[This is a short series I'm doing about this act. This is my opinion, and in no way represents the opinion or stance of WWU as a whole or in part, nor does it imply anything about our lobbying efforts. This is editorial.]
Part 4: Court cases to expect
The law itself is pretty non-specific, which means that it'll be up to the courts to determine the exact limits. There are several cases I can think of that'll need to be had early in order to flesh out who is responsible for what, and what the limits of enforceability are.
Part 4: Court cases to expect
The law itself is pretty non-specific, which means that it'll be up to the courts to determine the exact limits. There are several cases I can think of that'll need to be had early in order to flesh out who is responsible for what, and what the limits of enforceability are.
- Does this apply to home users or not? Does that wireless router sitting next to your cable modem qualify as, "A provider of an electronic communication service"? I'm guessing not, but I expect this very question to be asked as soon as a case gets to the point where a leeching neighbor sucked down some files he really shouldn't have, and the access-point owner can't prove it.
- Does the ISP have to distinguish between individual adults on a contract? The test case for this one would be the room-mate problem. Say I have an apartment I share with 3 friends, none of whom are married (i.e. 4 separate legal entities). If I pay the internet bill, but gas-bill paying roomie has been sucking down kiddy porn, the ISP has my billing info on file. Is this good enough, or do they also have to be able to audit roomie's discrete access patterns? This also applies to hotel rooms shared by adults.
- The NAT gateway problem. In theory, once everyone is on IPv6, NAT isn't a serious concern anymore. Riiight. My ISP has one IP address for our connection, and yet... there are eight IP-consuming devices in my house. Who is responsible for auditing the true originating IP address? Resolution of this question will go a long way towards answering whether or not home installs also need to keep a two year audit trail of IP/UID.
- Active vs. Passive authentication barriers. Active authentication (you must log in) versus passive authentication (jack location and inductive logic). This will determine what the 'good enough' line is for identifying information.
- Intranet vs. Internet. Is the need to keep an IP/User audit trail only for access off of the local network, or does it have to be kept for on-network access as well? A test case here at WWU would be if a group of students were swapping files they should not swap purely on our own WLAN. To my knowledge, we don't restrict access on the WLAN subnet itself, just off that network. If the students don't try to access off network resources, we'll never have an audit trail. Is this a problem under the act?