The Swiss authorities have warned a company that tracks file sharers for copyright violations that its tactics violate the country's telecommunication law.
Logistep, which supplies information on suspected file sharers to law firms around the world for use in copyright violation cases, has until 9 February to respond to the Federal Data Protection and Information Commissioner (FDPIC), said Marc Schaefer, the agency's legal advisor.
Under Swiss law, the identity of a subscriber to an ISP (Internet service provider) can only be revealed during the course of a criminal case, not a civil one, Schaefer said. The IP (Internet Protocol) address of a computer controlled by the subscriber is considered "personal" information.
In order to try to claim damages from people suspected of trading songs or movies, Logistep has asked Swiss prosecutors to open criminal cases, Schaefer said. As the criminal cases progresses, Logistep receives information from prosecutors that identifies the file sharer.
Logistep then initiates a civil case against the file sharer while the criminal case is ongoing. Prosecutors usually drop the criminal case against the person, Schaefer said.
By starting a criminal case "to obtain the identity behind an IP address ... they just found a way to avoid the telecommunication law," Schaefer said. "Therefore, we told Logistep to stop their work until there is a legal basis which allows such an identification."
The FDPIC's recommended to Logistep to stop the practice, but is prepared to take the matter to court, Schaefer said. Logistep would be in the clear if they pursued a civil case after the criminal one is complete, he said.
Logistep has issued a statement contending an IP address is not personal information. Company officials could not be reached Friday.
An IP address can indicate the location of a computer but not necessarily who is using it. Several people could share the same computer, which would have one IP address.
But ISPs, as well as wireless routers used in home, can also dynamically assign IP addresses, which adds further ambiguity regarding who is using the computer and who may be responsible for illegally activity conducted on the PC.