Swiss Supreme Court Says Tracking Online File Sharers Violates Privacy Laws
from the the-industry-isn't-going-to-like-that dept
A couple years ago, we wrote about how Swiss officials had told Logistep to stop snooping on suspected file sharers as it violated their privacy. However, a year later, a court ruled otherwise. However, things have changed once again, as Michael Geist points us to the news that the Swiss Supreme Court has said that Logistep's snooping violates privacy rules. Apparently, Switzerland has strict digital privacy laws, which counts IP addresses as private information. I'm not sure if I agree with that idea (IP addresses are, somewhat by definition, public info -- though I could see how connecting that info to users is a privacy violation). However, it's certainly going to make tracking file sharers (or, hell, anyone online) a lot trickier.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: privacy, switzerland
Companies: logistep
Reader Comments
Subscribe: RSS
View by: Time | Thread
"Personal"
"The court says the [personal] information, including so-called IP addresses that identify computers on a network, is covered by Switzerland's strict data protection laws."
I'd be interested in some more information on this situation. IP addresses are public by definition, so I would think that it'd linking the IP address to an individual which would be a privacy concern. But I don't know how this company would be doing that without the co-operation of the users' ISP.
Does the Swiss court deem an IP address and other standard data that would show up in a log file (such as time stamps) as "personal" or is this company actually somehow gathering information which can link online activity back to an individual?
(And what's up with the "so-called" qualifer for IP address? Do Canadians think there there is a more accurate term to descibe an IP address?)
[ link to this | view in chronology ]
Re: "Personal"
Having someone's Social Security number isn't a *crime*, but using it against the person's permission *is*.
[ link to this | view in chronology ]
Re: "Personal"
Art. 3 lit. a Swiss Data Protection Law:
(German) Personendaten (Daten): alle Angaben, die sich auf eine bestimmte oder bestimmbare Person beziehen;
http://www.admin.ch/ch/d/sr/235_1/a3.html
(French) données personnelles (données), toutes les informations qui se rapportent à une personne identifiée ou identifiable;
http://www.admin.ch/ch/f/rs/235_1/a3.html
(Italian) dati personali (dati)1: tutte le informazioni relative a una persona identificata o identificabile;
http://www.admin.ch/ch/i/rs/235_1/a3.html
I means that personal data according to swiss privacy law is all data has a direct connection to a person (e.g. social security number) or can be used to identify a person (e.g. telephon number).
The difference between those two things is (in my opinion) that one set of data can't be altered (social security number, finger prints, dna, ....) but the other can be altered and doesn't need to point to a single person forever - however at a given time it can be used to identify a person (e.g. phone number - you can change yours... or also ip address)
[ link to this | view in chronology ]
of course
The association of the numbers with a person is what privacy means...
[ link to this | view in chronology ]
Re: of course
You don't use birthdate, place of birth, or any of the other info for unique system identification.
What would be comparable would be a company not being able to record your phone number when you called them. It's how the system is able to identify the unique nodes on the network.
Or a company not being able to use your address when you send them a letter.
The unique key of a system is quite hard to describe as 'private' information.
[ link to this | view in chronology ]
Re: Re: of course
[ link to this | view in chronology ]
Re: Re: of course
Your location while in public is public data.
There has been no conviction or trial, only accusation.
The violation is of a civil nature.
Would you want *your* cell company to give this man your personal information or to tell him to go away? Would you be okay with your government supporting this kind of flimsy evidence to extort money or ruin lives?
[ link to this | view in chronology ]
Protect Yourself!
I work for a software company that is developing a product called Cocoon which protects your privacy while you browse through using a cloud. While using Cocoon, no information from the web touches your hard drive, and the web can not access anything on your computer.
Right now Cocoon is a Firefox add-on and since it's in beta, it's free. Check it out and let me know what you guys think, thanks!
Cocoon website:
https://getcocoon.com/
Youtube video (explains how Cocoon works):
http://www.youtube.com/watch?v=oRM4aWiCwxk
Cocoon blog (updates regarding malware, online privacy, and anything else IT related):
http://getcocoon.tumblr.com/
[ link to this | view in chronology ]
Re: Protect Yourself!
[ link to this | view in chronology ]
Re: Re: of course
Its not the information itself (or them having it) that's the problem. Its the usage of the information to track you down. A computer's IP address is just its identifier. But so is your name and address in the physical world. Its publicly available information, but when someone starts using it to track you or snoop on you, its a problem.
However, I'd agree with the Swiss law on this one. While its not exactly private information, it would be hard to word a law properly to prevent misuse of public information. Too many possibilities for loopholes and misinterpretations. Especially when the public piece of information is tied to so much that a user does.
You can't find out what strip clubs I've been visiting or where I've spent my money or who I've been socializing with based on my address.
[ link to this | view in chronology ]
And yes, while IP addresses are "public," the issue is the fact that those addresses can be linked back to an identifiable person, thus the IP address is "private."
Also, this is a manner of consent. Since the IP address is, by Swiss definition "private," to obtain it, you need consent from the data holder in addition to several other requirements.
[ link to this | view in chronology ]
The psycho poodle president there is out of control.
[ link to this | view in chronology ]
It's like CPNI.
Much like how, (if I were a call centre worker), I'm allowed to look at your phone records as much as I want, AND at your personal info as much as I want in a company's database so far as they have it recorded. It's a violation of the CPNI if, and only if, I make the connection between your phone records and your personal data. Your personal data being anything that might identify you, even if it doesn't do so uniquely; like your name, OR your phone #, OR your address, OR even non-readily available biographical info, like your mothers maiden name or your first pet's name.
So yeah, to my understanding, asking for a list of all the IPs that connected to an ISP is a perfectly legal thing to ask. If somewhat useless.
As might be, (I dunno), log files belonging to individual IP's. As long as the IP's are not connected.
But as soon as you connect the log files with the IPs . . .
[ link to this | view in chronology ]
Not Really
The cops can still get a warrant to get that info.
[ link to this | view in chronology ]
Re: Not Really
[ link to this | view in chronology ]
http://trasir.com/
[ link to this | view in chronology ]
VPN
VPN srevice is the best solution to be anonymous on the Net.
You can find a VPN Providers List on
http://www.start-vpn.com/
[ link to this | view in chronology ]
Go to Bestvpnservice.com
[ link to this | view in chronology ]
[ link to this | view in chronology ]