Swiss Supreme Court Says Tracking Online File Sharers Violates Privacy Laws

from the the-industry-isn't-going-to-like-that dept

A couple years ago, we wrote about how Swiss officials had told Logistep to stop snooping on suspected file sharers as it violated their privacy. However, a year later, a court ruled otherwise. However, things have changed once again, as Michael Geist points us to the news that the Swiss Supreme Court has said that Logistep's snooping violates privacy rules. Apparently, Switzerland has strict digital privacy laws, which counts IP addresses as private information. I'm not sure if I agree with that idea (IP addresses are, somewhat by definition, public info -- though I could see how connecting that info to users is a privacy violation). However, it's certainly going to make tracking file sharers (or, hell, anyone online) a lot trickier.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Hulser (profile), Sep 9th, 2010 @ 10:54am

    "Personal"

    From the linked article...

    "The court says the [personal] information, including so-called IP addresses that identify computers on a network, is covered by Switzerland's strict data protection laws."

    I'd be interested in some more information on this situation. IP addresses are public by definition, so I would think that it'd linking the IP address to an individual which would be a privacy concern. But I don't know how this company would be doing that without the co-operation of the users' ISP.

    Does the Swiss court deem an IP address and other standard data that would show up in a log file (such as time stamps) as "personal" or is this company actually somehow gathering information which can link online activity back to an individual?

    (And what's up with the "so-called" qualifer for IP address? Do Canadians think there there is a more accurate term to descibe an IP address?)

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      The Infamous Joe (profile), Sep 9th, 2010 @ 1:29pm

      Re: "Personal"

      I don't think just having it is an issue, but using it to link back to a person.

      Having someone's Social Security number isn't a *crime*, but using it against the person's permission *is*.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      SJ, Sep 9th, 2010 @ 1:42pm

      Re: "Personal"

      Here are the definition in the three officially publicated languages:

      Art. 3 lit. a Swiss Data Protection Law:

      (German) Personendaten (Daten): alle Angaben, die sich auf eine bestimmte oder bestimmbare Person beziehen;
      http://www.admin.ch/ch/d/sr/235_1/a3.html

      (French) données personnelles (données), toutes les informations qui se rapportent à une personne identifiée ou identifiable;
      http://www.admin.ch/ch/f/rs/235_1/a3.html

      (Italian) dati personali (dati)1: tutte le informazioni relative a una persona identificata o identificabile;
      http://www.admin.ch/ch/i/rs/235_1/a3.html


      I means that personal data according to swiss privacy law is all data has a direct connection to a person (e.g. social security number) or can be used to identify a person (e.g. telephon number).
      The difference between those two things is (in my opinion) that one set of data can't be altered (social security number, finger prints, dna, ....) but the other can be altered and doesn't need to point to a single person forever - however at a given time it can be used to identify a person (e.g. phone number - you can change yours... or also ip address)

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    ro, Sep 9th, 2010 @ 11:10am

    of course

    Not only IP, but birthday date, SSN, your wife place of birth, real time GPS location, amount of money in the bank and the account numbers are all just numbers. So you don't mind sharing them?

    The association of the numbers with a person is what privacy means...

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      pixelpusher220 (profile), Sep 9th, 2010 @ 11:39am

      Re: of course

      nice straw man you got there.

      You don't use birthdate, place of birth, or any of the other info for unique system identification.

      What would be comparable would be a company not being able to record your phone number when you called them. It's how the system is able to identify the unique nodes on the network.

      Or a company not being able to use your address when you send them a letter.

      The unique key of a system is quite hard to describe as 'private' information.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Markus (profile), Sep 9th, 2010 @ 11:51am

        Re: Re: of course

        While this is a more balanced view, it still doesn't quite capture it. With a phone call, you can stay completely anonymous only if the company is not employing some form of caller ID, or you have actively had your number blocked. Usually when you send a letter, the return address includes your name, or the letter does. In the instance of file sharing, there is a good amount more work that needs to be done to discover an identity for anything past an organizational owner of the IP. Unless we were talking about an ISP where they have the info to connect with their customer (and this only functions on a home customer level), the situation is much more like following a random person on the street, and noting identifying characteristics that may allow you to get their full identity later on.

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        The Infamous Joe (profile), Sep 9th, 2010 @ 1:27pm

        Re: Re: of course

        A man operates a newspaper stand. He is busy playing on his new Droid 2 when suddenly he notices that someone has just finished reading a copy of US Weekly and then put it down without paying for it, in direct violation of his sign that says "No reading magazines before without paying!" He quickly pulls up his exact GPS location and also notes the exact time. He then proceeds to call every wireless carrier with coverage at his news stand and asks for the names and addresses of everyone who was at the exact spot at that exact time, alleging that they stole from him, so he can send them legal letters threatening to sue them for an obscene amount of money unless they pay $250 to settle.

        Your location while in public is public data.

        There has been no conviction or trial, only accusation.

        The violation is of a civil nature.

        Would you want *your* cell company to give this man your personal information or to tell him to go away? Would you be okay with your government supporting this kind of flimsy evidence to extort money or ruin lives?

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Alex Cocoon, Sep 9th, 2010 @ 11:48am

    Protect Yourself!

    The Swiss have it right, tracking people online is violating there privacy and should be illegal!

    I work for a software company that is developing a product called Cocoon which protects your privacy while you browse through using a cloud. While using Cocoon, no information from the web touches your hard drive, and the web can not access anything on your computer.

    Right now Cocoon is a Firefox add-on and since it's in beta, it's free. Check it out and let me know what you guys think, thanks!

    Cocoon website:
    https://getcocoon.com/

    Youtube video (explains how Cocoon works):
    http://www.youtube.com/watch?v=oRM4aWiCwxk

    Cocoon blog (updates regarding malware, online privacy, and anything else IT related):
    http://getcocoon.tumblr.com/

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Phil Stevens (profile), Sep 15th, 2010 @ 9:42am

      Re: Protect Yourself!

      Tried this service - while it's definitely still in beta it keeps you private from the non-scientific tests I ran...

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Shawn, Sep 9th, 2010 @ 12:25pm

    Re: Re: of course

    I think what he meant was, your SSN, birth date, etc. are all publicly available information (maybe not on the gps location). But you would still consider someone having those pieces of information a privacy concern.

    Its not the information itself (or them having it) that's the problem. Its the usage of the information to track you down. A computer's IP address is just its identifier. But so is your name and address in the physical world. Its publicly available information, but when someone starts using it to track you or snoop on you, its a problem.

    However, I'd agree with the Swiss law on this one. While its not exactly private information, it would be hard to word a law properly to prevent misuse of public information. Too many possibilities for loopholes and misinterpretations. Especially when the public piece of information is tied to so much that a user does.

    You can't find out what strip clubs I've been visiting or where I've spent my money or who I've been socializing with based on my address.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 9th, 2010 @ 12:28pm

    The Swiss legal definition of personal data: all information relating to an identified or identifiable person. "Sensitive personal data" means data on: 1. religious, ideological, political or trade union-related views or activities, 2. health, the intimate sphere or the racial origin, 3. social security measures, 4. administrative or criminal proceedings and sanctions.

    And yes, while IP addresses are "public," the issue is the fact that those addresses can be linked back to an identifiable person, thus the IP address is "private."

    Also, this is a manner of consent. Since the IP address is, by Swiss definition "private," to obtain it, you need consent from the data holder in addition to several other requirements.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 9th, 2010 @ 7:19pm

    Well I wonder what the Swiss people would do if they found out the government wanted the power to infect their computers with backdoors and force ISP's to hand over all kinds of information like the LOPSI 2 in France.

    The psycho poodle president there is out of control.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Freak, Sep 9th, 2010 @ 9:49pm

    It's like CPNI.

    The way I understand it, at least.

    Much like how, (if I were a call centre worker), I'm allowed to look at your phone records as much as I want, AND at your personal info as much as I want in a company's database so far as they have it recorded. It's a violation of the CPNI if, and only if, I make the connection between your phone records and your personal data. Your personal data being anything that might identify you, even if it doesn't do so uniquely; like your name, OR your phone #, OR your address, OR even non-readily available biographical info, like your mothers maiden name or your first pet's name.

    So yeah, to my understanding, asking for a list of all the IPs that connected to an ISP is a perfectly legal thing to ask. If somewhat useless.
    As might be, (I dunno), log files belonging to individual IP's. As long as the IP's are not connected.
    But as soon as you connect the log files with the IPs . . .

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    bob, Sep 10th, 2010 @ 3:30am

    Not Really

    "However, it's certainly going to make tracking file sharers (or, hell, anyone online) a lot trickier".

    The cops can still get a warrant to get that info.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      techflaws.org (profile), Sep 10th, 2010 @ 4:12am

      Re: Not Really

      Or Logistep can setup shop in another country and snoop torrent swarms from there as they promised they will do pretty soon.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    btrussell (profile), Sep 10th, 2010 @ 8:17am

    What do you expose to a visited website?
    http://trasir.com/

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    george, Sep 23rd, 2010 @ 1:35am

    VPN

    Hi,

    VPN srevice is the best solution to be anonymous on the Net.
    You can find a VPN Providers List on
    http://www.start-vpn.com/

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    pattinson, Apr 22nd, 2013 @ 5:36am

    Go to Bestvpnservice.com

    VPN SERVICE is the best solution for using file sharing many vpn providers give you this facility top provider Is Private Internet Access I hope it helps you no one track you

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This