You can go as far as you need to. Telephone company's have always had the right to listen to and record telephone calls at will. Now that the FCC has declared all the ISPs virtual public utilities you should be covered under the old rules. I think you were good without. Monitoring for network troubleshooting has always been acceptable.
Here is what AT&T collects in California http://www.att.com/Common/about_us/privacy_policy/print_policy.html What information do we collect? We may collect different types of information based on your use of our products and services and on our business relationship with you. a.. Account Information: a.. Contact Information that allows us to communicate with you. We get this information when you order or register for our services. This would include information like your name, address, telephone number and e-mail address. b.. Billing Information related to your financial relationship with us, such as the services we provide to you, the telephone numbers you call and text, your payment history, your credit history, your credit card numbers, Social Security number, security codes and your service history. b.. Technical & Usage Information related to the services we provide to you, including information about how you use our networks, services, products or websites. Some examples include: a.. Equipment Information that identifies the equipment on our networks, such as equipment type, device IDs, device status, serial numbers, settings, configuration and software. b.. Network Performance & Usage Information about the operation of the equipment, services and applications you use on our networks. Examples of this might include wireless device location, the number of text messages sent and received, voice minutes used, calling and texting records, bandwidth used, and resources you use when uploading, downloading or streaming data to and from the Internet. We also collect information like transmission rates and delays, data associated with remote monitoring services and security characteristics. a.. Some Network Performance & Usage Information and some Billing Information is Customer Proprietary Network Information or "CPNI." Unique rules apply to CPNI. Go here to learn more about what it is, how we use it and the choice you can make about that use. c.. Web Browsing & Mobile Application Information such as IP addresses, URLs, data transmission rates and delays. We also learn about the pages you visit, the time you spend, the links or advertisements you see and follow, the search terms you enter, how often you open an application, how long you spend using the app and other similar information. c.. Location Information includes your ZIP-code and street address, as well as the whereabouts of your wireless device. Location information is generated when your device communicates with cell towers, Wi-Fi routers or access points and/or with other technologies, including the satellites that comprise the Global Positioning System. d.. TV Viewing Information is generated by your use of any of our satellite or IPTV (U-verse) services. These services may include video on demand, pay per view, DVR services, applications to watch your TV on the go for tablet or smartphone (such as the TV Everywhere app) and similar AT&T services and products, including the programs and channels you and those in your household watch and record, the times you watch and how long you watch. It also includes information like the interactive channels and games provided by U-verse or DirectTV. We also collect information related to your use and interaction with the equipment in your home, including the TV receivers, set top boxes, remotes and other devices you may use to access our services. From: That One Guy /sarcasm Sent: Sunday, October 11, 2015 11:53 PM To: [email protected] Subject: [AFMUG] how far can we go in capturing and investigating data? what is the legality of us capturing and reviewing data for troubleshooting. Is there a clearly defined line? I assume we cant capture encrypted traffic and try to decrypt it and get to the underlying data. Is there a set of words that we can put in our TOS that give us a pass? This is a concern thats come up because im troubleshooting an issue on a customer who is a prick. The type that would say "how did you find out whats happenning" And then trying to sue us when we tell them we captured and reviewed traffic. Im tempted to have the boss get a release drawn up for this douchebag to sign. Is this something we are covered over since it falls under the blanket of troubleshooting? Are we technically required to notify a customer if we are capturing their data? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
