Re: [v6ops] Google Alert - IPv6

[JORDI PALET MARTINEZ <jordi.palet@consulintel.es>]

I’m not a lawyer, but I can tell this are the facts in EU, in general. I’m sure you can google for that.

If the phone has been hacked or the car stolen, your lawyer will need to prove that it was the case. If you know who hacked your phone you lawyer need to prove that, police may believe you and do the investigation by themselves but it they don’t find a way to prove that … it is your problem, unless you have an irrefutable alibi.

I’ve a case recently (and this happened many times in Spain). A company car drove by one employee was exceeding speed limit in 10 Km/h (100 euros fine). The fine comes to the company. Company has 10 days to identify the driver, and did that. The driver denies it. If you don’t have a way to prove that he is lying, you now pay the fine, plus 600 additional euros because the law assumes that you tried to cheat them. So, unless the driver voluntarily recognizes it, or you have a record signed by the person taking the car, you’re lost (because you made the mistake to provide the car to an employee, friend, thief, without actually having a record for that).

There are plenty of cases that a car is stolen to do something wrong, and unless you prove that you were at that time in another place, your lawyer need to defend you. Just consider if you were sleeping alone and the car was stolen during the night, and the bad thing happened during the night, but you only claim to the police for the stolen car in the next morning … How you prove that actually was not you?

Note that I fully agree. IP is not personal data (and I tried to argue about that many times), but law says so in EU (not sure in other countries/regions).

Regards,
Jordi
 

-----Mensaje original-----
De: Mark Andrews <marka@isc.org>
Responder a: <marka@isc.org>
Fecha: miércoles, 1 de noviembre de 2017, 8:32
Para: <jordi.palet@consulintel.es>
CC: v6ops list <v6ops@ietf.org>
Asunto: Re: [v6ops] Google Alert - IPv6

    
    In message <C01E3F52-46F8-4BDC-91C8-052310673E6E@consulintel.es>, JORDI PALET M
    ARTINEZ writes:
    > Totally agree, however there is a subtle situation here, when we
    > associate this to the origin of the thread  CGN
    >
    > If an unlawful action has been done with that phone, the phone owner will
    > be responsible in front of the law to identify the person who has go the
    > phone. Otherwise, the courts will judge you as the author of the unlawful
    > action.
    
    Please cite the relevent law.  Phone are hacked all the time.  Phones
    are shared all the time.  There is only ever a strong correlation
    never absolute proof.  For proof you need other data.
    
    > Same as if you are the owner of a car that has an accident and dont stop,
    > unless you identify in and undoubtable way a third person driving the
    > car, it will be your problem.
    
    Cars get stolen all the time and sometimes the first you know about
    is a knock on the door.  The owner of the vehicle is just the first
    step in the investigation.  Things like a speeding fine may get
    lumbered on you but failure to stop requires more that you are the
    owner of the vechicle to be proven.
    
    > So, and this is what I was trying to point to the EU article 29 working
    > party many years ago, even if you identify an IP address, it is almost
    > impossible to say this is personal data, you need to correlate that with
    > many many many other data, and even do, unless you have a live record of
    > he/she being in front of the keyboard at that specific time.
    >
    > However, the implications of CGN for the police is that, without a CGN,
    > the owner for the phone that done that unlawful act (in EU you need to
    > provide a legal ID to have a phone line) using that IP address, the
    > identification is direct, no further investigation is needed and is the
    > owner the responsible to identify a third party if that's the case. With
    > CGN, if the IP address is shared and there are no source ports records,
    > the investigation brings the police to a number of people, may be only
    > 16, may be hundreds, which is a big issue.
    
    Only if you are looking at single events.  Multiple events will
    probably whittle the set down to a subscriber.  That doesn't
    necessarially identify a individual.
    
    > Regards,
    > Jordi
    
    
    -- 
    Mark Andrews, ISC
    1 Seymour St., Dundas Valley, NSW 2117, Australia
    PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.