Swiss Supreme Court Says Tracking Online File Sharers Violates Privacy Laws

from the the-industry-isn't-going-to-like-that dept

A couple years ago, we wrote about how Swiss officials had told Logistep to stop snooping on suspected file sharers as it violated their privacy. However, a year later, a court ruled otherwise. However, things have changed once again, as Michael Geist points us to the news that the Swiss Supreme Court has said that Logistep’s snooping violates privacy rules. Apparently, Switzerland has strict digital privacy laws, which counts IP addresses as private information. I’m not sure if I agree with that idea (IP addresses are, somewhat by definition, public info — though I could see how connecting that info to users is a privacy violation). However, it’s certainly going to make tracking file sharers (or, hell, anyone online) a lot trickier.

Filed Under: ,
Companies: logistep

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Swiss Supreme Court Says Tracking Online File Sharers Violates Privacy Laws”

Subscribe: RSS Leave a comment
19 Comments
Hulser (profile) says:

"Personal"

From the linked article…

“The court says the [personal] information, including so-called IP addresses that identify computers on a network, is covered by Switzerland’s strict data protection laws.”

I’d be interested in some more information on this situation. IP addresses are public by definition, so I would think that it’d linking the IP address to an individual which would be a privacy concern. But I don’t know how this company would be doing that without the co-operation of the users’ ISP.

Does the Swiss court deem an IP address and other standard data that would show up in a log file (such as time stamps) as “personal” or is this company actually somehow gathering information which can link online activity back to an individual?

(And what’s up with the “so-called” qualifer for IP address? Do Canadians think there there is a more accurate term to descibe an IP address?)

SJ says:

Re: "Personal"

Here are the definition in the three officially publicated languages:

Art. 3 lit. a Swiss Data Protection Law:

(German) Personendaten (Daten): alle Angaben, die sich auf eine bestimmte oder bestimmbare Person beziehen;
http://www.admin.ch/ch/d/sr/235_1/a3.html

(French) données personnelles (données), toutes les informations qui se rapportent à une personne identifiée ou identifiable;
http://www.admin.ch/ch/f/rs/235_1/a3.html

(Italian) dati personali (dati)1: tutte le informazioni relative a una persona identificata o identificabile;
http://www.admin.ch/ch/i/rs/235_1/a3.html

I means that personal data according to swiss privacy law is all data has a direct connection to a person (e.g. social security number) or can be used to identify a person (e.g. telephon number).
The difference between those two things is (in my opinion) that one set of data can’t be altered (social security number, finger prints, dna, ….) but the other can be altered and doesn’t need to point to a single person forever – however at a given time it can be used to identify a person (e.g. phone number – you can change yours… or also ip address)

pixelpusher220 (profile) says:

Re: of course

nice straw man you got there.

You don’t use birthdate, place of birth, or any of the other info for unique system identification.

What would be comparable would be a company not being able to record your phone number when you called them. It’s how the system is able to identify the unique nodes on the network.

Or a company not being able to use your address when you send them a letter.

The unique key of a system is quite hard to describe as ‘private’ information.

Markus (profile) says:

Re: Re: of course

While this is a more balanced view, it still doesn’t quite capture it. With a phone call, you can stay completely anonymous only if the company is not employing some form of caller ID, or you have actively had your number blocked. Usually when you send a letter, the return address includes your name, or the letter does. In the instance of file sharing, there is a good amount more work that needs to be done to discover an identity for anything past an organizational owner of the IP. Unless we were talking about an ISP where they have the info to connect with their customer (and this only functions on a home customer level), the situation is much more like following a random person on the street, and noting identifying characteristics that may allow you to get their full identity later on.

The Infamous Joe (profile) says:

Re: Re: of course

A man operates a newspaper stand. He is busy playing on his new Droid 2 when suddenly he notices that someone has just finished reading a copy of US Weekly and then put it down without paying for it, in direct violation of his sign that says “No reading magazines before without paying!” He quickly pulls up his exact GPS location and also notes the exact time. He then proceeds to call every wireless carrier with coverage at his news stand and asks for the names and addresses of everyone who was at the exact spot at that exact time, alleging that they stole from him, so he can send them legal letters threatening to sue them for an obscene amount of money unless they pay $250 to settle.

Your location while in public is public data.

There has been no conviction or trial, only accusation.

The violation is of a civil nature.

Would you want *your* cell company to give this man your personal information or to tell him to go away? Would you be okay with your government supporting this kind of flimsy evidence to extort money or ruin lives?

Alex Cocoon (user link) says:

Protect Yourself!

The Swiss have it right, tracking people online is violating there privacy and should be illegal!

I work for a software company that is developing a product called Cocoon which protects your privacy while you browse through using a cloud. While using Cocoon, no information from the web touches your hard drive, and the web can not access anything on your computer.

Right now Cocoon is a Firefox add-on and since it’s in beta, it’s free. Check it out and let me know what you guys think, thanks!

Cocoon website:
https://getcocoon.com/

Youtube video (explains how Cocoon works):
http://www.youtube.com/watch?v=oRM4aWiCwxk

Cocoon blog (updates regarding malware, online privacy, and anything else IT related):
http://getcocoon.tumblr.com/

Shawn says:

of course

I think what he meant was, your SSN, birth date, etc. are all publicly available information (maybe not on the gps location). But you would still consider someone having those pieces of information a privacy concern.

Its not the information itself (or them having it) that’s the problem. Its the usage of the information to track you down. A computer’s IP address is just its identifier. But so is your name and address in the physical world. Its publicly available information, but when someone starts using it to track you or snoop on you, its a problem.

However, I’d agree with the Swiss law on this one. While its not exactly private information, it would be hard to word a law properly to prevent misuse of public information. Too many possibilities for loopholes and misinterpretations. Especially when the public piece of information is tied to so much that a user does.

You can’t find out what strip clubs I’ve been visiting or where I’ve spent my money or who I’ve been socializing with based on my address.

Anonymous Coward says:

The Swiss legal definition of personal data: all information relating to an identified or identifiable person. “Sensitive personal data” means data on: 1. religious, ideological, political or trade union-related views or activities, 2. health, the intimate sphere or the racial origin, 3. social security measures, 4. administrative or criminal proceedings and sanctions.

And yes, while IP addresses are “public,” the issue is the fact that those addresses can be linked back to an identifiable person, thus the IP address is “private.”

Also, this is a manner of consent. Since the IP address is, by Swiss definition “private,” to obtain it, you need consent from the data holder in addition to several other requirements.

Freak says:

It's like CPNI.

The way I understand it, at least.

Much like how, (if I were a call centre worker), I’m allowed to look at your phone records as much as I want, AND at your personal info as much as I want in a company’s database so far as they have it recorded. It’s a violation of the CPNI if, and only if, I make the connection between your phone records and your personal data. Your personal data being anything that might identify you, even if it doesn’t do so uniquely; like your name, OR your phone #, OR your address, OR even non-readily available biographical info, like your mothers maiden name or your first pet’s name.

So yeah, to my understanding, asking for a list of all the IPs that connected to an ISP is a perfectly legal thing to ask. If somewhat useless.
As might be, (I dunno), log files belonging to individual IP’s. As long as the IP’s are not connected.
But as soon as you connect the log files with the IPs . . .

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...