My Address Is None.Of.Your.Business

Opinion: The EU may be poised to rule that IP addresses are personal data and need to be treated as such. The implications could be problematic.

Everyone believes in privacy (except Scott McNealy); we just differ on how much is the right amount. It is possible to go too far in advocating for privacy. That way lies uncertainty.

This seems to be the fate of the European Union, whose Data Privacy Commission leader recently said that IP addresses are personal data when they are used to identify people. This is an example of privacy priorities run amok.

It's 25 years now since TCP/IP became the protocol of the Internet (actually it was the Arpanet at the time), and in all that time tools and systems have been developed that begin with the assumption that IP addresses want to be found and want to be identified. For instance, as the article about the EU I linked to notes, "whois" services have developed to identify owners of IP addresses. This is a good thing.

I'm on the Verizon FiOS network here, and I ran my outside IP address on the whois service provided by ARIN (the American Registry for Internet Numbers, the body responsible for allocating IP addresses in the United States, Canada, a number of Caribbean and Pacific islands, and Antarctica). Here's what it shows:

OrgName: Verizon Internet Services Inc.
Address: 1880 Campus Commons Dr
City: Reston
StateProv: VA
PostalCode: 20191
Country: US
NetRange: -
NetHandle: NET-71-160-0-0-1
Parent: NET-71-0-0-0-0
NetType: Direct Allocation
RegDate: 2005-06-01
Updated: 2006-12-29
OrgAbuseHandle: VISAB-ARIN
OrgAbuseName: VIS Abuse
OrgAbusePhone: +1-214-513-6711
OrgTechHandle: ZV20-ARIN
OrgTechName: Verizon Internet Services
OrgTechPhone: 800-243-6994
# ARIN WHOIS database, last updated 2008-01-21 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Like domain name whois information, the point of this is to allow others on the network to make contact for official purposes, such as to notify them of security problems emanating from that network. The answer above doesn't identify me; it identifies my ISP and says a little something about how its network is configured. Of course, for almost all individual users this information will relate to their ISP as opposed to themselves.

You can identify me further by looking up my reverse DNS-in Windows go to the command line and enter "NSLOOKUP <IP address>." The reverse DNS is a unique name that corresponds to that one address. Sometimes there are things you can infer about a user from the name, but usually it's no more informative than the IP address itself.