North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: EU Official: IP Is Personal

  • From: Scott McGrath
  • Date: Thu Jan 24 10:02:02 2008

We have a similar system based around Cisco's CNR which is a popular DHCP/DNS system used by large ISP's and other large organization and it is the IP+Timestamp coupled with the owner to MAC relationship which allows unique identification of a user and we have strict data retention policies so that after the data has been maintained for the interval specified by the Provost it is permanently removed from the database.

We treat IP/Mac information as personally identifiable information and as such limit access to this information to authorized users only.

But there seems to be a misapprehension that a dynamically assigned address cannot be associated with a individual.

Eric Gauthier wrote:
Heya,

In the US, folks are fighting the RIAA claiming that an IP address isn't
enough to identify a person.

In Europe, folks are fighting the Google claiming that an IP address is
enough to identify a person.

I guess it depends on which side of the pond you are on.

They are both right. If you have a dynamic IP such as most college students
have, it is here-today-gone-tomorrow.


Our University uses dynamic addressing but we are able to identify likely users
in response to the RIAA stuff. There is a hidden step in here, at least for our University, in the IP-to-Person mapping. Our network essentially tracks the IP-to-MAC relationship and the MAC-to-Owner relationship. For us, its not the IP that identifies a person, but the combination of IP plus Timestamp, which can be used to walk our database and produce a system owner.

I'm guessing that Google et. al. have a similar multi-factor token set (IP, time,
cookie, etc) which allows them to map back to a "person".

Eric :)