An IP address is not a Social Security number or a fingerprint. It, in the words of Judge Gary Brown of the U.S. District Court for the Eastern District of New York, “provides only the location at which one of any number of computer devices may be deployed, much like a telephone number can be used for any number of telephones.”
That hasn’t stopped lawyers from acting like IP addresses are virtual ID cards. According to Mitch Stoltz, staff attorney for the Electronic Frontier Foundation (EFF), more than 200,ooo people have been sued in mass BitTorrent lawsuits, many by “patent trolls” looking to scare people into settlements.
“It’s a business model — a kind of mass shakedown,” says Stoltz. “The only way it is profitable for these lawyers is if they get a bunch of small settlements from a lot of people without having to spend a lot of time in court dealing with the merits of particular cases.”
The New York case in question pitted two slightly unsympathetic groups against each other: makers of pornographic films and the people who downloaded said films via BitTorrent. Downloaders of pornographic films are frequent targets for lawsuits, mostly because the plaintiffs believe embarrassment might cause the defendants to settle quickly.
The idea, according to Stoltz, is to submit a list of IP addresses to the court, get permission to send subpoenas to the relevant Internet service providers, get information on the account owner of each IP address and then scare each account owner to settle for a few thousand dollars each — a sizable sum in aggregate but a low enough number that some people will just pay it instead of fight it in court.
It all starts with the list of IP addresses, which is usually the only evidence the plaintiffs have. There are hundreds of similar cases open right now in the United States, but few contain such a detailed analysis of what’s wrong with using only an IP address to identify someone:
Thus, it is no more likely that the subscriber to an IP address carried out a particular computer function – here the purported illegal downloading of a single pornographic film – than to say an individual who pays the telephone bill made a specific telephone call.
Indeed, due to the increasingly popularity of wireless routers, it is much less likely. While a decade ago, home wireless networks were nearly non-existent, 61% of US homes now have wireless access. As a result, a single IP address usually supports multiple computer devices – which unlike traditional telephones can be operated simultaneously by different individuals. Different family members, or even visitors, could have performed the alleged downloads.
Take, for example, a cafe. Should a business owner be liable if one of his or her customers downloads movies illegally while using the cafe’s free Wi-Fi?
Even beyond the issue of illegal downloads, the question of whether or not an IP addresses identifies a particular person has relevance in all sorts of criminal cases. That’s not to say that an IP address is not useful evidence; it’s that an IP address alone isn’t enough to definitively tie a person to an illegal act.
While judges all over the country have ruled both ways when it comes to the issue, recently more have come to the same conclusion as Judge Brown. Until a major case comes to appellate court, however, the issue will remain murky.
“We’ve seen some progress,” says Stoltz. “The tide is turning; there have been judges in northern California, Illinois, Washington D.C., Texas, Virginia and now New York who have been been putting the brakes on this and have told these attorneys ‘You have to come into court with a little more than just a list of IP addresses.'”