packet inspection and privacy

• Previous message (by thread): packet inspection and privacy
• Next message (by thread): packet inspection and privacy
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <200206241631.g5OGVw2q037988 at noc.mainstreet.net>, Mark Kent writes:
>
>I recently claimed that, in the USA, there is a law that prohibits an
>ISP from inspecting packets in a telecommunications network for
>anything other than traffic statistics or debugging.
>
>Was I correct?

No.  Or at least you weren't; the Patriot Act may have changed it.
(I assume you're talking about U.S. law.)

There was a quirk in the wording of the law -- what you say is correct 
for *telephone* companies, but not ISPs.

>
>I'ld also like to get opinions on privacy policies for network
>operators.  It has been suggested that we should adopt a policy that
>says that we'll notify customers if:
>1) we inspect traffic, 
>2) we're aware that an upstream is inspecting traffic 
>3) we're required to inspect traffic (by anyone).
>
>Point 3) is just about the same as 1), but it does imply
>a slightly different motivation behind the inspection.

Point 3 is explicitly prohibited by U.S. wiretap law, if it's a legal, 
court-approved wiretap under either the regular wiretap statute or the 
Foreign Intelligence Surveillance Act.

Btw -- see the slides from Mark Eckenwiler's tutorial on wiretapping at 
a recent NANOG (October 2000, as I recall, and definitely in D.C.)


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)

• Previous message (by thread): packet inspection and privacy
• Next message (by thread): packet inspection and privacy
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]