Privacy and Internet Addresses

December 24, 2012

Cyberspace SpyIn a recent criminal case in the U.S. District Court inPittsburgh, Pennsylvania, Judge Joy Flowers Conti indicated that Internet subscribers do not have a reasonable expectation of privacy as to their Internet protocol (IP) addresses or other information they provide to their Internet service providers (ISPs).  If this position stands, it can have significant privacy implications for Internet users.

Judge Conti’s interpretation was part of an order in the case of Richard Stanley.  In that case, Stanley was identified through his piggyback usage of a neighbor’s unsecured Wi-Fi network.  Without a warrant, law enforcement authorities used software known as “Moocherhunter” to identify Stanley through his unauthorized use of the network.

Stanley argued that a warrant was required prior to tracking his Wi-Fi use.  Judge Conti concluded that unauthorized computer network users have no greater privacy than authorized users, and that authorized users do not have a reasonable expectation of privacy as to operational information they provide to ISPs, including IP addresses.

Judge Conti relied on precedent from the telephone context to reach this conclusion.  The courts previously determined that authorities could record and track telephone numbers dialed by individuals without warrants.  By dialing phone numbers, the courts concluded that the users were voluntarily disclosing the dialing information, thus no longer had a reasonable expectation of privacy for that information.

Judge Conti extended that reasoning to the wireless Internet environment.  By connecting to a wireless network, Judge Conti reasoned that individual users are voluntarily disclosing information regarding their IP addresses and those of the Internet content they access.

It is uncertain whether the majority of wireless Internet users truly recognize the scope of the information regarding their online activities which they are disclosing to the ISPs, and thus by extension under this decision to government authorities, as well.  Interpreted broadly, the ruling in this case makes all operational information transmitted to an ISP to enable wireless Internet access accessible to authorities without a warrant.

Internet users should be sensitive to this significant potential intrusion into their personal privacy.  At present, individuals should assume that a substantial portion of their online activities are accessible to law enforcement and national security authorities without a search warrant or other form of oversight.  There is substantially less privacy associated with online activities than the average Internet user expects.