The ruling doesn't give the government blanket access because they are still constrained by the statutes that protect stored wire and electronic communications. To compel disclosure of unretrieved communications that have been in storage 180 days or less, the government needs a search warrant [Title 18, Sec. 2703(a)]. However, a non-public provider (e.g., private company) can voluntarily disclose such e-mail {Sec 2702(a)(1)]; a public provider generally cannot, but there are exceptions [(Sec 2702(b)]. Dorothy Denning -----Original Message----- From: isn-bounces@private [mailto:isn-bounces@private]On Behalf Of Cory D Sent: Friday, July 02, 2004 9:33 AM To: isn@private Subject: RE: [ISN] E-Mail Snooping Ruled Permissible -- You seem to be mis-inform on common wiretap laws. -- As for your sigh of relief, it bothers me. When reading the case, the individual(s) rights were violated. --- The Wiretap Act "Provider Exception" 18 U.S.C ? 2511(2)(a)(i) (i) It shall not be unlawful under this chapter for an operator of a switchboard, or on officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks... Sense he used the information for profit and gain; it seems to me that it did violate the wiretap law. As you can also see this informs you can use IDS equipment to protect yourself from unwanted trespassers. If you try to and say that the "Pen Register" and "Trap and Trace" statues allow you to do this you are wrong again. It only allows you to capture ports, header information, etc.. but, not the content of what is being delivered. Face it the judges had no idea what they where talking about when passing judgment. There reasoning is that they were capturing (copying) data stored in RAM and because of this it does not convey a violation of the wiretap laws. Well if that's the case then the government does not need a warrant then to "capture" any ones email and programs like "Carnivore" come to mind. That to me sounds way to close to "1984" and the fact that "Big Brother" is on the doorstep with the baton in hand. -- Cory Durand -----Original Message----- From: isn-bounces@private [mailto:isn-bounces@private]On Behalf Of InfoSec News Sent: Friday, July 02, 2004 7:35 AM To: isn@private Subject: Re: [ISN] E-Mail Snooping Ruled Permissible Forwarded from: Mark Hoffer <hoffer53@private> Hello: Coming from the ISP side of things, this is a great sigh of relief. Before this ruling, some could have interpreted the law in a way that the ISP could not scan for viruses or block spam. I agree that email should not be snooped on, but every user should know that the privacy of an email is like that of a postcard. Now about this wiretap law - is it unlawful for me to use a packet sniffer to troubleshoot a customer's connection and to watch for malicious traffic on my network? -Mark Hoffer ----- Original Message ----- From: "InfoSec News" <isn@private> To: <isn@private> Sent: Thursday, July 01, 2004 7:33 AM Subject: [ISN] E-Mail Snooping Ruled Permissible > Forwarded from: Marjorie Simmons <lawyer@private> > > http://www.wired.com/news/politics/0,1283,64043,00.html > > By Kim Zetter > June 30, 2004 > > E-mail privacy suffered a serious setback on Tuesday when a court of > appeals ruled that an e-mail provider did not break the law in > reading his customers' communications without their consent. > > The First Court of Appeals in Massachusetts ruled that Bradford C. > Councilman did not violate criminal wiretap laws when he > surreptitiously copied and read the mail of his customers in order > to monitor their transactions. > > Councilman, owner of a website selling rare and out-of-print books, > offered book dealer customers e-mail accounts through his site. But > unknown to those customers, Councilman installed code that > intercepted and copied any e-mail that came to them from his > competitor, Amazon.com. Although Councilman did not prevent the mail > from reaching recipients, he read thousands of copied messages in > order to know what books customers were seeking and gain a > commercial advantage over Amazon. _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Wed Jul 07 2004 - 04:16:45 PDT