ABSTRACT
This work was motivated by a discussion that two of the coauthors (computer science professors) had with the other coauthor (a law professor and a former computer crime Trial Attorney at the U.S. Department of Justice), in which it was pointed out that some of the network measurements that the computer scientists were thinking of making might potentially violate Federal laws.
Several Federal laws prohibit or restrict network monitoring and the sharing of records of network activity. These laws are designed to protect online privacy. They apply both to private parties and government agents, although the details vary depending on who is doing the monitoring. The most important thing to note is that none of these laws contain any specific exceptions or safe harbors for scientific or academic research. The laws are complex, but they follow a basic pattern. First, certain types of network monitoring and data access are prohibited. People who violate the prohibitions may be sued by the people whose privacy they invade and potentially prosecuted and convicted of federal crimes (i.e., misdemeanor and felony convictions).
In this paper, we will examine these laws and consider what they might mean for the network measurement community. Although we focus on U.S. Federal Law, we also highlight general trends and approaches in state and international laws that impact network researchers. We will examine the steps commonly taken in prior research in network measurement to respect user privacy, and we will compare those approaches to the evolving legal rules. We will also consider whether legislative reform is needed, describe steps that researchers might take when pursuing such work in light of the legal rules, and propose future technical and policy-related steps the community can take to focus more attention on user privacy.
- ACM SIGCOMM and USENIX, Sixth Internet Measurement Conference, 2005. Available online at http://www.imconf.net/imc-2005/papers/program.html.Google Scholar
- ACM SIGCOMM and USENIX, Sixth Internet Measurement Conference, 2006. Available online at http://www.imconf.net/imc-2006/program.html.Google Scholar
- C. H. Kennedy and P. Swire, "State wireless and electronic surveillance after september 11," Hastings Law Journal, vol. 54, no. 847, 2003. Appendix A.Google Scholar
- C. of Europe, "Convention on cybercrime budapest 23.xi.2001." Available as http://conventions.coe.int/Treaty/EN/Treaties/HTML/185.htm.Google Scholar
- "18 united states code § 2511." Available athttp://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002511-000-.html.Google Scholar
- The First Amendment Handbook. The Reporters Committee for Freedom of the Press, 2003. Available as http://www.rcfp.org/handbook/c03p01.html.Google Scholar
- M. Rasch, "Chat, copy, paste, prison," SecurityFocus, April 2004.Google Scholar
- Griggs-Ryan v. Smith, 904 F.2d 112 (1st Cir. 1990).Google Scholar
- U.S. v. Angevine, 281 F.3d 1130 (10th Cir. 2002).Google Scholar
- "18 united states code § 3127." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00003127-000-.html.Google Scholar
- "18 united states code § 2701." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002701-000-.html.Google Scholar
- "18 united states code § 2702." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002702-000-.html.Google Scholar
- "18 united states code § 2703." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002703-000-.html.Google Scholar
- J. Xu, J. Fan, M. Ammar, and S. Moon,"Prefix preserving ip address anonymization: Measurement-based security evaluation and a new cryptography-based scheme," 2002. Google ScholarDigital Library
- "Crypto-pan software," 2004. Available from http://www.cc.gatech.edu/computing/Networking/projects/cryptopan/.Google Scholar
- R. Pang, M. Allman, V. Paxson, and J. Lee, "The devil and packet trace anonymization," SIGCOMM Comput. Commun. Rev., vol. 36, no. 1, pp. 29--38, 2006. Google ScholarDigital Library
- J. Sommers. and P. Barford, "Self-configuring network traffic generation," in Fourth Internet Measurement Conference, 2004. Google ScholarDigital Library
- K. V. Vishwanath and A. Vahdat, "Realistic and responsive network traffic generation," SIGCOMM Comput. Commun. Rev., vol. 36, no. 4, pp. 111--122, 2006. Google ScholarDigital Library
- M. Barbaro and T. Z. Jr., "A face is exposed for aol searcher number 4417749," New York Times, Aug 2006.Google Scholar
- C. Soghoian, "The problem of anonymous vanity searches," Jan 2007. Available at SSRN http://ssrn.com/abstract=953673.Google Scholar
Index Terms
Legal issues surrounding monitoring during network research
Recommendations
When Digital Forensic Research Meets Laws
ICDCSW '12: Proceedings of the 2012 32nd International Conference on Distributed Computing Systems WorkshopsAcademic researchers in digital forensics often lack backgrounds in related laws. This ignorance could make their research and development legally invalid, or with less relevance in practice. To better assist academic researchers, we discuss related ...
When your computer needs a lawyer
Possible liability for negligence, for other torts (such as slander of credit) and for liability under theories of express or implied warranty (guarantees) are discussed, and legal complications are explained, so that users, operators, owners, and ...
The Challenges Facing Computer Forensics Investigators in Obtaining Information from Mobile Devices for Use in Criminal Investigations
The paper deals with the various types of mobile devices that have large storage capacities and the challenges for forensics experts in gathering information from the devices for use in criminal investigations. The paper describes various forensics ...
Comments