The law is a bit ambiguous. For example the crimes act ammendment in 2003 outlawed hacking and specifically allowed police interception of computer communications but is silent on interception by network operators or researchers. When we got a legal opinion on this (shock horror - consulting someone who knew what they were talking about ;-) the advice was that the exact meaning of the act could only be established through precedent in case law. However there hadn't been any cases. AFAIK there still haven't. In absence of a definitive case, our advisor said that the crucial point would be the intent of intercepting data. So legitimate activities such as network maintenance and operations and also network research would be Ok but snooping on users private activities would not. We "think" we are Ok legally. As Shane said, ethically we have to debate our activities with the University ethics committee. If they understood networks that would be a good thing but as it is it's hard, but we are making progress on coming to an understanding. Richard.