Don’t you hate it when you checkout of a shopping cart, it displays:
WARNING – YOUR IP IS BEING TRACKED.
YOU ARE COMING FROM 192.168.1.100
Even your own CRM software can display “your” recent logins with timestamps and IP addresses.
Should Your IP Address be Kept Private?
Here is a article from Yahoo News on the legality of IP addresses and privacy:
New Jersey Court Says IP Addresses Are Private
Individuals have a “reasonable expectation of privacy” in the connections between their personal information and the IP address they use to access the Internet, the New Jersey Supreme Court ruled Monday.
While the court’s ruling was based on the New Jersey constitution’s expanded definition of privacy, it is “an open question” as to whether the same privacy rights would be upheld in federal court, said Eric Goldman, a law professor at Santa Clara University Law School, in a telephone interview.
The case concerns an employee accused of changing content on her company’s Web site and altering the password so no one else could correct the misinformation. On Aug. 27, 2004, Timothy Wilson, owner of Jersey Diesel, noticed his company’s shipping address had been changed on its Web site.
The company’s IT specialist reported that someone had logged onto the server, changed the address and changed the login password. The specialist found the IP address of the person who made the changes.
Wilson suspected an employee, Shirley Reid, with whom he had recently argued, and reported her as a likely suspect to the Lower Township, N.J., police. When Wilson contacted Comcast to request the identity of the IP address user, Comcast declined without a subpoena.
The local police then obtained a deficient subpoena from the municipal court and served it on Comcast, which complied, identifying Reid as the person who changed the site. The subpoena was captioned Wilson v Reid, although no such case existed — a blatant violation of the process.
The question for the Supreme Court was whether the evidence gathered from the deficient subpoena should be suppressed. Even though the U.S. Supreme Court has found no privacy expectation in Internet subscriber information, the New Jersey Supreme Court held that the state’s constitution goes further and New Jersey citizens do have a right of privacy regarding their IP numbers.
Just as with telephone-service and banking relationships, customers provide Internet service providers (ISPs) with personal information for the limited purpose of obtaining access to the Internet. “When users surf the Web from the privacy of their homes, they have reason to expect that their actions are confidential. Many are unaware that a numerical IP address can be captured by the Web sites they visit,” the court said.
Mere disclosure of personal information to a service provider, be it the telephone company or an ISP, “does not does not upend the privacy interest at stake,” the court said.
Goldman noted defective subpoenas to ISPs are hardly a rarity. “The dominant majority are actually deficient,” Goldman said. “It’s a real problem for ISPs. All of the incentives are pushing toward complying with the subpoenas. It’s somewhat futile because there are so many bad subpoenas out there, objecting to a few of them is like putting your finger in a dike.”
While Reid won the battle to suppress this particular evidence, she probably will lose the war. The New Jersey court permitted the authorities to resubmit a proper subpoena and additional evidence may be used against her. “Maybe it wasn’t worth her time to fight,” Goldman said.
The larger question about the constitutionality of obtaining subscriber information without a proper subpoena has yet to be decided, Goldman said. “The association of IP address and individuals using that IP address might very well be subject to privacy protections,” he said. “The court made a good set of analogies with telephone service, bank records and utilities — that might be an argument that could be recycled into a federal constitutional analysis.”