ISPs and full packet inspection

Jimmy Hess mysidia at
Fri May 25 01:37:52 UTC 2012

On 5/24/12, not common <notcommonmistakes at> wrote:
> I am looking for some guidance on full packet inspection at the ISP level.
Aside from any legal issue;  there is a  "respectable practices"
issue. Even if there is no regulation that prohibits something does
not mean it is OK.  Your customers' deserve to be made aware of any
full packet capture practices that may impact traffic to/from network
they own/manage,  before packet capture occurs,  especially when there
is data retention, or human examination/analysis based on contents of
large numbers of packets;  otherwise there is a risk you will be in
trouble, for some definition of "in trouble" that depends on the

Because your packet interception can put your user at risk;
proprietary information can be disclosed.    And most ISP customers
intend to purchase network connectivity service,  not   "record all my
traffic without telling me"  service ..

Are you prepared to explicitly explain to your customers,  both
existing, and new ones,
before they are allowed to buy or continue service from you --   under
what circumstances
you intercept full packets, whose packets do you capture,  what
packets do you capture, how many packets / how long will you capture
their packets,   what do you do with their contents after you capture
them,  how long do you keep  data,  what security controls do you have
in place  to prevent unauthorized   access to their packets  and
ensure timely destruction of sensitive data?

If the answer is NO,   that you   have poor planning,  or your privacy
practices are not solid enough to reveal to your customers  with
confidence,  then  save the money on consulting lawyers,  by choosing
NOT   to   implement   interception and capture of  full packets.

> Is there any regulations that prohibit or provide guidance on this?

More information about the NANOG mailing list