Computer Forensics

Minneapolis photographer Chris Gregerson recently prevailed in a copyright infringement suit against a real estate photographer who used his photos on a Website and in advertising.  More interesting than the $19,462 award: (1) the plaintiff won at trial even though he was pro se and (2) the photos at issue used digital watermarking, where a copyright notice was placed inside the EXIF metadata. Judge Montgomery found that the defendant willfully removed both the visibible watermark, as well as the EXIF metadata, resulting in an award of statutory damages.  The findings include some other good flavor: the defendant allegedly forged a falsified contract with an allegedly fictitious seller, and the notary for the contract resigned his notary license.

Prior to digital watermarking, photos just had to look the same.  Add Metadata to the mix, and a plaintiff can have near-conclusive proof of infringement.

Decision, coverage, and Gregerson’s site documenting the ordeal.

The NY Times blog Bits discusses whether IP addresses constitute personal information under privacy law.  Google argues that IP addresses cannot, in isolation, identify a person. But the author counters that the IP address, when used in conjunction with other information (e.g., from an ISP), can identify a person. The author likens an IP address to a retail closed-circuit camera that does not, alone, identify shoppers. But when the video is connected with a shopper’s purchase, or with government-provided photos (e.g., drivers license), they can easily identify the person.

The author contends that because IP addresses can personally identify users, it does not fall within the two realms currently considered by privacy law: (1) personally identifiable information and (2) that which is not.  As such, lawmakers should consider whether a third category is appropriate: “partially personal information.”

This is an intriguing concept that would change the privacy area’s current black-and-white thinking: from a binary “yes” or “no” response to a system with a middle ground. Google’s global privacy counsel apparently agrees that a sliding scale within this third category is a good idea, pointing to scholarship in this area.

One thought that readily comes to mind is this: isn’t a huge swath of relevant evidence “partially personal information”?  If an investigator talks to the cashier at my favorite lunch spot, he can identify me. Did he just divulge “partially personal information”? The cash-register receipt has partially personal information (the last four digits of my credit-card number).  In nearly every criminal or civil case, litigators daily put together this “partially personal” evidence to connect the dots for the decision-maker. Would my cash-register receipt be subject to state or federal privacy law?  If I tell the cashier to keep it, should he be required to throw it in a shredder, lest this “partially personal information” get into the wrong hands?

The concept of a sliding scale is good, but it would take careful crafting of definitions for this idea to get traction.

I.P. Address: Partially Personal Information [NY Times]