Is Your IP Address Your Personal Information?

from the seems-like-a-stretch dept

Some European politicians in charge of “privacy” issues have decided that your IP address should be considered personal info, along the lines of your name or address. This has various implications for how sites like Google store IP addresses — but also should raise some questions about what sorts of information should be considered private. We’ve already talked about why you should just assume that any information you put online is already public info, but an IP address isn’t exactly something that you “put” online. It’s something that automatically identifies where you’re coming from and is a necessary part of internet communications. While it is true that an IP address can often be used to trace back the identity of an individual, it seems a little odd to think that a bit of information that your computer announces to every site you visit should somehow be considered private. By it’s very nature your IP address is rather public — and if you want to “hide” that information there are various anonymity tools and proxy servers to do so. It seems like a rather artificial construct to suddenly claim that an IP address, which is used to announce where you’re coming from, now needs to be considered private information.

In fact, this whole discussion raises an important (and all-too-often-ignored) issue: personal information and privacy isn’t exactly a binary situation, where information either is, or is not, private. There’s a whole spectrum — and it depends very much on the circumstance. Your name is personal info, but most people are public enough with it. Your credit card information clearly is “private,” but you share it with plenty of merchants as part of the transaction that you’re making. Your phone number is personal information that you may keep private in some cases, but are willing to make public in others. So, the privacy of personal information varies a great deal based on the context and use — and it seems a bit forced to suddenly declare that a particular piece of information is personal, and therefore must be kept private.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Is Your IP Address Your Personal Information?”

Subscribe: RSS Leave a comment
49 Comments
Iron Chef says:

It's their Contenent...

So this seems Big Brotherish. Of course, the EU has always been more about “Protecting The People” rather than the US’s stance of “Live your life as you want, but if you do something bad, we’ll catch you”

The EU is filled of shit, This ask is nothing more than a dance.

If the US Decides to participate, you turn your back on Rock And Roll, dance and just basic freedom.

So let the EU run their group as they wish. Process-oriented.

We all know True creativity comes when you break out of the process.

JerryJvL (user link) says:

I think the best comparison is with social security numbers… in and of themselves, either is just a number and could not really be called personal information. But as soon as you put either side-by-side with other personal details, such as a name and address, then suddenly you could easily argue that the number “feels” like personal information as well.

It’s really only personal by association.

Anonymous Coward says:

Re: Static

Your screwed. My Roommate’s brother was a part of the SBC DSL implementation. They will find ya if they really want to.

Its interesting that nothing has been reported on Jenna Bush’s party times since the BellSouth/SBC merger.

Did something change? Is she not interesting anymore? She was one hot piece of texas ass, like Stan Sigman. Did she die? Perhaps something is keeping her from speaking and having a public life? Maybe SBCWireless?

norman619 (profile) says:

IP address private? LOL!!!!

Oh come on. The IP address belongs to the ISP. The peopel who OWN the network. You are just paying for access to their network. And since most ISP’s assign people dynamic IP addresses it’s pretty pointless. The EU is pretty silly in what it thinks it can control and legislate. There is a very good reason why the EU is often described as the new USSR.

Tony says:

Privacy is Paramount!

While Mike makes some valid points as to the inherent public nature of an IP address, I can’t help but to disagree to some extent.

First, it’s unequivocally true that an IP address is required for Internet connectivity and communication. That much remains un-refuted, and with good reason. However, as he alluded, you don’t have the same control over your IP address as you do your phone number or your credit card.

With that, I’d like to posit the following. You don’t have a choice what IP address you’re assigned in most cases, and that IP address can be used to identify you by not only spammers but by hackers. Now of course, no matter how a law attempts to obfuscate your identity, hackers with a sniffer can see it. But I think the point of the EU argument is that government agencies and commercial entities shouldn’t be able to tell who’s visiting a site via their IP address. That makes sense. One doesn’t ASK to be identified by obtaining an address. I, as a consumer, would like to have the knowledge that my identity isn’t available to whomever asks. Much like a home address, it’s how information is delivered to you and you don’t have a choice in the matter. But, if the government and companies such as Google, Microsoft, Yahoo, et. al., were limited to recording only the first two or three octets of the address, it would limit their ability to identify me as an individual while allowing them to determine country of origin and even as granular as state or ISP.

In the above reader responses, I’ve noticed many misconceptions as to the nature of “Dynamic” IP assignment. DHCP leases are generally awarded to the same client (based on MAC address) if that client requests that IP address within a short period of time after its expiration. The result is a nearly static IP address. The only time it ever changes is if you turn off your computer and during its off time your lease expires. If from the command prompt you type “ipconfig /all”, you’ll notice the lease begin and end times which is usually 1 to 3 days. Also, there are many ways for an ISP to look and see who had that address on a given day so don’t be fooled into thinking that because your IP address changes that you can’t be traced.

But I digress. I DO support the idea of making private an individuals identity with relation to his IP address. That won’t stop hackers, but it might slow down spammers and will certainly stop Uncle Sam from discovering who you are without Warrant. Perhaps it’s time for a 4th Amendment for IP addresses.

Regards,

Tony

Z says:

dynamic IP addresses

Service providers keep log of your traffic for months maybe years. Just because you have a dynamic IP addresses, you cant hide. They(ISP) can tell the cops if you have downloaded and illegal copy from whatever site 5 months, 13 days and 14 hours ago. they will tell you what was the name of file size ect…

Google keeps ALL searches you did forever!!! there is no law that’s against it. everything you do online can be traced back to you unless you’re carefully and hide your IP with help of proxy servers.

In the EU people have privacy than in the US. Now which is more like the USSR now?

PaulT (profile) says:

Russia?

Could somebody explain to me all these comments about how additional privacy laws somehow means that the EU is like the USSR? I really don’t get that comparison.

Anyway, as I understand this, the new rulings are to do with the storage of IP addresses and how they are used to identify individuals. In other words, it’s a logical extension of rules that already state that companies can’t keep my name and address ad infinitum unless they have good reason, to IP addresses.

If anyone has a different viewpoint, do you have a better link than the random San Diego website linked from this article?

Big Brother says:

I am watching

I work at the ISP in Europe. We give out dynamic addresses, and even if a client disconnects and reconnects within a second, the assigned address is different than it was before.
Yes, we keep logs. No, can’t see which files the client downloaded. Can see what IP address was assigned to which user at what time. Can’t see what sites the client visited. Only way we would give that information is if we were ordered by a court.
We COULD probably make a huge database of everything our clients do, but it’s not economically worthy. Why spend money on it when it’s not required by law. If we didn’t have to keep the logs at all, it would be even better! ISPs, like all other businesses, don’t like to waste money. Who’s going to pay for storage servers, sniffers, loggers. Not to mention that unpacking each packet to see what’s in it is time and processor consuming, which would slow down our network considerably.

Now, can your vehicle license plate be private? It seems pretty public to me, and yet, it is traceable.

Johnsmith says:

Relevance?

I recall a story on TD a few days back about a spammer sueing someone for tracing the emails he was getting back to the aforementioned spammer. Could this be a follow up from that? General advise to the consumer so they don’t find it necessary to follow in the footsteps of the yanks and start sueing people left right and centre for things that aren’t actually illegal?

For whatever reason, the article won’t load for me, but I’ll read it later and post again when I’m better informed of the backstory

RCasha says:

Yes, IP address is personal

The IP address you use is DEFINITELY personal information. In some cases (dynamic IPs), it’s only personal information in conjunction with a specific date/time.

The argument of whether such personal information should be considered private is a different matter.

Many countries in the EU have laws which govern what information may be STORED about individuals. Thus, a web server obviously can use your IP address to send you pages – just like nobody needs permission to use your telephone number to phone you up. However, Data Protection laws impose controls about what personal information can be stored about individuals, as well as which individuals. For instance a company can store information about its customers, but (depending on the laws) cannot store information about people who have no relationship with that company. Similarly, it restricts what information can be shared by different companies or entities.

Thus for instance, when you apply for a job, your prospective employer won’t be able to buy a list of websites you’ve visited in the last 3 months from your ISP, or check whether a female employee has bought pregnancy tests recently.

That’s the theory anyway.

Anonymous Coward says:

An IP address can not identify you, the person beyond the screen. It can identify a computer but more and more it just identifies a router which uses NAT to provide service to a whole local network behind it. Some house can have one Cable connection, three desktops, and two laptops on a wireless network, but the Internet-facing IP looks the same for all of them.

Scott says:

ISP'S tracking what?

I think that maybe we should really understand what is going on in the UK.
I believe what they they want is for company’s like Goggle, Yahoo and MSN to stop tracking your movements/searches by using the number given to you by your ISP’s.
With that in mind so why should Google and others keep track of your searches for a year and a half on their computers? It’s none of their damn business and the EU agrees.

Alfred E. Neuman says:

Dynamic IP

I was not suggesting that one could hide via the dynamic nature of an IP. I was pointing out (not very clearly) that the address by itself is insufficient. The possiblitiy of private data wrt IP would have to include date/time, possibly a hash or something.

In the past, some ISPs were changing the IP of customers who were running servers without paying the additional fee.

Alimas says:

Definetly Not Private Info

I remember when I signed up with Google and found they were hiding the IP addresses of the places you get e-mails from “in the interest of personal privacy”.
Thats not personal information, its a number given to you by the ISP so that the world can in fact know how to reach your computer. In effect, its quite the opposite.
The problem with spammers and such isn’t them knowing your IP, its them knowing your e-mail address, your name, etc..
IP addresses getting claimed personal information and legally defended is just another example of how the internet is slowly losing its special stature as a truly unlimited forum for sharing and interaction.
Want to protect yourself from hackers and spammers?
Use Firefox, don’t download useless programs from banners and don’t use your real full name or any other such info through a non fully secured connection.
Its just common sense.

jsmuli2 says:

Intersting

IP address should be the same as home address. Yes, you can give that info to anyone, but you can google-map anyone’s address even if you just type in a random street name and number. But you don’t know who that person is, or who lives there, you just know that address exists. That makes it personal, but personal is user-defined, as opposed to private which is unique to the individual and bound by law that only that person has the right to share/access the information.

_Jon (user link) says:

The term you are looking for is “confidential”.
That is, the information contained within the relationship between the ISP and the customer (i.e. the IP address) should be treated as “confidential”.

If y’all would review the article and your comments and correctly replace ‘private information’ with ‘confidential information’, I believe you will have substantially strengthened your argument.

Anonymous Coward says:

Mike, you are contradicting yourself.....again!

Mike,

Again you are contradicting yourself…

“By it’s very nature your IP address is rather public”

False, I don’t know your IP address unless you visit my website.

“Your credit card information clearly is “private”

Correct, because I won’t know your credit card number until you buy something in my store.

So, why do you feel one is “public” and the other “private” when they can only be obtained in essentially the same way (user must provide it by some action on their part)?

Brad says:

Re: Mike, you are contradicting yourself.....again

Don’t be an idiot. When money changes hands, it doesn’t make sense to try to remain anonymous. Would you ship a product to someone you had no knowledge of? Of course not. All kinds of personal information are given up at that point (Name, credit card, billing address). However engaging in a purchase is not the same as visiting a website. If you walk into a store, it’s not the same as buying something. More importantly, if I walk into a store, it’s not the same as writing my name and address on a card and sending it to Pepsi, just because you’ve got a Pepsi ad in the window. Online, my IP address is visible to everyone who shows me ads.

Further, since most online crimes are traced by IP address, it is a piece of your “identity” – and thus forging someone else’s should be a crime.

Philip (profile) says:

Postal Addresses?

Couldn’t you relate IP addresses to Postal addresses? They are the same thing: they identify your location. One is based on which computer you’re accessing, the other is your place residence. Both information is publicly available (try and stop somebody from walking up to your house and writing down your address). And both of them even “announce” their location (numbers on houses vs ip address sent to server).

In a way, I can see how EU is right. Even though it is a public number, it is very much as much a private number as your physical postal address. Only difference between the two is electronic transmission vs physical transmission. Am I seeing things wrong here? I know I’m crossing the internet world with real world, but I feel in this specific instance, it validates.

Kristen Metzger says:

I think it would be very difficult to make every computer’s IP address private for a few reasons. The first is because it has been, and is being sent to other computers for communication everyday. Another reason is because it does not locate you as specific to your house address, just to the area of the state or country you are from. Another reason is that i think it would be a long process, and be difficult to do. I think IP addresses are theoretically harmless to be public.

[UNDISCLOSED PERSONAL DATA] says:

ARE PEOPLE STUPID?

Google provides a free service and all people do is moan about what Google might know about them if they CHOOSE to use the service?!?

If you don’t like it.. DON’T USE SEARCH ENGINES!

European phone companies are REQUIRED by law to log information about calls you make/receive (number, time, date, location coordinates of mobiles, etc) and keep it for years. If you don’t like that.. DON’T USE PHONES!

ALSO UNDERSTAND THAT IF YOUR MOBILE PHONE IS SWITCHED ON, ITS LOCATION IS BEING TRACKED AND LOGGED!

EU email service providers are REQUIRED by law to log information about email you send/receive (from email, to email, time, date, subject, etc) and keep it for years. If you don’t like that.. DON’T USE EMAIL!

Difference is that those are in the name of law enforcement whereas Google’s internal data use isn’t *YET* as accessible to EU governments.. so if they can’t have it.. Google can’t have it!

I bet within a couple of year the EU will U-turn and make it the law that Google keep such data for years and disclose it the the governments/police when asked or give them constant unrestricted access to it.. see how you like you privacy then!

Henry (profile) says:

here is the thing…It’s ALL private data. We, meaning every one, should be able to selectively choose what data we share. Whether this be our IPs, our internet searches, or our clicks, it is all our business and should only be shared with permission. Granted, there are several methods for increasing your level of data protection, but still, many popular services just bypass the permission seeking stage and just flat-out make money off of info you never explicitly (perhaps passively, however) agreed to share.

XXX Travel (user link) says:

Hi thank you for an perceptive post, I actually found your blog by mistake while searching on Goole for something else nearly related, in any case before i ramble on too much i would just like to state how much I enjoyed your post, I have bookmarked your site and also taken your RSS feed, Once Again thank you very much for the blog post keep up the good work.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »