Cybersnooping: It's Illegal in the U.S.


Apparently I wasn’t explicit enough in my post earlier this week about why it’s ludicrous to compare Iran’s use of deep packet inspection to block and intercept the communications of dissidents to the use of DPI technology by U.S. ISPs.

Let me spell it out: It’s illegal in the United States for service providers to intercept or disclose private electronics communications without a court order. These prohibitions are established in the Electronic Communications Privacy Act of 1986. In addition to that, the Cable Act addresses the way cable companies must handle personally identifiable information.

I received a nasty e-mail today from someone purporting to be a sales guy at a Web hosting company complaining about my previous post (The Evil That Routers Do), calling me a shill for the cable industry — and worse, employing a unique variation on a four-letter word.

He claimed I was wrong: that DPI technologies allow for exactly the sort of snooping that the Iranian government is reportedly engaged in. I pointed out that such activity is illegal in the U.S., and his response was that if subscribers agree to typical ISP terms of service they waive their legal rights to privacy.

Which providers, exactly, have terms of service requiring customers to totally check their privacy at the door? I’m still waiting for a response from this guy, but I won’t hold my breath.

My correspondent may have been referring to the use of DPI for behavioral-ad targeting, a la the ill-fated NebuAd trials. That company, which was engaged in tests with Charter and others, was effectively put out of business after congressional hearings spooked the ISPs involved. But such targeted ads, based on anonymized data, are no different from direct-mail marketing offers that have been used for years without any complaints about privacy violations. (See Double Standards on Privacy.)

I understand that people are very, very concerned about ensuring Internet privacy. It’s something any service provider must take extremely seriously. But there are laws already on the books governing the privacy of electronic communications, in the U.S. and other countries.