Feeds

Google mounts Chewbacca defense in EU privacy debate

'IP addresses are never personal except when they are'

The Power of One Brief: Top reasons to choose HP BladeSystem

Over at The Official Google Rhetoric Blog, the world's largest search engine continues to muddle the debate over the privacy of IP addresses.

As the European Union questions whether IP addresses should be considered "personal data" - "personally identifiable information" in American parlance - Google software engineer Alma Whitten brings up the issue and then spends several paragraphs failing to address it.

With her blog post, Whitten points our that "the IP addresses that people use can change frequently":

For instance, your Internet service provider (ISP) may have a block of 20,000 IP addresses and 40,000 customers. Since not everyone is connected at the same time, the ISP assigns a different IP address to each computer that connects, and reassigns it when they disconnect (the actual system is a bit more complex, but this is representative of how it works). Most ISPs and businesses use a variation of this "dynamic" type of assigning IP addresses, for the simple reason that it allows them to optimize their resources.

Because of this, the IP address assigned to your computer one day may get assigned to several other computers before a week has passed. If you, like me, have a laptop that you use at work, at home, and at your corner café, you are changing IP addresses constantly. And if you share your computer or even just your connection to your ISP with your family, then multiple people are sharing one IP address.

Yes, it's all true. Your IP address can change. And sometimes, you share an IP address with others. But the same goes for phone numbers.

Sure, you can say that sometimes IP addresses don't map back to particular individuals. But this also means that sometimes they do.

"With dynamic addressing, there are circumstances where an IP address might not be personally identifiable," Mark Rotenberg, the executive director of the Electronic Privacy Information Center (EPIC), told The Reg. "But increasingly, in a vast majority of cases, it is personally identifiable - particularly when it's linked to search queries that are date and time stamped."

Last month, Rotenberg went toe-to-toe with Google global privacy counsel Peter Fleischer in front of the EU parliament, and he's adamant that as time goes on, IP addresses will only get more personal. "This becomes an even bigger problem as we move to the IPv6 environment, which has plenty of address space to uniquely identify actual devices."

What's more, dynamic IP addressing doesn't always prevent personal identification. ISPs typically keep logs of when your address was what, and courts can subpoena this information in much the same way they can subpoena information from Google.

Of course, Alma Whitten goes on to say that Google has done a great deal to guard user privacy in recent months, including "anonymizing" its search logs. Um, last we checked, the company had agreed to anonymize its search logs once they're 18 to 24 months old, and anonymize meant "changing some of the bits" in a stored IP address, making "it less likely that the IP address can be associated with a specific computer or user."

Actually, it's still unclear if this "anonymization" is actually in effect. Back in March, Google said it would happen "within a year's time," and when we asked the company about its progress, it said: "We'll get back to you."

Whitten also claims that Google has "shortened cookie lengths". But as we've said before, this affects no one but criminals and dead people.

It's yet to be seen if the EU will officially mark IP addresses as personal data. But one thing's for sure: When it comes to privacy debates, Google knows how to spin. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.