IT managers can breathe a little easier in the knowledge that corporate data held or transmitted by hosted Internet Service Provider (ISP) services is to be off limits to private investigators under a Cybercrime Code of Practice developed by the Internet Industry Association (IIA) that will be ratified at the end of this month.
The IIA move thwarts spectacular demands from the likes of Music Industry Piracy Investigations Pty. Ltd., which have argued ISPs should monitor customer activity to identify and report customers suspected of file sharing and swapping to investigators.
Under the new code, ISPs have vowed they will not divulge the “contents or substance of communications that has been carried by an ISP” unless explicitly compelled to by warrant. While the IIA code forbids snooping activity within ISPs themselves, it does not preclude discovery actions for civil proceedings on corporate networks held by customers in situ – such as those currently faced by many Australian universities.
The IIA warrant process for content (which for all intents and purposes is wiretapping), differs sharply from more a more flexible system based on “certificates” to be granted to requests for assistance from law enforcement and authorized agencies. The certificated regime covers a range of fraudulent and miscreant activities such as defrauding carriers through stolen credit card numbers and spoofing.
MIPI is understood to have sought entry into ISPs under the new certificate regime, arguing that music piracy constituted a form of organized international crime of which it has specialist working knowledge and intelligence.
Clearly fed up with such ambitions, IIA chief executive, Peter Coroneos makes no apologies for the tough anti-fishing stance from ISPs.
“Private investigators will not have access to data unless they have a court order (which) would be hard to obtain as judges will not allow fishing expeditions. The IIA code will not avail any private individual who cannot convince a court to permit disclosure.
“ISPs who do so risk imprisonment. In regard to data in transit, an interception warrant will probably not be available to private investigators (either). The IIA fully supports these protections and emphasizes them in our code,” Coroneos told Computerworld.
Director of lawful interception technology firm Universal Defense, Umar Goldeli is similarly dismissive of any attempts by private interests to grab data for their own ends.
“It appears there is something of a misconception regarding telecommunications interception warrants, the process is not negotiable. It’s not something (you) can just go down to the local convenience store and ask for. It’s a highly formal, legal procedure, and certainly not open to access by private companies. It also takes privacy concerns very seriously,” Goldeli said.
Neither MIPI nor the Australian Recording Industry Association, of which MIPI is a wholly owned subsidiary, had returned calls at time of press.
An ARIA employee told Computerworld, “The person that does our media has just left.”