[governance] Civil Society (was Re: caucus contribution, consultation and MAG meeting)

Suresh Ramasubramanian suresh at hserus.net
Mon Feb 18 05:56:58 EST 2013


Unless you have customer data you don't have much proof. Especially in 
a dynamic ip or cgn environment

But this is a topic on which we can agree to disagree and you do make 
valid points

--srs (htc one x)



On 18 February 2013 4:01:40 PM Roland Perry 
<roland at internetpolicyagency.com> wrote:
> In message <E0F19B12-BEC5-42B6-86C3-B35B69556466 at hserus.net>, at
> 14:47:28 on Mon, 18 Feb 2013, Suresh Ramasubramanian <suresh at hserus.net>
> writes
> >I do this for a living .. so I can say you're correct
>
> That's good to hear, because I have also done this for a living.
>
> >My point is that a bare IP address is no use without accompanying
> >subpoena'd information from the ISP linking it to a customer's name and
> >address
>
> In some cases it is of use without police intervention, because the IP
> address can be correlated with other information (for example emails the
> victim has received, one of whose senders might be the stalker).
>
> >So, all the claims which I see touted by various privacy groups "ip
> >addresses are personal data" - and more so by the EU - just don't pass
> >my criteria for being based on facts.
>
> The fact is that if *some* IP addresses are immediately traceable back
> to an inividual then that means *all* IP addresses must be treated *as
> if* they were personal data (because you can't treat some differently
> from others, and the European view is to take the most conservative
> approach). I'm aware that other jurisdictions lean more towards the idea
> that "if I can find just *one* IP address that doesn't lead back to an
> individual, then *none* of them can possibly be considered personal
> data".
>
> >There are two actions when a cyberstalker situation is involved
> >
> >1. The ISP can determine that his actions are in violation of their
> >acceptable use policies and then end their relationship with him as a
> >customer - suspend his account from the service, which is a contractual
> >relationship with specific clauses on how such a relationship can be
> >ended.
>
> That's not going to happen unless the ISP receives a complaint, and if
> we are talking about an access ISP then the victim will probably not
> have an IP address, only the social network site will have that, and
> because it's "personal data" they will not release it to the victim.
>
> However, revealing the name (or other identifying details) of the
> perpetrator should be just as useful in pointing the victim in the right
> direction.
>
> >2. The affected person complains to the police, who believe they have a
> >case they can take before a prosecutor with a reasonable chance of
> >getting a conviction - so they subpoena the ISP and get customer data
> >about the stalker, which they use in making an arrest.
>
> In the UK there's no subpoena or prosecutor involved. The police have
> the right to ask for this information without.
>
> >Either case - the customer information is not disclosed to any third
> >party (even law enforcement) without due process being followed, and a
> >stalker's IP address looks just the same as your IP,
>
> Knowing the IP address can be helpful, although once again not 100%
> conclusive it can often reveal what country the perpetrator is from, and
> which ISP they use.
>
> > or the IP of a local church's broadband connection
>
> Or the IP of a business where the perpetrator works. Knowing the Church
> or the Business is often enough to work out who the perpetrator is -
> remember most stalkers are known to their victims (although not all of
> them are).
>
> >- there's every possibility that a dynamic IP could be assigned to the
> >stalker, then to you, and then to the church, so IP + date and time
> >stamp of the incident need to be tied to the ISP's login and billing
> >data - which you're only going to get with a subpoena from law
> >enforcement..
>
> Dynamic IP and carrier-grade NAT (as used by most mobile networks in the
> UK) make things more difficult, but none of this is a reason why IP
> Addresses should not be regarded as personal data (in the European/OECD
> model).
>
> >On 18-Feb-2013, at 13:46, Roland Perry 
> <roland at internetpolicyagency.com> wrote:
> >
> >> In message
> >><13ce62efbc4.2728.4f968dcf8ecd56c9cb8acab6370fcfe0 at hserus.net>, at
> >>08:55:09 on Sun, 17 Feb 2013, Suresh Ramasubramanian
> >><suresh at hserus.net> writes
> >>> The ambiguity starts when you need to tie an IP to an actual
> >>>customers name which you can only do after a subpoena from law
> >>>enforcement
> >>
> >> That isn't ambiguity, it's a matter of lawful process. Here in the UK
> >>the police can make such enquiries from an ISP without a subpoena from
> >>a court. However, they first have to be investigating a crime, which
> >>is why it was important to clarify what forms of [cyber]stalking are
> >>in fact a crime.
> >>
>
> --
> Roland Perry
>



-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list