I'd just managed to find that code and read some of it before the below email. It's basically telling you how to interpret the privacy act for telecommunications networks. This includes the internet, not just the PSTN as "Internet Service Provider" is included under the definition of an "Agency" and communication is a phone-call or "any other telecommunication".

The underlying assumption I've picked up from previous posts to NZNOG is that "if it's on the internet you can just do whatever you want with the traffic including payload". This appears to be wrong from a quick glance of some of the rules set out in the code. This is true with or without a company policy saying you can/can't do x, y or z. This note in "Rule 1" is quite pertinent:

"
Note: Except where it is itself a party to a communication, a telecommunications agency will rarely have a lawful purpose to collect the content of any telecommunication. Indeed, it is unlawful to intercept the content of a private communication in most cases (Crimes Act 1961, Part 9A). There are some limited exceptional circumstances relevant to telecommunications agencies (e.g. where acting pursuant to an interception warrant to assist the Police or SIS). Employees of network operators can, in the course of their duties, intercept telecommunications for maintenance purposes but it is an offence for an employee of a network operator to use or disclose information so obtained for unauthorised purposes � Telecommunications Act 2001, ss.114 and 115).
"

From the small amount of reading I've done what WAND has done appears to be fine. However, capturing header + payload and disseminating it to a third party without a warrant is ILLEGAL.

I leave further reading of the code and analysis of fringe cases etc as an exercise to the reader, but previous posts leave me a bit worried about the cavalier attitude of some NZNOG posters to privacy of the internet.

Jonathan

On Wed, Aug 6, 2008 at 1:51 PM, Joel Wiramu Pauling <aenertia@aenertia.net> wrote:
My answer to any privacy issues is this (I agree with the network
being a "public space" regardless of the physical ownership of the
underlying networks), if you choose to use software and protocols that
don't offer end to end encryption then you void the right to complain
about being snooped. There are solutions it is a choice not to use
them.

In reference to standards about recording data in public/private settings I
point you at telecomunication privacy commission code.

http://www.privacy.org.nz/telecommunications-information-privacy-code/

Psychologists have been dealing with this issue for a long time, and
there are some good transferable ethics approval processes in that
discipline for approving collection of data for study. APA being the
standard.


-JoelW
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog