Re: 23,000 IP addresses

[Roland Perry <lists () internetpolicyagency com>]

In article <5f713bd4b694ac42a8bb61aa6001a82f () mail dessus com>, Keith 
Medcalf <kmedcalf () dessus com> writes
> > Article 5 - Categories of data to be retained
> > 1. Member States shall ensure that the following categories of data are
> > retained under this Directive:
> > (a) data necessary to trace and identify the source of a communication:
> > (...) the name and address of the subscriber or registered user to whom an
> > Internet Protocol (IP) address, user ID or telephone number was allocated at
> > the time of the communication;
>
> The real problem is in the stupid wording.  The IP Address is not allocated to a "subscriber" or "registered user".  It 
> is handed out for use
> on an authorized circuit.  That circuit is being paid for by someone.  There is no nexus between a "circuit number" and a 
> "subscriber" or
> "user" (or there should not be -- and there only is if YOU CHOOSE TO CREATE SUCH).

While there's an argument that the circuit number doesn't identify the 
user, it most certainly identifies the Subscriber, who is the person who 
has the legal contract for supply of the circuit.

> If network operators behaved rationally, the proper response to any request to divulge information related to an IP 
> address would be limited to
> the Account Number which was paying for the circuit on which the IP Address was allocated WITH NO IDENTIFICATION OF ANY 
> INDIVIDUAL WHATSOEVER.

So you'd give out the bank/credit card number, but not the name? The 
legislation above asks for the name and address, and in many 
jurisdictions revealing the credit card number or bank account number 
would be regarded as *more* intrusive, not less.
--
Roland Perry