On Fri, 10 Apr 2009 10:20:35 +0000 (GMT) "Leland E. Vandervort" <leland@taranta.discpro.org> wrote:
On Fri, 10 Apr 2009, Roland Dobbins wrote:
IANAL, but I suggest you check again with your legal department - I doubt this is actually the case (your jurisdiction may vary, but in most Western nations, you can grab packets for diagnostic/ troubleshooting/forensics purposes).
Already did check... we can't grab packets except in response to judicial order or specific abuse case with a valid ID of the end-user, or of course for general technical diagnostics -- if for diagnostics, we cannot use such collected data in the context of only a suspicion of abuse at all as it would constitute an infringement on the individual's privacy. So in short, we can do it REACTIVELY in response to a complaint.. but if we do it PROACTIVELY, then it cannot be used and is of "educational" value only (with caveats surrounding confidentiality, non-disclosure, and destruction,, etc.)
You can if it the volume is interfering with your own service, I believe (though IANAL, either) -- see this text from http://www4.law.cornell.edu/uscode/18/2511.html It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks. Note carefully that the second part applies to a "provider of wire communication service", which is a phone company, not an ISP -- ISPs are providers of "electronic communication service". (Just to make life fun -- if you're a VoIP *provider*, you probably fall under both sections, but if you're just carrying VoIP traffic I don't think you are). --Steve Bellovin, http://www.cs.columbia.edu/~smb