RE: [ISN] E-Mail Snooping Ruled Permissible

From: Denning, Dorothy USA (dedennin@private)
Date: Tue Jul 06 2004 - 16:48:20 PDT


The ruling doesn't give the government blanket access because they are still constrained by the statutes that protect stored wire and electronic communications.

To compel disclosure of unretrieved communications that have been in storage 180 days or less, the government needs a search warrant [Title 18, Sec. 2703(a)].  However, a non-public provider (e.g., private company) can voluntarily disclose such e-mail {Sec 2702(a)(1)]; a public provider generally cannot, but there are exceptions [(Sec 2702(b)].

Dorothy Denning

-----Original Message-----
From: isn-bounces@private [mailto:isn-bounces@private]On
Behalf Of Cory D
Sent: Friday, July 02, 2004 9:33 AM
To: isn@private
Subject: RE: [ISN] E-Mail Snooping Ruled Permissible 


-- You seem to be mis-inform on common wiretap laws.
-- As for your sigh of relief, it bothers me.  When reading the case, the
individual(s) rights were violated.

---	The Wiretap Act "Provider Exception" 18 U.S.C ? 2511(2)(a)(i)
(i) It shall not be unlawful under this chapter for an operator of a
switchboard, or on officer, employee, or agent of a provider of wire or
electronic communication service, whose facilities are used in the
transmission of a wire or electronic communication, to intercept, disclose,
or use that communication in the normal course of his employment while
engaged in any activity which is a necessary incident to the rendition of
his service or to the protection of the rights or property of the provider
of that service, except that a provider of wire communication service to the
public shall not utilize service observing or random monitoring except for
mechanical or service quality control checks...

Sense he used the information for profit and gain; it seems to me that it
did violate the wiretap law.  As you can also see this informs you can use
IDS equipment to protect yourself from unwanted trespassers.

If you try to and say that the "Pen Register" and "Trap and Trace" statues
allow you to do this you are wrong again.  It only allows you to capture
ports, header information, etc.. but, not the content of what is being
delivered.  Face it the judges had no idea what they where talking about
when passing judgment.  There reasoning is that they were capturing
(copying) data stored in RAM and because of this it does not convey a
violation of the wiretap laws.  Well if that's the case then the government
does not need a warrant then to "capture" any ones email and programs like
"Carnivore" come to mind.   That to me sounds way to close to "1984" and the
fact that "Big Brother" is on the doorstep with the baton in hand.

-- Cory Durand

-----Original Message-----
From: isn-bounces@private [mailto:isn-bounces@private]On Behalf
Of InfoSec News
Sent: Friday, July 02, 2004 7:35 AM
To: isn@private
Subject: Re: [ISN] E-Mail Snooping Ruled Permissible

Forwarded from: Mark Hoffer <hoffer53@private>

Hello:

Coming from the ISP side of things, this is a great sigh of relief.
Before this ruling, some could have interpreted the law in a way that
the ISP could not scan for viruses or block spam.  I agree that email
should not be snooped on, but every user should know that the privacy
of an email is like that of a postcard.

Now about this wiretap law - is it unlawful for me to use a packet
sniffer to troubleshoot a customer's connection and to watch for
malicious traffic on my network?

-Mark Hoffer

----- Original Message -----
From: "InfoSec News" <isn@private>
To: <isn@private>
Sent: Thursday, July 01, 2004 7:33 AM
Subject: [ISN] E-Mail Snooping Ruled Permissible


> Forwarded from: Marjorie Simmons <lawyer@private>
>
> http://www.wired.com/news/politics/0,1283,64043,00.html
>
> By Kim Zetter
> June 30, 2004
>
> E-mail privacy suffered a serious setback on Tuesday when a court of
> appeals ruled that an e-mail provider did not break the law in
> reading his customers' communications without their consent.
>
> The First Court of Appeals in Massachusetts ruled that Bradford C.
> Councilman did not violate criminal wiretap laws when he
> surreptitiously copied and read the mail of his customers in order
> to monitor their transactions.
>
> Councilman, owner of a website selling rare and out-of-print books,
> offered book dealer customers e-mail accounts through his site. But
> unknown to those customers, Councilman installed code that
> intercepted and copied any e-mail that came to them from his
> competitor, Amazon.com. Although Councilman did not prevent the mail
> from reaching recipients, he read thousands of copied messages in
> order to know what books customers were seeking and gain a
> commercial advantage over Amazon.



_________________________________________
Help InfoSec News with a donation: http://www.c4i.org/donation.html

_________________________________________
Help InfoSec News with a donation: http://www.c4i.org/donation.html
_________________________________________
Help InfoSec News with a donation: http://www.c4i.org/donation.html



This archive was generated by hypermail 2.1.3 : Wed Jul 07 2004 - 04:16:45 PDT