skip to main content
10.1145/1298306.1298307acmconferencesArticle/Chapter ViewAbstractPublication PagesimcConference Proceedingsconference-collections
Article

Legal issues surrounding monitoring during network research

Published:24 October 2007Publication History

ABSTRACT

This work was motivated by a discussion that two of the coauthors (computer science professors) had with the other coauthor (a law professor and a former computer crime Trial Attorney at the U.S. Department of Justice), in which it was pointed out that some of the network measurements that the computer scientists were thinking of making might potentially violate Federal laws.

Several Federal laws prohibit or restrict network monitoring and the sharing of records of network activity. These laws are designed to protect online privacy. They apply both to private parties and government agents, although the details vary depending on who is doing the monitoring. The most important thing to note is that none of these laws contain any specific exceptions or safe harbors for scientific or academic research. The laws are complex, but they follow a basic pattern. First, certain types of network monitoring and data access are prohibited. People who violate the prohibitions may be sued by the people whose privacy they invade and potentially prosecuted and convicted of federal crimes (i.e., misdemeanor and felony convictions).

In this paper, we will examine these laws and consider what they might mean for the network measurement community. Although we focus on U.S. Federal Law, we also highlight general trends and approaches in state and international laws that impact network researchers. We will examine the steps commonly taken in prior research in network measurement to respect user privacy, and we will compare those approaches to the evolving legal rules. We will also consider whether legislative reform is needed, describe steps that researchers might take when pursuing such work in light of the legal rules, and propose future technical and policy-related steps the community can take to focus more attention on user privacy.

References

  1. ACM SIGCOMM and USENIX, Sixth Internet Measurement Conference, 2005. Available online at http://www.imconf.net/imc-2005/papers/program.html.Google ScholarGoogle Scholar
  2. ACM SIGCOMM and USENIX, Sixth Internet Measurement Conference, 2006. Available online at http://www.imconf.net/imc-2006/program.html.Google ScholarGoogle Scholar
  3. C. H. Kennedy and P. Swire, "State wireless and electronic surveillance after september 11," Hastings Law Journal, vol. 54, no. 847, 2003. Appendix A.Google ScholarGoogle Scholar
  4. C. of Europe, "Convention on cybercrime budapest 23.xi.2001." Available as http://conventions.coe.int/Treaty/EN/Treaties/HTML/185.htm.Google ScholarGoogle Scholar
  5. "18 united states code § 2511." Available athttp://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002511-000-.html.Google ScholarGoogle Scholar
  6. The First Amendment Handbook. The Reporters Committee for Freedom of the Press, 2003. Available as http://www.rcfp.org/handbook/c03p01.html.Google ScholarGoogle Scholar
  7. M. Rasch, "Chat, copy, paste, prison," SecurityFocus, April 2004.Google ScholarGoogle Scholar
  8. Griggs-Ryan v. Smith, 904 F.2d 112 (1st Cir. 1990).Google ScholarGoogle Scholar
  9. U.S. v. Angevine, 281 F.3d 1130 (10th Cir. 2002).Google ScholarGoogle Scholar
  10. "18 united states code § 3127." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00003127-000-.html.Google ScholarGoogle Scholar
  11. "18 united states code § 2701." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002701-000-.html.Google ScholarGoogle Scholar
  12. "18 united states code § 2702." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002702-000-.html.Google ScholarGoogle Scholar
  13. "18 united states code § 2703." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002703-000-.html.Google ScholarGoogle Scholar
  14. J. Xu, J. Fan, M. Ammar, and S. Moon,"Prefix preserving ip address anonymization: Measurement-based security evaluation and a new cryptography-based scheme," 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. "Crypto-pan software," 2004. Available from http://www.cc.gatech.edu/computing/Networking/projects/cryptopan/.Google ScholarGoogle Scholar
  16. R. Pang, M. Allman, V. Paxson, and J. Lee, "The devil and packet trace anonymization," SIGCOMM Comput. Commun. Rev., vol. 36, no. 1, pp. 29--38, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. J. Sommers. and P. Barford, "Self-configuring network traffic generation," in Fourth Internet Measurement Conference, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. K. V. Vishwanath and A. Vahdat, "Realistic and responsive network traffic generation," SIGCOMM Comput. Commun. Rev., vol. 36, no. 4, pp. 111--122, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. M. Barbaro and T. Z. Jr., "A face is exposed for aol searcher number 4417749," New York Times, Aug 2006.Google ScholarGoogle Scholar
  20. C. Soghoian, "The problem of anonymous vanity searches," Jan 2007. Available at SSRN http://ssrn.com/abstract=953673.Google ScholarGoogle Scholar

Index Terms

  1. Legal issues surrounding monitoring during network research

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in
      • Published in

        cover image ACM Conferences
        IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
        October 2007
        390 pages
        ISBN:9781595939081
        DOI:10.1145/1298306

        Copyright © 2007 ACM

        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 24 October 2007

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • Article

        Acceptance Rates

        Overall Acceptance Rate277of1,083submissions,26%

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader