RE: Legal question

["Crumrine, Gary L" <CrumrineGL () state gov>]

It is this blending of voice and data that is going to require a whole new
look at how the law is interpreted, and how we build, test and certify
networks.  I see many challenges to case record in light of this, as we have
created loopholes that did not exist before.  

The case cited in your reply applies to child pornography, but my concern is
in the area of voice/data on the network.   What if we stumble onto
something questionable while testing a circuit?  Are we obligated to report
it?  Can it be used as evidence in a court of law?  Have we committed a
crime by executing an illegal wire tap?  

I think the current wiretap laws deal with the voice only environment, and
have not taken into consideration the new possibilities that voice/data
brings to the table.  And I do not think current rules would apply.  

I think we would be OK because or work would be in the realm of circuit
testing, but you never know...  

> -----Original Message-----
> From: Larry Fitzpatrick [SMTP:lef () acm org]
> Sent: Tuesday, January 18, 2000 9:59 PM
> To:   Crumrine, Gary L; firewall-wizards () nfr net
> Subject:      Re: Legal question
>
> A bit more information. I hope Mr. Chabinsky (many thanks, and sorry for
> mis-spelling his name last time) doesn't mind my relaying
> more of his commentary.  He says:
>
> > Best always though to look straight to the source to capture all the
> details, so here are the federal law citations (available
> on-line, for free).  For montoring content, see 18 U.S.C. 2511 () , and
> with respect to reporting child pornography you might look
> at  ISP Child Abuse Reporting ().  The trap and trace question is not
> easily answered on the face of the statute, and would be
> subject to judicial interpretation, because the statute when written did
> not anticipate network traffic, see 18 U.S.C. 3127() .
>
> 18 U.S.C. 2511
> (http://law2.house.gov/uscode-cgi/fastweb.exe?getdoc+uscview+t17t20+1057+0
> ++()%20%20AND%20((18)%20ADJ%20USC):CITE%20AND%20(USC%20w/1
> 0%20(2511)):CITE)
>
> ISP Child Abuse Reporting (http://www.usdoj.gov/criminal/ceos/report.htm)
>
> 18 U.S.C.
> 3127(http://law2.house.gov/uscode-cgi/fastweb.exe?getdoc+uscview+t17t20+11
> 64+0++()%20%20AND%20((18)%20ADJ%20USC):CITE%20AND%20(USC%2
> 0w/10%20(3127)):CITE)
>
> -----Original Message-----
> From: Larry Fitzpatrick <lef () acm org>
> To: Crumrine, Gary L <CrumrineGL () state gov>; firewall-wizards () nfr net
> <firewall-wizards () nfr net>
> Date: Monday, January 17, 2000 7:39 PM
> Subject: Re: Legal question
>
>
> > I asked this question this week of Steven Chabinski (the chief legal
> advisor for the NIPC and assistant legal counsel for the FBI)
> > at a DC-ISOC meeting on privacy. I don't have perfect recall, so any
> errors are totally mine.  Here's what I heard him say:
> > There are three conditions that allow a person to peer into the content
> of network traffic. 1) the people who generate the traffic
> > have been notified that the traffic is being monitored, 2) a law
> enforcement organization has a court order to do a wire tap, 3) a
> > sysadmin is doing so to "protect his system".  It doesn't matter whether
> the traffic is intra-corporate or internet traffic. There
> > is clearly gray-ness in point 3.  Additionally, if the inspector sees
> that the content contains child pornography and the inspector
> > is an ISP, there is an obligation to report this to the FBI.
> >
> > From: Crumrine, Gary L <CrumrineGL () state gov>
> >
> > > After wearing out my fingers during a heated conversation with another
> > > colleague over legalities of certain actions, a question came up in my
> mind
> > > concerning sniffers and their usage.
> > >
> > > If a sniffer was placed on the outside of a given network, and was
> > > configured to sniff packets coming from that network only, does this
> > > constitute an illegal wire tap?  And do the same rules apply to data as
> they
> > > do voice?  In some cases it transits the same copper wire... ouch I am
> > > getting a headache..