[ntp-legal] Re: Monitoring policy - Was [ntp:hackers] D-Links NTP server vandalism

John Pettitt jpp at cloudview.com
Wed Apr 12 03:54:55 UTC 2006


Thread from ntp-hackers

todd glassey wrote:
> John
>   
>> Good we've established that - now where does it say that I as a server
>> operator in California have to advise people that their connection to my
>> server may be logged and/or that the log data may be published?
>>     
>
> Hold on on that John I will pull the citation on that - there is legal
> standing for this. The case itself set the standard which is why log-in
> banners are legally required to inform people that "all their actions are
> logged" when they use the computer.
>
>   

You are looking for 18 USC 5210 which says in part
> It shall not be unlawful under this chapter for a person not acting 
> under color of law to intercept a wire, oral, or electronic 
> communication where such person is a party to the communication or 
> where one of the parties to the communication has given prior consent 
> to such interception unless such communication is intercepted for the 
> purpose of committing any criminal or tortious act in violation of the 
> Constitution or laws of the United States or of any State.
Which as far as I see it allows a server operator to intercept ntp 
packets to/from  their server.



>> Unless I promise them privacy (which I don't) there is no obligation on
>> my part of provide privacy unless you know of some law I don't.
>>     
>
> Yes there is John, since there is no negotiations of the service that you
> are providing and there is no way that you can tell the End-User you are
> capturing their data, and becuase they habve no ide you personally even
> exist, or that they have to ask you about using your server, yes... you do
> have an obligation IMHO
>   

I don't have to tell them see above
>   
>> I get that the EU privacy laws may apply to EU servers but I'm not in
>> the EU (this is the reverse of the old "World != USA" issue - the world
>> != EU either).
>>     
>
> You also aren't dealing with how you notify the people that are using the
> service as to your capturing their information.
>   
I don't have to per 18  usc 2510
> But also why in their right mind would anyone in the EU want to use a
> California Server? - Maybe parts of Asia but that's it.
>   
the global pool mean I have many Europeans using my server.
> lets look at the other issue - why would anyone want to depend on a private
> uncertified server. You carry no liability right? why would I want time from
> you?  What does it buy me?
>   
yes but that's a different topic.

John



More information about the ntp-legal mailing list