On Thu, 24 Jan 2008 20:39:53 PST, fred@cisco.com said:
What we can do with IP addresses is conclude that the user of the machine with an address is likely to be one of its usual users. We can't say that with 100% certainty, because there are any number of ways people can get "unusual" access. But even so, if one can show a pattern of usage, the usual suspects can probably figure out which of them, or what other "unusual" user, might have done this or that.
And oddly enough, license plates on cars act *exactly the same way* - but nobody seems at all surprised when police can work backwards from a plate and come up with a suspect (who, admittedly, may not have been involved if the car was borrowed/stolen/etc). You can work backwards from a phone number to a person, without a *guarantee* that you have the right person - but I don't see anybody claiming that phone numbers don't qualify as "personal information" under the EU definition. So - if you can work backwards from license plate info, telephone numbers, and IP addresses, and get a good idea of who the person is, and there's general agreement that the first two are "personal information" that allows (at least speculative) identification of the person, why are people having trouble with the concept that the third is personally identifying information as well?