certainly, and until they do legislate one way or the other on the matter
its pretty much in the ISPs hands;
They did legislate; a number of times in fact. It was called the Electronic
Communications Privacy Act. First created in 1968, then modified a number
of times, most recently in 1996 to specifically to make it broad enough to
protect email. You can see it in 18 USC 25xx (in-transit communications)
and 18 USC 27xx (stored communications). One doesn't lose privacy
protections merely because they are or might be doing something you don't
approve of.
But since we have already covered this territory, I'll refer you to the
archives.
--Dean
Okay, one last time.. (for those of you playing at home).
There's an ISP, let's call it GenerNET. GenerNET has an abuse department, and one day it notices that instead of the usual dozen or so spam complaints, it has received over 200. GenerNET looks that the messages that users from all over the Internet has forwarded to it and sees that it has one common denominator--the majority of the complaints seems to be originating from SpamCreep (192.168.192.0/23).
SpamCreep is a customer of WebHoster (192.168.0.0/16), colocated off Ethernet in their Buffolo, NY POP. A call to WebHoster is placed to let them know the situation and WebHoster is well aware of the situation--in fact, they are in the process of terming SpamCreep for violating their AUP.
After Engineer 1 and Engineer 2 at GenerNET talk it over, and after discussing what to do with WebHoster at length, all parties verbally agree that the best course of action would be that GenerNET would not allow 192.168.192.0/23 to make outgoing connections on tcp 25 (which, incidentally, they have gotten around somehow and the only thing stopping me from routing the whole /23 to null0 is the arbitration process that I spoke of earlier which doesnt give me the authority to act on my own).
At the end of a short period of time GenerNET's engineering department saw that there were a hell of a lot of matches to the access-list on their border router in Buffolo, NY on that Ethernet. So they felt that as a curteosy to our fellow operators they would let them know that SpamCreep (*NOT* WebHoster) had given them a large amount of grief, and furthermore that they don't support the kind of grief they were getting from pissed off Internet users, and that they were handling the situation and *HOW* they were handling it.
Then came along the "Digital Bill of Rights" wackos that appearantly don't have the misfortune of being a network operator and don't understand about the reprocussions their pipe-dream musings about what should and shouldnt be would have on the already delicate art of running a network on the Internet. Clearly you dont know what you are talking about in this regard. I can't run a network contemplating my navel, and if I did, I would expect to be fired. I run a network based on policy, our policy is to not provide transit for spammers. BOOM! And there you have it, end of discussion..
Check this out:
:0
* nanog.*@merit\.edu
* dean@.*av8\.com
/dev/null
In regards to electronic communication and undesirable activity (or in
violation of a signed AUP), the privacy protection defense is an extremely
weak one, and has been rejected by judges. Basically if what youre doing
is in violation of an AUP that you signed, judges have ruled that
the privacy protection claim is no defense. You voluntarily waived those
rights by signing them away.
Also, the privacy protection defense is almost always rejected if it
involves outright criminal activity eg smurfs, theft, etc.
So there is at least some case law here. The stuff I saw was from the
early 80s though, dont know about more recent cases.
-Dan