A couple federal laws that relate to my line of work are The Wiretap Act and the Pen Register and Trap and Trace Act. The Wiretap Act applies to the monitoring of the content of communications. Whereas, the Pen Register and trap and Trace act applies to the monitoring of non-content headers (i.e. e-mail, http, and IP headers). Although there are some differences in these laws, they are also very similar. An ethical issue that relates to these two laws in my line of work deals with privacy of user data. For my job, as a network administrator, it is part of my duty to monitor the network systems to assure the availability of critical network services, and to also analyze user trends and traffic patterns. Naturally, some of the data that is captured conducting traffic analysis consist of personal/private data that was captured without the user’s awareness. Although the information captured is critical to doing my job effectively, all of this monitoring comes at a cost to user privacy because the monitoring tracks and records the private behavior of users on the network.
With regards to these two laws, I have to be extremely careful not to exceed the expectations of my job. It is important that I remember that I can only access private information on computer systems or networks only when it is necessary to conduct my duties. It is a responsibility that I maintain the confidentiality of any user data that is collected during monitoring and to conceal any identifying information, unless it’s necessary to perform my job. For example, if I notice a security incident during monitoring that identifies a user’s machine or account then I would be well within my rights to releasing that user’s name to the proper authorities. However, if I were conducting traffic analysis to strictly identify those services and applications that are consuming the most bandwidth, then it would be un-ethical (in my opinion) to collect/save any data that identifies a particular user (i.e. username, ID, passwords, etc.), especially the content of their conversations, since that would have nothing to do with my report of bandwidth consumption by application or service.