IP Address, Privacy, Forensics and Self Defense

Internet Protocol Address Tracking, Subpoena and Investigation

Terms of Access for Hackers in Security Incident

A top privacy official in the EU avers that an IP (Internet Protocol) address should be considered personally identifiable information (like a telephone number or postal address) that is normally subject to protection under privacy laws. Such protection might shield the address from recording or processing in many instances under European and other privacy laws.

If that official is right, then IT security professionals have reason to pause before collecting or processing an IP address in the course of their work. However, I argue a security professional could have good, legal justification for collecting or processing the IP address of a criminal or abusive party. The law widely recognizes notions like self defense, citizen’s arrest and defense of property. These ideas generally provide a defense to a citizen who violates a law in a limited, measured way for the purpose of achieving a higher social goal.

Further, a network administrator might post terms of service stating that if a hacker enters the administrator's domain, then the hacker consents to the administator processing and recording the hacker's IP address and to the use of that information in an investigation. Such terms of access are similar to an end user license agreement (EULA) that advances the interests of a software owner. The general principle is this: good communication can help responsible professionals avoid the appearance that their assertive actions are illegal.

Suppose you have an electronic record of an IP address (or other information) you'd like to preserve as legal/forensic evidence or as a response to a subpoena. You could consider preserving a copy of it using the authentication steps described in another article.

I've published another article on IP address and privacy agreements.

[Reminder: Nothing I say on the web is legal advice for any particular situation. If you need legal advice, you should consult a lawyer.]


  1. Already allowed for. You can keep IPs for security monitoring of attacks on your own systems, for a length of time proportionate to the threat

    What the EU is saying is you can't keep them indefinitely and speculatively just 'cos some copyright organisation would like you to...


  2. That is an enlightening comment. Thank you.


  3. IP numbers are public information and not owned by the user so this cannot be private information. Much like all the stink about whois information. Whois information should be public. The Internet is a commercial network and much like when you open a business and get a business license the owner's name address etc. becomes public information. Web site are public access so if you are going to run a site your information should be publicly accessible.

    If you come poking around the door of my network I should have the right to trace you back to your world.

    A law like this would only server those that are attacking the system. Self defense is a right. Monitoring traffic and where is come from is a matter of self defense.

  4. IP numbers are public information and not owned by the user so this cannot be private information.