Switzerland tells antipiracy group tactics violate law

Switzerland has warned a company that tracks file sharers for copyright violations that its tactics violate the country's telecommunication law.

Logistep, which supplies information on suspected file sharers to law firms around the world for use in copyright violation cases, has until Feb. 9 to respond to the Federal Data Protection and Information Commissioner (FDPIC), said Marc Schaefer, the agency's legal advisor.

Under Swiss law, the identity of a subscriber to an ISP (Internet service provider) can only be revealed during the course of a criminal case, not a civil one, Schaefer said. The IP (Internet Protocol) address of a computer controlled by the subscriber is considered "personal" information.

In order to try to claim damages from people suspected of trading songs or movies, Logistep has asked Swiss prosecutors to open criminal cases, Schaefer said. As the criminal cases progresses, Logistep receives information from prosecutors that identifies the file sharer.

Logistep then initiates a civil case against the file sharer while the criminal case is ongoing. Prosecutors usually drop the criminal case against the person, Schaefer said.

By starting a criminal case "to obtain the identity behind an IP address ... they just found a way to avoid the telecommunication law," Schaefer said. "Therefore, we told Logistep to stop their work until there is a legal basis which allows such an identification."

The FDPIC's recommended to Logistep to stop the practice, but is prepared to take the matter to court, Schaefer said. Logistep would be in the clear if they pursued a civil case after the criminal one is complete, he said.

Logistep has issued a statement contending an IP address is not personal information. Company officials could not be reached Friday.

An IP address can indicate the location of a computer but not necessarily who is using it. Several people could share the same computer, which would have one IP address. But ISPs, as well as wireless routers used in home, can also dynamically assign IP addresses, which adds further ambiguity regarding who is using the computer and who may be responsible for illegal activity conducted on the PC.

That means the person paying the bill for the Internet service may end up as the target of the civil proceeding rather than the offender, adding another worrying factor into the lawsuits, Schaefer said.

On its Web site, Logistep said it can compile a history of illegal files shared by someone, even if encryption or proxy servers are used to mask the sharing.

The row comes amid growing concerns over how personal data is collected and retained in Europe.

On Monday, a top European data protection official, Peter Schaar, said at a European Parliament hearing that an IP address should be considered personal information since it can be used to identify people.

Schaar is chairman of the Article 29 Data Protection Working Party, which is looking at personal data and privacy issues, such as what kind of data search engines retain. A report is scheduled for release by April.

The IDG News Service is a Network World affiliate.