Does anyone know how the wiretap laws affect 'net traffic? (I assume
they could get a warrant to tap someone's communications and I also
assume that some ISPs may retain the right to tap their clients traffic
if they suspect a problem.)
Does it matter if the connection was instigated with a telephone line?
(i.e: conforming to whatever traditional wiretap laws or whatever.)
Bill Cheswick and I devoted much of a chapter to these questions in our
firewall book. The U.S. Federal statutes are online; see
http://www.law.cornell.edu/uscode/18/ch119.html
http://www.law.cornell.edu/uscode/18/ch121.html
for the text.
Briefly, though, the ECPA extended wiretap law to cover computer
communications under many circumstances. The presence or absence of
a phone line is irrelevant. The provisions for a warrant do apply.
Internal corporate communications may or may not be covered; the law
mostly applies to external services. Communications companies may
use wiretaps to protect their own assets, but they're not allowed
to engage in random monitoring of content.
State law may add additional restrictions, and non-U.S. law may be
completely different.
--Steve Bellovin
|
|
