×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

P.I.I. In the Sky

Soulskill posted more than 4 years ago | from the not-about-pie-or-pi dept.

The Courts 222

Frequent Slashdot contributor Bennett Haselton writes "A judge rules that IP addresses are not 'personally identifiable information' (PII) because they identify computers, not people. That's absurd, but in truth there is no standard definition of PII in the industry anyway, because you don't need one in order to write secure software. Here's a definition of 'PII' that the judge could have adopted instead, to reach the same conclusion by less specious reasoning." Hit the link below to read the rest of his thoughts.

US District Court Judge Richard Jones's recent ruling in Johnson v. Microsoft has been much ridiculed for saying that IP addresses are not "personally identifiable information" (PII) because they identify computers, not individual users. Legions of critics have pointed out that this is like saying home addresses are not PII because they identify houses, not people. And it was pretty silly for Jones to say that "the only reasonable interpretation" of PII would be to exclude IP addresses from the definition — when, as the plaintiffs pointed out, Microsoft's own website defined PII to include IP addresses. (Microsoft has since removed from that definition from their online glossary and replaced with a link to their privacy statement.)

But the open secret in the privacy tech industry is that nobody knows exactly what "personally identifiable information" means anyway, and nobody cares, either. This is not because industry leaders don't care about privacy and security. They do. But being a good, privacy-conscious software architect has nothing to do with nit-picking the details of what counts as PII. If you're designing the new Hotmail, you should just know that passwords should be encrypted when users log in over the Web, that third parties should not be able to query the Hotmail database and harvest e-mail addresses, that users shouldn't be able to extract personal data such as birthdates that are associated with another user's e-mail address, etc. If you don't instinctively know those things already, then memorizing a definition for "PII" is not going to make you a good security-conscious programmer.

Conversely, the major security threats facing Windows users — malware infection through security holes in Windows and Internet Explorer — have nothing to do with the definition of PII or the finer points of Microsoft's privacy policy. There may even be public relations gurus at Microsoft who are glad to see the "IP addresses as PII" controversy in the headlines, if that relatively minor privacy issue distracts the public from the vastly more serious threats posed browser security holes.

There are indeed published definitions of "PII" — the US Office of Management and Budget Memo 07-16 defines PII as:

"information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc."

But that doesn't pass the test of what makes a good definition, which is: If two different people read that definition, and then you gave them an example of a piece of data (such as the school that someone graduated from), would they usually be able to agree on whether that data counts as "PII?" How about IP addresses? From the written definition alone, there's no way to tell for sure.

I actually worked as a contractor at Microsoft at the onset of the PII craze, and in order to commence working on what would eventually become Windows Live, we all had to watch a streaming video about PII, what it was, how to secure it, etc. Near the beginning, the narrator gave some examples of PII, including e-mail addresses, and mentioned that PII should be encrypted when transmitted over the Internet. (I'm not violating any confidentiality; these standards were all publicly released later.) Full of first-week-on-the-job idealism, I looked up the narrator in the company directory and earnestly typed out an e-mail raising some points, such as: Doesn't Hotmail display your e-mail address over an unencrypted connection when you're signed in to Hotmail? And anyway, because the standard e-mail protocols always transmit To: and From: addresses unencrypted over the Internet, how would it ever be possible to "encrypt e-mail addresses in transit" anyway? Wouldn't it make more sense to specify that individual e-mail addresses can be transmitted in the clear one at a time, but if we're ever transferring a large number of them in bulk, it would be wise to encrypt the list, to reduce the chance of it falling into the hands of a spammer?

Then the video kept rolling, and making more statements that seemed to contradict earlier ones, or that were too vague to give me any idea of what I was actually supposed to do in a given situation, and eventually I got the point: We do care about privacy and security. But, there is no algorithm that can determine unambiguously what counts as "PII" or what you're supposed to do in order to safeguard it. You just have to use your common sense and ask around if you're not sure. The main point of the video is to reinforce how important this is, not to impart any actual information.

So Judge Jones could have picked from many possible definitions of "PII," and nobody would be able to call him "wrong," as long as the industry doesn't know what it means, either. What he was really trying to decide was whether Microsoft violated its promise "not to collect PII" during the Windows Update process, because the IP addresses of users doing the downloads were visible to Microsoft's servers. The plaintiffs made some other claims in Johnson v. Microsoft that I think have more merit (basically, arguing that the "Windows Genuine Advantage" anti-piracy tool should not have been foisted on users without their consent as part of the Windows Update process), but on this particular point, I think they were bound to lose on the claim that collecting IP addresses during a download was a privacy violation. After all, if the judge had ruled in their favor on this point, Microsoft would have had to discontinue Windows Update in order to comply with the ruling, and I don't think anybody wants that.

So, maybe Judge Jones just decided that he didn't want to be known as the judge who outlawed Windows security updates, so he determined in advance that he was going to rule that Microsoft did not violate users' privacy by collecting IP addresses during Windows Update. Then he worked backwards from there to find reasoning that supported this conclusion. That's not really how it's supposed to work, but at least he could have had good intentions.

Unfortunately, the reasoning that he hit on was the absurd argument that IP addresses are not PII because they identify computers, not the people who own them. Here's something that he could have said instead:

"I'm not counting IP addresses as PII, because in order to find out who was using an IP address at a particular time, you have to subpoena the ISP. That's what makes them different from names and home addresses, which can be matched to individual people without a subpoena. As long as Microsoft isn't subpoenaing ISPs to find out who was using a particular IP address, for all practical purposes they are not 'personally identifiable.'"

Judge Jones actually started out in that direction by quoting from another case, Klimas v. Comcast Cable Communications, Inc., where the court wrote, "We further note that IP addresses do not in and of themselves reveal 'a subscriber's name, address, [or] social security number.' That information can only be gleaned if a list of subscribers is matched up with a list of their individual IP addresses." And that list matching up subscribers with the IP addresses they were using at a given time, can only be obtained with a subpoena. Jones could have quit while he was ahead and stuck with that reasoning, and he would have avoided all the ridicule that came from his statement about IP addresses.

Or maybe Judge Jones could have just said,

"Look, you don't have a standard definition for PII anyway. You adapt it to each individual situation, in order to determine what privacy protections should be built into each program, by using your common sense. So that's what I'm doing to do in this situation too. And my common sense tells me that having IP addresses visible to Microsoft's servers during the Windows Update process, is not a privacy violation, because that's how downloads work."

That's as good a definition of PII as any. Now let's get back to the real work of stopping Russian porno spammers from pwning our machines in the first place.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

222 comments

not absurd (2, Informative)

Anonymous Coward | more than 4 years ago | (#28769399)

It's not "absurd" to rule that IP addresses are not personally identifiable information from a legal standpoint for one very simple reason--though IP addresses can be PIIs, they are not always PIIs.

Re:not absurd (2, Interesting)

A. B3ttik (1344591) | more than 4 years ago | (#28769659)

How are VINs (Vehicle Identification Numbers) treated?

Though I guess that would still be more applicable to MAC Addresses than IP Numbers. How are License Plates treated?

Re:not absurd (1)

Smidge204 (605297) | more than 4 years ago | (#28769973)

The license plate analogy only makes sense if people are required to register their computers/internet enabled appliances as they are with vehicles.

Even then, the license plate only identifies the car and owner, not the operator. It is entirely possible that a vehicle may be used by someone other than the registered owner.
=Smidge=

thank goodness (5, Informative)

goombah99 (560566) | more than 4 years ago | (#28769701)

Under federal law, all federally owned or federal contractor owned computers now have to protect PII. this means all sorts of niscances on your computer as well as big penalties for you personally if you lose a laptop and the PII as not adequately secured.

fortunately e-mail addreresses, phone numbers, and yes EVEN names of people are, interestingly not PII. can you image if they were? likewise IP addresses are not PII.

I think people just don't understand the concept of PII, they mis interepret the ill chosen term. PII is not something that would normally place you at risk if revealed. Sure a spammer could spam you e-mail or DOS your IPaddress but that's not what they mean. If someone knows things associated with your security like your SS ID, that is considered PII.

I think that the show is on the wrong foot with regard to SS. Basically the SS number has been overloaded with too many uses to the point where you basically have to tell people it, yet you actually are made vulnerable by this. Something needs to be done about SS numbers so they don't have to be PII.

Postal addresses identify houses!I (0, Troll)

140Mandak262Jamuna (970587) | more than 4 years ago | (#28769407)

Not that I would recommend anyone doing it, but how would the judge feel if a bunch of internet activists decide to post his home address, since it only identifies a structure, not a person, and his car license plate numbers, since they too identify an inanimate object and so on? With judges like this, I expect judges jokes to overtake lawyer jokes in popularity.

Re:Postal addresses identify houses!I (2, Insightful)

Joe U (443617) | more than 4 years ago | (#28769461)

Sure, as soon as his home address and car license plates randomly shuffle while requiring an ISP to give you the rest of the information about the location.

Then you can go and post the information.

Re:Postal addresses identify houses!I (2, Interesting)

Wildclaw (15718) | more than 4 years ago | (#28769575)

My IP doesn't shuffle randomly. Does that mean that it gets protected under privacy laws unlike the dynamic ones?

Re:Postal addresses identify houses!I (0, Redundant)

commodore64_love (1445365) | more than 4 years ago | (#28769637)

My IP address doesn't randomly shuffle. It's been the same for several months now. In fact the MPAA has already identified me twice via that address, and basically said "stop downloading" via email.

So I think it's safe to say my IP address ties directly to me, the person.

Re:Postal addresses identify houses!I (0)

Anonymous Coward | more than 4 years ago | (#28769885)

power cycle your router a few times.

Re:Postal addresses identify houses!I (0, Offtopic)

Gizzmonic (412910) | more than 4 years ago | (#28769949)

Re: your sig

The US totally dropped the ball on digital TV. Although mobile ATSC is rolling out so there's finally a version of ATSC that can degrade gracefully. You'd think they would have been building it that way from the start.

Re:Postal addresses identify houses!I (1)

Joe U (443617) | more than 4 years ago | (#28770331)

Did they email you at user@ipaddress or did they contact your ISP for that information?

Re:Postal addresses identify houses!I (5, Insightful)

LordLimecat (1103839) | more than 4 years ago | (#28769549)

Im lost, doesnt slashdot normally ridicule rulings that tie a person to a crime based only on IP address? Doesnt this ruling toss that right out the window? Or am I being silly in expecting people on slashdot to be logical and consistent in their beliefs? Im sorry if ive ruined your "bash judges" party.

Re:Postal addresses identify houses!I (2, Funny)

Beerdood (1451859) | more than 4 years ago | (#28769711)

Im lost, doesnt slashdot normally ridicule rulings that tie a person to a crime based only on IP address? Doesnt this ruling toss that right out the window? Or am I being silly in expecting people on slashdot to be logical and consistent in their beliefs? Im sorry if ive ruined your "bash judges" party.

When it comes to personal privacy, an IP address is definitely identifiable information and this is an outrage. When it comes to file sharing though, there's no way you can prove that the IP address actually belonged to a particular person.. it could be anyone using that computer, or unsafe wireless network!

Re:Postal addresses identify houses!I (1)

iplayfast (166447) | more than 4 years ago | (#28770123)

I agree with LordLimecat. An ip address identifies a computer which may or may not belong to the person using it. I don't see how you can say that an IP address is identifiable infomation. It's information that has a higher likelyhood of being true, but not absolutely. (Which for legal matters would be important).

Re:Postal addresses identify houses!I (1)

hedwards (940851) | more than 4 years ago | (#28769563)

That's not in any way shape or form analogous. If I have your IP, I don't have the ability to go over there and kick the shit out of you. Even in the worst case all I'd be able to do is destroy your computer and take the information on it.

On top of that, IP addresses aren't personally identifying information, we've all been through that with the RIAA and MPAA suits, it at best identifies the computer and often times doesn't even do that successfully.

Re:Postal addresses identify houses!I (1)

commodore64_love (1445365) | more than 4 years ago | (#28769899)

>>>If I have your IP, I don't have the ability to go over there and kick the shit out of you.

Sure you do. When a certain forum sysop kicked me off his website after I announced I was Democrat but still liked watching Fox News, at first I tried reasoning with him but he refused to listen and called me various names. So I used the emails to trace the IP address back to his hometown and address. Then I set his car on fire.

Ooops.

I probably shouldna told ya that.

Re:Postal addresses identify houses!I (0)

Anonymous Coward | more than 4 years ago | (#28769583)

There's a *huge* difference between addresses, license plates and IP addresses.

Addresses and License plates are static and tied to an individual. You know who owns those numbers, and who is responsible for them. IP addresses are assigned dynamically... you can't even assume that the same computer gets a specific IP, let alone a person.

For example, if you can prove that you're not home when something bad happens, you can get out of it. If you're not driving your car when something bad happens (speeding, car stolen, etc), you can fight it - and if you can prove that you weren't there, you can get out of it.

Your analogy isn't only flawed, it's stupid.

Re:Postal addresses identify houses!I (1, Insightful)

eln (21727) | more than 4 years ago | (#28769755)

Dynamic allocation of IPs is only a valid argument against them being personally identifiable if ISPs don't keep records of who had what IP at what time. However, we know very well that ISPs do indeed keep these records, and are generally more than willing to hand them over to pretty much anyone who asks for them.

So, even with dynamic IPs, if you know the time and date when an activity took place, you can effectively tell who was responsible given the IP and the cooperation of the ISP, neither of which is particularly difficult to get.

Re:Postal addresses identify houses!I (2, Informative)

Talderas (1212466) | more than 4 years ago | (#28770063)

IP addresses only identify a machine, not a person. They -can- identify who was responsible for that IP address at any given time (the billing party), but that does not identify the person who committed an action with an IP address. The simple of existence of NAT and shared connection would be evidence enough that an IP address is not personally identifiable.

Re:Postal addresses identify houses!I (1)

iamhassi (659463) | more than 4 years ago | (#28769609)

"how would the judge feel if a bunch of internet activists decide to post his home address, since it only identifies a structure, not a person, and his car license plate numbers,"

wait... so we want the IP address to identify a person, not a computer? I'm confused, I thought this would be a good thing, since it meant RIAA couldn't prosecute people because an IP address was downloading and a person is not a IP address. Eventually this could lead to the end of stupid red light cameras [slashdot.org] that take pictures of license plates instead of people.

Re:Postal addresses identify houses!I (1)

Opportunist (166417) | more than 4 years ago | (#28769877)

That's why "car lending cycles" a favorite sport here to dodge traffic fines. Because the police has to fine drivers, not cars (or their owners), all you need is a few friends and claim that I didn't drive, I let him have the car that night. Police goes to the person you gave your car to, he repeats the game. After about four or five iterations, they just drop the case because they know it'll go on for a few dozen more.

There's a reason why they want to have cams take pics from the front instead of the back of your car, so far the lobbying groups managed to avoid that, citing "safety reasons" (like, you'd be blinded by the flash at night and similar excuses).

Re:Postal addresses identify houses!I (1)

ezelkow1 (693205) | more than 4 years ago | (#28770195)

But they do take them from the front, I got a cam truck picture ticket that took it from the front, scared the crap out of me too, but there are places where they take them from the front.

Re:Postal addresses identify houses!I (0, Flamebait)

commodore64_love (1445365) | more than 4 years ago | (#28769993)

If your car is moving through a redlight, then you deserve to be ticketed, even if it was your wife or teen doing the driving. That will teach you not to let other people drive your personal property. The only argument I can think against using the "electronic cops" instead of real cops to hand-out tickets is because people want to get-away with breaking the law. I disagree with this approach.

If you don't like the law, the proper procedure is not lack of enforcement but changing the books/signs/lights so the law makes more sense. So if the limit's 65mph and millions of people get ticketed, change the law to 70mph. Another example is when AAA proved the Washington D.C. lights had too short a yellow, therefore the lights were fixed and the number of violations dropped. Enforce the law as written; change the law if it's too strict.

Re:Postal addresses identify houses!I (1)

plague3106 (71849) | more than 4 years ago | (#28769869)

Not that I would recommend anyone doing it, but how would the judge feel if a bunch of internet activists decide to post his home address, since it only identifies a structure

I'm not sure that would be illegal. Is there anything legally preventing someone from stating that John Doe lives at 123 Fake Street?

his car license plate numbers, since they too identify an inanimate object

Um, isn't that exactly what judges have said in the past, hence why its legal for you to write down the plate number? That it's ok for plate numbers to be photographed and stored?

Re:Postal addresses identify houses!I (1)

mcgrew (92797) | more than 4 years ago | (#28769933)

I thoroughly disagree with your post, but I also disagree with its moderation.

My license plate doesn't identify me, it identifies my vehicle. I'm not always the one who drives it. My address doesn't identify me, either, it identifies my residence, and again, even though I'm the only one who lives there, I'm not always the only one there. If someone I know commits a crime and they apprehend them on a warrant, should I be held as an accessory just because they once visited my house?

Re:Postal addresses identify houses!I (1)

Uber Banker (655221) | more than 4 years ago | (#28770049)

I think you identified they key point well: It's not what PII is, or what something judged 'not-PII' is, it is what is done with any piece of information collected. That should be well defined, and if usage of PII or non-PII data is in breach of an agreement (for example whether and IP address is PII or isn't PII, if a service decide to sniff me on an IP address, as an example, as a result of my using their service, that should be changeable, rather than whether or not an IP address is PII).

Re:Postal addresses identify houses!I (0)

Anonymous Coward | more than 4 years ago | (#28770091)

That works if you dont publish the name with it. JRE 613 is a Nebraska car license plate, but without DMV access, its just a number.

psot? (1)

Hognoxious (631665) | more than 4 years ago | (#28769413)

Is this psot personally inedifitable?

Re:psot? (1)

Midnight Thunder (17205) | more than 4 years ago | (#28769873)

Is this psot personally inedifitable?

I know that was meant to be a joke, but in reality that depends on how many people use your account, and whether the information in your account is correct. I can make certain assumptions, but only an investigation would prove the correctness of my assumptions.

The problem with IP addresses is that if it is static then it could either identify a subnet if NATed or a single computer and then who is to say there isn't more than one person using the machine? If it is dynamic then, depending on the duration of lease, over a time period it could be referencing different subnet or computers, in addition to the scenarios pointed out for static addresses.

Re:psot? (1)

dyingtolive (1393037) | more than 4 years ago | (#28769957)

Not the content itself, but your name might be. Are you the Hognoxious of Arkansas?

Re:psot? (1)

Hognoxious (631665) | more than 4 years ago | (#28770265)

Dang! Forgot to check "Post Anonymously!".

Where were we? Ah, yes - if you're referring to the Razorbacks fanatic I'm aware of him, but I came up with the name independently.

Bad Analogy? (0)

Anonymous Coward | more than 4 years ago | (#28769415)

My home address only identifies my house, not me.

I suppose that should just be given out freely as well.

Re:Bad Analogy? (1)

Norsefire (1494323) | more than 4 years ago | (#28769547)

Is your home address shared by everyone else in your vicinity at random intervals? Does it sometimes change when you leave the house? If I send something to your home address is there a chance that are ~INF people with the same address?

While I don't think IPs should be public information, the house analogy doesn't quite work. We need a car analogy.

Re:Bad Analogy? (1)

Em Emalb (452530) | more than 4 years ago | (#28769669)

We need a car analogy.
rich
Very well. If you're a homeless man, and you're breaking into cars to get out of the freezing cold of winter (and you really like the feel of rich, Corinthian leather) then if you were faced with either entering a beat-up Pinto or a nice extended-cab 4x4, you'd more than likely take the 4x4, correct? The only reason I can think of that you'd take the Pinto is either you're completely nuts or you got confused and thought you were going to be sleeping inside a giant bean. Which, you know, is pretty understandable.

For the record, you never said we needed an on-topic, on-point car analogy. ;-)

Absurd? (5, Insightful)

ghrom (883027) | more than 4 years ago | (#28769423)

Using IP to identify a person responsible for an internet crime is roughly the same as using a car insurance policy owner to identify the runaway killer.

Re:Absurd? (2, Interesting)

mea37 (1201159) | more than 4 years ago | (#28770055)

However, that has nothng to do with the case at hand. PII doesn't mean "evidence of who was responsible for some action".

Knowing that a particular IP address was used in a particular IP violation (har) does not, in and of itself, prove that the Bill Johnson, to whom that address is assigned, committed the crime. In civil court it's a pretty good start, though - and more to the point, something doesn't have to prove a direct connection to be PII.

What makes the judge's reasoning absurd is, it would apply equally well to things we know are PII. Example:

Knowing that John Smith was robbed at 123 Elm St. doesn't mean that Bob Jones, the resident at 123 Elm St., robbed John Smith. However, 123 Elm St. is considered PII - if a healthcare provider released the information that they shipped xanex to 12 ELm St., they would violate HIPAA because this would strongly imply that Bob Jones has certain medical conditions.

Re:Absurd? (1)

gfxguy (98788) | more than 4 years ago | (#28770141)

Except that it would be less so if it were an apartment building, for example, unless it included a unit number, if it didn't have the actual name on it.

Likewise, while your neighbor can steal your mail, it's a lot harder for you neighbor to, for example, subscribe to a porno magazine and have it delivered to your address and successfully steal just that porno from your mailbox on the exact day that it shows up just to avoid embarrassment, than it is to steal someone's wifi.

In fact, neighbors don't often share mailboxes, but I'd bet a lot of people, in small groups, willingly share their internet access because it's very easily done, not illegal, and can be very cost effective.

Then you have the issues with drive-bys and so forth... it's just not quite the same as your street address.

Re:Absurd? (1)

mea37 (1201159) | more than 4 years ago | (#28770289)

You know what, go read the background of the case. None of the points you're raising have anything to do with the actual material being discussed. It is not about proving that someone is responsible for a given action.

As for your belief that an address sans apartment number wouldn't be PII - not so in the medical industry (as one example). In fact, a ZIP code can often be considered PII.

I would disagree with the premise. (5, Insightful)

tjstork (137384) | more than 4 years ago | (#28769449)

"A judge rules that IP addresses are not 'personally identifiable information' (PII) because they identify computers, not people. That's absurd,

I think that is not absurd. IP's could be utterly random, changed by anything... there's no process or standard or central authority or anything that guarantees that its even your computer. In order for you to have a computer identifer that is legally bound to you, you have to go through a quasi government process that has

a) the applicant providing proof of identification
b) the register validating that identification and issuing the ip to the person...
c) payment or proof of payments to associate the identification with the applicant.
d) finally, the ip should remain the property of the applicant, but, the government should track transfers.

If you did all that, then, yes, you might say the ip belongs to a person, because that's the only process that can eliminate reasonable doubt.

Re:I would disagree with the premise. (2, Interesting)

Em Emalb (452530) | more than 4 years ago | (#28769509)

what can they use? What's the one thing that never changes? Even Mac addresses can change, just replace the hardware.

It's tough. However, in most cases, unless the ISP does something, the average home user will get the same DHCP IP address for as long as they leave their computer on and it can auto-renew.

Re:I would disagree with the premise. (3, Informative)

FlyingBishop (1293238) | more than 4 years ago | (#28769607)

If you read the whole article (why would you do that, I know) he gets into that in the end.

What he's saying is that if it does identify a computer, it's patently absurd to say that that does not necessarily identify a person. An address does not necessarily identify a person either, just a house. But it remains PII.

If you did all that, then, yes, you might say the ip belongs to a person, because that's the only process that can eliminate reasonable doubt.

Actually, the courts have already ruled (in the Jammie Thomas case, as well as countless RIAA lawsuits) that IPs do in fact identify people.

But TFA goes on to give several more logical explanations of why it is not PII.

Re:I would disagree with the premise. (0)

Anonymous Coward | more than 4 years ago | (#28770293)

And the courts have also ruled the other way.

Armchair lawyering is ugly.

Further, a house is not randomly assigned and people generally are assigned (in) a house for longer than they have an IP. Hell, they are in a house longer than they may have thousands upon thousands of IPs.

An IP cannot be PII alone. There must be a number of other things in line with the IP. For example, an IP cannot be PII on a public library computer unless the IP is matched to the internal IP which is then matched to that PC which there is then a video recording of whomever used the computer, with a time stamp.

Just knowing the IP is so far from PII it's more akin to the number you get waiting in line at a busy butcher shop - you need to know more than just the number to know who the number is attached to.

In the library example, does everything that happen at the library become the criminal responsibility of the chief librarian - the only person truly identifiable by the IP?

Re:I would disagree with the premise. (0)

Anonymous Coward | more than 4 years ago | (#28769709)

Right. Therefore it *is* PII. "Personally identifiable" does not imply in any way that you don't have to do any crossreferencing or ISP-querying. Follow those (rather ridiculous) steps and you identify the person. Personally identifiable.

Re:I would disagree with the premise. (3, Insightful)

samurphy21 (193736) | more than 4 years ago | (#28769759)

Untrue. You identify an internet device. Just because an IP was used to perpetrate an act, you can never use that information to link to a person. Anyone can be sitting at a keyboard, or using a smart phone, or tapping an ipod, not just the "owner" of the device.

If my computer's IP was used to steal personal information in a phishing scam, not even mentioning that the computer could be doing this unbeknownst to me while I'm sitting here, anyone else who has physical access to my home, legally or otherwise, could be using this computer at any time.

Re:I would disagree with the premise. (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#28769715)

"information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc"

Re:I would disagree with the premise. (3, Insightful)

Grond (15515) | more than 4 years ago | (#28769721)

Reasonable doubt may be the standard in American criminal cases, but it is not the standard in a civil case such as the one being discussed here. In an American civil case the usual standard is preponderance of the evidence, which is a 'more likely than not' or '50% + 1' standard.

Thus, for households in which the computer is used primarily by one adult, an IP address is personally identifiable in that knowing the IP address (in conjunction with information from the ISP) makes it more likely than not that the adult in question was using the computer at the time the transaction with that IP was logged. The problem is that many households have multiple computers and/or multiple users and information from the ISP is necessary to tie an IP to an individual or household. So Microsoft, which had only the IP addresses, did not have personally identifiable information.

Re:I would disagree with the premise. (2, Interesting)

Opportunist (166417) | more than 4 years ago | (#28769923)

No, but in that case it's likely that simply ALL the computers in the household are to be confiscated and examined. This way or that, the IP address finally leads to the person who did it. It may not be personally identifyable, but it leads to a small enough subset that searching all of the individuals becomes feasible.

That's like saying there's a culprit in that bar, let's search everyone for the weapon.

Re:I would disagree with the premise. (1, Insightful)

Anonymous Coward | more than 4 years ago | (#28769757)

Even with the process you outline it would be difficult to prove that the IP address belonged to an individual since spoofing an IP address can be a relatively simple proposition.

Additionally, I would argue that in most cases IP addresses do not even identify computers but rather access points for computers. In my home we have a minimum of 4 computers that are running on a regular basis all using a single IP (as far as the outside world is concerned at least). Add to that the number of insecure and/or improperly configured wireless access points that are available I don't know how you could even begin to assume that an IP address is PII.

Still not enough (0)

Anonymous Coward | more than 4 years ago | (#28770177)

Soulskill's comment is absurd. Suppose that you go through all of the above and establish your IP as your identity.

Now anyone who is able to crack into your system is you, in the eyes of the Court.

Even Soulskill would have to be uncomfortable with that.

I'm not sure I follow. (0)

Anonymous Coward | more than 4 years ago | (#28769507)

People purchase things and register for services on the Internet. Isn't there the potential for Microsoft to match at least some of these IP addresses/timeframes with real names without a subpoena by comparing notes across their various online services and partnerships?

NAT (3, Interesting)

Joe U (443617) | more than 4 years ago | (#28769529)

I share a NAT connection with over 50 other desks at work, most of them are not in the same company. Is my IP address PII?

Re:NAT (1, Funny)

Anonymous Coward | more than 4 years ago | (#28769619)

Yes, now get back to work.

And hope Joe in the next cube isn't a pervert.

Re:NAT (1)

0racle (667029) | more than 4 years ago | (#28769793)

You share a building with 50 other desks at work, most of them are not the same company. Is that buildings address PII?

Is your home address?

Re:NAT (1)

Talderas (1212466) | more than 4 years ago | (#28770191)

I work in Indiana, but I believe my IP address shows my place of work to be residing in Arizona. In fact, we don't own any property in Arizona.

Absurd? Are you taking the piss? (4, Insightful)

Assmasher (456699) | more than 4 years ago | (#28769533)

Seriously, the IP address of a computer in your public library, or a school, or in a house with more than one person, how is that personally identifiable information? Talk about absurd...

Re:Absurd? Are you taking the piss? (1, Insightful)

ceoyoyo (59147) | more than 4 years ago | (#28769685)

Sounds like a fantastic precedent to me. The only thing the RIAA has to identify the people they sue are IP addresses. The judge said IP addresses cannot be used to identify people. You can't sue a computer. This is a wookie. Case closed.

Re:Absurd? Are you taking the piss? (1)

Beerdood (1451859) | more than 4 years ago | (#28770007)

You could still link other information to a person however. In the Thomas / RIAA case, there was enough evidence to link her user name "tereastarr" to other accounts of hers, such as email. In this case, the IP address wasn't even necessary. You can't sue a computer, but with enough other evidence you can link a computer to a person, or an online account to a person. These filesharing cases aren't over just yet, but it certainly makes it a lot harder for them to have a case (i.e. unsecured wireless network)

How could this work ... (1)

Wrath0fb0b (302444) | more than 4 years ago | (#28769539)

... if they don't collect the IP address of the computer requesting the update? Just send it to "the internet" and hope that the routers magically send it to the right computer? Multicast? TOR-WGA?

The real protection of privacy should (IMHO) come from the fact that your ISP ought to require a court order anytime someone wants to look through their DHCP records to match an IP address with a real person. If they don't, then you should take a very hard look at their policy for discretionary (aka, non-legally compelled) disclosure and see if it meets your needs.

This is, incidentally, why the "street address" analogy is somewhat inapt -- there is a public dictionary mapping street addresses to names or, if you are unlisted, they can physically locate you. OTOH, you can't drive to 141.30.219.76 (yes, that's currently my IP -- OMG I posted personal information on the internet.

[ For the wiseasses that are going to whois that, yes, you can figure out what university I'm at right now. That narrows it down to a few dozen city blocks filled with many thousands of students using the school network. I'm fairly confident you couldn't find out anything about me without the IT department's help. ]

Re:How could this work ... (1)

Joe U (443617) | more than 4 years ago | (#28769597)

141.30.219.76 You're in Dresden? How's school?

Re:How could this work ... (1)

Joe U (443617) | more than 4 years ago | (#28769641)

Sorry, I couldn't resist.

Seriously though, you're right on point. I might be able to narrow you down to a group of a few hundred, but that's it without help.

I agree... (0, Redundant)

HockeyPuck (141947) | more than 4 years ago | (#28769553)

If a IP address was determined to be PII, then who's responsible for a multiuser system? Back in college when we accessed email on a single large sun box with pine, there could be 200 students logged in simultaneously. If someone launched an attack from that one box, which of the 200 students is responsible? If I leave my windows PC on, and someone breaks into it (they break into my house etc..) am I all of a sudden responsible? One could extend this to almost anything. If my car runs over an old lady in the street, this does not imply I was at the wheel.

Obligatory car analogy (4, Insightful)

Alpha830RulZ (939527) | more than 4 years ago | (#28769571)

I think the judge is correct. If your car was leaving a crime scene, and the license plate were noted, your defense attorney would correctly note that someone else could have been driving the car. If your IP address is noted doing something nefarious, your lawyer would again correctly note that someone else could have been using the computer. That indicates that the information isn't uniquely identifying.

PII isusually the information that uniquely identifies a person. Name, SSN, and birthdate are the holy trinity of PII, with account numbers for a business close behind. The data security droids usually lump in address and phone, but I think that's an error in reasoning because of the above observation. I think they could correctly be described as sensitive, and certainly businesses and developers should treat them as such. But I don't think addresses and phone numbers are deserving of the protection that your name, birthdate and SSN get, because you can't go open a checking account in my name just by knowing my address.

Re:Obligatory car analogy (1)

plague3106 (71849) | more than 4 years ago | (#28769965)

Can they though? I believe I read that if you claim that someone else was using your car, YOU need to provide information on who... since its your property, its your responsiblity to know where it is. So if you get a knock at the door, and your car is still in your driveway and was never reported stolen, if you're going to claim it wasn't you, you'd better know who it was.

Re:Obligatory car analogy (3, Interesting)

JustinOpinion (1246824) | more than 4 years ago | (#28770057)

I fully agree that name/birthday/SSN are "more important" PII than, say, a phone number. But the reason PII is defined more broadly is that the dangers are broad. The dangers are not only due to being accused of a crime or sued. Or identity theft.

For instance, if a medical record were leaked that said "John Smith, DOB: 01-05-1970 has lung cancer" that would be bad because it includes personally-identifying information, so everyone knows Mr.Smith's personal medical information. But a leaked medical record that said "person with phone number 260-555-1234 has lung cancer" isn't much better. Sure phone numbers don't match 1:1 to people, but the 2nd example I gave of leaked information would be just as damaging, to the person, as the first, since the phone number reveals the identity of the person. Not uniquely, perhaps, but close enough for it to be a problem (close enough for someone unscrupulous to do damage, unfairly discriminate, use for identity theft, damage reputation, etc.).

Again, this is why PII has to be defined fairly broadly: because a combination of even fairly innocuous data (even something quasi-public, like your phone number) with more sensitive data can be damaging. The extent to which these arguments apply also to IP addresses (which are, generally, not listed) is debatable.

Re:Obligatory car analogy (2, Insightful)

2obvious4u (871996) | more than 4 years ago | (#28770321)

I don't care who has my SSN, since I have to give it out all the time to pretty much anyone who asks.
The only PII that really matters is my bank account. It is all about following the money, who cares who you are as long as you can pay for whatever it is you want. SSN is almost like a public key.

It's still a better ruling than... (2, Interesting)

Anonymous Coward | more than 4 years ago | (#28769585)

... what I've seen working for the USDA. We have a program that allows loan officers to run what-if scenarios on a farmer's finances to see if they qualify for loan servicing that would lower their payments on their government debt, minimize the loss to the government. In order to identify a borrower we use their tax-id. We were displaying the last four digits to help a loan officer identify the correct borrower when there are multiple people with the same name living in the same county. A recent policy decision however, ruled that the last four digits are PII and can no longer be displayed, so now our users will be confronted with lists of borrowers that look like the following:

Smith, John
Smith, John
Smith, John
Smith, John
Smith, John
Smith, John
Smith, John
Smith, John
Smith, John
Smith, John
Smith, John
Smith, John

with no way to determine which John Smith is the correct borrower.

Lovely

Not true. (2, Interesting)

chipmeister (802507) | more than 4 years ago | (#28769591)

My home address is not randomly assigned to me every time I come home from work. Plus, there is quite a bit of information around mortgages, tax documents, etc that tie me to my home address. Sorry, but the link between IP address and a person is pretty weak. Under certain circumstances it may be possible to prove a link between IP and PII. But as a general rule it is not as strong as home address.

Re:Not true. (1)

Tony Hoyle (11698) | more than 4 years ago | (#28770277)

Neither are most peoples IP addresses, unless they're on dialup. Dynamic IP made sense when IPs had 200 dialup ports and 2000 users, but not in these days of 24/7 connections... if you never disconnect your IP isn't changing so why make it dynamic in the first place?

If you whois'd my home IP you'd find my name, address and telephone number. It most definately does identify me. At the very least your IP is going to determine your ISP who can tell you exactly who was using that IP at the time.

Legally tracking? (3, Interesting)

Matt_Bennett (79107) | more than 4 years ago | (#28769613)

Does this mean that illegal activity originating from an IP address tied to me cannot be used in court as evidence against me? (Like in the RIAA cases?)

Re:Legally tracking? (2, Interesting)

Beerdood (1451859) | more than 4 years ago | (#28769831)

Does this mean that illegal activity originating from an IP address tied to me cannot be used in court as evidence against me? (Like in the RIAA cases?)

Before any of the software pirates / MAFIAA haters start cheering, there's plenty of other evidence to personally identify a user. In the Jammie Thomas case for example, she used the same username that she always had, had a password protected PC and was the only one that had access etc... So I doubt this ruling will make a difference in this case

However, if the IP address is the ONLY piece of evidence linking a file sharer (or some more serious criminal activity i.e. child porn, identify theft, scam artist, spammer) then I'm sure this ruling will be referenced in future cases

ohnoitsbennett (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#28769621)

reminder to everyone to tag all of this dumbass's posts with "ohnoitsbennett" until the editors stop inflicting him on us. or at least give us a way to filter out specific submitters.

Botnets? (1)

ramirez (51663) | more than 4 years ago | (#28769625)

In the age where we're constantly discovering new botnets. Where most computer owners probably couldn't tell if their computer is being controlled by someone else (can most experts even be sure?) how can you say that an IP address is personally identifiable in a legal context? I guess if you can prove that 1) a computer had that IP address at the moment in time in question 2) Another computer didn't have the same IP address at the same time (always fun) 3) The computer was not compromised by an entity unknown to the user 4) The person you're trying to identify was using the computer at the time.

Re:Botnets? (1)

Opportunist (166417) | more than 4 years ago | (#28770013)

1 and 2 are quite doable. 3 and 4 are near impossible, but also (unfortunately considered) irrelevant.

3 falls through the plausibility clause most of the time. Why should someone use your computer to download illegal porn or content? What's his gain? Unless you manage to show that someone has a keen interest to see you put behind bars and also has the ability to pull it off, you're on very weak ground here.

4 is usually a non-issue. You have no verdicts cast over IP addresses, you have warrants issued over them. I.e. some police guys come and carry away every computer or other storage equipment they can find at the place that IP address points to. If you're living alone and one of your computers contain the content, you're due. If you don't, they'll try to figure out whose computer had the info and try him for it.

The real rules on this issue (1)

dkleinsc (563838) | more than 4 years ago | (#28769665)

If we're talking about what information a corporation is allowed to collect, sell, etc from its customers without authorization, then IP addresses are not personally identifiable.

If, on the other hand, we're talking about the ability of RIAA or MPAA plaintiffs to identify someone as engaging in copyright infringement, then IP addresses always identify a particular person who is responsible.

No aburd, thought this article might be. (1)

gubers33 (1302099) | more than 4 years ago | (#28769667)

The more absurd thing would be comparing an ip address to a home address. Unlike a home address, an ip address can not be easily spoofed. Nor does can it change on the flip of a coin. Although service providers usually continuously reassign the ip address through DHCP, doesn't mean they always do. Ip addresses don't even identify computers, they identify devices on the network. Today, routers and hubs are used almost everywhere, meaning that the ip address isn't even identifying the computer it is identifying the router. MAC addresses would be more effective, but they can be spoofed just like an ip address. Plus if you use a proxy server, both this servers become even harder to find. Not to mention someone could be on another persons computer.

Not "absurd" (2, Informative)

wcrowe (94389) | more than 4 years ago | (#28769703)

"A judge rules that IP addresses are not 'personally identifiable information' (PII) because they identify computers, not people. That's absurd..."

Absurd? Sorry, call me absurd too then. I have to agree with the judge, sort of. An IP address identifies a node on a network, not necessarily a computer, but I believe the judge is correct in pointing out that they do not identify people.

Re:Not "absurd" (1)

recoiledsnake (879048) | more than 4 years ago | (#28770349)

An IP address identifies a node on a network, not necessarily a computer, but I believe the judge is correct in pointing out that they do not identify people.

The 'node'(eg. a cisco router) is technically a computer as well(for layman, court purposes).

Misunderstanding the issue (5, Insightful)

Draque (1367509) | more than 4 years ago | (#28769717)

I believe the author of this article misunderstands the motivations of the judge. This case seems to me to have very little to do with Microsoft and their security updates and everything about the judge wanting to set a legal precedent for future, unrelated cases. If he had ruled that an IP address was P.I.I., it would mean that a person could be found guilty of crimes, held civilly responsible for transactions and a whole slew of other things based entirely on the IP address of the computer that had acted online. Although an IP is a very good clue as to who might have been acting online, it is *only* a clue.

Re:Misunderstanding the issue (1)

pjt33 (739471) | more than 4 years ago | (#28769953)

My date of birth and mother's maiden name don't uniquely identify me either. In fact I'd give good odds that the tuple (name, father's name, mother's name, date of birth, city of birth) doesn't form a unique identifier. That doesn't make them not PII (or "personal data" for those of us in the EU).

Really? (2, Interesting)

argStyopa (232550) | more than 4 years ago | (#28769731)

How is that "absurd"?

PII requires a 1:1 matchup with a PERSON.
In the course of a single day or week, how many people use a single external IP address at an Internet Cafe?

I think the ruling is correct - PII is no more personally-identifying than the street address of (possibly) an apartment building.

Re:Really? (1)

canajin56 (660655) | more than 4 years ago | (#28770233)

It doesn't require a 1:1 matchup. You can have two bank accounts, that doesn't mean that since it's a 2:1 matching, that it doesn't identify you anymore! And you can have a joint account, so that's a 1:2 matching, and it still identifies you pretty damn well. Plus, it most certainly does have a 1:1 matchup if the ISP logs DHCP assignments for a reasonable length of time. The ISP knows the account # it was assigned to, and therefore knows the customer it was assigned to. Who cares if they are the one using that computer, it was assigned to one individual. Just like a license plate is assigned to one individual. It doesn't identify who was driving the car, but it identifies SOMEBODY.

Technical Reasoning vs Legal Reasoning (3, Insightful)

Grond (15515) | more than 4 years ago | (#28769931)

The author suggests this:

"Look, you don't have a standard definition for PII anyway. You adapt it to each individual situation, in order to determine what privacy protections should be built into each program, by using your common sense. So that's what I'm doing to do in this situation too. And my common sense tells me that having IP addresses visible to Microsoft's servers during the Windows Update process, is not a privacy violation, because that's how downloads work."

There are several problems with this. First, reliance on common sense and deference to the individual situation creates uncertainty, which in turn invites litigation. Such non-rules create problem spaces that can only be mapped through large amounts of expensive trial and error. Well defined rules eliminate uncertainty and discourage litigation by making the result obvious from the outset.

Second, this is a district court case. The district judge is concerned with the specific problem in front of him or her: are IP addresses personally identifiable information or not. The district court has neither the time nor the need (nor the authority, really) to create rules with broad scope.

Third, this case isn't about the meaning of 'personally identifiable information' generally. It's about the meaning of the phrase within the Windows XP End User License Agreement. The ruling is about construing the language of a contract, not privacy law as such.

Fourth, this is a federal court case dealing with a state contract law issue, in this case the law of the state of Washington (note the judge's citations to Washington contract cases like Seabed Harvesting v. Dep't of Natural Resources and Elliott Bay Seafoods v. Port of Seattle). When dealing with a state law claim, the federal courts are supposed to apply the law of the state as it would be applied by a state court; they are not empowered to make new state law. Erie Railroad v. Tompkins. Thus, it would be wrong for a federal court to make broad statements about the meaning of the term 'personally identifiable information' in contracts under Washington state law. Instead, the judge did the right thing and addressed only the specific problem at hand.

IP Addresses aren't personal (1)

Xipher (868293) | more than 4 years ago | (#28769995)

The difference between an IP Address and identifiable numbers (Street Address, License Plate Number, Telephone Number, SSN, Student ID, Credit Card #) is that IP addresses aren't exclusive to people. IP addresses are allocated to organizations, not end users. AS Numbers are allocated to organizations, not end users. A single IP address doesn't distinctly identify a user in any way and could be used by thousands of different people in the course of a day or less. And you can not tie an IP to a specific person in order to give it this purpose, just not technically feasible. The only thing an IP address can identify is the organization it's been allocated to and possibly what hosts have used that address.

Re:IP Addresses aren't personal (1)

joeyblades (785896) | more than 4 years ago | (#28770215)

In your list of "identifiable numbers" you include street address, license plate number, and credit card number. I share all of these with my wife and kids. Occasionally I have house guests who share my address and I may even loan them my car. So technically, none of these are examples of personally identifiable information.

seems reasonable to me... (0)

Anonymous Coward | more than 4 years ago | (#28770017)

Seems to me that an IP address is not PII. A specific IP address, even coupled with say MAC address, user name of a currently logged-in user, and handfuls of other information that could be subpoenaed from an ISP are in no way some kind beyond-doubt identification of who is using the computer. At best, you can only guarantee which computer is being used, but there is no way to prove who was actually using it, especially if the connection is in some public domain, like a wi-fi hot spot, a library, etc.. This may not be particularly relevant to the case, but couldn't ruling that IP address is PII possibly set a precedent for future jurors to make uncertain convictions and unfair rulings based on IP addresses or other uncertain bits of information?
Again, I don't know much details of the case, what microsoft was using the data for, what their privacy policy states, etc, but gathering IP addresses of users that connect to your server seems fair and discrete, in my opinion.

oh please (1)

nomadic (141991) | more than 4 years ago | (#28770037)

If the judge was presiding over a DMCA case, and ruled that IP addresses didn't constitute personally identifiable information and therefore wouldn't support an RIAA subpoena, the same exact people ridiculing the judge here would completely reverse their decision and praise the decision.

I disagree (1)

mea37 (1201159) | more than 4 years ago | (#28770143)

I reject the author's premise that programmers don't need to care about the definition of PII. It's true that PII is a different issue from technical application security, but that's like saying that because fuel efficiency isn't crash safety auto engineers don't have to worry about fuel efficiency.

(You know you wanted a car analogy.)

It would be correct to say that PII is a business concern rather than a technical one, but I for one don't trust software developers who don't understand their business.

The correct reasoning to resolve this case, IMO, is to consider it implied (or, failing that, give MS a slap on the wrist and require them to make explicit) that the ban on collecting PII doesn't apply to situations where such collection/use is necessary to provide the requested service. That's the basic model HIPAA uses, and for all its flaws I can't imagine anyone arguing that HIPAA were too permissive. Then it no longer matters if an IP address is PII.

Question for NewYourkCountyLawyer (1)

Trails (629752) | more than 4 years ago | (#28770157)

Doesn't this provide a handy precedent against the RIAA?

If IP's aren'[t personally identifiable, as a matter of legal precedence, then isn't trying to tie a person to an ip de facto not possible?

Seems to me the courts can't have it both ways.

Re:Question for NewYourkCountyLawyer (1)

Trails (629752) | more than 4 years ago | (#28770179)

Um, that should be NewYorkCountyLawyer, us crazy Canadians put u's in everything!!!

try this for absurd (1)

ag3ntugly (636404) | more than 4 years ago | (#28770253)

there are no less than 8 people who have the key to my network, and at any given time there are half a dozen computers connected to it between me and my roommates and the upstairs neighbors so to say that my internet facing IP positively identifies any of us is "absurd". I will however be positively delighted if my IP is ever used as evidence agaisnt me in court, because It carries with it more than enough reasonable doubt.

How is it absurd? (1)

Eggplant62 (120514) | more than 4 years ago | (#28770337)

Answer the following: I have a total of 8 computers turned on and active in my home. Two of those computers are virtualized on one server. Including me, I have 3 adults living here at home. Please tell me specifically which one of us 3 adults is at which computer, whether or not they are using a virtual machine, a laptop or one of my servers, and at what time of day we're using the PC based only on the IP address leased by my router.

Intent and Good Intentions (1)

gpronger (1142181) | more than 4 years ago | (#28770339)

After pondering the article, and a few of the links, what seems to be the point is intent. If ancillary information is gathered, necessary in supplying a service, with sufficient safe-guards in place, then its OK. The problem I see with this approach is that, as the old saying states, "The road to hell is paved with good intentions", though any particular service provider may have both insufficient PII for identification purposes, and has put in place what they consider sufficient safe guards, the "Russian Porno Spammers" are intent on hacking sites and are more than likely compiling partial PII information across web sites. This would allow them to write the life history for anyone who's sufficiently active on the internet (though they'd more likely simply steal everything the individual owns).

This is where a uniform standard would be beneficial, so that what is available anywhere is controlled. This ideally would come out of the industry than government, simply because they are more likely to be more on top of the situation.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...