In message <200206241631.g5OGVw2q037988@noc.mainstreet.net>, Mark Kent writes:
I recently claimed that, in the USA, there is a law that prohibits an ISP from inspecting packets in a telecommunications network for anything other than traffic statistics or debugging.
Was I correct?
No. Or at least you weren't; the Patriot Act may have changed it. (I assume you're talking about U.S. law.) There was a quirk in the wording of the law -- what you say is correct for *telephone* companies, but not ISPs.
I'ld also like to get opinions on privacy policies for network operators. It has been suggested that we should adopt a policy that says that we'll notify customers if: 1) we inspect traffic, 2) we're aware that an upstream is inspecting traffic 3) we're required to inspect traffic (by anyone).
Point 3) is just about the same as 1), but it does imply a slightly different motivation behind the inspection.
Point 3 is explicitly prohibited by U.S. wiretap law, if it's a legal, court-approved wiretap under either the regular wiretap statute or the Foreign Intelligence Surveillance Act. Btw -- see the slides from Mark Eckenwiler's tutorial on wiretapping at a recent NANOG (October 2000, as I recall, and definitely in D.C.) --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
Steven M. Bellovin wrote:
Mark Kent writes:
I recently claimed that, in the USA, there is a law that prohibits an ISP from inspecting packets in a telecommunications network for anything other than traffic statistics or debugging.
Was I correct?
No. Or at least you weren't; the Patriot Act may have changed it. (I assume you're talking about U.S. law.)
There was a quirk in the wording of the law -- what you say is correct for *telephone* companies, but not ISPs.
You're referring to "common carrier" status, I think. This isn't exclusively restricted to phone companies, but that's the way it is right now. I think it may also apply to non-voice carriers that sell circuits. I'm pretty certain that it does not apply to ISPs. A common carrier is not allowed to monitor/filter traffic on customer circuits. They also can't be held responsible for the traffic on those circuits. -- David
participants (2)
-
David Charlap
-
Steven M. Bellovin