Unit 3 Discussion

A Quick Introduction to Packet Sniffing:

A packet sniffer is a software application or hardware device that can capture and allow for analysis of data which passes over a wired (Ethernet) or wireless (802.11x) network.  Depending on the purpose for which a packet sniffer was used, it could be thought of as a sort of “phone tap” for computer networks.  In the United States, it is currently illegal for the Federal government to use packet sniffing on privately-owned networks without obtaining a warrant to do so.  However, it is not (yet) strictly illegal for individuals to “sniff” (or log/monitor/watch) traffic passing along networks to which they have access.

Packet Sniffing/Monitoring at the Workplace:

Whether or not employees at many large companies are aware of it, their companies may use packet sniffing or some other form of general (or selective) network monitoring to monitor their usage of company network resources.  One of the most discussed aspects of this, a few years back, was the discussion of the release of network monitoring applications released by several of the major IM application vendors (most notably Microsoft for MSN/Windows Messenger).  In theory (and my opinion is, most likely in practice) this monitoring would be used by company IT and security staff to protect company information from being stolen.  At the same time, though, many people were worried about how personally-related conversations logged by these programs might be viewed or used by companies who monitored by this type of traffic.

It would be my own opinion that neither of these two uses of these types of monitoring software would be at all illegal.  In the case of protecting companies from leakage of their confidential information, I would say such a claim and use of of IM monitoring and/or packet analysis would be totally justified — many companies with so-called “confidential” information often require employees to sign some form of paperwork before allowing them to handle such materials.  Furthermore, in general, I believe it is a company’s owners’ right to assert control over usage and monitoring of its technological assets.  Therefore, I would have no problem with a company monitoring all IM (or other) network traffic which passes over (or from) its IT hardware, but at the same time, I would want to make sure that users are aware that personal communications made at their workplace might be “monitored or recorded.”

Packet Sniffing and The Law:

As I have stated earlier in this post, in the United States, the only “major” illegal use for packet sniffing would be an instance in which the Federal government were to use packet sniffing to monitor the activity of citizens without proper warrants.  At the same time though, the current “open” nature of computer communications in the States could potentially be tightened down on somewhat, with reasonable legislation (granted, our country’s government and “reasonable” don’t currently seem to deserve being mentioned in the same sentence, but, that’s a totally different matter). ;-)

If I were to be involved in the formation of laws to control the practice of Packet Sniffing, I would want to make (at least) the following considerations:

  • Remember that, as “fascist” as some other countries may think we are, that (to my thinking) both our legal system, and the Internet are all examples of how “open” to new ideas and communications we are here. Sad as it may seem for some victims, the fact that sometimes guilty persons get exonerated in courts (possibly even too often) is a sign that the ideals of our legal system based on “Innocent Until Proven Guilty” still works.  Also, the fact that we (“the people”) can openly post anything we want on the Internet (with a few exceptions — all of which are related to promoting blatantly-illegal activities, such as building bombs) is a sign that we still have the right to practice our free speech rights (and that we do so quite often).
  • Networking without proactivity is a losing battle. This means that, even if we have a formal “packet sniffing law,” that it would be stifling to the computer networking field to completely disallow the practice of packet sniffing.  Whether or not the American legal community likes it, sometimes being able to interactively break apart network communications to find the source of a problem is the only way to ever fix the problem properly.
  • Americans are usually less combative when well-informed. What I mean by this is that, if we were to allow for certain types of packet sniffing in a “packet sniffing law,” we would want to ensure that people who might be affected by the packet sniffing were either aware of the potential of the activity of packet sniffing, or the activity itself, or were otherwise unaware of it for warranted reasons (e.g. criminal investigation of the individual whose communications were being monitored).

—- Links viewed in the process of this Posting —-

“Packet analyzer” on Wikipedia
http://en.wikipedia.org/wiki/Packet_analyzer

“Packet capture” on Wikipedia
http://en.wikipedia.org/wiki/Packet_capture

“B.I.S.S. PACKET  SNIFFING  Guide” (Google’s Cache — Original Page Missing)
Accessed On: Tuesday, February 9TH, 2010
http://74.125.113.132/search?q=cache:zIuR1Ah2Jl8J:www.bluetack.co.uk/forums/lofiversion/index.php/t1191.html+packet+sniffing+illegal&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a

B.I.S.S. PACKET SNIFFING Guide