packet inspection and privacy
blitz
blitz at macronet.net
Mon Jun 24 18:29:35 UTC 2002
At 09:31 6/24/02 -0700, you wrote:
>I recently claimed that, in the USA, there is a law that prohibits an
>ISP from inspecting packets in a telecommunications network for
>anything other than traffic statistics or debugging.
>
>Was I correct?
I would imagine privacy laws prohibit disclosure of this type of
information in some places like Europe, but privacy protection is nil in
the US. How else could all this spy-ware be legal to jam down people's throats?
>I'ld also like to get opinions on privacy policies for network
>operators.
We operate much like the FCC rules on radio eavesdropping. If we hear/see
something, we do not tell anyone else about it, nor ever use it for
financial gain. (One of my major gripes about spyware)
>It has been suggested that we should adopt a policy that
>says that we'll notify customers if:
>1) we inspect traffic,
If youre a good network operator, you will always have occasions to do this
for performance and security issues that only you can determine the
validity of. No need to scare the customer. The customer deserves their
privacy to the extent you can facilitate it. By taking their money, they
should expect their email and web viewing habits will remain private. You
might include a line in your TOS that you might inspect traffic for
operational purposes, but anything seen will remain confidential and never
used for financial gain. (I'm not a lawyer, so I highly suggest you consult
one on this aspect).
>2) we're aware that an upstream is inspecting traffic
Thats a touchy subject, while we expect our feeds will always be doing
similar maintenance/security testing, blowing them in and causing customer
angst might get you sued or disconnected.
>3) we're required to inspect traffic (by anyone).
Since the police-state/anti-privacy measures rammed down our throats post
9.11 they might haul you off to the gulag for doing this. Or worse, declare
you an "enemy of the state", strip your citizenship and lock you away forever.
>Point 3) is just about the same as 1), but it does imply
>a slightly different motivation behind the inspection.
I know informing a suspect of a phone tap, in the telecom business will get
you hard time. SO again, check with your law people...a lot's changed since
9.11 and the police state is doing things that havent been ruled legal or
illegal by the USSC. So beware and get competent legal council before
implementing anything.
These are offered only as opinions...
More information about the NANOG
mailing list