[ntp-legal] Re: Monitoring policy - Was [ntp:hackers] D-Links NTP
server vandalism
John Pettitt
jpp at cloudview.com
Wed Apr 12 03:54:55 UTC 2006
Thread from ntp-hackers
todd glassey wrote:
> John
>
>> Good we've established that - now where does it say that I as a server
>> operator in California have to advise people that their connection to my
>> server may be logged and/or that the log data may be published?
>>
>
> Hold on on that John I will pull the citation on that - there is legal
> standing for this. The case itself set the standard which is why log-in
> banners are legally required to inform people that "all their actions are
> logged" when they use the computer.
>
>
You are looking for 18 USC 5210 which says in part
> It shall not be unlawful under this chapter for a person not acting
> under color of law to intercept a wire, oral, or electronic
> communication where such person is a party to the communication or
> where one of the parties to the communication has given prior consent
> to such interception unless such communication is intercepted for the
> purpose of committing any criminal or tortious act in violation of the
> Constitution or laws of the United States or of any State.
Which as far as I see it allows a server operator to intercept ntp
packets to/from their server.
>> Unless I promise them privacy (which I don't) there is no obligation on
>> my part of provide privacy unless you know of some law I don't.
>>
>
> Yes there is John, since there is no negotiations of the service that you
> are providing and there is no way that you can tell the End-User you are
> capturing their data, and becuase they habve no ide you personally even
> exist, or that they have to ask you about using your server, yes... you do
> have an obligation IMHO
>
I don't have to tell them see above
>
>> I get that the EU privacy laws may apply to EU servers but I'm not in
>> the EU (this is the reverse of the old "World != USA" issue - the world
>> != EU either).
>>
>
> You also aren't dealing with how you notify the people that are using the
> service as to your capturing their information.
>
I don't have to per 18 usc 2510
> But also why in their right mind would anyone in the EU want to use a
> California Server? - Maybe parts of Asia but that's it.
>
the global pool mean I have many Europeans using my server.
> lets look at the other issue - why would anyone want to depend on a private
> uncertified server. You carry no liability right? why would I want time from
> you? What does it buy me?
>
yes but that's a different topic.
John
More information about the ntp-legal
mailing list