IT managers can breathe a little easier in the knowledge that corporate data held or transmitted by hosted ISP services is to be off limits to private investigators under a Cybercrime Code of Practice developed by the Internet Industry Association (IIA) that will be ratified at the end of this month.
The IIA move thwarts spectacular demands from the likes of Music Industry Piracy Investigations (MIPI) which have argued that ISPs should monitor customer activity to identify and dob in customers suspected of file sharing and swapping to investigators.
Under the new code, ISPs have vowed they will not divulge the “contents or substance of communications that have been carried by an ISP” unless explicitly compelled to by warrant. While the IIA code forbids snooping activity within ISPs themselves, it does not preclude discovery actions for civil proceedings on corporate networks held by customers in situ — such as those currently faced by many Australian universities.
The IIA warrant process for content (which for all intents and purposes is wiretapping), differs sharply from a more flexible system based on “certificates” to be granted to requests for assistance from law enforcement and authorised agencies. The certificated regime covers a range of fraudulent and miscreant activities such as defrauding carriers through stolen credit card numbers and spoofing.
MIPI is understood to have sought entry into ISPs under the new certificate regime, arguing that music piracy constituted a form of organised international crime.
Clearly fed up with such ambitions, IIA chief executive Peter Coroneos makes no apologies for the tough anti-fishing stance from ISPs.
“Private investigators will not have access to data unless they have a court order [which] would be hard to obtain as judges will not allow fishing expeditions. The IIA code will not avail any private individual who cannot convince a court to permit disclosure.
“ISPs that do so risk imprisonment. In regards to data in transit, an interception warrant will probably not be available to private investigators [either]. The IIA fully supports these protections and emphasises them in our code,” Coroneos said.
The director of lawful interception technology firm Universal Defence, Umar Goldeli, is similarly dismissive of any attempts by private interests to grab data for their own ends.
“It appears there is something of a misconception regarding telecommunications interception warrants — the process is not negotiable. It’s not something [you] can just go down to the local convenience store and ask for.”