I recently claimed that, in the USA, there is a law that prohibits an
ISP from inspecting packets in a telecommunications network for
anything other than traffic statistics or debugging.
Was I correct?
I'ld also like to get opinions on privacy policies for network
operators. It has been suggested that we should adopt a policy that
says that we'll notify customers if:
1) we inspect traffic,
2) we're aware that an upstream is inspecting traffic
3) we're required to inspect traffic (by anyone).
Point 3) is just about the same as 1), but it does imply
a slightly different motivation behind the inspection.
I'd assume this was a reference to 47 USC 605(a) (which has a reference to
18 USC Chapter 119, or possibly 47 USC Chapter 9.
I'm not a lawyer. Consult an attorney.
:I recently claimed that, in the USA, there is a law that prohibits an
:ISP from inspecting packets in a telecommunications network for
:anything other than traffic statistics or debugging.
A similar sentiment was expressed in a presentation at a conference
recently by a lawyer, in regards to Canadian law. He(?) suggested
that IDS in its current form contravened data interception laws, and
maybe some labour laws, I can't remember off hand.
Also, debugging and meta-data (mail and packet headers) may be
an exception, but only because of of a possible interpretation of this
meta-data as equivalent to a postal address or or phone caller information.
This may ultimately be the correct interpretation, but it will depend on
the influence of the person whose opinion it is. It doesn't matter
whether you or I think that packet instpection is a legitimate form of
network debugging. It matters whether a judge does.
Or maybe in this case, a lawyer.