At 11:22 AM -0500 6/11/00, Joe Abley wrote:
I'm trying to look at the operational impact of legislation in
this area. Ignoring the philosophical debate about what is and
what isn't appropriate about surveillance in general, or about
police powers to gather evidence from ISPs:
[After not a lot of people responded, Joe attempted to shame us into
replying. For the record, I'm too busy (excuse #2)]
+ suppose the police have sufficient cause to be suspicious
about the antics of one of your customers that they obtain
a court order which entitles them to "tap their internet
traffic". Suppose you decided (or were compelled) to
facilitate the "tap".
o what is reasonable for them to tap? Incoming (to-customer)
e-mail? Outgoing (from-customer) e-mail? A complete packet
Email, probably. A complete packet dump could present problems. I
would be unwilling to do anything that would cost us money--without
appropriate recompense---or that would impact network
performance---in any event.
I am unwilling to slow my STM-1024 down to V.24 speeds so I can wiretap.
o would you be happy letting someone from the
her own equipment to your network in order to gather the
evidence the court order entitled them to collect? Would
you prefer to do it yourself?
In general, no. I doubt their laptop has a suitable STM-1024
interface. Where possible, yes, under our supervision.
o would your company expect to be reimbursed for the time
spent facilitating the "tap"?
Of course. Actually, I'd expect that my company could and therefor
should just write the cost off to civic welfare, but I think that a
struggling ISP might not appreciate having to stump up overtime for
several people to make the tap work.
o how easy would it be for you to insert something in your
network to capture all packets to/from one of your customers?
(scale of 1 [trivial] to 10 [impossible])
1-10. It depends on which customer and where in the network.
+ suppose all interception of network traffic was
across the board without a court order; i.e. you were compelled
to shift your customers' traffic blindfolded, and were absolutely
not allowed to look at it. Would this be feasible? How much
troubleshooting would be impossible under these kinds of
Depends on how it's worded. In the extreme case, if I can't look at
my customers' packets, I (my routers) can't read the address headers
and the packets never make it past the first RJ-45! I would consider
the wording in the current radio regs for amateurs has the right
flavour. In the event that you intercept communications not intended
for you, you are required to act as if you had not in fact
intercepted the communications. In particular you must not
communicate them to a third party.
What's the statement? "Hard cases make bad law"? I shudder to think
how to draught legislation that accurately and unambiguously sets out
the rights and obligations of all parties and also keep up with
Let's just promote PGP a lot :-)
Michael Newbery Technical Specialist Telstra Saturn
Tel: +64-4-939 5102 Mobile:02-939 5102 Fax:+64-4-939 5100
To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz
where the body of your message reads: