Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead Message Promoted Post

Home / Blogs

IP Addresses and Personally Identifiable Information

Terry Zink

I don't normally cheer for Google when I don't own shares in the company, but this time I will make an exception.

Alma Whitten, Software Engineer at Google, today posted to their Public Policy Blog that IP addresses shouldn't be considered Personally Identifiable Information (PII). This is not a problem in the United States but it is in the EU, and if the EU actually were to legislate this it would most definitely affect Microsoft and Google's business functionality in the EU.

Whereas Google has an interest in collecting IP addresses in terms of doing geographical search targeting and marketing, for spam filtering purposes this affects us greatly. Can we collect and record IP addresses for data mining purposes? Part of fighting spam is knowing who the people are behind the spam storm. If the EU restricted what we could do with IP addresses, we wouldn't be able to mine through our data in order to look for patterns of spamminess. The ruling would be that we could potentially use IP information to identify a specific person, which is a no-no, according to the EU.

I would think that blacklist operators like Spamhaus could be impacted by this as well. They publish a blacklist of known spam operators and they quite deliberately go to the trouble of identifying IPs to individuals. I could see how a spammer could mount a legal challenge to have themselves removed from Spamhaus. Of course, I am not a lawyer but lawsuits can drain the life out of you.

I come down on the side of IP addresses not being PII. I was a little surprised that this was coming from Germany; I would have thought a law this bad would have originated from the French (that's just a joke).

You may want to check out the original article, it's a good read.

A couple of months ago we ran into the exact same issue here in Exchange Hosted Services. While Whitten does make valid points that a laptop user can move their IP address around (from home to the office to the cafe), there is another case. What about the home user that has a static IP address on their home server? Perhaps its reverse DNS is mail.homeuser.com or something like that. In that case, their IP address would not be subject to change and therefore you could, quite conceivably, learn their identity.

That seems to be the situation that the EU is targeting. I don't really agree with it since it only identifies a machine and not a user. A home PC can be infected with malware that sends out spam. Somebody other than the traditional user could be browsing to a web site. However, the question surrounding PII is a legal one and not a technical one. Of course, if it were a technical question, it still wouldn't provide absolute proof of identity, it only suggests it.

By Terry Zink, Program Manager
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: IP Addresses and Personally Identifiable Information Larry Seltzer  –  Mar 19, 2008 8:41 AM PST

From today (3/19)'s Gigalaw feed:

Italian Rule Bans Spying on Illegal File Sharers
Italian companies may not spy on individuals who engage in illegal file-sharing, according to a controversial new ruling. The ruling of Francesco Pizzetti, president of the official Italian body for Guaranteeing the Protection of Private Data, follows the attempts of a German record label, Peppermint, which last year began using the Swiss computer firm Logistep to gather the IP addresses of at least 300 Italians who were illegally sharing files.
Read more: http://www.gigalaw.com/news/2008/03/italian-rule-bans-spying-on-illegal.html (Source: Billboard)

[emphasis mine]

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

Mobile Internet

Sponsored byAfilias

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.