[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISPs' information on users

On Tue, 24 Sep 1996, Timothy C. May wrote:

> At 8:18 PM 9/24/96, Robert Hettinga wrote:
> >--- begin forwarded text
> >>  ** So Much Fuss About A Bottle Of Ketchup
> >>
> >>  Hungarian police recently sent a fax around to the local Internet
> >>  service providers (ISPs) asking them to provide lists of their users
> >>  in Esztergom, a small town outside of Budapest. It seems somebody
> >>  had planted a bomb in a bottle of ketchup. Since everyone knows you
> >>  can download bomb-making instructions from the Internet, the police
> >>  figured they should investigate the local users. No, I'm not making
> >>  this up.
> So, Hungary has GAK -- Government Access to Ketchup.
> Good to know the 57 Varieties are now considered munitions.
> On a more serious note, perhaps legal experts here could comment on
> something I've been wondering about. Could ISPs in the UlS. be compelled to
> report on the browsing and net surfing habits of their customer base?
> To make this clear, I don't mean in a specific criminal case, where the
> records are searchable under a warrant. I mean a blanket order that all
> ISPs compile and forward records.
> Were I an ISP, I would probably say, "Hell no! They're my records and the
> Fourth Amendment says my records are to be secure unless a proper court
> order is issued. Besides, my fee for generating each kilobyte of records is
> $100,000, nonnegotiable."
> (I think I've answered my own question, namely, ISPs would be under no
> obligation to report on customer activities, absent a proper warrant, and
> consistent with the ECPA.)
> However, ISPs are _not_ accorded the same status as priests, lawyers, and
> others with such privacy privileges (and obligations). Would it be legal
> for an ISP to offer for sale such records? Or to voluntarily go to the
> cops?

Worse for the ISP (and better for its customers), such interception would 
violate ECPA, as the 18 U.S.C. Section 2511(2)(a)(i) exception for 
interceptions by electronic communications services would not apply to 
protect the ISP.  One could hardly (successfully) argue that selling out 
its customers was a "necessary incident" to the rendition of the ISP's 
services.  Indeed, the exception also states "that a provider ... shall 
not utilize service observing or random monitoring except for mechanical 
or service quality control checks.

I know.  They could use the exception to give away a little bit, but not 
the whole enchilada.


> (There's a certain new ISP with tight links to a quasi-religious group much
> in the news lately, and some have speculated that this ISP may be
> monitoring certain users....)
> --Tim May
> We got computers, we're tapping phone lines, I know that that ain't allowed.
> ---------:---------:---------:---------:---------:---------:---------:----
> Timothy C. May              | Crypto Anarchy: encryption, digital money,
> [email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
> W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
> Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
> "National borders aren't even speed bumps on the information superhighway."