Switzerland, a longtime haven for all kinds of financial shenanigans, has just expanded its reputation for "discretion" to cover file-sharing as well. That's the conclusion of Logistep AG, anyway, as a Swiss court has just gutted its P2P surveillance business with a ruling that says gathering even publicly available information is illegal.

Logistep has operated in Switzerland since 2004, doing what all of these firms do: trolling BitTorrent sites for movies, music, or software, then connecting to swarms and logging the information of everyone offering the file. Bits of the file are downloaded as proof that these aren't simply "mistitled" files, and information like IP address, file hash value, and time of day are recorded in a giant spreadsheet. Content providers who rely on Logistep can take this information and submit it to local courts, seeking to identify and then sue individual file-swappers.

But Europe has fairly strict data privacy laws and a cultural expectation that data collection will be disclosed, with the data used sparingly. This often alarms Internet advertising companies like Google, which objected in 2008 to an EU proposal to label IP addresses "personal data."

The current EU approach can hardly be described as "hardline"—member states are actually required to implement a Data Retention Directive under which ISPs must hang on to user information so that police can investigate crimes. And IP addresses are not always "personal information." Companies like Logistep (including Guardaley and DtecNet) operate across the EU and perform almost identical functions; Guardaley, in fact, powers the US Copyright Group mass lawsuits currently underway in the US.

But Switzerland, which is not an EU member, has decided that it can't sanction Logistep's behavior. The country's Federal Data Protection and Information Commissioner, Hanspeter Thür, took Logistep to court and this week won a major victory. The Federal Supreme Court ruled that IP addresses are in fact personal information and that companies like Logistep can't go about slurping them up for mere civil cases like file-swapping lawsuits. Logistep must cease all current copyright infringement data collection.

In a press release issued yesterday, Thür praised the court's decision. He sees Logistep as trying to "assume tasks clearly in the State's domain." Only the state can violate personal privacy, and only when pursuing criminal cases.

Thür made clear his view that "today's decision provides no protection for anyone breaking the law. Clearly it should be possible to punish copyright infringements on the Internet." But how will this be done?

Logistep's dueling statement (in German) rounded up a quote from Nikolai Klute, a Hamburg lawyer, who said the decision flew in the face of most other European precedent: "Soon, Switzerland is likely to have the reputation of a safe haven not only for tax evaders, but also for copyright infringers."

The company also hinted that it might move across the Swiss border to a country where its work remains legal.

The ruling would appear to make it difficult to sue just about anyone for anything on the Internet; unearthing someone's identity for a defamation suit or copyright infringement generally requires an IP address. It would also prevent any sort of mass lawsuit campaign against P2P users from taking place in the country's courts.