North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: packet inspection and privacy
In message <[email protected]>, Mark Kent writes: > >I recently claimed that, in the USA, there is a law that prohibits an >ISP from inspecting packets in a telecommunications network for >anything other than traffic statistics or debugging. > >Was I correct? No. Or at least you weren't; the Patriot Act may have changed it. (I assume you're talking about U.S. law.) There was a quirk in the wording of the law -- what you say is correct for *telephone* companies, but not ISPs. > >I'ld also like to get opinions on privacy policies for network >operators. It has been suggested that we should adopt a policy that >says that we'll notify customers if: >1) we inspect traffic, >2) we're aware that an upstream is inspecting traffic >3) we're required to inspect traffic (by anyone). > >Point 3) is just about the same as 1), but it does imply >a slightly different motivation behind the inspection. Point 3 is explicitly prohibited by U.S. wiretap law, if it's a legal, court-approved wiretap under either the regular wiretap statute or the Foreign Intelligence Surveillance Act. Btw -- see the slides from Mark Eckenwiler's tutorial on wiretapping at a recent NANOG (October 2000, as I recall, and definitely in D.C.) --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
|