On Wed, Jan 23, 2008 at 04:44:55PM -0800, Lou Katz wrote:
On Wed, Jan 23, 2008 at 05:52:41PM -0500, Sean Donelan wrote:
In the US, folks are fighting the RIAA claiming that an IP address isn't enough to identify a person.
In Europe, folks are fighting the Google claiming that an IP address is enough to identify a person.
I guess it depends on which side of the pond you are on.
They are both right. If you have a dynamic IP such as most college students have, it is here-today-gone-tomorrow.
In our environment it's common for the same system to retain the same dynamic address for months or even years. Our DHCP servers will try to assign the same address to the same client for as long as possible. For data protection purposes, we've long considered IP addresses to be personal information. They're often sufficient to track the same user, and not infrequently identify a particular user without the need for information other than a DNS lookup (people still seem fond of unimaginative hostnames like fred-pc.dept.ox.ac.uk). Can IP addresses always identify a unique individual? Definitely not, not even to those of us with access to the logs. NAT, MAC-spoofing, shared/multi-user systems and so forth still get in the way from time to time. Newer technologies such as 802.11x will stop some means of evasion in the future, and also make it easier for us to track directly by username rather than network interface. Robin -- Robin Stevens <robin.stevens@oucs.ox.ac.uk> Work (+44)(0)1865 273212 Networks & Telecommunications Group Fax (+44)(0)1865 273275 Oxford University Computing Services http://www.cynic.org.uk/