Internet Protocol Address Tracking, Subpoena and Investigation
Terms of Access for Hackers in Security IncidentA top privacy official in the EU avers that an IP (Internet Protocol) address should be considered personally identifiable information (like a telephone number or postal address) that is normally subject to protection under privacy laws. Such protection might shield the address from recording or processing in many instances under European and other privacy laws.
If that official is right, then IT security professionals have reason to pause before collecting or processing an IP address in the course of their work. However, I argue a security professional could have good, legal justification for collecting or processing the IP address of a criminal or abusive party. The law widely recognizes notions like self defense, citizen’s arrest and defense of property. These ideas generally provide a defense to a citizen who violates a law in a limited, measured way for the purpose of achieving a higher social goal.
Further, a network administrator might post terms of service stating that if a hacker enters the administrator's domain, then the hacker consents to the administator processing and recording the hacker's IP address and to the use of that information in an investigation. Such terms of access are similar to an end user license agreement (EULA) that advances the interests of a software owner. The general principle is this: good communication can help responsible professionals avoid the appearance that their assertive actions are illegal.
Suppose you have an electronic record of an IP address (or other information) you'd like to preserve as legal/forensic evidence or as a response to a subpoena. You could consider preserving a copy of it using the authentication steps described in another article.
I've published another article on IP address and privacy agreements.
[Reminder: Nothing I say on the web is legal advice for any particular situation. If you need legal advice, you should consult a lawyer.]