Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Judge Rules IP Addresses Not "Personally Identifiable"

Soulskill posted more than 5 years ago | from the what-about-the-ip-on-the-chip-in-my-head dept.

Privacy 436

yuna49 writes "Online Media Daily reports that a federal judge in Seattle has held that IP addresses are not personal information. 'In order for "personally identifiable information" to be personally identifiable, it must identify a person. But an IP address identifies a computer,' US District Court Judge Richard Jones said in a written decision. Jones issued the ruling in the context of a class-action lawsuit brought by consumers against Microsoft stemming from an update that automatically installed new anti-piracy software. In that case, which dates back to 2006, consumers alleged that Microsoft violated its user agreement by collecting IP addresses in the course of the updates. This ruling flatly contradicts a recent EU decision to the contrary, as well as other cases in the US. Its potential relevance to the RIAA suits should be obvious to anyone who reads Slashdot."

Sorry! There are no comments related to the filter you selected.

Yup (5, Insightful)

FredFredrickson (1177871) | more than 5 years ago | (#28623365)

So on one end of the stick, you've got privacy advocates who hate Microsoft, who are thinking that collecting our IP addresses is wrong and violates our privacy.

There's more to it, though. Any sys admin could explain... Imagine trying to have a conversation with somebody by mail. They couldn't respond if they didn't take note of the return address, no? Fact of the matter is, for strictly technical reasons, use of the IP address is required.

But... For statistical and anti-abuse reasons, a log of IP addresses is kept (on any server, really). But don't get all pissy at microsoft for doing so. I mean, almost every site on the net keeps an http log, it's the default setting! The fact is, if you don't want them knowing who you are- I've got an idea- don't contact their servers.

You have a reasonable right to privacy, but you lose that right when you're in public. You don't get to get pissy when a store's security cameras capture your image. I rarely hear anybody complain about other people seeing you while you're at the grocery store. But the fact is: these small dings in privacy are neccessary to operate. You don't need to go in public. And you don't need to connect to somebody's server.

Now the real problem TM
An IP address DOES identify a computer- but not the way the judge thinks. My IP address identifies my router, which in turn owns 5 to 6 computers. With the wireless open, it could refer to the whole neighborhood, for all I know/care. They need to revise, an IP address identifies a NETWORK, but not neccessarily conclusively any particular computer.

So there's another level there. Not only is an IP address not good for identifying a person, but it's rather useless to discover a particular computer either. (Now, there are cookies and other tracking mechanisms, but they're not fool proof..)

But hey, at least this is a step in the right direction. Anyway, it doesn't really matter whose computer an IP address identifies, if the feds pick up on your ip they'll just take every machine in your house anyway.

Re:Yup (2, Insightful)

Jugalator (259273) | more than 5 years ago | (#28623451)

They need to revise, an IP address identifies a NETWORK, but not neccessarily conclusively any particular computer.

A network endpoint, yes.

So there's another level there. Not only is an IP address not good for identifying a person, but it's rather useless to discover a particular computer either.

I agree about this, and that's why I think the methodology RIAA is using *should* not really hold in court. They should really provide them with name and date ranges, forget about the IP addresses, it's just an Internet Protocol technicality and should be treated as such.

Re:Yup (0)

Anonymous Coward | more than 5 years ago | (#28623467)

so does this mean credit cards are not Personally Identifiable? Since they are linked to an account number and not a person? Yes it has your name plastered all over it like your computer but as far as the credit card company is concerned that little piece of plastic just identifies an account not a person.

Re:Yup (2, Interesting)

fredklein (532096) | more than 5 years ago | (#28623831)

as far as the credit card company is concerned that little piece of plastic just identifies an account not a person.

Correct.

However- Each account is specifically linked to one person. (Sometimes more for joint accounts, but you get the idea.) The agreement you make with the card company usually says something along the lines of 'the person named on the card is the only authorized user of the card...' SO, if they trace certain activity to the card, they can be reasonably sure who used the card.

There is no such guarantee when it comes to IP addresses. As someone else posted, their IP is to their router, with 5-6 PCs behind it. Wireless confuses the issue more. Tracing certain packets to a router does NOT tell them what PC it came from, much less who was using that PC.

And a STREET Address? (5, Insightful)

Philip K Dickhead (906971) | more than 5 years ago | (#28623891)

Identifies a HOUSE!

Not personally identifiable? Right! No reasonable analogy?

The Judge needs a head check.

 

Re:And a STREET Address? (1)

fredklein (532096) | more than 5 years ago | (#28624201)

Houses (or, more properly, addresses) do not identify a person. An apartment house, for instance, has one address, but numerous people living in it. Even a regular house can have an entire family.

Re:Yup (2, Interesting)

eln (21727) | more than 5 years ago | (#28624057)

IF the person has a home network, then it only identifies that network. If the person lives alone and only has one computer, it does effectively identify the person.

Also, it's generally understood in legal circles, and is spelled out in most ISPs' TOS agreements, that the account owner is ultimately responsible for any activity originating from that connection. So, since an IP address can be used to identify a particular DSL/cable/dialup/whatever line, it can effectively be used to identify a person.

Things get muddier when talking about open wireless access points, but in general it's been held that if you open up your wireless connection, you're responsible for any illegal activity people might use it for. You only escape responsibility if you've taken some measure to restrict access and the perpetrator has defeated it.

Even if you don't buy any of that, identifying the home network itself is already an invasion of privacy. It may not identify you personally, but it almost certainly identifies your family or the group of people living in your house. Isn't that an invasion of privacy?

Re:Yup (2, Interesting)

Sir_Dill (218371) | more than 5 years ago | (#28624165)

Consider this for a moment.

I have a business class internet account at home. It comes with static ips which resolve back to my domain name which....guess what...IS PERSONALLY IDENTIFIABLE.

So under many situations an IP address is not personally identifiable, there are also many where it is.

I use an anonymizing service to keep my personal information out of whois, but that still doesn't mean my home IP address isn't uniquely identified as "belonging" to me.

I tend to think of an IP address like a phone number. Are phone numbers considered personally identifiable?

if yes then IP addresses should be treated accordingly.

Re:Yup (1)

khellendros1984 (792761) | more than 5 years ago | (#28623915)

There are terms in the card usage agreement that you'll be the only one using it. When you use the card in person, many employees will require photo ID before they swipe the card. Of course that doesn't always happen, and that's why it's so easy to report a missing card and have the spurious charges reversed if it gets stolen. The case with a computer system is more complex, though. A single IP address can even have multiple networks underneath it. It's not even necessarily a single network behind an IP address. My point is that you're far more likely to take exception to someone trying to borrow your credit card than you are if someone wants to use your computer or connect to your router. The credit card, in general, is much more attached to a single person than an internet address is.

Re:Yup (0)

Anonymous Coward | more than 5 years ago | (#28623473)

IP addresses identify either networks or devices on a network... not to be that asshat that corrects people, just.. seeking to clarify. But certainly, not necessarily conclusively any particular computer, or for any amount of time. Particularly once your IP lease expires, if your ISP doesn't maintain the same (or even records of previous) IP/MAC resolutions... you get a new address and the old address won't likely lead back to you for a long time.

Re:Yup (4, Funny)

sakdoctor (1087155) | more than 5 years ago | (#28623499)

IPv6 addresses should be like MAC addresses for people.
Issued at birth, and tattooed onto your ass.

Actually I hope the RIAA aren't reading this. It will give them ideas.

Re:Yup (1)

maxume (22995) | more than 5 years ago | (#28623675)

As long as I can use other addresses on devices I connect to networks with. You know, my toaster, my refrigerator, my bike, etc.

Re:Yup (1)

Krneki (1192201) | more than 5 years ago | (#28624217)

VPN baby.

Just connect to a secure VPN server and you can go back to the underground net.

Re:Yup (0, Insightful)

Anonymous Coward | more than 5 years ago | (#28623651)

You said "This ruling flatly contradicts a recent EU decision to the contrary" but a ruling in the US carries no weight in any other country. So the EU may rule the opposite and that is how they will deal with it on a legal basis. The US does not make rulings that bind other countries.

Re:Yup (3, Insightful)

cml4524 (1520403) | more than 5 years ago | (#28624117)

Contradict just means to take a contrary position. The multiple definitions of contrary allow for the word to be used accurately in this context, in the sense that the opinions are opposite of one another. It does not necessitate, however, that those opinions cause any sort of conflict.

In other words, they are contradictory in the sense that they stake opposite positions, but not in the sense that one opinion will overrule or clash with the other.

Re:Yup (1)

9re9 (803270) | more than 5 years ago | (#28623945)

Haven't RTFA, but it seems that this is more complicated. Accepting your argument that an IP address identifies a Network (really an endpoint as indicated below), and the fact that multiple computers may reside on that network, you have to also accept the fact that more than one operating system may be running on each of the computers located on that network (or even more than one OS per computer). Therefore, since the plaintiffs are looking to recover damages from Microsoft, you can't say that you are entitled to a damages award just because you were assigned an IP address on a given date, and that IP address is reflected in Microsoft's logs for that date. What may really have happened is that multiple Win OS boxes may have been affected, or none at all (if the network was populated by computer running only OS X or Linux). You can't look at the IP address and determine what was happening on the network behind that IP, and that should be the reason why using an IP address as a basis for determining damages is flawed.

Re:Yup (0)

Anonymous Coward | more than 5 years ago | (#28624017)

Now the real problem TM
An IP address DOES identify a computer- but not the way the judge thinks. My IP address identifies my router, which in turn owns 5 to 6 computers. With the wireless open, it could refer to the whole neighborhood, for all I know/care. They need to revise, an IP address identifies a NETWORK, but not neccessarily conclusively any particular computer.

So there's another level there. Not only is an IP address not good for identifying a person, but it's rather useless to discover a particular computer either. (Now, there are cookies and other tracking mechanisms, but they're not fool proof..)

Agreed. A MAC address would be more representative of identifying a computer, but that isn't even fool-proof as one could have "cloned" the MAC address or simply swapped the network card "after the fact".

Re:Yup (2, Informative)

Penguin Programmer (241752) | more than 5 years ago | (#28624175)

An IP address DOES identify a computer- but not the way the judge thinks. My IP address identifies my router, which in turn owns 5 to 6 computers. With the wireless open, it could refer to the whole neighborhood, for all I know/care. They need to revise, an IP address identifies a NETWORK, but not neccessarily conclusively any particular computer.

A router is still a computer. An IP address identifies a computer. Whether that computer has other computers connected to it, and forwards traffic from those computers using its IP address, is an entirely separate matter.

Re:Yup (0)

Anonymous Coward | more than 5 years ago | (#28624223)

Depending on how computer is defined... The router is MOST CERTAINLY a computer. And someone owns and/or administers that router. All IPs have to trace back to someone (or a company), even though that person may not be the end user, they are responsible for managing who accesses it. The management could be complex or it could be not caring who uses it and what for, and this brings up a new discussion (or is it the same one?

Someone posted that an IP address marks the END of a network. It is also the beginning of the next network. I think many people dont realize that the internet is a huge collection of different networks, all configured to talk to each other and pass information along.

Its like sending post-mail to another country, the different networks are listed, not limited to: Country | State/province/region/etc | Town/Zip/etc | Street/Road/Etc | BuildingNumber | Department | Actual Recipient

When you send something to another country, the country of origin is not interested in what street the mail needs to get to, its only concerned with the country, so the mail is delivered to the other country (a new network!) and that network decides where to send it next... similar things happen at each 'checkpoint' eventually it gets delivered to the house, but thats not it... its not necessarily there yet... the mail box administrator (Man of the house, lady of the house, one of the kids, family dog) someone brings the mail inside and distributes it to the correct individual.

Computer networks are very similar

Anonymous Coward (2, Insightful)

Anonymous Coward | more than 5 years ago | (#28623413)

Addresses aren't personal information! They point to a house or an apartment, not a person!

Re:Anonymous Coward (0)

Anonymous Coward | more than 5 years ago | (#28623525)

The summary leaves out the important word 'identifiable'. The judge did not, as revealed in the very next sentence of the fucking summary. Learn to read.

Re:Anonymous Coward (1)

Nutria (679911) | more than 5 years ago | (#28623849)

Addresses aren't personal information! They point to a house or an apartment, not a person!

Correct. But (just as with IP addresses, iff ISPs store dates and times in their MAC/IP logs) it point investigators in the right direction.

Sure, it's not personal at all (5, Insightful)

AtomicDevice (926814) | more than 5 years ago | (#28623417)

If this is true, I suppose addresses and license plates aren't personal either, they just identify cars and houses, it's not as though those things usually contain the same people. Or what about phone numbers, that really only identifies my phone, not me the individual. And when you stop to think about it, my email is really just a code so the mailserver knows where to put some bytes it receives, it doesn't really have anything to do with me.

Re:Sure, it's not personal at all (1)

Presto Vivace (882157) | more than 5 years ago | (#28623479)

good analogy.

Re:Sure, it's not personal at all (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#28623583)

But can he somehow work a car into it?

Re:Sure, it's not personal at all (1)

cbiltcliffe (186293) | more than 5 years ago | (#28623643)

He already did. Read the part about the licence plates identifying cars....

Re:Sure, it's not personal at all (1)

TheCycoONE (913189) | more than 5 years ago | (#28623703)

He did

Re:Sure, it's not personal at all (2, Interesting)

idontgno (624372) | more than 5 years ago | (#28623593)

And the network equivalent of the "It was my car, but I wasn't driving" defense is "someone haxx0red my (system|network)". Or, maybe, the "secure my wireless network? what do you mean?" defense.

Historically, how well has the "I wasn't driving" defense worked out?

Re:Sure, it's not personal at all (1)

thrillseeker (518224) | more than 5 years ago | (#28623935)

the network equivalent of the "It was my car, but I wasn't driving" defense is "someone haxx0red my (system|network)".

it seems like an an obvious defense since it's a trivial hack.

Re:Sure, it's not personal at all (1)

MightyMartian (840721) | more than 5 years ago | (#28624053)

I think the "it's my car, but it wasn't me" is a valid defense, and why I so loathe red light cameras and photo radar. All an investigator can say from either of these is that a specific car was captured on film. The likelihood might be great that the accused was driving the car, but unless there is corroborating evidence, there's reasonable doubt.

The same applies to an IP address. Even if you can identify via DHCP logs that the MAC address in question was given that specific IP, you're identifying a device (at best).

Re:Sure, it's not personal at all (0)

Anonymous Coward | more than 5 years ago | (#28623825)

This is not only a legal issue but a practical one. One common defense from an RIAA suit is to claim someone else in the house used the computer. This may actually be true in the case of families where the head of the household in not the major computer user. Of course this is only a slight variation of the standard argument every defense lawyer makes SODDI (Some Other Dude Did It).
Like all such defenses its believability depends on the totality of facts in the case.

Re:Sure, it's not personal at all (3, Interesting)

Anonymous Coward | more than 5 years ago | (#28623571)

I feel as though your tone is completely sarcastic, but perhaps it isn't. However, yes indeed your license plate and address are not personal information with an implicit right to privacy. They are public records. I can go to the DMV and look up your license plate to get owner information, and I can go to your local municipality and get owner information about your address. Do you get where this is going?

Re:Sure, it's not personal at all (5, Insightful)

Reason58 (775044) | more than 5 years ago | (#28623581)

A license plate, street address and phone number are both unique and tied to a specific person until the person chooses to end that connection. An IP address (dynamic) is randomly assigned to a user and then changed with little or no control from the user's end. This isn't IPv6. Everyone can't be issued a permanent address when they sign up for an ISP.

Beyond that, you are aware that cars and the like can't be ticketed, right? If you run a red light and are caught on camera they have to be able to determine who is driving the car for it to be valid. Simply having the plate will not work. The same does not apply to IPs, however. They do not have to prove that it was actually you who committed the act, only that at one point in time you had been randomly assigned that IP.

Re:Sure, it's not personal at all (5, Insightful)

gcatullus (810326) | more than 5 years ago | (#28623739)

Depending on state law (at least in the US) you can be ticket for certain things on the basis of license plate. You can be ticketed as the owner of the vehicle. The most obvious ticketing here would be for parking. The meter maid doesn't care who parked your car by the fire hydrant. you will still have to pay fines. This is the same principle as charging the owner of an internet account for nefarious deeds done using an IP address that was assigned to him.

Re:Sure, it's not personal at all (1)

0racle (667029) | more than 5 years ago | (#28623805)

I purchased a static IP, it is as unique and identifies me as much as my address and my license plate identify myself or my wife. ISP records can also correlate IP's to customers again identifying you as closely as your address identifies you.

Re:Sure, it's not personal at all (1)

Nutria (679911) | more than 5 years ago | (#28624065)

I purchased a static IP, it is as unique and identifies me as much as my address and my license plate identify myself or my wife.

But that's the key.

If a cop sees a car with your license plate is used in a crime, then they'll naturally come after you. But if you and your wife have reasonable alibis, then it's reasonable to assume that the car might have been stolen (especially if there's a big gash in the steering column).

Anyway, a static IP address identifies you as the person who's responsible for the bill. Everything after that is conditional.

Do you live alone, and there's no wireless router? Do you use Windows? Maybe your computer was hacked and you're PC is part of a botnet. Do you use Linux? Then it's probably you.

But if you live with 2 or more people, and there a wireless NATting router, and one or more of the people you live with are computer geeks, then there's no way on God's Green Earth that a static IP address can uniquely identify you.

It can only point to your physical address. And tell the cops where to start looking...

Re:Sure, it's not personal at all (1)

Duradin (1261418) | more than 5 years ago | (#28623835)

RICO would disagree with your argument that objects can't be charged/ticketed.

It allows objects to commit crimes and since objects have no rights they can be seized without due process.

Anyone could stick your address as the return address on anything they send. There's nothing physically stopping them from doing so. Also, it doesn't really matter when you stop using an address since their will still be mail sent to that address that should have been yours but is now the current occupant's. Same idea with cars, you do a person to person sale and it can take awhile for the ownership change to work through the system. Hell, a lot of people buy cars just because they still have valid tags with a normal number.

Re:Sure, it's not personal at all (1)

SydShamino (547793) | more than 5 years ago | (#28623979)

Beyond that, you are aware that cars and the like can't be ticketed, right? If you run a red light and are caught on camera they have to be able to determine who is driving the car for it to be valid. Simply having the plate will not work.

Here in Texas, the owner of a car that goes through a toll booth receives a bill in the mail, and is required to pay it, regardless of who was driving the car. I'm not sure if this has been tested with a stolen car, but I know it has been with a car that was sold but not yet transferred with the state.

Re:Sure, it's not personal at all (1)

joocemann (1273720) | more than 5 years ago | (#28624185)

This post is not true for the following reasons:
1) Your car/license pops up on speed camera. The registered owner, the person responsible for the car, will receive a ticket in the mail. That person is being charged w/ the crime. You are also asked that if you were not the driver of the car you are responsible for, that you identify the person who was at that date/time. This is real. What you said about how you can't get ticketed is simply false. In 2004, my company, who had rented a car to me, had been passed a traffic-camera ticket from the registered owners (the rental agency), they in turn passed it on to me... And guess what, I was driving the car at the time and the exchange of information as to who was actually operating the vehicle at the time was apparent. GUILTY. (The ticket was like $120)

2) Its not like you're randomly assigned an IP. IP addresses have specific ranges that apply for different regions/ISPs/etc. So that narrows it down from 'random' to some much more likely probability since you're connecting to the same ISP with the same range of IPs to hand out. Secondly, and I would *hope* this is how it works in law, it isn't as simple as having had that IP "...at one point in time..." but rather that you had it at *THAT* point in time. It would not really hold logical weight, in court, to charge a previous owner of a car who had sold it in 2001, for a speeding infraction that happened in 2008 simply because he had had the license/registration at one point in time.

Anyway... Your post is not 5-Insightful, but rather 2 or 1 - misleading and wrong.

Re:Sure, it's not personal at all (4, Insightful)

wtfamidoinghere (1391517) | more than 5 years ago | (#28623597)

Addresses are not personal. They can be connected to you in some ways, but are not personal per se. For instance, when you get a bill by mail, you have the mail address AND the person name to whom the service is registered. Imagine a situation like this: gunshots are reported as being shot from address x; does that automatically implies the owner did the shooting?

License plates and phone numbers are more or less the same. I'm sure you can come up with some examples of your own to illustrate.

As for your email, that one is on a diferent level. With email you're supposed to have identification AND authentication. (name + password)

Re:Sure, it's not personal at all (1)

selven (1556643) | more than 5 years ago | (#28623637)

So license plates and addresses frequently change, often without the consent or even knowledge of the user? There are services which allow you to randomize your car's license plate every time you take a drive? Apartment buildings frequently change the numbers of the apartments inside them?
IP addresses are much less fixed than anything that represents a physical object.

Re:Sure, it's not personal at all (1)

Trojan35 (910785) | more than 5 years ago | (#28623655)

While that is true, I'm betting your phone number, license plate, and email address do not change on a monthly basis.

Re:Sure, it's not personal at all (1)

Hokie06 (986634) | more than 5 years ago | (#28623711)

That information by itself is not personally identifiably. It needs to be tied together with other information in order to identify an individual.

I can randomly write down license plates I see all day. If I don't have access DMV records than I have no idea who is driving that car.

I am not saying what MS did is right. But an IP address in of itself can't identify a person.

Re:Sure, it's not personal at all (1)

FredFredrickson (1177871) | more than 5 years ago | (#28623887)

I can randomly write down license plates I see all day. If I don't have access DMV records than I have no idea who is driving that car.

I must point out, that even with the DMV records, you've got no idea who are driving the cars still. You just know who has registered them.

Re:Sure, it's not personal at all (1)

moon3 (1530265) | more than 5 years ago | (#28623773)

Bad analogy. Internet is not a car. After your grandma clicks smiley that installs Trojan to serve some terrible content, virus that does spam, DOS or similar thing from your IP. Then your family might be investigated by authorities.. you will then thank that good Judge, the Jury and the God almighty for this very resolution.

Re:Sure, it's not personal at all (1)

dilute (74234) | more than 5 years ago | (#28623845)

Yeah, I got a ticket because someone who was driving a car with my plate number went through a light and the plate was automatically photographed. Now I have an airtight defense! Whoopee!

Re:Sure, it's not personal at all (0)

Anonymous Coward | more than 5 years ago | (#28624013)

so now when the riaa comes knocking at your door saying they have proof of your infringement identifying an ip as yours offer to allow them to take the computer into court and fine it. this defense may encounter problems if you bank online because that computer has access to that account and can withdraw funds.

Re:Sure, it's not personal at all (1)

fredklein (532096) | more than 5 years ago | (#28624093)

I suppose addresses and license plates aren't personal either, they just identify cars and houses, it's not as though those things usually contain the same people.

I have 6 people living at my address. Which one do you want?

If I had a car, at least 3 of those 6 people could be driving it. Which one do you want?

Re:Sure, it's not personal at all (1)

AK Marc (707885) | more than 5 years ago | (#28624183)

If this is true, I suppose addresses and license plates aren't personal either, they just identify cars and houses, it's not as though those things usually contain the same people.

That's incorrect. I have filed official government documents, signed, with my name and license plate on them, identifying me as the person responsible for that car and the associated plate. It's called "vehicle registration." It's an official government document. My IP is some randomly handed out number that isn't even tied to a computer. It's tied to a subscriber line, and that's usually run into a router running NAT, so the IP that "identifies" the person, as you imply, is not assigned to any user computer at all.

Or what about phone numbers, that really only identifies my phone, not me the individual.

That depends. If it's a cell number, it's presumed that the number is personal. If you didn't make the call, you were probably in the room with the person that was. That's a reasonable expectation. However, there are multiple people living in my house. There are guests. I have only cordless phones, so they could go to the bathroom and use the phone and I'd never know. Heck, I have long range ones, I can be three houses over and making calls. And I lost a cordless phone a while back (we think the couch monster ate it), but for all I know, a neighbor is calling in threats to the president and I'll get my door broken down any minute. But again, it's tied to a house, not a person. The person who has the name on the account will get some grief, but it isn't anywhere near proof they made that call unless they live alone and don't have visitors.

And when you stop to think about it, my email is really just a code so the mailserver knows where to put some bytes it receives, it doesn't really have anything to do with me.

But there, to get it, you need a password and such. So again, it is more closely tied to an individual. And a reasonable person would assume that you didn't share your email, or only did so with a limited number of people you were familiar with (like hubby and wife sharing a single account), so you would still be responsible. That's still different from a non-identifying number assigned to a subscriber line that wasn't designed to identify a person and wasn't designed to be secure in its identification. It can be hacked, spoofed, shared, and isn't tied to a person at all.

Fine (0)

Anonymous Coward | more than 5 years ago | (#28623429)

That is fine as long as they take that statement to its logical conclusion. If IP addresses cannot be used to identify people then just an IP address is insufficient to bring charges against anyone, IP addresses would in effect be useless to the mobsters of collection agents and they have no need or right to subpoena them.

A question... (4, Interesting)

geminidomino (614729) | more than 5 years ago | (#28623441)

Could this decision be referenced to disqualify the IP as evidence when the MAFIAA goes after someone based on IP addresses they got from WhateverMediaSentryIsCalledNow?

Re:A question... (1)

ImOnlySleeping (1135393) | more than 5 years ago | (#28623453)

Sounds like it. If the IP doesn't identify you, then noone has any business trying to get it (for the purpose of identifying you).

Re:Another question... (0)

Anonymous Coward | more than 5 years ago | (#28623553)

Did you read the summery?

 

Its potential relevance to the RIAA suits should be obvious to anyone who reads Slashdot.

Re:Another question... (1)

geminidomino (614729) | more than 5 years ago | (#28623685)

Actually, no. I clicked on the link to RTFA before I finished. Having an ADD day, evidently. :)

I know, I know. I'm leaving.

Re:A question... (1)

nine-times (778537) | more than 5 years ago | (#28623879)

It seems like it should be a viable argument, but I doubt it will be accepted. From the news I read, it seems like somehow the judicial branch is as anti-consumer as the other branches of government.

The thing is, I think they have this totally backward. They allow IPs as evidence of who was committing copyright infringement, but disallow the argument that IP collection is an invasion of privacy. However, an IP address is personally identifiable of the person who is paying for Internet service*** and not of the person who is originating the traffic. Therefore, in collecting IP addresses you are generally invading the privacy of the person paying for service (by monitoring the use that he's paying for). On the other hand, the link between the traffic over a connection and the person paying for it should be considered circumstantial at best.

If I own a plot of land and a dead body is found on that land, does it naturally follow that I'm the murderer? No. On the other hand, if Microsoft keeps surveillance on that plot of land, isn't that still an invasion of my privacy?

*** The summary has it wrong, and IP addresses do not identify a computer.

Re:A question... (1)

ScentCone (795499) | more than 5 years ago | (#28624047)

branch is as anti-consumer as the other branches of government

Which applies how, to pirating music and movies? "Consumers" are the people who are actually doing business with the artist (or the artist's chosen agents) in keeping with the way that the artist has offered their work up for sale/use. Someone who rips it off is not a consumer in the normal sense of that word, any more than a shoplifter is a consumer of the they stuff they rip off from a store.

If I own a plot of land and a dead body is found on that land, does it naturally follow that I'm the murderer?

No, that doesn't follow. But is it really your contention that you, as the person who owns that land, should be able to avoid involvement in any law enforcement investigation into that death, or avoid discovery during a civil suit that involves that dead person on your property?

That's great news! (0)

Anonymous Coward | more than 5 years ago | (#28623443)

Now RIAA has to sue your computer if it is caught downloading tunes since you're not personally tied to it!

Oddly good news ... ? (1)

Spectre (1685) | more than 5 years ago | (#28623445)

So, if a particular illegal or actionable activity is traced to a particular IP address, can this ruling be used to indicate:

"It wasn't me, an IP address identifies a computer, not a person, re: so-and-so vs. so-and-so"

or is that just silliness?

Re:Oddly good news ... ? (1)

i.r.id10t (595143) | more than 5 years ago | (#28623759)

Only if your case is in the same circuit that the original case w/ ruling was.

Otherwise, you have to present your evidence, etc. When 2 circuits in a state have differing opinions, some lucky bastard gets to go to the state supreme court and present evidence there, etc. And then the state supreme court makes a ruling. Multiple state supreme courts make a ruling? Goes to district court. Multiple districts? The SCOTUS.

IANAL, but this is how it was 'splained to me by a lawyer.

evidence of foul play? (1, Interesting)

Anonymous Coward | more than 5 years ago | (#28623475)

Does this ruling mean that Microsoft 'bought' the Seattle judge, to get this ruling that favors them, but didn't succeed in buying the one in Europe?

Regardless, I personally think that an IP address can't even always identify a computer (much less a person), since Internet Service Providers are known to assign different numbers to the same computer at different times, as the user connects the computer to the ISP.

Re:evidence of foul play? (1)

ScentCone (795499) | more than 5 years ago | (#28624087)

Does this ruling mean that Microsoft 'bought' the Seattle judge, to get this ruling that favors them, but didn't succeed in buying the one in Europe?

No, it does not meant that. It means that the judge in this case was rational.

Sure (2, Insightful)

ringm000 (878375) | more than 5 years ago | (#28623483)

A vehicle registration number identifies a car, not a person.

A phone number identifies a phone, not a person.

A postal address identifies the location of a building, not a person.

Not all that relevant to the RIAA (0)

Anonymous Coward | more than 5 years ago | (#28623495)

An IP does not identify the user but it will identify that it's someone's computer doing to sharing (once you've a court order getting the User's details).

After that it's the same arguments as before: is making available sharing, can you say they weren't part of a botnet and so on and so forth. This ruling doesn't really change any of the arguments put forth by the prosecution or defendants. If anything, it cements the right of media sentry to log IP addresses sharing content on p2p networks without falling foul of privacy laws.

Re:Not all that relevant to the RIAA (2, Insightful)

geminidomino (614729) | more than 5 years ago | (#28623695)

An IP does not identify the user but it will identify that it's someone's computer doing to sharing (once you've a court order getting the User's details).

How so? If the precedent stands that IP address is not personally identifiable information, then how do you identify the user based on it (to the court's satisfaction?)

I'm confused... (2, Interesting)

clone53421 (1310749) | more than 5 years ago | (#28623501)

Identifying my computer doesn't identify me personally by inference?

I'm sure this could come in handy in court eventually.

Re:I'm confused... (1, Redundant)

The Moof (859402) | more than 5 years ago | (#28623679)

I'm sure this could come in handy in court eventually.

It could come into play immediately with all of those P2P cases going on with the *AA groups. If an IP address isn't personally identifiable (according to the judge), how can you come after me based on that address?

my massive penis (-1, Troll)

Anonymous Coward | more than 5 years ago | (#28623523)

suck it linux users

Re:my massive penis (0)

Anonymous Coward | more than 5 years ago | (#28623623)

But we don't know how!

and license plate numbers? (0)

Anonymous Coward | more than 5 years ago | (#28623547)

Would the judge be ok if his license plate number and house address get publicly posted? After all, it only identifies a car and a house, not a person!

Fine (0)

Anonymous Coward | more than 5 years ago | (#28623559)

It's fine if they take that statement to its logical conclusion, if IP addresses are not identifying information then there is no need or right for the mobsters to subpoena them. It is partially true in that you may be able to say that it came from this computer, but with all the possibilties of wifi being co-opted, a misconfigured proxy server, malicious software routing requests that computer you can never be 100% sure that even the IP address is bound to that computer.
So in a sense the judge is right and no one should need to have your IP.

Doesn't Identify a Person Eh? (1)

Alphanos (596595) | more than 5 years ago | (#28623573)

I suppose this only makes sense. After all, we know that an address isn't personal information - it identifies a house, not a person. Neither is a phone number, which identifies a phone. License plate numbers identify a car. In fact, one could even argue that SSN/SIN numbers identify a card or record in a government database instead of a person. Privacy solved! There is no personal information.

Re:Doesn't Identify a Person Eh? (1)

guruevi (827432) | more than 5 years ago | (#28623763)

An SSN or TIN number identifies an entity. In case of SSN that entity is a person. The SSN just gives you a serial number and that serial number is only owned by you and cannot (legally) be used by anyone else. Your birth certificate also identifies you as a person.

A phone however identifies a location, usually the end of the line in the vicinity where the phone is (whether tethered to a hardline or not). It's your phone number because you pay for it but your mom could pick it up, or a burglar that's in your house at that particular moment. Same goes for an IP-address, e-mail address and any other type of address (a phone number is technically a phone address). An address identifies where you most likely live, it doesn't mean you have to be there at any particular moment and legally/technically somebody else could be at the same address - it thus does not identify you.

Say the police are scoping out your house because of drug dealing going on from your house. The police might arrest you because most likely you know what's going on there. However if you can prove that a) you didn't know (it only happens when you're at work and you don't see any sign of it) or b) you are incapable of doing something about it (they keep your kids hostage) then they most likely will not prosecute you for the crime. Same goes for computers and phones and all types of stuff.

Am I the only one? (3, Interesting)

DarrenBaker (322210) | more than 5 years ago | (#28623595)

Seems logical to me. An IP address no more identifies a person than a house address identifies one. It's tying those two together for investigative purposes that should be illegal without a warrant.

Re:Am I the only one? (1)

MozeeToby (1163751) | more than 5 years ago | (#28623839)

That's handy from an *IAA fighting perspective, but kind of sucks from a general privacy perspective. This ruling is in reference to the later, specifically that companies can keep track of ip addresses and essentially use it to track your movements around the net if they want to.

When you think about it though, if the police suspect illegal activity at your address, you're probably going to be the one to get in some kind of trouble. At least questioned and detained for a while. I don't think "I leave my door unlocked, one of my neighbors must have broken in and built that meth lab in the basement" is going to cut it. Obviously, a meth lab is easier to notice than someone using your internet to download music, but the basic principle is the same.

In other words... (1)

tsnorquist (1058924) | more than 5 years ago | (#28623599)

Judge Jones sided with Microsoft (which most slashdotters hate), but sided with personal ambiguity - thus not being identified a "file sharer" by the MPAA/RIAA.

Sounds like a good ruling for the majority of internet users to me.

Spartacus-1138 (4, Funny)

Junior J. Junior III (192702) | more than 5 years ago | (#28623641)

I am 192.168.0.1!

No, I am 192.168.0.1!
No, I am 192.168.0.1!
No, I am!
I am!

Re:Spartacus-1138 (0)

Anonymous Coward | more than 5 years ago | (#28623949)

I am 192.168.0.1!

No, I am 192.168.0.1! No, I am 192.168.0.1! No, I am! I am!

Sounds like split personality disorder there... BTW, I'm 127.0.0.1, always have, always will be.

Re:Spartacus-1138 (2, Funny)

istartedi (132515) | more than 5 years ago | (#28623957)

I am 192.168.0.1

That's the IP of my gateway. I am the keymaster are you the gatekeeper?

Re:Spartacus-1138 (1)

JohnnyGTO (102952) | more than 5 years ago | (#28624023)

OK I'll play, I'm 0:0:0:0:0:0:0:1

Re:Spartacus-1138 (3, Funny)

crimsonknave (1337923) | more than 5 years ago | (#28624171)

I am 127.0.0.1!

No, I am 127.0.0.1!

No, I am 127.0.0.1!

No, I am!

I am!

There, fixed that for you.

Anonymous Coward (0)

Anonymous Coward | more than 5 years ago | (#28623673)

While I think this could be handy in regards to avoiding the RIAA to an extent, the problem is that in the end they will hold the IP owner responsible for the content that's coming from it, not the user.

Take for example an actual server (not just P2P server). There is frequently no single person responsible for the content on that server. Whoever owns the IP, usually a company, is responsible for the content coming from that computer.

So although an IP doesn't identify a specific user/person, you are still responsible for what happens from your IP (At least, I'd assume with most providers). This means that you'd have to take reasonable steps to secure your network from outside users as in the wireless example above. So it's kind of a mixed bag in terms of future implications, the whole Network/IP/Computer/Server/User relationship is a very grey-area for legal purposes in my opinion.

actually... (0)

Anonymous Coward | more than 5 years ago | (#28623687)

the IP does not even identify a computer, as those of us with portable network cards can attest.

Re:actually... (0)

Anonymous Coward | more than 5 years ago | (#28624079)

That's what I was thinking. Correct me if I'm wrong, but I thought the IP address was attached to a MAC address which, in turn, may or may not be associated with an actual physical device, to say nothing of identifying an actual person.

How is this significant to RIAA cases? (1)

Absolut187 (816431) | more than 5 years ago | (#28623707)

But an IP address identifies a computer

Or multiple computers/internet nodes, more accurately.

The significance of this to RIAA cases is nil.
When your ISP fingers you, you've been fingered.

Re:How is this significant to RIAA cases? (2, Insightful)

_avs_007 (459738) | more than 5 years ago | (#28624189)

IP address identifies "a" computer, but not "whose" computer... For all the RIAA/ISP/etc knows the IP address could've been spoofed. Similar to dropping a letter in the mail at the post office with a forged return address. RIAA can say the letter contains pirated copyrighted material and go after the person who owns the house address listed as the return address, but that doesn't meant they got the right person.

Relates to all online activities (1)

furby076 (1461805) | more than 5 years ago | (#28623721)

If this holds up (meaning not overturned) this can hold up in other cases (not all good) such as:
1) RIAA/MPAA sueing people they tracked via IP numbers
2) Pedophiles tracked via IP numbers
3) Online harassment cases tracked via IP numbers (e.g. the mom who harassed some girl until the girl committed suicide)
4) Spammers who are tracked via IP numbers

There are other cases this would effect but basically anything where they link someone via an IP number would be invalidated. I agree with the judge that an IP is not personally identifiable information (my g/f uses my laptop more then i do...which uses my home network...if she does something illegal it does not mean *I* did it or am remotely responsible for what she did.) It's a tricky situation so hopefully the judge wrote a thoughtful brief.

Re:Relates to all online activities (1)

FredFredrickson (1177871) | more than 5 years ago | (#28624103)

I reject your argument solely on the basis that you post on slashdot, and therefore do not have a girlfriend.

Largely irrelevant to RIAA litigation (5, Interesting)

Grond (15515) | more than 5 years ago | (#28623731)

It is true that an ip address identifies a computer or possibly, as another poster pointed out, a router behind which could be many computers, but that fact is largely irrelevant to file sharing litigation. The plaintiffs in those cases do not have to have ironclad evidence that it was the defendant sitting at the computer sharing the files. Instead, the plaintiffs merely have to show that it is more likely than not (aka preponderance of the evidence, 50% + 1) that it was the defendant.

Thus, if the defendant lives at home and only rarely has guests that use his or her computer, it's very likely that a jury will accept that it is more likely than not that the defendant was the one who shared the files, not a guest or an unauthorized user of the wireless network, especially if the files are found on the defendant's hard drive. More complex situations come closer to the line, of course, but in most cases it's fairly clear who the most likely culprit was.

But, even if the defendants live in an apartment with a communal computer or network shared equally by multiple long-term residents, all of whom use the same file-sharing user account, it is not necessarily up to the plaintiff to prove which specific defendant shared the files. A long standing rule in tort law from the case Summers v. Tice, 33 Cal.2d 80 (1948) establishes that where the plaintiff can prove that multiple defendants were negligent, the burden shifts to the defendants to prove which one actually committed the injury. It is quite possible that the file sharing case plaintiffs will be able to successfully argue that it is up to the various users of a computer to prove who actually shared the files or else they will all be jointly liable. This is especially likely if it can be shown that all of the defendants were aware of the file sharing program and the infringing nature of the files.

Legal code for this (5, Funny)

Kupfernigk (1190345) | more than 5 years ago | (#28623747)

private static String getRuling(LitigationObject individual, RichLitigationObject evilCorporation) throws NYCLException {
if(individual.sues(evilCorporation)) {
return "IP address is not personal identification";
} else if(evilCorporation.sues(individual) {
return "IP address is personal information";
} else return "Please submit amount available to donate to my election campaign";
}

Next logical step (1)

davegravy (1019182) | more than 5 years ago | (#28623771)

If IP addresses are not "Personally Identifiable", what widely broadcast piece of information on the internet is?
      If nothing, does that mean that users are generally anonymous, unless they choose to identify themself?
              If yes, does that mean users have a reasonable expectation of privacy?

Re:Next logical step (0)

Anonymous Coward | more than 5 years ago | (#28624123)

We are anonymous. You have been warned.

Is this really a bad thing? (2, Insightful)

Millennium (2451) | more than 5 years ago | (#28623779)

Think about it: according to this judge, an IP address identifies a computer (as others have pointed out, "network endpoint" would be a more correct term), not the person behind it. Although this makes it easier for the **AA to collect IP-address information, it also makes such information a lot less useful, because by itself it leaves a hole big enough to establish reasonable doubt. The IP address can establish what computer was used, but it does not prove that the defendant was the one operating the computer in that capacity. Especially in an age of botnets and malware, there's a lot of doubt here unless you can establish a stronger link, and the IP address won't help you on that score.

That leaves open the question: does this really strengthen the **AA, or does it actually hamstring their tactics? This may remain to be seen.

The IP is a lot like a license plate (4, Insightful)

istartedi (132515) | more than 5 years ago | (#28623861)

If all they have is a picture of your license plate, that doesn't prove you were driving. We should use this ruling as precedent to get out of automated tickets when there is no clear picture of your face.

Re:The IP is a lot like a license plate (1)

davegravy (1019182) | more than 5 years ago | (#28624137)

We should use this ruling as precedent
to get out of automated tickets when there is
no clear picture of your face.

Has anyone actually ever tried to get out of an automated ticket this way? What was the result?

Re:The IP is a lot like a license plate (1)

Culture20 (968837) | more than 5 years ago | (#28624191)

All they have is a picture of a fake license plate changed to look like mine on someone else's car which is purposefully running redlight cameras.
Golram teenagers.

Re:The IP is a lot like a license plate (1)

_avs_007 (459738) | more than 5 years ago | (#28624227)

You didn't need this ruling to do that, people have been fighting these tickets for years. (At least on the west coast). Reason being, the driving statutes (for speeding anyways) are explicit as saying it is the "driver" that is guilty of speeding. License Plate does not identify driver... The problem is, that most people don't know this distinction and just pay the fine... A CHP officer even told me this when I went with a friend to court a long time ago...

Couldn't this be a potentially good thing? (3, Funny)

billlava (1270394) | more than 5 years ago | (#28623923)

If the court ruled that IP addresses aren't personally identifiable, then couldn't some crafty lawyer argue that it can't be used to personally identify any defendant? I can hear the courtroom defenses now... "I didn't download and share 10 million hours of music, your honor. The computer located at 10.187.13.37 did."

Re:Couldn't this be a potentially good thing? (1)

n30na (1525807) | more than 5 years ago | (#28624141)

Wait, so computers are people now too, like corporations? golly.

Re:Couldn't this be a potentially good thing? (0)

Anonymous Coward | more than 5 years ago | (#28624241)

I'm sure the judge will backpedal fast enough to run Seattle's streetlights for a year the first time some guy gets hauled in on kiddie porn charges.

Windows95 vs Unix mentality (1)

scorp1us (235526) | more than 5 years ago | (#28624177)

I have to say this is one of the better rulings. The judge is enlightened to know that multi-tasking computers can serve many users at once. The idea that one IP=one user is completely a windows-centric perspective, which is even less true since windows 2000 (ish, not exact).

Now this should raise the bar for RIAA and MPAA, who only collect IP addresses. Now they need to associate the activity with the user's account. Given that this information is not usually available, it is a coffin nail for those organizations.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?