The Law and Ethics of Network Monitoring

Nearly every computer network–from the five-person office LAN to the giant corporate network and from the mom-and-pop ISP to the national broadband network–must be monitored. Because of ever-increasing threats and complexity, networks cannot survive unless they are watched. Administrators everywhere watch closely over reams of logfile entries created by routers, web servers, spam filters, packet sniffers, and deep-packet inspection firewalls.

All of this watching comes at a cost to user privacy, because these devices track and record the private behavior of users on the network. What are and what should be the limits to network monitoring, if any? A network engineer may argue that “it’s my network, so I can do what I want with it,” while a privacy activist might argue instead for common carrier privacy obligations for all ISPs. How do the wiretap laws govern network monitoring, if at all? Without having to resort to law, can systems administrators agree to a code of conduct that draws lines of monitoring across which they may not cross? Do these laws and ethical boundaries vary based on the type of network or the identity of person doing the monitoring, meaning different rules for employers, ISPs, researchers, and universities? Should they vary?

Join the Silicon Flatirons Center as we explore these questions and more relating to this fascinating topic at the intersection of law, technology, business, and policy.