Another Reason for Hiding Your IP Address

Now I guess a lot of people who read this blog already keep their IP address private.  If you're like me you switch IP addresses several times a day just for practical reasons - perhaps from a UK one for BBC Iplayer, then to a US based IP address for catching up with the latest Simpsons on Hulu just like this.

However there still seems to be some sort of confusion elsewhere that an IP address is used specifically and exclusively by one particular person.

This false assumption is of course ludicrous, however it still ends up being used as the basis for various legal claims (usually involving copyright infringement). Fortunately most cases fail brought on  this basis fail, simply because of the uncertainty of who was using a connection at a particular time.  Indeed it is well known that paedophiles ensure that their own networks and Wifi connections are completely unsecured so that they can use this doubt as a defence if brought to justice.

Another case with relevance to privacy, anonymity using IP addresses has recently been heard - the case of  - Media CAT Limited v Adams.

This case was one of many expected to be brought in response to the rather unpleasant business model developed by Media Cat and ACS Law, first mentioned in this blog post - here.  Basically the model involved a company obtaining the rights to pursue internet users for downloading films from torrent sites and then pursuing them for damages or taking them to court.

ACS Law would send out threatening letters asking for money in return for dropping  the action.  Of course what happened is that the person who paid the ISP bill generally got this letter, even when they were completely innocent of the copyright infringement.   So for instance a grandmother would be deemed to responsible for her grandson downloading pornography on his laptop - an actual example.

Just for clarity let's just summarize what this business model involved -

  1. Find a copy of a pornographic film being shared online
  2. Contact ISPs and get a list of all the IP addresses that have downloaded this file
  3. Cross reference IP address with users name and address
  4. Send threatening letter to each user demanding payment or they'll be taken to court
  5. Collect money from those who pay up
  6. Take to court (eventually) everyone else
  7. Return to step 1 and find another file. 

So of course, half the people who received these threats had never downloaded the films.  How many people share an average internet connection, how many unsecured connections are broken into, how many computers are hacked, infected with trojans and viruses.  It is of course impossible to tell without further investigation.

These cases are important - firms like these are trying to hold the person who pays the ISP bill fully responsible for anything that happens through that connection.  Clearly in a criminal case more evidence would be required that someone is guilty of a crime.  However in civil cases there was a real danger that a more lax precedence would be established.

Of course there are so many mobile, network connected devices around nowadays, people cannot be held responsible for everything that connects through or via their networks.   Nor should peoples personal details and surfing information be shared so readily and distributed to firms like MediaCat.

Remember your ISP is holding a comprehensive list of everything you do, say or download online - this information and our privacy needs to be protected. Fortunately the judge was equally as sceptical in this instance of this method of business - here's a quote from his transcript.

First, the nature of the case itself raises many questions. I have mentioned some of them above. The issues are as follows:-
    i) Does the process of identifying an IP address in this way establish that any infringement of copyright has taken place by anyone related to that IP address at all. The technical issues raised by Mr Davey (and Mr Stone) relate to this point.
    ii) Even if it is proof of infringement by somebody, merely identifying that an IP address has been involved with infringement then encounters the Saccharin problem. It is not at all clear to me that the person identified must be infringing one way or another. The fact that someone may have infringed does not mean the particular named defendant has done so. Perhaps the holder of the account with the ISP has a duty to assist along the lines of a respondent to another Norwich Pharmacal order but that is very different from saying they are infringing.
    iii) The damages claimed deserve scrutiny. If all that is proven is a single download then all that has been lost is one lost sale of one copy of a work. The sort of sum that might represent would surely be a small fraction of the £495 claimed and the majority of that sum must therefore be taken up with legal costs. If so, a serious question of proportionality arises but again this has not been tested. Clearly if the defendant has infringed on a scale as in the Polydor case then would be a very different matter but there is no evidence of such infringement here.
Hopefully this will deter other such opportunistic companies from taking up this business model. Which invaded peoples privacy and amounted to little better than extortion in my opinion.  It does highlight the importance of keeping our data and information secure though. There are many so called legitimate companies seeking to exploit it for their own gain.