|
ABSTRACT:
|
This work was motivated by a discussion that two of the coauthors
(computer science professors) had with the other coauthor (a law
professor and a former computer crime Trial Attorney at the
U.S. Department of Justice), in which it was pointed out that some of
the network measurements that the computer scientists were thinking of
making might potentially violate Federal laws. Several Federal laws
prohibit or restrict network monitoring and the sharing of records of
network activity. These laws are designed to protect online
privacy. They apply both to private parties and government agents,
although the details vary depending on who is doing the monitoring. The
most important thing to note is that none of these laws contain any
specific exceptions or safe harbors for scientific or academic
research. The laws are complex, but they follow a basic pattern. First,
certain types of network monitoring and data access are
prohibited. People who violate the prohibitions may be sued by the
people whose privacy they invade and potentially prosecuted and
convicted of federal crimes (i.e., misdemeanor and felony convictions).
In this paper, we will examine these laws and consider what they might
mean for the network measurement community. Although we focus on
U.S. Federal Law, we also highlight general trends and approaches in
state and international laws that impact network researchers. We will
ex- amine the steps commonly taken in prior research in network
measurement to respect user privacy, and we will compare those
approaches to the evolving legal rules. We will also consider whether
legislative reform is needed, describe steps that researchers might take
when pursuing such work in light of the legal rules, and propose future
technical and policy-related steps the community can take to focus more
attention on user privacy.
|