A company that tracks file sharers for copyright violations has been warned that its tactics violate the Switzerland's telecommunication law.
Logistep, which supplies information on suspected file sharers to law firms around the world for use in copyright violation cases, has until February 9 to respond to the Federal Data Protection and Information Commissioner (FDPIC), said Marc Schaefer, the agency's legal advisor.
Under Swiss law, the identity of a subscriber to an ISP can only be revealed during the course of a criminal case, not a civil one, Schaefer said. The IP address of a computer controlled by the subscriber is considered 'personal' information.
In order to try to claim damages from people suspected of trading songs or movies, Logistep has asked Swiss prosecutors to open criminal cases, Schaefer said. As the criminal cases progresses, Logistep receives information from prosecutors that identifies the file sharer.
Logistep then initiates a civil case against the file sharer while the criminal case is ongoing. Prosecutors usually drop the criminal case against the person, Schaefer said.
By starting a criminal case "to obtain the identity behind an IP address... they just found a way to avoid the telecommunication law," Schaefer said. "Therefore, we told Logistep to stop their work until there is a legal basis which allows such an identification."
The FDPIC's recommended to Logistep to stop the practice, but is prepared to take the matter to court, Schaefer said. Logistep would be in the clear if they pursued a civil case after the criminal one is complete, he said.
Logistep has issued a statement contending that an IP address is not personal information.
An IP address can indicate the location of a computer but not necessarily who is using it. Several people could share the same computer, which would have one IP address. But ISPs, as well as wireless routers used in home, can also dynamically assign IP addresses, which adds further ambiguity regarding who is using the computer and who may be responsible for illegally activity conducted on the PC.
That means the person paying the bill for the internet service may end up as the target of the civil proceeding rather than the offender, adding another worrying factor into the lawsuits, Schaefer said.
On its website, Logistep said it can compile a history of illegal files shared by someone, even if encryption or proxy servers are used to mask the sharing.
The row comes amid growing concerns over how personal data is collected and retained in Europe.
Last Monday, a top European data protection official, Peter Schaar, said at a European Parliament hearing that an IP address should be considered personal information since it can be used to identify people.
Schaar is chairman of the Article 29 Data Protection Working Party, which is looking at personal data and privacy issues, such as what kind of data search engines retain. A report is scheduled for release by April.
Also last week, privacy activists claimed victory over music and content industry lobbyists concerning a report issued by the European Parliament's Committee on Culture and Education.
Struck out of the report was a suggestion that ISPs should monitor content and ban users for suspected copyright infringement, wrote Danny O'Brien, international outreach coordinator for the Electronic Frontier Foundation, which lobbied against the suggestion as well as others.
The report, entitled Cultural Industries in Europe, will be used to make recommendations to European Union countries on intellectual property and other issues.