Swiss Supreme Court Says Tracking Online File Sharers Violates Privacy Laws

from the the-industry-isn't-going-to-like-that dept

Thu, Sep 9th 2010 10:25am — Mike Masnick

A couple years ago, we wrote about how Swiss officials had told Logistep to stop snooping on suspected file sharers as it violated their privacy. However, a year later, a court ruled otherwise. However, things have changed once again, as Michael Geist points us to the news that the Swiss Supreme Court has said that Logistep's snooping violates privacy rules. Apparently, Switzerland has strict digital privacy laws, which counts IP addresses as private information. I'm not sure if I agree with that idea (IP addresses are, somewhat by definition, public info -- though I could see how connecting that info to users is a privacy violation). However, it's certainly going to make tracking file sharers (or, hell, anyone online) a lot trickier.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: privacy, switzerland
Companies: logistep

19 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Hulser (profile), 9 Sep 2010 @ 10:54am

"Personal"
From the linked article...

"The court says the [personal] information, including so-called IP addresses that identify computers on a network, is covered by Switzerland's strict data protection laws."

I'd be interested in some more information on this situation. IP addresses are public by definition, so I would think that it'd linking the IP address to an individual which would be a privacy concern. But I don't know how this company would be doing that without the co-operation of the users' ISP.

Does the Swiss court deem an IP address and other standard data that would show up in a log file (such as time stamps) as "personal" or is this company actually somehow gathering information which can link online activity back to an individual?

(And what's up with the "so-called" qualifer for IP address? Do Canadians think there there is a more accurate term to descibe an IP address?)
[ link to this | view in chronology ]
- The Infamous Joe (profile), 9 Sep 2010 @ 1:29pm
  
  Re: "Personal"
  I don't think just having it is an issue, but using it to link back to a person.
  
  Having someone's Social Security number isn't a *crime*, but using it against the person's permission *is*.
  [ link to this | view in chronology ]
- SJ, 9 Sep 2010 @ 1:42pm
  
  Re: "Personal"
  Here are the definition in the three officially publicated languages:
  
  Art. 3 lit. a Swiss Data Protection Law:
  
  (German) Personendaten (Daten): alle Angaben, die sich auf eine bestimmte oder bestimmbare Person beziehen;
  http://www.admin.ch/ch/d/sr/235_1/a3.html
  
  (French) données personnelles (données), toutes les informations qui se rapportent à une personne identifiée ou identifiable;
  http://www.admin.ch/ch/f/rs/235_1/a3.html
  
  (Italian) dati personali (dati)1: tutte le informazioni relative a una persona identificata o identificabile;
  http://www.admin.ch/ch/i/rs/235_1/a3.html
  
  I means that personal data according to swiss privacy law is all data has a direct connection to a person (e.g. social security number) or can be used to identify a person (e.g. telephon number).
  The difference between those two things is (in my opinion) that one set of data can't be altered (social security number, finger prints, dna, ....) but the other can be altered and doesn't need to point to a single person forever - however at a given time it can be used to identify a person (e.g. phone number - you can change yours... or also ip address)
  [ link to this | view in chronology ]
ro, 9 Sep 2010 @ 11:10am

of course
Not only IP, but birthday date, SSN, your wife place of birth, real time GPS location, amount of money in the bank and the account numbers are all just numbers. So you don't mind sharing them?

The association of the numbers with a person is what privacy means...
[ link to this | view in chronology ]
- pixelpusher220 (profile), 9 Sep 2010 @ 11:39am
  
  Re: of course
  nice straw man you got there.
  
  You don't use birthdate, place of birth, or any of the other info for unique system identification.
  
  What would be comparable would be a company not being able to record your phone number when you called them. It's how the system is able to identify the unique nodes on the network.
  
  Or a company not being able to use your address when you send them a letter.
  
  The unique key of a system is quite hard to describe as 'private' information.
  [ link to this | view in chronology ]
  - Markus (profile), 9 Sep 2010 @ 11:51am
    
    Re: Re: of course
    While this is a more balanced view, it still doesn't quite capture it. With a phone call, you can stay completely anonymous only if the company is not employing some form of caller ID, or you have actively had your number blocked. Usually when you send a letter, the return address includes your name, or the letter does. In the instance of file sharing, there is a good amount more work that needs to be done to discover an identity for anything past an organizational owner of the IP. Unless we were talking about an ISP where they have the info to connect with their customer (and this only functions on a home customer level), the situation is much more like following a random person on the street, and noting identifying characteristics that may allow you to get their full identity later on.
    [ link to this | view in chronology ]
  - The Infamous Joe (profile), 9 Sep 2010 @ 1:27pm
    
    Re: Re: of course
    A man operates a newspaper stand. He is busy playing on his new Droid 2 when suddenly he notices that someone has just finished reading a copy of US Weekly and then put it down without paying for it, in direct violation of his sign that says "No reading magazines before without paying!" He quickly pulls up his exact GPS location and also notes the exact time. He then proceeds to call every wireless carrier with coverage at his news stand and asks for the names and addresses of everyone who was at the exact spot at that exact time, alleging that they stole from him, so he can send them legal letters threatening to sue them for an obscene amount of money unless they pay $250 to settle.
    
    Your location while in public is public data.
    
    There has been no conviction or trial, only accusation.
    
    The violation is of a civil nature.
    
    Would you want *your* cell company to give this man your personal information or to tell him to go away? Would you be okay with your government supporting this kind of flimsy evidence to extort money or ruin lives?
    [ link to this | view in chronology ]
Alex Cocoon, 9 Sep 2010 @ 11:48am

Protect Yourself!
The Swiss have it right, tracking people online is violating there privacy and should be illegal!

I work for a software company that is developing a product called Cocoon which protects your privacy while you browse through using a cloud. While using Cocoon, no information from the web touches your hard drive, and the web can not access anything on your computer.

Right now Cocoon is a Firefox add-on and since it's in beta, it's free. Check it out and let me know what you guys think, thanks!

Cocoon website:
https://getcocoon.com/

Youtube video (explains how Cocoon works):
http://www.youtube.com/watch?v=oRM4aWiCwxk

Cocoon blog (updates regarding malware, online privacy, and anything else IT related):
http://getcocoon.tumblr.com/
[ link to this | view in chronology ]
- Phil Stevens (profile), 15 Sep 2010 @ 9:42am
  
  Re: Protect Yourself!
  Tried this service - while it's definitely still in beta it keeps you private from the non-scientific tests I ran...
  [ link to this | view in chronology ]
Shawn, 9 Sep 2010 @ 12:25pm

Re: Re: of course
I think what he meant was, your SSN, birth date, etc. are all publicly available information (maybe not on the gps location). But you would still consider someone having those pieces of information a privacy concern.

Its not the information itself (or them having it) that's the problem. Its the usage of the information to track you down. A computer's IP address is just its identifier. But so is your name and address in the physical world. Its publicly available information, but when someone starts using it to track you or snoop on you, its a problem.

However, I'd agree with the Swiss law on this one. While its not exactly private information, it would be hard to word a law properly to prevent misuse of public information. Too many possibilities for loopholes and misinterpretations. Especially when the public piece of information is tied to so much that a user does.

You can't find out what strip clubs I've been visiting or where I've spent my money or who I've been socializing with based on my address.
[ link to this | view in chronology ]
Anonymous Coward, 9 Sep 2010 @ 12:28pm

The Swiss legal definition of personal data: all information relating to an identified or identifiable person. "Sensitive personal data" means data on: 1. religious, ideological, political or trade union-related views or activities, 2. health, the intimate sphere or the racial origin, 3. social security measures, 4. administrative or criminal proceedings and sanctions.

And yes, while IP addresses are "public," the issue is the fact that those addresses can be linked back to an identifiable person, thus the IP address is "private."

Also, this is a manner of consent. Since the IP address is, by Swiss definition "private," to obtain it, you need consent from the data holder in addition to several other requirements.
[ link to this | view in chronology ]
Anonymous Coward, 9 Sep 2010 @ 7:19pm

Well I wonder what the Swiss people would do if they found out the government wanted the power to infect their computers with backdoors and force ISP's to hand over all kinds of information like the LOPSI 2 in France.

The psycho poodle president there is out of control.
[ link to this | view in chronology ]
Freak, 9 Sep 2010 @ 9:49pm

It's like CPNI.
The way I understand it, at least.

Much like how, (if I were a call centre worker), I'm allowed to look at your phone records as much as I want, AND at your personal info as much as I want in a company's database so far as they have it recorded. It's a violation of the CPNI if, and only if, I make the connection between your phone records and your personal data. Your personal data being anything that might identify you, even if it doesn't do so uniquely; like your name, OR your phone #, OR your address, OR even non-readily available biographical info, like your mothers maiden name or your first pet's name.

So yeah, to my understanding, asking for a list of all the IPs that connected to an ISP is a perfectly legal thing to ask. If somewhat useless.
As might be, (I dunno), log files belonging to individual IP's. As long as the IP's are not connected.
But as soon as you connect the log files with the IPs . . .
[ link to this | view in chronology ]
bob, 10 Sep 2010 @ 3:30am

Not Really
"However, it's certainly going to make tracking file sharers (or, hell, anyone online) a lot trickier".

The cops can still get a warrant to get that info.
[ link to this | view in chronology ]
- techflaws.org (profile), 10 Sep 2010 @ 4:12am
  
  Re: Not Really
  Or Logistep can setup shop in another country and snoop torrent swarms from there as they promised they will do pretty soon.
  [ link to this | view in chronology ]
btrussell (profile), 10 Sep 2010 @ 8:17am

What do you expose to a visited website?
http://trasir.com/
[ link to this | view in chronology ]
george, 23 Sep 2010 @ 1:35am

VPN
Hi,

VPN srevice is the best solution to be anonymous on the Net.
You can find a VPN Providers List on
http://www.start-vpn.com/
[ link to this | view in chronology ]
pattinson, 22 Apr 2013 @ 5:36am

Go to Bestvpnservice.com
VPN SERVICE is the best solution for using file sharing many vpn providers give you this facility top provider Is Private Internet Access I hope it helps you no one track you
[ link to this | view in chronology ]
Daniel, 26 May 2014 @ 5:19am

It's worthy law which will make more secure vpn services.
[ link to this | view in chronology ]