EU Official: IP Is Personal

Robin Stevens robin.stevens at oucs.ox.ac.uk
Thu Jan 24 15:49:06 UTC 2008


On Wed, Jan 23, 2008 at 04:44:55PM -0800, Lou Katz wrote:
> On Wed, Jan 23, 2008 at 05:52:41PM -0500, Sean Donelan wrote:
> > In the US, folks are fighting the RIAA claiming that an IP address isn't
> > enough to identify a person.
> > 
> > In Europe, folks are fighting the Google claiming that an IP address is
> > enough to identify a person.
> > 
> > I guess it depends on which side of the pond you are on.
> 
> They are both right. If you have a dynamic IP such as most college
> students have, it is here-today-gone-tomorrow.

In our environment it's common for the same system to retain the same
dynamic address for months or even years.  Our DHCP servers will try to
assign the same address to the same client for as long as possible.

For data protection purposes, we've long considered IP addresses to be
personal information.  They're often sufficient to track the same
user, and not infrequently identify a particular user without the need
for information other than a DNS lookup (people still seem fond of
unimaginative hostnames like fred-pc.dept.ox.ac.uk).  

Can IP addresses always identify a unique individual?  Definitely not,
not even to those of us with access to the logs.  NAT, MAC-spoofing,
shared/multi-user systems and so forth still get in the way from time to
time.  Newer technologies such as 802.11x will stop some means of
evasion in the future, and also make it easier for us to track directly 
by username rather than network interface.

	Robin

-- 
Robin Stevens <robin.stevens at oucs.ox.ac.uk>        Work (+44)(0)1865 273212
Networks & Telecommunications Group                 Fax (+44)(0)1865 273275
Oxford University Computing Services               http://www.cynic.org.uk/



More information about the NANOG mailing list