A notorious Switzerland-based anti-piracy tracking company has to stop harvesting the IP addresses of citizens using P2P networks. The Swiss High Court ruled that IP addresses constitute personal information and when Logistep collected them without the owner’s knowledge, that amounted to a breach of privacy laws. From its eDonkey Razorback beginnings, via France through to yesterday’s conclusion, here is the full story.
The road to curtailing the Swiss activities of Logistep has been a long one and although it ended in Switzerland, the complaints began in France.
Back in 2007, Razorback, the non-profit group which previously administered the well known Razorback eDonkey server, alerted data protection authority Préposé fédéral à la protection des données et à la transparence (PFPDT) about the activities of Logistep.
Logistep works in a particularly controversial area of anti-piracy action. It collects the IP addresses of those it believes are sharing its clients’ media on the Internet and that data is then used to identify them through the courts. Once found, they receive cash demands to make lawsuits go away.
The company’s work came to light in France when hundreds of file-sharers received letters accusing them of sharing the game Call of Juarez. For Elizabeth Martin, the lawyer who did Logistep’s work in France, the experience was not a happy one.
As originally reported by Numerama, The Commission Nationale Informatique et Libertés (French Commission of Freedom and Computings, roughly the equivalent of the Préposé Fédéral in Switzerland) stated that because Martin had failed to declare her activities, her work in this area was illegal.
Furthermore, Martin also became the subject of a disciplinary investigation conducted by her own peers. Condemning her, a lawyer’s disciplinary board declared, “By choosing to reproduce aggressive foreign methods, intended to force payments, the interested party also violated [the code] which specifies that the lawyer cannot unfairly represent a situation or seriousness of threat.”
Martin was ordered by the disciplinary board to suspend her activities as a lawyer for 6 months and she was banned from belonging to lawyers’ professional associations for a period of 10 years. France had not gone well for Logistep and back in Switzerland, things were heating up.
In January 2008 the Swiss data protection authority (Préposé fédéral à la protection des
données et à la transparence) published a recommendation that Logistep stop collecting IP addresses in Switzerland. Among other things it argued that it was unacceptable that Logistep collects data without the knowledge of people involved and that the systematic collection and recording of data in order to track violations of copyright does not conform to the purpose of the P2P applications.
Logistep was dismissive of the request (the Préposé can only make recommendations) and vowed to carry on regardless. It did just that. In response the Préposé – with the assistance of the former Razorback administrator mentioned earlier and his lawyer Sébastien Fanti – filed a lawsuit.
In June 2009 the Federal Administrative Court (TAF) came to a decision, one which saw it overrule the Federal Data Protection commissioner’s decision of 2008.
While the Court acknowledged that the monitoring and data harvesting activities conducted by Logistep raised privacy concerns, it decided that those concerns were trumped by the needs of the anti-piracy company. In a nutshell, since there are few other ways to deal with this type of online piracy, the end justified the means. Logistep could continue.
Refusing to accept this decision, the Préposé decided to appeal the ruling. Yesterday that road came to an end and it was bad news for Logistep.
In a ruling by the Federal Court – which is final and cannot be appealed – the activities of Logistep were declared illegal in Switzerland.
From a panel of 5 judges, the vote was 3 to 2 in favor of the Préposé and against Logistep, with a statement that the breaches of privacy carried out by the company were illegal. Even the judges who believed that Logistep acted legally agreed that IP addresses are private data.
Furthermore, the Court decided to open a criminal case against Logistep.
According to Numerama, who have followed this case closely, the ruling was public which is unusual in these types of case. This type of arrangement is usually there to make clear a court’s intent to set a precedent.
The ruling means that it is now illegal to collect IP addresses in Switzerland with the aim of later filing a lawsuit, and the ruling reinforces the notion that IP addresses are public data. Furthermore, it seems unlikely that Swiss courts will accept IP addresses gathered from outside the country as evidence against suspected file-sharers either.
For Logistep, however, with a flick of a switch or two it will be business almost as usual. They have already announced a relocation of their data harvesting operation to Germany.
For former Razorback admin bile666, the battle goes on. Despite complying with notice and takedown requests, several years ago the Razorback eDonkey server was seized and that lawsuit continues today.
However, in light of this Swiss decision, We are informed that lawyer Sébastien Fanti and bile666 are seriously considering filing lawsuits against the IFPI and other companies that collected Swiss IP addresses so that criminal proceedings can also be initiated against them.