John W. Bagby, Professor of Information Sciences & Technology, PSU
Pamela R. Harvey, J.D. Candidate, Dickinson School of Law
Daniel A. Tishman, Research Assistant & WebMaster
Network management is performed in both the private and public sector for security, confidentiality and data integrity purposes. Network managers must control, plan, allocate, deploy, coordinate, and monitor the resources of information and communications technologies (ICT) networks. Managers of various ICT networks balance network security duties against their compliance with boundary conditions imposed by private contracts and laws protecting privacy and constraining electronic surveillance. Discharging this duty increasingly requires deployment of network security enhancing methods that can diminish privacy rights or violate various constitutional, statutory, and industry standards.
The prevailing legal focus on electronic surveillance has centered on law enforcement's interception of message traffic in traditional telephony and the role of the telecommunications industry to facilitate that access. Under revisions to the Communications Assistance for Law Enforcement Act (CALEA) and FCC rules broadening the application of CALEA to voice over Internet protocol (VoIP) telephony, there is an increasing recognition of the cross-migration of considerable telephony traffic and Internet communications traffic. All this suggests overlap and a general blurring of traditional network management techniques given the convergence of voice and data communications in communicating through architectures roughly categorized as e-mail, instant messaging (IM), text-messaging, website interaction, transmission of file attachments (including text, audio and video content), various forms of electronic transactions processing, web services, and difficulties looming with the hosting and operation of large scale, grid computing interconnections.
This paper reports the findings of a funded project that examines how law enforcement's electronic surveillance duties compare with network management. The interception authority and techniques used in network management is compared with the techniques authorized for law enforcement agencies. The broadening view of this area recognizes similarities and differences among access to stored communications as well as to the retrieval of content and examination of communication logs by government law enforcement, regulatory agencies, self-regulatory organizations (SROs), research institutes operated by non-governmental organizations (NGO), and private sector organizations. Also analyzed are network administrators sometimes conflicting duties to protect the privacy of employees and clients/customers/third parties, assure confidentiality of organizational secrets and maintain the integrity of data stored and data in transit.
This comparative examines the application and extension of existing electronic surveillance laws such as the Electronic Communications Privacy Act (ECPA), the Stored Communications provisions of ECPA, wiretap authority under CALEA as modified by the USA Patriot Act, variations in state law and the authority granted in contracts with employees as well as contracts with various service providers that enable network managers' electronic surveillance. Implications are also examined of recent controversies involving social network analysis (SNA) using network traffic data-mining techniques arguably violating the Foreign Intelligence Surveillance Act (FISA) as well as other interception programs skirting the National Security Letters procedures and the FBI's Carnivore packet sniffing program. Finally, this paper compares limitations on the allowable range of uses for evidence derived from electronic intercepts in law enforcement against those uses of evidence derived from private network management