Did the high court just make IP addresses not private data??

DeVore

A lot of people are saying that the new ruling regarding Eircom and filesharers means that your ip number is now not considered private data?

Can anyone interpret the ruling for me out of interest?



DeV.

Farcear

'private' is a little misleading here because every time you connect to any website, you give that website your IP address. In fact, your IP address is about the least private thing you have when you are online. What this case was talking about was "personal data".



"personal data" are things like your name, age and address. These enjoy special protection under the Data Protection Act. An IPv4 address isn't personal because it doesn't identify you, and you get a new one every time you connect to your ISP.

The first question addressed was whether IP addresses constitute ‘personal data’ within the meaning of the Data Protection Acts 1988-2003. Mr Justice Charleton held that an IP address was not personal data as it did not identify a living individual and he saw no likelihood arising that Eircom would disclose the identity of its subscribers to the record companies.

http://www.irelandip.com/2010/05/articles/privacy-1/high-court-approves-file-sharing-settlement-isp-addresses-not-personal-data/

I do wonder what wil happen when we finally migrate to IPv6 where there is enough address space to give everyone a permanent fixed IP address for each internet capable device they ever own -- seems like it would be identical to a phone number or home address and so should constitute personal data.

DeVore

We have been "advised" that IP represented "personal data" in the past by the DPC. I wonder how they would react if we published it under everyones username

(considering that they have previously advised us about publishing the word "banned" under a users name):
http://www.tjmcintyre.com/2008/06/data-protection-and-bulletin-boards.html

DeV.

DeVore

ps: IPv6 is going to be a godsend to us... banned will mean banned!

pps: the DPC are actually quite competent and pleasant to deal with. Some times the logic leaves something to be desired but the people are nice!

DeV.

Tom Young

There is a huge set of conflicts with this issue and the laws surrounding IP addresses and intellectual property rights in relation to creations/works.

The DPC are generally referencing their EU Article 29 Working Party position which states that in certain circumstances IP addresses are personal data.

In the context of the High Court ruling by Charleton J you'll see that he says IP addresses can be personal in the hands of the Data Controller e.g., eircom. The scenario under review in that Judgment was settlement agreement whereby Dtechnet software will scan for infringing IP addresses and send them to their block holders/telco's for implementation of the (only eircom agreed) graduated response (which is now 4 strikes).

So there is a bit more to be included to the quote above ...

If IP addresses were formally personal data they still could do this, but the telco/ISP might have problems processing the data. Remember this is a bilateral agreement in settlement of litigation.

Graduated responses are not lawful in some EU jurisdictions based on IP addresses being declared personal data or company data.

In terms of your advices at boards, I'd be very conservative over IP addresses and they can (as most Mods here know) identify users almost to their very address. So, in that context they are personal data.

I'd also be slow about the publication of the word "banned" near users detais.

Change nothing for the moment.

Tom

PS: No knee jerking.

DeVore

We consider IP to be sensitive data and wont be publishing it

But this area is a mess in the law and its not at all clear for anyone it seems...

DeV.

Our man in Havana

What was the final word from the DPC about using the word banned?

DeVore

The final word was that they dont seem to be sure we fall under their jurisdiction! We've made it clear we will follow the "rules" voluntaraily. The word banned was reconsidered as probably not being "personal data" as I recall (dont quote me on that).
We have a good relationship with them so its not adversarial for us, its more "advisory"...

DeV.

maidhc

DeVore wrote: »

pps: the DPC are actually quite competent and pleasant to deal with. Some times the logic leaves something to be desired but the people are nice!

Essentially they problem is in their wisdom they referred a matter to the High Court, but didn't actually make their point in the high court... insteady they left Eircom and EMI etc to have an, em, er, balanced discussion about the matter.

I sent a polite email to the DPC suggesting NOT to refer things in future unless they are actully going to follow it through. Never got a response to that.

DeVore

I do think they should be tough across the board in defence of privacy. They seem savagely understaffed though so thats a "higher political paygrade" decision to support them more.

But this thread isnt about the DPC, I just wanted to hear what the legal analysis of the Eircom ruling is...


DeV.

Our man in Havana

It is really a sensible ruling by Charleton J. Downloaders are dealt with by eircom without the copyright holders ever knowing who they are. All very civil.

Now if the copyright holders wanted the names it would be a totally different story.

DeVore

Doesnt that rather presume guilt?


Admittedly its not like they are being denied internet access completely (I am presuming they can move ISP to bit-carriers and the like...). So I guess its just a breaking of a commericial agreement in the end of the day but I think its opening a can of worms...

DeV.

Our man in Havana

Indeed, it does ask the question how do you prove that x ip address downloaded y file at the particular time.

Tom Young

Haddockman wrote: »

Indeed, it does ask the question how do you prove that x ip address downloaded y file at the particular time.

It's very simply done. Address, time, port and packet stamped. Like a finger print removed from the scene of a crime. Further, this data is stored.

DeVore

we have every IP connected to every post at the time is was posted, stored in our database and we can pretty much identify everyone but its takes quite a bit of hassle to do it.

People always think they are anonymous online and absolutely nothing could be further from the truth.

DeV.

Jev/N

Tom Young wrote: »

It's very simply done. Address, time, port and packet stamped. Like a finger print removed from the scene of a crime. Further, this data is stored.

The problem is, as I said in another thread on this, that the US situation has proven that the third party company tends to make mistakes, and lots of them. For instance, they were contacting 'infringers' whom did not have an internet connection or those who were dead. I know this isn't the same system as here, but it still demonstrates that the whole operation is far from cut and dried

Tom Young

Jev/N wrote: »

The problem is, as I said in another thread on this, that the US situation has proven that the third party company tends to make mistakes, and lots of them. For instance, they were contacting 'infringers' whom did not have an internet connection or those who were dead. I know this isn't the same system as here, but it still demonstrates that the whole operation is far from cut and dried

For sure. There is a legal protection for the ISPs in the eCommerce Directive which is what provides for the main defence in the context of litigation here. Though course it wasn't tested by the eircom case. Defence is called mere conduit like the host defence which boards.ie might rely on in the context of defamation complaints where they acted appropriately.

I saw an article recently on the Register which called into question the eircom agreement: http://www.theregister.co.uk/2010/05/28/fone_a_freetard_flaw/

... is that kind of what you mean

Our man in Havana

Say eircom/some Hollywood studio accuse someone in the wrong, what remedies are available to the user?

Tom Young

Appeal to the good sense of the supplier to validate the claim in the context of their settlement agreement/protocol, with the private music rights holders. The will be able to see what's going on, on your service once reported correctly or not!

The main issue here is that under contract you would be caught if acting badly online also.

The new regulatory framework for communications providers as agreed in late 2009 provides for judicial oversight, appeals mechanisms and protections of/for privacy and other rights online.

ynotdu

Oh c'mon please.
Boards and every other site could put 'ex user' besides a banned members nickname.

The fact that 'Registered user' remains forever is open to very cynical interpretation. ie: a good selling point to have 'registered users' far beyond those that have not being active for Years or are known to be deceased by Boards,when it comes to gaining Ad revenue.

Even Banned users have 'prison' and remain 'Registered users'
Members who might wish to leave are requested to just stop posting or email hello@boards.ie since the new T&C's that came into effect March 1st. I have yet to see ex member beside anyones name since that email address was made available.

Many sites ban persistant offenders not just by their IP address but also by their uniqe Mac(hardware) address.

As it stands People are Legally responsible for anything posted via their IP address(under the present systym a re-boot of a router will slightly change most peoples IP address) but if the Guards wanted to know the ISP can easily know which ISP address it was changed from.
If an offense is serious enough not even a proxy will hide a user as at the request of Interpol the proxy has to provide the real address it is hiding.

So boards much as We love You's don't pretend that that there's no cynical reasons for things on boards,and don't treat us like fools please!

This was All opened up for discussion by Darragh before the new T&C's came into effect ,Many tweaks and changes were made to the draft in response to feedback but not a budge on ex-member being put beside a users name who wished to leave or was banned.

Jev/N

Tom Young wrote: »

For sure. There is a legal protection for the ISPs in the eCommerce Directive which is what provides for the main defence in the context of litigation here. Though course it wasn't tested by the eircom case. Defence is called mere conduit like the host defence which boards.ie might rely on in the context of defamation complaints where they acted appropriately.

I saw an article recently on the Register which called into question the eircom agreement: http://www.theregister.co.uk/2010/05/28/fone_a_freetard_flaw/

... is that kind of what you mean

Well that's what I thought re the Directive - that unlike the Demon Internet case in the UK regarding defamation, where the ISP had refrained form taking down a posting - that Eircom could argue against being a secondary infringer, as they cannot really do anything about the problem

The issue is, then, whether Irma contacting them and telling them to implement filtering software was specific enough for the defence not to be acceptable i.e. that they technically had a hand in the infringement.

Anyway, it's all moot, at least until UPC are up...

That article is something I was thinking of before, due to DHCP you wouldn't be targeting the same IP for the same person, so you couldn't merely filter your results each time to see if 'previous offenders' were there, unless someone owned a static IP.

I think it's just a matter of wait and see. I think the settlement will be abandoned one way or another, it's just a matter of how long..

Our man in Havana

That article is something I was thinking of before, due to DHCP you wouldn't be targeting the same IP for the same person, so you couldn't merely filter your results each time to see if 'previous offenders' were there, unless someone owned a static IP.

I think it's just a matter of wait and see. I think the settlement will be abandoned one way or another, it's just a matter of how long..

I think you are 100% right. It is only a matter of time.
From what I can gather, you have more chance of winning the lotto than getting cut off.

ynotdu

Haddockman wrote: »

I think you are 100% right. It is only a matter of time.
From what I can gather, you have more chance of winning the lotto than getting cut off.

There will be nothing left to be cut off from soon................hot off the press Limewire is in it's dying days.........

One way or another the powers that be will soon have complete control of the Internet by Legal means.

DeVore

ynotdu.... I'm sorry, I really dont have any idea what you are saying.

We DO put "banned" under users who are banned so I dunno what sort of point you are making there.

Secondly can you explain to me how we can ban people by Mac Id? I wasnt aware it was passed along as to websites as its not something we can query from our servers...


DeV.

ynotdu

DeVore wrote: »

ynotdu.... I'm sorry, I really dont have any idea what you are saying.

We DO put "banned" under users who are banned so I dunno what sort of point you are making there.

Secondly can you explain to me how we can ban people by Mac Id? I wasnt aware it was passed along as to websites as its not something we can query from our servers...


DeV.

Hi Devore,I really don't understand that You don't understand that the the amount of Registered users is little short of a lie.
.
more information about Mac address's here.The ISP's know who the account holder of the router is,Many sites can actually process the Mac address if they wish.

http://en.wikipedia.org/wiki/MAC_address

Banned beside a users name still leaves them access to the Prison Forum So they are still members/registered users which misrepresents Boards members De Facto.

users wishing to leave boards on good terms cannot simply have Ex-member beside their nickname as it stands,again this misrepresents the true figures for all intents and purpose.

I realise an ex members posts cannot be removed or threads would make no sense.

but on a matter of principle i believe someone who wish's to classed as an Ex Member should have their wish respected and made clear under their nickname.

I have heard the argument "well just don't post again" if a member wants to leave,I just think it stinks of something that a person cannot leave and not be counted as a user if that is there wish.
I tried arguing that point during the consultation period about the new t&c's.

pasted and copied from a quick search for whats my MAC address.
I cannot post the link as so much information about My details came up it is frightening!


try it yourself on some sites:eek:

Each device on a network has a unique numbers called MAC address. MAC address is acronym for media and refers to the procedures used by device to control access to the network medium. Namely each device on network has a unique physical address.

For communication on a network are two physical addresses required. For the sending and receiving devices. For data transfer across an internetwork will be used two MAC addresses. One is MAC address from the receiving machine and other one from the receiving machine.

MAC address is 48 bits wide and consist of OUI (organization unique identifier) that is 24 bits long and 24 locally assigned bits.
How to Get or Find MAC Address?


On question: how to get MAC address or how to find MAC address we have two solutions:

1. The easiest way to find MAC address is by using our free automated MAC Address Lookup tool (aka MAC address finder) below
2. or you can get MAC address by following certain steps via Command Prompt (Start - Programs - Accessories - Command Prompt).

Find or Get My MAC Address via MAC Address Lookup?

To get and find MAC address via our (MAC Lookup) MAC address finder tool you need to enable JAVA in your browser. It is usually enabled by default. So in most cases you do not need to do anything special.
Your browser may ask you of you would like to allow this MAC address finder applet to run. Depending on your internet connection finding MAC address with our MAC Address Lookup (MAC address finder) tool can take 1 - 15 seconds: Your browser does not support iframes.

Finding MAC address via Command Prompt

You can also find and get my MAC address by following next steps on your PC:
Press Start -> Programs -> Accesories -> and finally press Command Prompt. Then type ipconfig /all:



You will see by "Physical Address" field numbers which will give you answer on question what is my MAC address. This will match the result from our MAC address finder.

jimi_t2

ynotdu wrote: »

pasted and copied from a quick search for whats my MAC address.
I cannot post the link as so much information about My details came up it is frightening!


try it yourself on some sites:eek:

So you're saying that you can input your MAC address on some site and a load of information will come up about you?

seamus

ynotdu wrote: »

more information about Mac address's here.The ISP's know who the account holder of the router is,Many sites can actually process the Mac address if they wish.

http://en.wikipedia.org/wiki/MAC_address

The MAC address is used for local communication. Once the data leaves your local network segment, the MAC address is stripped out and is not available to other devices.

It's not possible for boards to get visitors' MAC Addresses. That data simply isn't provided.

users wishing to leave boards on good terms cannot simply have Ex-member beside their nickname as it stands,again this misrepresents the true figures for all intents and purpose.

Whatever your opinions on the whoel banned/left issue, advertisers are only interested in actual figures such as unique visitors per day, which has zero connection whatsoever to the number of registered/banned/ex members. So your big conspiracy theory has no real basis.

Our man in Havana

It's not possible for boards to get visitors' MAC Addresses. That data simply isn't provided.

That is 100% correct. That information would be of no value to a website owner in any event.

Jumpy

jimi_t2 wrote: »

So you're saying that you can input your MAC address on some site and a load of information will come up about you?

LOL, no.

ynotdu

Sites DO ban by MAC adress,There are tools available to scan hardware.
{If this is not true then an awful lot of sites lie!}

Banning by MAC adress i have seen happen.
For most people who do not have a static IP adress then everybody who is banned from a site may affect others who they share non static addresse' with.

I have seen it being threatened by an admin on an obnoxious poster who was in the prison forum .The Admin asked him "what will Your workmates think of You if i ban and they lose access to boards as well."
Stangely he shut up after that!:)

The idea that Ex-user is not placed besides a user who wish's to leave boards on good terms is not a conspiracy theory.It is something i just feel is wrong.I have no idea why i get such a bee in my bonnet about this,but i can't help it i do!:)

Proably best to leave it there for My input.
There are many with hugh experiance and would know much better than Me about these things.

Regards.

Our man in Havana

{If this is not true then an awful lot of sites lie!}

They must be lying. A statement like that would frighten n00bs into being good.
I an an admin on another site and I certainly cannot ban you by a MAC address.

seamus

ynotdu wrote: »

Sites DO ban by MAC adress,There are tools available to scan hardware.
{If this is not true then an awful lot of sites lie!}

Banning by MAC adress i have seen happen.
For most people who do not have a static IP adress then everybody who is banned from a site may affect others who they share non static addresse' with.

I have seen it being threatened by an admin on an obnoxious poster who was in the prison forum .The Admin asked him "what will Your workmates think of You if i ban and they lose access to boards as well."
Stangely he shut up after that!:)

You admitted yourself ynotdu, you don't know enough about these things. You appear to be confusing MAC addressing with NATs/Firewalls. You cannot ban someone by MAC address. There are tools available to scan hardware - most of these are scripts which run locally on your machine and therefore have access to your hardware.

Rest assured, nobody can see your MAC address on the web. Not that it makes a difference really. It's possible to hide or change MAC addresses.

DeVore

Also, last week I reviewed code which is being put into production as I type which will allow a user to close their account permanently.

I take it that you realise you have been talking nonsense about MAC addresses. If I could ban people's network card, dont you think I would do that with persistent reregs?????

If a company, like Dell uses a single point of connection to the internet (proxy/firewall) and we ban that ip because of the actions of one user, then we ban all users who access the internet from that access point, ie: all of Dell. Thats what the previous comment was about.


I'd really appreciate it if you would inform yourself before deriding me and my site in public, you clearly havent a clue what you are talking about and you are a mile off topic.
I'd expect an apology but I only have 35 years of life left on average.


This topic is about the status I.P. numbers as personal data. Many thanks to Tom Young (and others) for informative posts....

DeV.

ynotdu

DeVore wrote: »

Also, last week I reviewed code which is being put into production as I type which will allow a user to close their account permanently.

I take it that you realise you have been talking nonsense about MAC addresses. If I could ban people's network card, dont you think I would do that with persistent reregs?????

If a company, like Dell uses a single point of connection to the internet (proxy/firewall) and we ban that ip because of the actions of one user, then we ban all users who access the internet from that access point, ie: all of Dell. Thats what the previous comment was about.


I'd really appreciate it if you would inform yourself before deriding me and my site in public, you clearly havent a clue what you are talking about and you are a mile off topic.
I'd expect an apology but I only have 35 years of life left on average.


This topic is about the status I.P. numbers as personal data. Many thanks to Tom Young (and others) for informative posts....

DeV.

Devore i thought i was as gracious in My previous post as i possibly could be,Could You not have been the same?

I have Lauded boards to many people since i discovered it and recommended it to many.

I have on other threads defended its ethos,its owner. management and its moderating on many other threads.

It is by far a cut above the rest.

I do apologise to You as the earlier posts DO read far more aggressivly than i meant them to.

Sincere regards.

Tom Young

Jev/N wrote: »

Well that's what I thought re the Directive - that unlike the Demon Internet case in the UK regarding defamation, where the ISP had refrained form taking down a posting - that Eircom could argue against being a secondary infringer, as they cannot really do anything about the problem

The issue is, then, whether Irma contacting them and telling them to implement filtering software was specific enough for the defence not to be acceptable i.e. that they technically had a hand in the infringement.

Anyway, it's all moot, at least until UPC are up...

That article is something I was thinking of before, due to DHCP you wouldn't be targeting the same IP for the same person, so you couldn't merely filter your results each time to see if 'previous offenders' were there, unless someone owned a static IP.

I think it's just a matter of wait and see. I think the settlement will be abandoned one way or another, it's just a matter of how long..

Yes indeed. You might note Bunt v Tilley since the Demon decision and Clarke J in the Irish High Court cites both in the context of a defamation case called Mulvaney v The Sporting Exchange t/a. Betfair though this is more about host defence than mere conduit.

Durrant v FSA was the other more relevant UK case on IP addresses as personal data.

The eCommerce Directive was made brought into force in Ireland by Statutory Instrument 68 of 2003 or transposition of Directive 2000/31/EC
Three regulations are of specific reference to ISPs:

Regulation 18 – Host Defence
Regulation 17 – Caching
Regulation 16 – “mere conduit”


In the context of defamation actions Regulation 18 has been mentioned before the Irish Courts in the case of: Mulvaney & Ors v The Sporting Exchange Ltd trading as Betfair [2009] IEHC 133, per Mr Justice Clarke.

DeVore

ynotdu, sorry.... fair enough and thank you for the apology. I shouldnt have been so curt but I just thought you were putting the boot in and this week has seen a lot of boots flying my direction. I love my aul Boards and I get very combative when i feel they are being attacked unfairly.

I truely wish we could ban by Mac ID, it would be so awesome for us.

Closing you account feature is coming.

DeV.