This is an important decision not only from a "piracy" perspective but from a "privacy" and "information security" view as well. Many US laws and regulations revolve around protecting personally identifiable information (PII). If this judge's conclusions stick then we have some freedom from having to protect IP addresses, which show up in just about everything we log and collect.
That could be gigantic to those who deal with HIPAA, PCI, GLBA, etc. Although I guess this has no impact on the European Union regulations and what they consider PII -- those are much tougher to deal with anyway.
I came here expecting someone trying to pull a anti-privacy fast one. Nice try.
Just because an IP address alone is not enough to legally beyond doubt identify a person doesn't mean collecting IP addresses in combination with online behavior doesn't violate people's privacy.
These are two fundamentally different things. The only real way to identify someone is through things like DNA or fingerprints. Everything else is just an indication, it may not be enough to serve as evidence in court, but it's definitely personal.
The birthmark on my ass may not be unique, but it doesn't give you the right to collect pictures of it without my permission.
My intention was not to "pull a fast one." If you read my blog[1], which of late is mostly about privacy, I think you'll find I'm fairly neutral on the subject. Having said that there is all sorts of pseudo-anonymous or anonymous data that when combined with other data points become PII. I find this particular case interesting and am curious to hear what others think about it's implications beyond the piracy case.
An opposing example to this would be the recent ruling in Massachusetts, and why I found this one so interesting. The court there found that zip codes are PII[2].
That could be gigantic to those who deal with HIPAA, PCI, GLBA, etc. Although I guess this has no impact on the European Union regulations and what they consider PII -- those are much tougher to deal with anyway.