IANAL, but I would think you could capture and investigate any traffic you want on your network. The problem would be what you do with that data, for example disclosing to third parties, disclosing to law enforcement without a valid warrant or court order pertaining to that customer, or using it to block or throttle legal content without a permitted network management purpose.
Oddly, if you capture kiddie porn, you may be required by state law to disclose that to law enforcement. Once you have accomplished your troubleshooting, I would probably delete any records of the captured data. If you don’t have it, you can’t disclose it. From: That One Guy /sarcasm Sent: Monday, October 12, 2015 12:53 AM To: [email protected] Subject: [AFMUG] how far can we go in capturing and investigating data? what is the legality of us capturing and reviewing data for troubleshooting. Is there a clearly defined line? I assume we cant capture encrypted traffic and try to decrypt it and get to the underlying data. Is there a set of words that we can put in our TOS that give us a pass? This is a concern thats come up because im troubleshooting an issue on a customer who is a prick. The type that would say "how did you find out whats happenning" And then trying to sue us when we tell them we captured and reviewed traffic. Im tempted to have the boss get a release drawn up for this douchebag to sign. Is this something we are covered over since it falls under the blanket of troubleshooting? Are we technically required to notify a customer if we are capturing their data? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
