Interesting People mailing list archives
Re: DPI and my testimony to Congress today
From: David Farber <dave () farber net>
Date: Fri, 18 Jul 2008 21:51:41 -0700
________________________________________ From: Joel M Snyder [Joel.Snyder () Opus1 COM] Sent: Friday, July 18, 2008 9:40 PM To: Gerry Faulhaber Cc: David Farber Subject: Re: [IP] DPI and my testimony to Congress today I wouldn't say that it's settled law that employers can read employee's email, necessarily. I think that ECPA has some holes in it that let the owner of a system read the email stored on that system---it isn't clear that they can, for example, read an employee's email if they are using GMAIL to send/receive it. Generally, what ECPA has done (reminding you: IANAL) is make it very clear that an employer can assert the ability to read email, and if they make it very clear that they assert this capability and right, then they can do it. But in the absence of a clear assertion, the employee does have some expectation of privacy. I don't have my file of case law here for easy access, but there was a famous "Toshiba" case where they listened in on someone's email, but they had not made it clear that they were going to do that, and a judge spanked them for it. Of course, employers who own desktop PCs, networks and email servers are a kind-of special case, since the owner of a computing resource asserts some control over the contents thereunto. This is less true of the network than of the email server (hence the treatment of GMAIL/Yahoo differently from mail stored on the local server) because of the 'value' of the resource. I guess the general point is that there is some law, and case law, that does provide some email privacy. It doesn't have the same level of protection as other communications and renting porn from video libraries, but it's not entirely unprotected. Whether that's sufficient to say that there is privacy is a whole 'nother deal. However, just to bring this around to the DPI discussion: every service provider has a series of security devices (firewalls, but also IPSes, etc.) which all explicitly use DPI to help provide additional security; in addition, these devices can also often use the same categorization features to provide QoS guarantees. That's not going away, and that's explicitly permitted in ECPA (and in other laws---the outside of the envelope is not nearly as well protected as the inside). It is amusing to me, as the operator of a network, to hear this debate, because network operators have no intention of giving up the ability to look at traffic for security and prioritization purposes, and no amount of legal gerrymandering is going to make that change because it's basic to the safe and successful operation of the network. This is the same in the telephone network: the telephone company NEEDS to look 'into' the network to see what is going on, to tune it, and to provide good service to everyone. What might be needed is some level of protection that prohibits ISPs from disclosing that information--in the same way that the telephone company is prohibited from disclosing it, or your doctor is prohibited from disclosing it--but that kind of sane lawmaking just doesn't seem to jibe with the hysterics that this debate engenders. Anyway, gotta run eat some dinner. I hope all is well! jms Gerry Faulhaber wrote:
Wow. Blast from the past. That was an interesting trip, wasn't it? About e-mail privacy: it is settled law that employers can read employees' e-mail (but they cannot listen in on phone conversations). How does this square with ECPA? Gerry ----- Original Message ----- From: "Joel M Snyder" <Joel.Snyder () Opus1 COM> To: <gerry-faulhaber () mchsi com> Cc: <dave () farber net> Sent: Friday, July 18, 2008 6:26 PM Subject: Re: [IP] DPI and my testimony to Congress todayAre there regulations regarding, say, US mail privacy? Yes; see http://en.wikipedia.org/wiki/Secrecy_of_correspondence . However, this has recently been under attack. How about FedEx? Can't find anything on this topic, so I would assume no. E-mail privacy? I think we all know the answer to that: NO.Ummm. Actually, YES. Has been for over 20 years. ECPA (Electronic Communications Privacy Act) protects the privacy of email and other stored electronic correspondence. There's a nice link on the CPSR page that has the text in a readable form: http://cpsr.org/issues/privacy/ecpa86/ I hope all is well with you. I was talking to Bill McHenry and Sy Goodman a month or so ago and we were reminiscing about that trip we all took to the great Soyuz back in the late 1980s. Times, they have a changed! jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 jms () Opus1 COM http://www.opus1.com/jms
-- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 jms () Opus1 COM http://www.opus1.com/jms ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- DPI and my testimony to Congress today David Farber (Jul 17)
- <Possible follow-ups>
- Re: DPI and my testimony to Congress today David Farber (Jul 17)
- Re: DPI and my testimony to Congress today David Farber (Jul 18)
- DPI and my testimony to Congress today David Farber (Jul 18)
- DPI and my testimony to Congress today David Farber (Jul 18)
- Re: DPI and my testimony to Congress today David Farber (Jul 18)
- Re: DPI and my testimony to Congress today David Farber (Jul 18)