Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: packet inspection and privacy

  • From: blitz
  • Date: Mon Jun 24 14:31:58 2002

At 09:31 6/24/02 -0700, you wrote:

I recently claimed that, in the USA, there is a law that prohibits an
ISP from inspecting packets in a telecommunications network for
anything other than traffic statistics or debugging.

Was I correct?
I would imagine privacy laws prohibit disclosure of this type of information in some places like Europe, but privacy protection is nil in the US. How else could all this spy-ware be legal to jam down people's throats?



I'ld also like to get opinions on privacy policies for network
operators.
We operate much like the FCC rules on radio eavesdropping. If we hear/see something, we do not tell anyone else about it, nor ever use it for financial gain. (One of my major gripes about spyware)

It has been suggested that we should adopt a policy that
says that we'll notify customers if:
1) we inspect traffic,
If youre a good network operator, you will always have occasions to do this for performance and security issues that only you can determine the validity of. No need to scare the customer. The customer deserves their privacy to the extent you can facilitate it. By taking their money, they should expect their email and web viewing habits will remain private. You might include a line in your TOS that you might inspect traffic for operational purposes, but anything seen will remain confidential and never used for financial gain. (I'm not a lawyer, so I highly suggest you consult one on this aspect).

2) we're aware that an upstream is inspecting traffic
Thats a touchy subject, while we expect our feeds will always be doing similar maintenance/security testing, blowing them in and causing customer angst might get you sued or disconnected.

3) we're required to inspect traffic (by anyone).
Since the police-state/anti-privacy measures rammed down our throats post 9.11 they might haul you off to the gulag for doing this. Or worse, declare you an "enemy of the state", strip your citizenship and lock you away forever.


Point 3) is just about the same as 1), but it does imply
a slightly different motivation behind the inspection.
I know informing a suspect of a phone tap, in the telecom business will get you hard time. SO again, check with your law people...a lot's changed since 9.11 and the police state is doing things that havent been ruled legal or illegal by the USSC. So beware and get competent legal council before implementing anything.

These are offered only as opinions...







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.