From the small amount of reading I've done what WAND has done appears to be fine. However, capturing header + payload and disseminating it to a third
I'd just managed to find that code and read some of it before the below
email. It's basically telling you how to interpret the privacy act for
telecommunications networks. This includes the internet, not just the PSTN
as "Internet Service Provider" is included under the definition of an
"Agency" and communication is a phone-call or "any other telecommunication".
The underlying assumption I've picked up from previous posts to NZNOG is
that "if it's on the internet you can just do whatever you want with the
traffic including payload". This appears to be wrong from a quick glance of
some of the rules set out in the code. This is true with or without a
company policy saying you can/can't do x, y or z. This note in "Rule 1" is
quite pertinent:
"
Note: Except where it is itself a party to a communication, a
telecommunications agency will rarely have a lawful purpose to collect the
content of any telecommunication. Indeed, it is unlawful to intercept the
content of a private communication in most cases (Crimes Act 1961, Part 9A).
There are some limited exceptional circumstances relevant to
telecommunications agencies (e.g. where acting pursuant to an interception
warrant to assist the Police or SIS). Employees of network operators can, in
the course of their duties, intercept telecommunications for maintenance
purposes but it is an offence for an employee of a network operator to use
or disclose information so obtained for unauthorised purposes –
Telecommunications Act 2001, ss.114 and 115).
"
party without a warrant is ILLEGAL.
I leave further reading of the code and analysis of fringe cases etc as an
exercise to the reader, but previous posts leave me a bit worried about the
cavalier attitude of some NZNOG posters to privacy of the internet.
Jonathan
On Wed, Aug 6, 2008 at 1:51 PM, Joel Wiramu Pauling
My answer to any privacy issues is this (I agree with the network being a "public space" regardless of the physical ownership of the underlying networks), if you choose to use software and protocols that don't offer end to end encryption then you void the right to complain about being snooped. There are solutions it is a choice not to use them.
In reference to standards about recording data in public/private settings I point you at telecomunication privacy commission code.
http://www.privacy.org.nz/telecommunications-information-privacy-code/
Psychologists have been dealing with this issue for a long time, and there are some good transferable ethics approval processes in that discipline for approving collection of data for study. APA being the standard.
-JoelW _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog