Re: Security Event / Customer Reporting

["ethan preston" <prestone () bulldog georgetown edu>]

To quibble:
 
> > Current US law seems to view examining transit traffic like radio
> > interception - a no-no, for the most part.  ...
>
> In that case, the law (as a prominent English judge once remarked)>
> would be an ass. 

Of this, there can be little doubt.

> Using (only) radio analogies in determining >legalities for "domain-
style" networks means that the resulting laws 
> and directives will be fundamentally broken.  Remember, an inherent 
> difference between "broadcast spectrum" and "routable protocol" 
> networks is that the latter can only work by *requiring* 
> intermediary "inspection" of (part of) the information flow across 
> what may be loosely conceived of as "ownership boundaries" (and, 
> worse, "media translation" (and some other services required to make 
> our modern networks work) requires "manipulating" more of the data 
> stream than simply the headers or delivery envelopes).


The original author is probably referring to the Electronic 
Communications Privacy Act (the federal wiretap laws), 18 USC 2510  et 
seq., an article of legislation of truly horrifying lack of clarity, 
complexity and vagueness. 

ECPA provides criminal and civil penalties for the illicit interception 
of wire or radio communications (they receive essentially the same 
treatment under ECPA.) 18 USC 2511 (1) (a), 
http://www4.law.cornell.edu/uscode/18/2511.html. The tricky part, so 
far as the ability of peer ISPs to monitor traffic is concerned is the 
(2) (a) exception of the same act:

"It shall not be unlawful under this chapter for an operator of a 
switchboard, or an officer, employee, or agent of a provider of wire or 
electronic communication service, whose facilities are used in the 
transmission of a wire or electronic communication, to intercept, 
disclose, or use that communication in the normal course of his 
employment 
<<while engaged in any activity which is a necessary incident to the 
rendition of his service or to the protection of the rights or property 
of the provider of that service,>>
except that a provider of wire communication service to the public 
shall not utilize service observing or random monitoring except for 
mechanical or service quality control checks."

I don't think the caselaw we have gives anybody a good idea WHAT 
exactly are the "rights or property of the [Internet service] provider" 
is, let alone what kind of monitoring is necessary to protect the same. 



----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com