Mastering the Internet

[Peter Fairbrother]

Florian Weimer wrote:
> * Pete Mitchell:
> 
>> Roland Perry wrote  on 3-05-09 15:13:
>>> An order is only required if the CSP resists a polite request to install
>>> a permanent intercept capability.
> 
>>> It's not illegal to install one, just [currently] to operate it without
>>> warrants to extract content from communications.
>> Hang on ... that one's from Orwell, am I right?
> 
> No, most routers deployed on the Internet already have that
> capability.  IPFIX/Netflow export functionality is very common, and
> there are also monitor ports and (E)RSPAN, which provide payload
> access.  I think that for diagnostic purposes, capacity planning etc.,
> it's also legal to use them.
> 
> 

I'm not too up on this, but I'm thinking that IPFIX/Netflow exports only 
communications data [1], and monitor ports and (E)RSPAN export content 
as well. Please correct me if I'm wrong.

If so, yes, if it's necessary for diagnostic purposes, capacity planning 
etc., then it's legal to use IPFIX/Netflow under both RIPA and DPA - 
though under DPA access should be limited to those who need access for 
the above reasons, and it should only be used for those reasons.

The situation for monitor ports and (E)RSPAN is a little different under 
RIPA. In theory it might be legal under s 3(3) of RIPA to access them 
for diagnostic purposes, capacity planning etc - but in practice I can't 
see why that might often be necessary.

Again, DPA means availability should be restricted to those who 
absolutely need the data, and both RIPA and DPA probably require that 
only things like type of content, rather than actual content, should be 
used.

This is just my opinion, btw!

[1] ie to and from addresses of packets, times, sizes, and also the 
total size of a TCP message. The last ought to be be treated slightly 
differently IMHO, but I don't think RIPA or DPA require it.


-- Peter Fairbrother