New Jersey’s Supreme Court has ruled that a valid subpoena is required to demand ISPs to reveal the user of a specific IP address. The police is no exception to this requirement. The ruling is allegedly the very first US ruling that acknowledges users are entitled to a reasonable degree of privacy protection, according to Grayson Barber, a lawyer representing Internet rights groups.

Moreover, the decision was reached unanimously by New Jersey’s Supreme Court, which also underlined that the state grants, through the New Jersey constitution, greater protections than the US Constitution against unreasonable searches and seizures.

The decision stems from a case of an employee who changed access codes on her employer's account with a supplier. The police, with a municipal court subpoena, obtained personal data from her ISP, Comcast. The Supreme Court has found that a lower court's ruling was to be upheld in that it threw out the information obtained inadequately.

Shirley Reid, the employee at issue, had been on disability leave and was, according to the company's owner, the only employee who knew the company's computer password and ID on a supplier website. The subpoena by the Lower Township Municipal Court listed "Timothy C. Wilson, Plaintiff, vs. Shirley Reed [sic], Defendant," as the case at issue although none actually existed at the time.

"The State may seek to reacquire the information with a proper grand jury subpoena because records of the information existed independently of the faulty process used by the police, and the conduct of the police did not affect the information," said the NJ Supreme Court's Chief Justice Stuart Rabner in the unanimous 7-0 ruling.

This means that probably Reid may have to face the consequences of her unauthorized computer access used to retaliate against her employer.