New York Judge Gary Brown recently found that an IP-address is not sufficient evidence to identify copyright infringers.
While this legal finding was focused on copyright issues, it could have far reaching implications for questions about data ownership. If a person is not an IP address (and who, really, ever thought they were identical?), then can any data generated via a specific IP address be legitimately associated with a single, unique individual?
Digital marketers have struggled with this for years. But, the risk of unintended consequences as big data evolves becomes more wide spread well beyond targeted marketing. As an example: how does Google filter its understanding of your content preferences if you share equal time with one or more people in your household? The relevancy of my interest in beach vacation spots is much less to someone I might share my internet connection with who is afraid of the ocean and can’t swim.
This is not just a challenge for targeted marketing. A business that, while many of us are happy to benefit from, few of us have much concern for making their jobs easier. The BitTorrent example in the article is on point and insightful.
How about this though: my elderly grandfather’s glucose and heart monitoring device shares the same IP address as the rest of my household. As a matter of course, all data from those medical devices is captured and stored by his health care provider. Now imagine that through an internal data leak, the hospital where my grandfather’s health care provider works inadvertently mixes up his medical condition with my own—after all, we live at the same address, are the same gender, and have the same last name.
This is not an economic risk (although I can imagine being billed for health care services being assigned to me instead of my grandfather). But the legal de-coupling of an IP address from a specific, individual person should point to the presence of existing risks we face today. Namely, that while we appreciate the benefits of health care innovations using technology, the real-world relationship between the internet technology we use and the people who use it is not sufficiently well-understood. “Spoofing” (pretending to be someone you’re not) has a long and storied history—both on and off the internet. But in this case, the unintentional confusion between my grandfather’s medical condition and mine (based on an assumption that data originating from a single IP address is generated by a single person), could have disastrous consequences if I’m ever rushed to the emergency room. And this legal decision could encourage a must-needed exploration of the nuances of privacy, identity, reputation, and data ownership.
(NOTE: to the logicians in the audience. Yes, we do not know who may or may not make the assumption that data originating from a single IP address is generated by a single person. But that’s precisely the point. The legal judgment just made it (at least legally) clear that that assumption is false.)