This work was motivated by a discussion that two of the coauthors (computer science professors) had with the other coauthor (a law professor and a former computer crime Trial Attorney at the U.S. Department of Justice), in which it was pointed out that some of the network measurements that the computer scientists were thinking of making might potentially violate Federal laws.

Several Federal laws prohibit or restrict network monitoring and the sharing of records of network activity. These laws are designed to protect online privacy. They apply both to private parties and government agents, although the details vary depending on who is doing the monitoring. The most important thing to note is that none of these laws contain any specific exceptions or safe harbors for scientific or academic research. The laws are complex, but they follow a basic pattern. First, certain types of network monitoring and data access are prohibited. People who violate the prohibitions may be sued by the people whose privacy they invade and potentially prosecuted and convicted of federal crimes (i.e., misdemeanor and felony convictions).

In this paper, we will examine these laws and consider what they might mean for the network measurement community. Although we focus on U.S. Federal Law, we also highlight general trends and approaches in state and international laws that impact network researchers. We will examine the steps commonly taken in prior research in network measurement to respect user privacy, and we will compare those approaches to the evolving legal rules. We will also consider whether legislative reform is needed, describe steps that researchers might take when pursuing such work in light of the legal rules, and propose future technical and policy-related steps the community can take to focus more attention on user privacy.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	ACM SIGCOMM and USENIX, Sixth Internet Measurement Conference, 2005. Available online at http://www.imconf.net/imc-2005/papers/program.html.
	2	ACM SIGCOMM and USENIX, Sixth Internet Measurement Conference, 2006. Available online at http://www.imconf.net/imc-2006/program.html.
	3	C. H. Kennedy and P. Swire, "State wireless and electronic surveillance after september 11," Hastings Law Journal, vol. 54, no. 847, 2003. Appendix A.
	4	C. of Europe, "Convention on cybercrime budapest 23.xi.2001." Available as http://conventions.coe.int/Treaty/EN/Treaties/HTML/185.htm.
	5	"18 united states code § 2511." Available athttp://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002511-000-.html.
	6	The First Amendment Handbook. The Reporters Committee for Freedom of the Press, 2003. Available as http://www.rcfp.org/handbook/c03p01.html.
	7	M. Rasch, "Chat, copy, paste, prison," SecurityFocus, April 2004.
	8	Griggs-Ryan v. Smith, 904 F.2d 112 (1st Cir. 1990).
	9	U.S. v. Angevine, 281 F.3d 1130 (10th Cir. 2002).
	10	"18 united states code § 3127." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00003127-000-.html.
	11	"18 united states code § 2701." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002701-000-.html.
	12	"18 united states code § 2702." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002702-000-.html.
	13	"18 united states code § 2703." Available at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002703-000-.html.
	14	Jun Xu , Jinliang Fan , Mostafa H. Ammar , Sue B. Moon, Prefix-Preserving IP Address Anonymization: Measurement-Based Security Evaluation and a New Cryptography-Based Scheme, Proceedings of the 10th IEEE International Conference on Network Protocols, p.280-289, November 12-15, 2002
	15	"Crypto-pan software," 2004. Available from http://www.cc.gatech.edu/computing/Networking/projects/cryptopan/.
	16	Ruoming Pang , Mark Allman , Vern Paxson , Jason Lee, The devil and packet trace anonymization, ACM SIGCOMM Computer Communication Review, v.36 n.1, January 2006  [doi>10.1145/1111322.1111330]
	17	Joel Sommers , Paul Barford, Self-configuring network traffic generation, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy  [doi>10.1145/1028788.1028798]
	18	Kashi Venkatesh Vishwanath , Amin Vahdat, Realistic and responsive network traffic generation, ACM SIGCOMM Computer Communication Review, v.36 n.4, October 2006
	19	M. Barbaro and T. Z. Jr., "A face is exposed for aol searcher number 4417749," New York Times, Aug 2006.
	20	C. Soghoian, "The problem of anonymous vanity searches," Jan 2007. Available at SSRN http://ssrn.com/abstract=953673.