53 Pages Posted: 6 Jun 2010 Last revised: 22 Oct 2013
Date Written: August 15, 2010
Although computer logs typically correlate online activity only to Internet Protocol (IP) addresses, those addresses can be used to expose the individuals behind the computers. While various federal statutes protect similar data, such as telephone numbers and mailing addresses, as Personally Identifiable Information, federal privacy law does not sufficiently protect IP addresses. It has become commonplace for litigants to subpoena Internet Service Providers (ISPs) to unmask online speakers, and, because many ISPs have no reason to fight these subpoenas, they readily give up their subscribers’ names, addresses, telephone numbers, and other identifying data without demanding any court oversight or providing any notice to those identified. Left unchecked, such reporting could undermine free speech and the free exchange of ideas by encouraging users to censor their own online conduct.
This Comment explores the possibility of protecting the IP address itself as Personally Identifiable Information (PII). It explores the various definitions of PII and the relevant technical aspects of IP addressing. It concludes that, despite some technical shortcomings, IP addresses are functionally similar to other types of PII and should be similarly protected in order to protect online privacy.
Keywords: Internet Protocol, IP address, personally identifiable information, online privacy, ISP, subpoena, John Doe
Suggested Citation: Suggested Citation
McIntyre, Joshua J., Balancing Expectations of Online Privacy: Why Internet Protocol (IP) Addresses Should be Protected as Personally Identifiable Information (August 15, 2010). DePaul Law Review, Vol. 60, No. 3, 2011. Available at SSRN: https://ssrn.com/abstract=1621102