David Canton – For the London Free Press – Saturday March 25, 2006
A subscriber to residential high-speed Internet services recently complained to the Privacy Commissioner that his Internet Service Provider (ISP) was reading his outgoing e-mails and declining to send them if they did not go through their own mail server.
The Privacy Commissioner decided the ISP had not breached any privacy obligations. The decision suggested the complainant was a spammer. The real reason behind the complaint may have been the individual did not want the spam he was sending to be blocked by the ISP.
The complainant subscribed to the ISP’s high-speed Internet service. He also subscribed to a web-centred company’s e-mail service, which allows individuals to send and receive e-mail messages from external mail accounts. The complainant was upset because he could not send e-mail without going through his ISP’s mail servers.
The ISP stated it makes its customers use its outgoing mail server because of its anti-spam measures. The complainant alleged by “reading” his outgoing e-mail, the ISP was collecting and using his personal information without consent.
Information travelling over the Internet is sent in packets which are combined at the other end to form the web page, image, e-mail, or whatever other form the information is in. Each packet contains information that is used to send the packets to the right place. One piece of that information is the port number information.
Think of the port number as a highway number.
Port 25 relates to e-mail.
The Internet knows a packet is e-mail if it refers to port 25.
In this instance, when port 25 was identified, the ISP looked at the destination IP address to make sure the e-mail was being routed through its own mail servers.
If that was not the case, it assumed the e-mail was spam and did not send it.
The ISP stated it did not otherwise inspect the content of the packet.
The complainant was trying to route his e-mail through the outside mail server, and believed his ISP did not have the right to know that he was using the other web-centred company as a third-party mail provider.
An important element of the commissioner’s findings was that the ISP’s terms of service — to which the complainant consented when subscribing for service — state the user agrees the ISP can monitor use of the ISP’s internet services, and monitor, review and retain content, material or information if the ISP believes such activity is necessary to provide the ISP’s Internet service to its customers. The ISP can read just about anything sent by users if it decides it is necessary for service.