On 6/08/2008, at 12:14 PM, Don Gould wrote:
Morning List,
I've been following this discussion with some interest.
I'm sure the issue of ethics has been raised on this topic but I hadn't seen any mention in this thread and am unclear where users stand.
Are users advised that their data is being captured for analysis?
What is the law regarding this sort of data capture?
Are regulators/auditors involved in ensuring appropriate security of captured data?
I'm not after a flame war on this issue, if it's already been discussed with respect to earlier projects I'd be interested in a link to the previous discussions.
Is it any different to analysing traffic in order to, for example, detect and limit p2p file sharing? Generally, this sort of analysis is done with only packet headers. p2p file sharing detection/limiting stuff often looks at full packets. One could argue that that is more invasive. Plenty of other things do deep packet inspection as well - ddos detection, transparent http proxying, etc. Much more invasive than the simple header analysis that has been proposed and discussed here. -- Nathan Ward