Re: EU Official: IP Is Personal

[Jeff McAdams <jeffm () iglou com>]

Eric Gauthier wrote:
> Heya,
>
> > > In the US, folks are fighting the RIAA claiming that an IP address isn't
> > > enough to identify a person.
> > >
> > > In Europe, folks are fighting the Google claiming that an IP address is
> > > enough to identify a person.
> > >
> > > I guess it depends on which side of the pond you are on.
> > They are both right. If you have a dynamic IP such as most college students
> > have, it is here-today-gone-tomorrow.

> Our University uses dynamic addressing but we are able to identify likely users
> in response to the RIAA stuff.  There is a hidden step in here, at least for our 
> University, in the IP-to-Person mapping.  Our network essentially tracks the 
> IP-to-MAC relationship and the MAC-to-Owner relationship.  For us, its not the 
> IP that identifies a person, but the combination of IP plus Timestamp, which can 
> be used to walk our database and produce a system owner.

There are a couple of ways that can break down.  "Hey, dude, lemme
borrow your laptop for a minute."  Or
"ifconfig eth0 ether aa:bb:cc:dd:ee:ff"

> I'm guessing that Google et. al. have a similar multi-factor token set (IP, time,
> cookie, etc) which allows them to map back to a "person".

Which, for similar reasons, does not, in any absolutely reliable way,
identify a *person* at the keyboard.
-- 
Jeff McAdams
"They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor safety."
                                       -- Benjamin Franklin

Attachment: signature.asc
Description: OpenPGP digital signature