In article <5f713bd4b694ac42a8bb61aa6001a...@mail.dessus.com>, Keith
Medcalf <kmedc...@dessus.com> writes
Article 5 - Categories of data to be retained
1. Member States shall ensure that the following categories of data are
retained under this Directive:
(a) data necessary to trace and identify the source of a communication:
(...) the name and address of the subscriber or registered user to whom an
Internet Protocol (IP) address, user ID or telephone number was allocated at
the time of the communication;
The real problem is in the stupid wording. The IP Address is not allocated to a
"subscriber" or "registered user". It is handed out for use
on an authorized circuit. That circuit is being paid for by someone. There is no nexus between a
"circuit number" and a "subscriber" or
"user" (or there should not be -- and there only is if YOU CHOOSE TO CREATE
SUCH).
While there's an argument that the circuit number doesn't identify the
user, it most certainly identifies the Subscriber, who is the person who
has the legal contract for supply of the circuit.
If network operators behaved rationally, the proper response to any request to
divulge information related to an IP address would be limited to
the Account Number which was paying for the circuit on which the IP Address was
allocated WITH NO IDENTIFICATION OF ANY INDIVIDUAL WHATSOEVER.
So you'd give out the bank/credit card number, but not the name? The
legislation above asks for the name and address, and in many
jurisdictions revealing the credit card number or bank account number
would be regarded as *more* intrusive, not less.
--
Roland Perry
