The World Doesn't Revolve Around Washington Privacy Groups

Is Your IP Address Your Personal Information?

from the seems-like-a-stretch dept

Wed, Jan 23rd 2008 7:14pm — Mike Masnick

Some European politicians in charge of "privacy" issues have decided that your IP address should be considered personal info, along the lines of your name or address. This has various implications for how sites like Google store IP addresses -- but also should raise some questions about what sorts of information should be considered private. We've already talked about why you should just assume that any information you put online is already public info, but an IP address isn't exactly something that you "put" online. It's something that automatically identifies where you're coming from and is a necessary part of internet communications. While it is true that an IP address can often be used to trace back the identity of an individual, it seems a little odd to think that a bit of information that your computer announces to every site you visit should somehow be considered private. By it's very nature your IP address is rather public -- and if you want to "hide" that information there are various anonymity tools and proxy servers to do so. It seems like a rather artificial construct to suddenly claim that an IP address, which is used to announce where you're coming from, now needs to be considered private information.

In fact, this whole discussion raises an important (and all-too-often-ignored) issue: personal information and privacy isn't exactly a binary situation, where information either is, or is not, private. There's a whole spectrum -- and it depends very much on the circumstance. Your name is personal info, but most people are public enough with it. Your credit card information clearly is "private," but you share it with plenty of merchants as part of the transaction that you're making. Your phone number is personal information that you may keep private in some cases, but are willing to make public in others. So, the privacy of personal information varies a great deal based on the context and use -- and it seems a bit forced to suddenly declare that a particular piece of information is personal, and therefore must be kept private.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: europe, ip addresses, privacy

49 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Iron Chef, 23 Jan 2008 @ 7:34pm

It's their Contenent...
So this seems Big Brotherish. Of course, the EU has always been more about "Protecting The People" rather than the US's stance of "Live your life as you want, but if you do something bad, we'll catch you"

The EU is filled of shit, This ask is nothing more than a dance.

If the US Decides to participate, you turn your back on Rock And Roll, dance and just basic freedom.

So let the EU run their group as they wish. Process-oriented.

We all know True creativity comes when you break out of the process.
[ link to this | view in chronology ]
Iron Chef, 23 Jan 2008 @ 7:38pm

Sorry, did I mention that the EU was filled with shitty companies? If not let me tell you about Airbus...
[ link to this | view in chronology ]
JerryJvL, 23 Jan 2008 @ 7:45pm

I think the best comparison is with social security numbers... in and of themselves, either is just a number and could not really be called personal information. But as soon as you put either side-by-side with other personal details, such as a name and address, then suddenly you could easily argue that the number "feels" like personal information as well.

It's really only personal by association.
[ link to this | view in chronology ]
4-80-sicks, 23 Jan 2008 @ 8:00pm

I don't know how it is in Europe, but in America, your name and address are not private at all, if you have a landline telephone. They go in the phone book and are wide open to telemarketers, etc. Want to keep it out? You pay an extra fee.
[ link to this | view in chronology ]
Alfred E. Neuman, 23 Jan 2008 @ 8:28pm

Static
Do ISPs still issue dynamic IPs? They would do this to discourage running a server because a static IP costs more.
[ link to this | view in chronology ]
- Anonymous Coward, 23 Jan 2008 @ 9:27pm
  
  Re: Static
  Your screwed. My Roommate's brother was a part of the SBC DSL implementation. They will find ya if they really want to.
  
  Its interesting that nothing has been reported on Jenna Bush's party times since the BellSouth/SBC merger.
  
  Did something change? Is she not interesting anymore? She was one hot piece of texas ass, like Stan Sigman. Did she die? Perhaps something is keeping her from speaking and having a public life? Maybe SBCWireless?
  [ link to this | view in chronology ]
Ian, 23 Jan 2008 @ 8:57pm

@Alfred
I get DSL through SBC and I have a dynamic IP.
[ link to this | view in chronology ]
norman619, 23 Jan 2008 @ 8:59pm

IP address private? LOL!!!!
Oh come on. The IP address belongs to the ISP. The peopel who OWN the network. You are just paying for access to their network. And since most ISP's assign people dynamic IP addresses it's pretty pointless. The EU is pretty silly in what it thinks it can control and legislate. There is a very good reason why the EU is often described as the new USSR.
[ link to this | view in chronology ]
Anonymous Coward, 23 Jan 2008 @ 10:11pm

Its foolish to claim it isn't private simply because the IP is rented from the ISP since telephone numbers are rented from Mobile / landline providers yet in the EU (or at least UK) these can be kept private. The issue here is the way in which IP addresses are recorded and what those records are used for buy online organisations.
[ link to this | view in chronology ]
Anonymous Coward, 23 Jan 2008 @ 10:37pm

Privacy = Discretion
I think that any data which is considered private is data that you would not want 3rd parties (i.e. not the vendor when shopping online) to have access to.
[ link to this | view in chronology ]
JB, 23 Jan 2008 @ 10:38pm

Hmm. I wonder what they have to say about cookies?
[ link to this | view in chronology ]
Tony, 23 Jan 2008 @ 10:52pm

Privacy is Paramount!
While Mike makes some valid points as to the inherent public nature of an IP address, I can't help but to disagree to some extent.

First, it's unequivocally true that an IP address is required for Internet connectivity and communication. That much remains un-refuted, and with good reason. However, as he alluded, you don't have the same control over your IP address as you do your phone number or your credit card.

With that, I'd like to posit the following. You don't have a choice what IP address you're assigned in most cases, and that IP address can be used to identify you by not only spammers but by hackers. Now of course, no matter how a law attempts to obfuscate your identity, hackers with a sniffer can see it. But I think the point of the EU argument is that government agencies and commercial entities shouldn't be able to tell who's visiting a site via their IP address. That makes sense. One doesn't ASK to be identified by obtaining an address. I, as a consumer, would like to have the knowledge that my identity isn't available to whomever asks. Much like a home address, it's how information is delivered to you and you don't have a choice in the matter. But, if the government and companies such as Google, Microsoft, Yahoo, et. al., were limited to recording only the first two or three octets of the address, it would limit their ability to identify me as an individual while allowing them to determine country of origin and even as granular as state or ISP.

In the above reader responses, I've noticed many misconceptions as to the nature of "Dynamic" IP assignment. DHCP leases are generally awarded to the same client (based on MAC address) if that client requests that IP address within a short period of time after its expiration. The result is a nearly static IP address. The only time it ever changes is if you turn off your computer and during its off time your lease expires. If from the command prompt you type "ipconfig /all", you'll notice the lease begin and end times which is usually 1 to 3 days. Also, there are many ways for an ISP to look and see who had that address on a given day so don't be fooled into thinking that because your IP address changes that you can't be traced.

But I digress. I DO support the idea of making private an individuals identity with relation to his IP address. That won't stop hackers, but it might slow down spammers and will certainly stop Uncle Sam from discovering who you are without Warrant. Perhaps it's time for a 4th Amendment for IP addresses.

Regards,

Tony
[ link to this | view in chronology ]
Z, 23 Jan 2008 @ 11:10pm

dynamic IP addresses
Service providers keep log of your traffic for months maybe years. Just because you have a dynamic IP addresses, you cant hide. They(ISP) can tell the cops if you have downloaded and illegal copy from whatever site 5 months, 13 days and 14 hours ago. they will tell you what was the name of file size ect...

Google keeps ALL searches you did forever!!! there is no law that's against it. everything you do online can be traced back to you unless you're carefully and hide your IP with help of proxy servers.

In the EU people have privacy than in the US. Now which is more like the USSR now?
[ link to this | view in chronology ]
PaulT (profile), 23 Jan 2008 @ 11:57pm

Russia?
Could somebody explain to me all these comments about how additional privacy laws somehow means that the EU is like the USSR? I really don't get that comparison.

Anyway, as I understand this, the new rulings are to do with the storage of IP addresses and how they are used to identify individuals. In other words, it's a logical extension of rules that already state that companies can't keep my name and address ad infinitum unless they have good reason, to IP addresses.

If anyone has a different viewpoint, do you have a better link than the random San Diego website linked from this article?
[ link to this | view in chronology ]
Big Brother, 24 Jan 2008 @ 1:06am

I am watching
I work at the ISP in Europe. We give out dynamic addresses, and even if a client disconnects and reconnects within a second, the assigned address is different than it was before.
Yes, we keep logs. No, can't see which files the client downloaded. Can see what IP address was assigned to which user at what time. Can't see what sites the client visited. Only way we would give that information is if we were ordered by a court.
We COULD probably make a huge database of everything our clients do, but it's not economically worthy. Why spend money on it when it's not required by law. If we didn't have to keep the logs at all, it would be even better! ISPs, like all other businesses, don't like to waste money. Who's going to pay for storage servers, sniffers, loggers. Not to mention that unpacking each packet to see what's in it is time and processor consuming, which would slow down our network considerably.

Now, can your vehicle license plate be private? It seems pretty public to me, and yet, it is traceable.
[ link to this | view in chronology ]
Johnsmith, 24 Jan 2008 @ 2:55am

Relevance?
I recall a story on TD a few days back about a spammer sueing someone for tracing the emails he was getting back to the aforementioned spammer. Could this be a follow up from that? General advise to the consumer so they don't find it necessary to follow in the footsteps of the yanks and start sueing people left right and centre for things that aren't actually illegal?

For whatever reason, the article won't load for me, but I'll read it later and post again when I'm better informed of the backstory
[ link to this | view in chronology ]
Scogostology, 24 Jan 2008 @ 5:04am

Is Your IP Address Your Personal Information?
It should be the most guarded personal information online but unfortunately it is not.
[ link to this | view in chronology ]
RCasha, 24 Jan 2008 @ 5:14am

Yes, IP address is personal
The IP address you use is DEFINITELY personal information. In some cases (dynamic IPs), it's only personal information in conjunction with a specific date/time.

The argument of whether such personal information should be considered private is a different matter.

Many countries in the EU have laws which govern what information may be STORED about individuals. Thus, a web server obviously can use your IP address to send you pages - just like nobody needs permission to use your telephone number to phone you up. However, Data Protection laws impose controls about what personal information can be stored about individuals, as well as which individuals. For instance a company can store information about its customers, but (depending on the laws) cannot store information about people who have no relationship with that company. Similarly, it restricts what information can be shared by different companies or entities.

Thus for instance, when you apply for a job, your prospective employer won't be able to buy a list of websites you've visited in the last 3 months from your ISP, or check whether a female employee has bought pregnancy tests recently.

That's the theory anyway.
[ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2008 @ 5:20am

An IP address can not identify you, the person beyond the screen. It can identify a computer but more and more it just identifies a router which uses NAT to provide service to a whole local network behind it. Some house can have one Cable connection, three desktops, and two laptops on a wireless network, but the Internet-facing IP looks the same for all of them.
[ link to this | view in chronology ]
Scott, 24 Jan 2008 @ 5:53am

ISP'S tracking what?
I think that maybe we should really understand what is going on in the UK.
I believe what they they want is for company's like Goggle, Yahoo and MSN to stop tracking your movements/searches by using the number given to you by your ISP's.
With that in mind so why should Google and others keep track of your searches for a year and a half on their computers? It's none of their damn business and the EU agrees.
[ link to this | view in chronology ]
Alfred E. Neuman, 24 Jan 2008 @ 6:01am

Dynamic IP
I was not suggesting that one could hide via the dynamic nature of an IP. I was pointing out (not very clearly) that the address by itself is insufficient. The possiblitiy of private data wrt IP would have to include date/time, possibly a hash or something.

In the past, some ISPs were changing the IP of customers who were running servers without paying the additional fee.
[ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2008 @ 6:47am

Re: ISP'S tracking what?
If that's your argument, it's easy to get around. Take the ISP, mangle it in some way so it is no longer the ISP yet still just as unique, slap the new unique number onto the search request and save the record. Not an ISP, but still 'tracking' you if the mangling is predicable, ie 127.0.0.1 == foo.
[ link to this | view in chronology ]
Alimas, 24 Jan 2008 @ 8:26am

Definetly Not Private Info
I remember when I signed up with Google and found they were hiding the IP addresses of the places you get e-mails from "in the interest of personal privacy".
Thats not personal information, its a number given to you by the ISP so that the world can in fact know how to reach your computer. In effect, its quite the opposite.
The problem with spammers and such isn't them knowing your IP, its them knowing your e-mail address, your name, etc..
IP addresses getting claimed personal information and legally defended is just another example of how the internet is slowly losing its special stature as a truly unlimited forum for sharing and interaction.
Want to protect yourself from hackers and spammers?
Use Firefox, don't download useless programs from banners and don't use your real full name or any other such info through a non fully secured connection.
Its just common sense.
[ link to this | view in chronology ]
jsmuli2, 24 Jan 2008 @ 9:05am

Intersting
IP address should be the same as home address. Yes, you can give that info to anyone, but you can google-map anyone's address even if you just type in a random street name and number. But you don't know who that person is, or who lives there, you just know that address exists. That makes it personal, but personal is user-defined, as opposed to private which is unique to the individual and bound by law that only that person has the right to share/access the information.
[ link to this | view in chronology ]
_Jon, 24 Jan 2008 @ 9:29am

The term you are looking for is "confidential".
That is, the information contained within the relationship between the ISP and the customer (i.e. the IP address) should be treated as "confidential".

If y'all would review the article and your comments and correctly replace 'private information' with 'confidential information', I believe you will have substantially strengthened your argument.
[ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2008 @ 10:12am

Mike, you are contradicting yourself.....again!
Mike,

Again you are contradicting yourself...

"By it's very nature your IP address is rather public"

False, I don't know your IP address unless you visit my website.

"Your credit card information clearly is "private"

Correct, because I won't know your credit card number until you buy something in my store.

So, why do you feel one is "public" and the other "private" when they can only be obtained in essentially the same way (user must provide it by some action on their part)?
[ link to this | view in chronology ]
- Brad, 24 Jan 2008 @ 11:15am
  
  Re: Mike, you are contradicting yourself.....again
  Don't be an idiot. When money changes hands, it doesn't make sense to try to remain anonymous. Would you ship a product to someone you had no knowledge of? Of course not. All kinds of personal information are given up at that point (Name, credit card, billing address). However engaging in a purchase is not the same as visiting a website. If you walk into a store, it's not the same as buying something. More importantly, if I walk into a store, it's not the same as writing my name and address on a card and sending it to Pepsi, just because you've got a Pepsi ad in the window. Online, my IP address is visible to everyone who shows me ads.
  
  Further, since most online crimes are traced by IP address, it is a piece of your "identity" - and thus forging someone else's should be a crime.
  [ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2008 @ 11:39am

That's like saying a tire track from your vehicle is personal info because that shows where you've been... It's not personal info because the government can come back to you and confront you with any wrong-doings that you are involved with...
[ link to this | view in chronology ]
Philip (profile), 24 Jan 2008 @ 12:50pm

Postal Addresses?
Couldn't you relate IP addresses to Postal addresses? They are the same thing: they identify your location. One is based on which computer you're accessing, the other is your place residence. Both information is publicly available (try and stop somebody from walking up to your house and writing down your address). And both of them even "announce" their location (numbers on houses vs ip address sent to server).

In a way, I can see how EU is right. Even though it is a public number, it is very much as much a private number as your physical postal address. Only difference between the two is electronic transmission vs physical transmission. Am I seeing things wrong here? I know I'm crossing the internet world with real world, but I feel in this specific instance, it validates.
[ link to this | view in chronology ]
Colin Joss, 24 Jan 2008 @ 1:45pm

They are, but won't hurt much
Static IP Address can be an identity especially if it is well mapped as nowadays we could tell the country origin of an IP address, but don’t think it would fatal like our credit card CVV if people know it.

Colin Joss
East Lothian, Haddington
United Kingdom
[ link to this | view in chronology ]
Colin Joss, 25 Jan 2008 @ 8:21pm

Philip's point
Phillip,

You are making a point there.. Your postal address can be private, but so far won't hurt too much for most people, if other find out about it. Unless you are someone with lot of enemy and need to hide and stay anonymuous, so that they won't bomb your house or your PC.
[ link to this | view in chronology ]
Colin Joss, 27 Jan 2008 @ 9:10am

Phillip,

You are making a point there.. Your postal address can be private, but so far won't hurt too much for most people, if other find out about it. Unless you are someone with lot of enemy and need to hide and stay anonymuous, so that they won't bomb your house or your PC.
[ link to this | view in chronology ]
Colin Joss, 28 Jan 2008 @ 12:26am

protection system
Finally to remind everyoe..

I think it is very important to have good protection system like firewall, adware scanner, etc. installed. I'm not expecting bomb on my PC, but don't want any thiefs or hackers to go in either.
[ link to this | view in chronology ]
Kristen Metzger, 13 Feb 2008 @ 8:47pm

I think it would be very difficult to make every computer's IP address private for a few reasons. The first is because it has been, and is being sent to other computers for communication everyday. Another reason is because it does not locate you as specific to your house address, just to the area of the state or country you are from. Another reason is that i think it would be a long process, and be difficult to do. I think IP addresses are theoretically harmless to be public.
[ link to this | view in chronology ]
abelleba, 21 May 2008 @ 2:58pm

Dynamic IP's
Yes, ISP's still use Dynamic IP addresses. Mainly dial up ISP's such as Netzero, Bignet, and AOL. When I want to lookup my own IP information or run a trace route I use a IP Tools site like: tools.mywikiinfo.com

There are Pros and Cons to both as most people already know this.

Regards,
[ link to this | view in chronology ]
Kristian, 19 Sep 2008 @ 8:40pm

That's email broken then!
No archiving of email data now then!

Emails include headers identifying the IP address of the originating machine and every mail server that handled it... so nobody can store email for more than a week without "good reason" in the EU?
[ link to this | view in chronology ]
[UNDISCLOSED PERSONAL DATA], 19 Sep 2008 @ 9:06pm

ARE PEOPLE STUPID?
Google provides a free service and all people do is moan about what Google might know about them if they CHOOSE to use the service?!?

If you don't like it.. DON'T USE SEARCH ENGINES!

European phone companies are REQUIRED by law to log information about calls you make/receive (number, time, date, location coordinates of mobiles, etc) and keep it for years. If you don't like that.. DON'T USE PHONES!

ALSO UNDERSTAND THAT IF YOUR MOBILE PHONE IS SWITCHED ON, ITS LOCATION IS BEING TRACKED AND LOGGED!

EU email service providers are REQUIRED by law to log information about email you send/receive (from email, to email, time, date, subject, etc) and keep it for years. If you don't like that.. DON'T USE EMAIL!

Difference is that those are in the name of law enforcement whereas Google's internal data use isn't *YET* as accessible to EU governments.. so if they can't have it.. Google can't have it!

I bet within a couple of year the EU will U-turn and make it the law that Google keep such data for years and disclose it the the governments/police when asked or give them constant unrestricted access to it.. see how you like you privacy then!
[ link to this | view in chronology ]
venkata, 25 Apr 2009 @ 3:08am

Find Your Ip-Address Now Test Now
Hi...I have found the Ip-Address on the wesite named www.ip-details.com.All the important details like uploading,Downloading speed domain details free of cost very fast also..
[ link to this | view in chronology ]
Wholesale, 4 Aug 2009 @ 1:01am

dds
The EU is filled of shit, This ask is nothing more than a dance.
[ link to this | view in chronology ]
Henry, 7 Dec 2009 @ 2:21pm

here is the thing...It's ALL private data. We, meaning every one, should be able to selectively choose what data we share. Whether this be our IPs, our internet searches, or our clicks, it is all our business and should only be shared with permission. Granted, there are several methods for increasing your level of data protection, but still, many popular services just bypass the permission seeking stage and just flat-out make money off of info you never explicitly (perhaps passively, however) agreed to share.
[ link to this | view in chronology ]
power strip, 22 Jun 2010 @ 5:50pm

I absolutely adore your site!
"I absolutely adore your site! You aggressive me as able-bodied as all the others actuality and your broiled PS is absolutely nice. Thank you for afflatus and accumulate up the acceptable work thanks!" scaffold coupler
solar water heater
solar collector
[ link to this | view in chronology ]
cheap jordan shoes, 26 Sep 2010 @ 12:59am

jordan shoes
Thanks for sharing your article. I really enjoyed it. I put a link to my site to here so other people can read it. My readers have about the same interets
[ link to this | view in chronology ]
Hookah, 9 Oct 2010 @ 12:07am

Hookah
Origins of the hookah come from India along the border of around 1500 Years ago. These hookahs were simple, primitive, and rugged in design, usually made from a coconut shell base and tube with a head attached. hookah
[ link to this | view in chronology ]
jessiesdad, 19 Oct 2010 @ 10:39pm

Couldn?t be written any better. Reading this post reminds me of my old room mate! He always kept talking about this. I will forward this article to him. Pretty sure he will have a good read. Thanks for sharing!
[ link to this | view in chronology ]
tech news, 20 Nov 2010 @ 8:07pm

What concept are you making use of for the blog? I�ve been trying to find this precise concept for mine.
[ link to this | view in chronology ]
M money, 20 Nov 2010 @ 8:09pm

No one who cannot rejoice in the discovery of his own mistakes deserves to be called a scholar.
[ link to this | view in chronology ]
Game-MW, 20 Nov 2010 @ 8:11pm

Useful blog website, keep me personally through searching it, I am seriously interested to find out another recommendation of it.
[ link to this | view in chronology ]
Full House, 20 Nov 2010 @ 8:12pm

hi i really enjoyed your post and i will be sure to read through the rest of your blog� I really appreciate the way in which you look at this subject, looking at this in a new light as they say.. bookmarked!
[ link to this | view in chronology ]
XXX Travel, 20 Nov 2010 @ 8:14pm

Hi thank you for an perceptive post, I actually found your blog by mistake while searching on Goole for something else nearly related, in any case before i ramble on too much i would just like to state how much I enjoyed your post, I have bookmarked your site and also taken your RSS feed, Once Again thank you very much for the blog post keep up the good work.
[ link to this | view in chronology ]