Cybersnooping: It's Illegal in the U.S.
Apparently I wasn’t explicit enough in my post earlier this week about why it’s ludicrous to compare Iran’s use of deep packet inspection to block and intercept the communications of dissidents to the use of DPI technology by U.S. ISPs.
Let me spell it out: It’s illegal in the United States for service providers to intercept or disclose private electronics communications without a court order. These prohibitions are established in the Electronic Communications Privacy Act of 1986. In addition to that, the Cable Act addresses the way cable companies must handle personally identifiable information.
I received a nasty e-mail today from someone purporting to be a sales guy at a Web hosting company complaining about my previous post (The Evil That Routers Do), calling me a shill for the cable industry — and worse, employing a unique variation on a four-letter word.
He claimed I was wrong: that DPI technologies allow for exactly the sort of snooping that the Iranian government is reportedly engaged in. I pointed out that such activity is illegal in the U.S., and his response was that if subscribers agree to typical ISP terms of service they waive their legal rights to privacy.
Which providers, exactly, have terms of service requiring customers to totally check their privacy at the door? I’m still waiting for a response from this guy, but I won’t hold my breath.
My correspondent may have been referring to the use of DPI for behavioral-ad targeting, a la the ill-fated NebuAd trials. That company, which was engaged in tests with Charter and others, was effectively put out of business after congressional hearings spooked the ISPs involved. But such targeted ads, based on anonymized data, are no different from direct-mail marketing offers that have been used for years without any complaints about privacy violations. (See Double Standards on Privacy.)
I understand that people are very, very concerned about ensuring Internet privacy. It’s something any service provider must take extremely seriously. But there are laws already on the books governing the privacy of electronic communications, in the U.S. and other countries.
Todd Spangler commented:
Thanks for the comment / search terms, Anon1. Yes, the unauthorized spying you allude to would indeed appear to be illegal under existing laws.
Anon1 commented:
AT&T, Mark Klein, NSA, Telecom Immunity, Pinwale.
Anon commented:
Don't be so hasty to dismiss DPI in the USA. Which ISP is using kindsight.net to connect ad networks to its customers? Are the websites being paid copyright for the use of their content? - are the websites being paid a portion of the ad revenue like they are when they partner with an ad network?
Do the customers know that the ISP's free offer to 'detect malware on their PC' is being used to build up a profile on them and intercepting everything they do online?
What gets me about the offer is that if the 'malware protection' was any good there would be no way for the malware to be downloaded to infect the PC in the first place.
