Issues similar to “reasonable network management” come up in the context of wiretaps and specifically the Electronic Communications Privacy Act (ECPA). ECPA is described as a rule governed by exceptions. The rule is, “thou shall not listen in on other people’s communications,” where “thou” is everyone including ISPs. One of the exceptions to ECPA is that ISPs can intercept communications when necessary for the rendition and protection of their network. In the relevant provision, ECPA states
It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.
18 U.S.C. § 2511(2)(A)(i) (emphasis added).
ECPA attempts to draw a line between network activity that is necessary for the rendition of the service, and that which is not necessary and therefore potentially an illegal wiretap. But what does “necessary for the rendition and protection of service” mean? Several courts have considered this question. According to these courts, actions “necessary for the rendition and protection of service” includes intercepting communications from a cloned cellphone in order to determine its source, United States v. Pervaz, 118 F.3d 1, 5 (1st Cir. 1997), monitoring misuse of a network, United States v. Mullins, 992 F.2d 1472, 1478 (9th Cir. 1993), and intercepting communications from illegal devices in order to detect theft of service, United States v. Freeman, 524 F.2d 337, 341 (7th Cir. 1975).
This does not, however, give license to ISPs to do anything in the name of rendering or protecting service. According to DOJ, ISPs “should attempt to tailor their monitoring and disclosure to that which is reasonably related to the purpose of the monitoring.” One court states that “there should be a ’substantial nexus’ between the monitoring and the threat to the provider’s rights or property.” United States v. McLaren, 957 F. Supp. 215, 219 (M.D. Fla. 1997). For a more in depth discussion of ECPA and this particular exception, see DOJ’s 2009 Search and Seizure Manual, p. 172: The Provider Exception.
As the FCC examines the Open Internet proceeding and the possible distinction between reasonable and non-reasonable network management, can anything be learned from ECPA and its surrounding caselaw, including the concept of “activity necessary for the rendition and protection of that service”?