[governance] IP Addresses Are Personal Data, E.U. Regulator Says

[Karl Auerbach]

Meryem Marzouki wrote:

> Besides this, I hardly understand what an "usurpation of personally 
> identifable information" could mean, though I know what is an 
> "usurpation of identity". But these are different concepts

I'm looking at this with California eyes (California having right to 
privacy, unfortunately a right narrowly interpreted, in its state 
Constitution); and I suspect that you are looking at it using EU eyes. 
That difference, understandingly, would create some differences in the 
way we use words.

The way I see it use of an IP address by a unauthorized third party to 
create a packet that purports to come from one of the two real TCP 
endpoints is both a usurpation of identity and also a possibly 
unauthorized use of information (the IP address) that can be related to 
a individual person.

The first aspect - the usurpation of identity may be actionable under 
various non-privacy laws, criminal and civil, ranging from deceit, 
misrepresentation, and fraud to damage to reputation.  (That last aspect 
might be, for instance, ones reputation for running a reliable network 
service - such a reputation being damaged should that service be 
perceived as generating an excessive number of TCP Resets.)

The latter aspect, the mishandling of information (the IP address) that 
relates to an identifiable person, is where I perceive that the privacy 
aspects are to be found.  Perhaps I should have said "misuse" rather 
than "usurpation" with regard to the handling of the IP address as 
personally identifiable information.

		--karl--
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance