Judge: An IP-Address Doesn’t Identify a Person!

drunkmonkey

Snip of story:

"A landmark ruling in one of the many mass-BitTorrent lawsuits in the US has delivered a severe blow to a thus far lucrative business. Among other things, New York Judge Gary Brown explains in great detail why an IP-address is not sufficient evidence to identify copyright infringers. According to the Judge this lack of specific evidence means that many alleged BitTorrent pirates have been wrongfully accused by copyright holders"

Full Story here: http://torrentfreak.com/judge-an-ip-address-doesnt-identify-a-person-120503/

Did Eircom or some other company take some customers to court for copyright infringement or did I just dream it, has there been any such case here where an IP address has being taken to Identify a person?

What's your view on this?

RandolphEsq

drunkmonkey wrote: »

Snip of story:

"A landmark ruling in one of the many mass-BitTorrent lawsuits in the US has delivered a severe blow to a thus far lucrative business. Among other things, New York Judge Gary Brown explains in great detail why an IP-address is not sufficient evidence to identify copyright infringers. According to the Judge this lack of specific evidence means that many alleged BitTorrent pirates have been wrongfully accused by copyright holders"

Full Story here: http://torrentfreak.com/judge-an-ip-address-doesnt-identify-a-person-120503/

Did Eircom or some other company take some customers to court for copyright infringement or did I just dream it, has there been any such case here where an IP address has being taken to Identify a person?

What's your view on this?

I think it is something like they cut off the internet for those who offended three times.

There was an article today (well, technically yesterday, Thursday), in the Irish Times 'Business and Technology' supplement on how the legislature are going about internet piracy the wrong way which was quite interesting.

It seems to me that passing laws to ban websites such as the Pirate Bay is the wrong way to handle the issue of piracy because we will end up with total censorship the way things are heading. Take Turkey as an example, where websites such as YouTube are banned. The benefits of combating piracy are entirely outweighed by the restrictions to freedom of communication over the internet. YouTube has a policy whereby it will remove videos if there is a copyright complaint, which works. The people and companies bemoaning, for example YouTube, for not going far enough in protecting their intellectual property, and lobbying governments to pass freedom-restricting laws, need to be more active themselves in protecting their copyright.
The reality of the situation is that the internet is only going to become an even more integral and influential part of everyday life, and the persons concerned about their intellectual property are going to have to take on more responsibility themselves to ensure their material is not being subjected to illegal plundering.

Tom Young

High Court:

EMI & Ors. v Eircom Ltd. (One interim ruling & one settlement agreement - Charleton J.);
EMI & Ors. v UPC Ltd. (Charleton J.);
EMI & Ors. v ESAT Communications (Non-Party Discovery Order);

CJEU:

Scarlet Extended (Sabam v Tiscali SpA);
Sabam v Netlog - 2012.

Article 1, 3(a) of the Electronic Communications Regulatory Framework, 2009.

Regs: 15, 16, 17, 18 of SI 68 of 2003 or 12, 13, 14 & 15 of Directive 2000/31/EC.

All operate in this debate. Whether an IP address can currently be capable of identifying an individual and whether it is personal data are matters that can be dealt with on a case by case basis.

Carawaystick

An ip address cannot uniquely identify a person, no more than a physical address can identify a person. The fact this is in doubt is testament to how out of touch the legislature and legal system are.
Rfc791's been about since the early '80s

Tom Young

Carawaystick wrote: »

An ip address cannot uniquely identify a person, no more than a physical address can identify a person. The fact this is in doubt is testament to how out of touch the legislature and legal system are.
Rfc791's been about since the early '80s

Sorry, your RFC may say that and technically the RFC may be right, but IP addresses have been given personal data status in certain circumstances here and in the EU. Wondrous a concept that may seem.

Tom Young

So, by analogy are you saying a telephone number cannot as well?

Fixed point-to-point versus fixed point-to-multi point argument.

If the IP address is static versus dynamic, it may be capable of being deemed to be personal data.

Paulw

Tom Young wrote: »

So, by analogy are you saying a telephone number cannot as well?

Fixed point-to-point versus fixed point-to-multi point argument.

If the IP address is static versus dynamic, it may be capable of being deemed to be personal data.

But, a phone number can't identify who is actually using that phone, no more than an IP address can tell who is actually using the computer.

If you have an internet connection, and have a wireless router (as a large number do), then anyone within range (with the right skills) can piggyback on that wireless router, and may or may not even be in that building.

But, at the same time, the onus should be on the account holder to ensure that the internet connection is used properly, and not used to breach copyright or perform other illegal acts.

Procrastastudy

I think this comes down to the bog standard quantum of proof.

In civil cases its a preponderance of the evidence - who was most likely using the computer. An exercise in pointing out the obvious but it hit home during a guest lecture when someone said in cases where 75% of the evidence points to one party - you will be wrong 1 time in 4. In this type of scenario it's fair to impose - your account, your liability.

In criminal cases such as terrorism, child pornography etc - then the beyond reasonable doubt standard has to apply. Obviously the standards required for a warrant can, and should, be based on traffic to an IP address.

Tom Young

Paulw wrote: »

But, a phone number can't identify who is actually using that phone, no more than an IP address can tell who is actually using the computer.

If you have an internet connection, and have a wireless router (as a large number do), then anyone within range (with the right skills) can piggyback on that wireless router, and may or may not even be in that building.

But, at the same time, the onus should be on the account holder to ensure that the internet connection is used properly, and not used to breach copyright or perform other illegal acts.

I actually made that point above. The SODI defence has been run here, but it's case specific. Wireless and dynamic addressing, see above.

I agree re. A/C owner. Breaches based on positive actual ownership of static IP addresses would be litigated quickly enough

Departed

what if people were to leave their network open deliberately so then they can claim it was someone piggybacking?

Tom Young

Departed wrote: »

what if people were to leave their network open deliberately so then they can claim it was someone piggybacking?

Every time someone does something on the Internet, a fingerprint is left behind. Claim all you like, but the network providers usually know what's going on.

krd

Tom Young wrote: »

Every time someone does something on the Internet, a fingerprint is left behind. Claim all you like, but the network providers usually know what's going on.

They know to a point. If you know your stuff well enough, you can get on the internet and as far as the ISP can see, you're someone else.

The Lulsec guys were using a convoluted method of hiding themselves - they were only caught through informers.

The network providers do know what's going on. When you're downloading a film, they can actually see the title of the film, and your account name. They're not bothered - they're getting paid to facilitate your theiving....oh wait, sorry, "sharing"........and you're not stealing their property.

Tom Young

krd wrote: »

They know to a point. If you know your stuff well enough, you can get on the internet and as far as the ISP can see, you're someone else.

The Lulsec guys were using a convoluted method of hiding themselves - they were only caught through informers.

The network providers do know what's going on. When you're downloading a film, they can actually see the title of the film, and your account name. They're not bothered - they're getting paid to facilitate your theiving....oh wait, sorry, "sharing"........and you're not stealing their property.

On the last para. They are mere conduits, they can't know what goes on in every instance and are legally obliged not to monitor.

Departed

krd wrote: »

They know to a point. If you know your stuff well enough, you can get on the internet and as far as the ISP can see, you're someone else.
.

you mean piggybacking on an open lan?

Jev/N

The Article 29 Working Group on Data Protection would differ in opinion on this in that it constitues "personal data" for the purposes of data protection

Edit: I now realise that the OP is more in relation to the issue of evidence in a case rather than a data protection issue

krd

Tom Young wrote: »

On the last para. They are mere conduits, they can't know what goes on in every instance and are legally obliged not to monitor.

Okay, I have worked for some of them........Most are using "traffic shaping"....The speed you have signed up to is not the speed you're getting - but if you call to complain they do a speed test with you, that shows you are. The traffic "shaping" slows down things like Youtube and torrents. So, if you're wondering why it's taking so long to download something that should be really rapid for the bandwidth you're paying for, it's because the traffic is being "shaped" or a better word, choked. On the monitoring software it shows precisely what you're doing - if you're torrenting a movie, it shows in the monitor. And the ISP can either up or down the bandwidth allocation or switch the torrent off.

The ISPs are saving literally pence by choking your connection. But that's the kind of people they are - good sneaky "successful" Irish paddies. They didn't become "successful" by giving anyone what they paid for. I did do the calculations - some traffick shaping was cost several mulitiples of what it would just to leave the connection open......But these Irish business paddies.....It's not proper Irish business unless the product is dirty, smelly, stale, and sneaky.

krd

Departed wrote: »

you mean piggybacking on an open lan?

There are actually loads of ways of doing this.

But if you're up to serious criminal activity, the best move is to clone and innocent parties connection. To the provider they will not be able to tell the difference. Not that they care.

Javan

I have worked in an ISP and I have seen a number of requests from AGS for information about IP address usage. The request generally asks who was using the IP address a.b.c.d at a specific date and time. The response was always that the IP in question was assigned to an account where, according to the information available to us from Eircom, the end user equipment was installed in a particular address. If it was specifically requested then I think we also gave the billing name and address.

Any defending counsel with half the wit it took to pass their exams would notice that the response said nothing about who was using the system.

Tom Young

Yes, but in many instances the investigations involve valid and connectable logins, as well as fixed IP addresses, with individuals responsible for Acceptable Use.

Victor

Tom Young wrote: »

... with individuals responsible for Acceptable Use.

Not a lot of mens rea in that.

Tom Young

Yep: I accept that. Thinking credit card fraud via Internet, etc.

Milk & Honey

Javan wrote: »

I have worked in an ISP and I have seen a number of requests from AGS for information about IP address usage. The request generally asks who was using the IP address a.b.c.d at a specific date and time. The response was always that the IP in question was assigned to an account where, according to the information available to us from Eircom, the end user equipment was installed in a particular address. If it was specifically requested then I think we also gave the billing name and address.

Any defending counsel with half the wit it took to pass their exams would notice that the response said nothing about who was using the system.

Most prosecutions that I have seen go a lot further. If the downloading of child porn is suspected, the guards check the credit card details of people at the address in question. There is a raid and the computer is seized. The ISP is simply used as a tool to launch the investigation and for corroboration not as a stand alone piece of evidence.

Javan

Milk & Honey wrote: »

Most prosecutions that I have seen go a lot further. If the downloading of child porn is suspected, the guards check the credit card details of people at the address in question. There is a raid and the computer is seized. The ISP is simply used as a tool to launch the investigation and for corroboration not as a stand alone piece of evidence.

Absolutely, I do not doubt that. Just to the original point, and to some specific experience in an ISP, I can tell you that the information from the ISP is specifically and carefully worded to talk about the location of equipment and possibly the billing address associated with an account, not the person using the equipment.