not personal at all (Score:3, Interesting)
I feel as though your tone is completely sarcastic, but perhaps it isn't. However, yes indeed your license plate and address are not personal information with an implicit right to privacy. They are public records. I can go to the DMV and look up your license plate to get owner information, and I can go to your local municipality and get owner information about your address. Do you get where this is going?
Re:Sure, it's not personal at all (Score:3, Interesting)
And the network equivalent of the "It was my car, but I wasn't driving" defense is "someone haxx0red my (system|network)". Or, maybe, the "secure my wireless network? what do you mean?" defense.
Historically, how well has the "I wasn't driving" defense worked out?
Am I the only one? (Score:4, Interesting)
Seems logical to me. An IP address no more identifies a person than a house address identifies one. It's tying those two together for investigative purposes that should be illegal without a warrant.
Largely irrelevant to RIAA litigation (Score:5, Interesting)
It is true that an ip address identifies a computer or possibly, as another poster pointed out, a router behind which could be many computers, but that fact is largely irrelevant to file sharing litigation. The plaintiffs in those cases do not have to have ironclad evidence that it was the defendant sitting at the computer sharing the files. Instead, the plaintiffs merely have to show that it is more likely than not (aka preponderance of the evidence, 50% + 1) that it was the defendant.
Thus, if the defendant lives at home and only rarely has guests that use his or her computer, it's very likely that a jury will accept that it is more likely than not that the defendant was the one who shared the files, not a guest or an unauthorized user of the wireless network, especially if the files are found on the defendant's hard drive. More complex situations come closer to the line, of course, but in most cases it's fairly clear who the most likely culprit was.
But, even if the defendants live in an apartment with a communal computer or network shared equally by multiple long-term residents, all of whom use the same file-sharing user account, it is not necessarily up to the plaintiff to prove which specific defendant shared the files. A long standing rule in tort law from the case Summers v. Tice, 33 Cal.2d 80 (1948) establishes that where the plaintiff can prove that multiple defendants were negligent, the burden shifts to the defendants to prove which one actually committed the injury. It is quite possible that the file sharing case plaintiffs will be able to successfully argue that it is up to the various users of a computer to prove who actually shared the files or else they will all be jointly liable. This is especially likely if it can be shown that all of the defendants were aware of the file sharing program and the infringing nature of the files.
Re:Yup (Score:3, Interesting)
as far as the credit card company is concerned that little piece of plastic just identifies an account not a person.
Correct.
However- Each account is specifically linked to one person. (Sometimes more for joint accounts, but you get the idea.) The agreement you make with the card company usually says something along the lines of 'the person named on the card is the only authorized user of the card...' SO, if they trace certain activity to the card, they can be reasonably sure who used the card.
There is no such guarantee when it comes to IP addresses. As someone else posted, their IP is to their router, with 5-6 PCs behind it. Wireless confuses the issue more. Tracing certain packets to a router does NOT tell them what PC it came from, much less who was using that PC.
Re:Yup (Score:3, Interesting)
Also, it's generally understood in legal circles, and is spelled out in most ISPs' TOS agreements, that the account owner is ultimately responsible for any activity originating from that connection. So, since an IP address can be used to identify a particular DSL/cable/dialup/whatever line, it can effectively be used to identify a person.
Things get muddier when talking about open wireless access points, but in general it's been held that if you open up your wireless connection, you're responsible for any illegal activity people might use it for. You only escape responsibility if you've taken some measure to restrict access and the perpetrator has defeated it.
Even if you don't buy any of that, identifying the home network itself is already an invasion of privacy. It may not identify you personally, but it almost certainly identifies your family or the group of people living in your house. Isn't that an invasion of privacy?
Re:Yup (Score:3, Interesting)
I have a business class internet account at home. It comes with static ips which resolve back to my domain name which....guess what...IS PERSONALLY IDENTIFIABLE.
So under many situations an IP address is not personally identifiable, there are also many where it is.
I use an anonymizing service to keep my personal information out of whois, but that still doesn't mean my home IP address isn't uniquely identified as "belonging" to me.
I tend to think of an IP address like a phone number. Are phone numbers considered personally identifiable?
if yes then IP addresses should be treated accordingly.
RIAA suits are toast. (Score:1, Interesting)
Double-edge sword for big business. The RIAA in their suits try to identify individuals based on the IP addresses and such so now they will not be able to do so based on this FEDERAL court ruling.
Re:Yup (Score:3, Interesting)
At some point there'll have to be a determination as to which is it, evidence that somebody in particular was online or not a form of identifying people. We can't have it both ways. So, all in all it's probably a good thing, if for no other reason than the issue might finally be resolved in the legal sense.
It takes more than an IP address to make a case (Score:2, Interesting)
Re:Sure, it's not personal at all (Score:2, Interesting)
Say the car was involved in a fatal hit/run or bank robbery, it's not going to do you much good to say that anybody could have been driving your car. Similarly if you left your keys in it and it was stolen, you are somewhat liable for making your car too easy to steal.