To meet demands for increased interconnectivity, efficiency or competitiveness, organizations increasingly rely on technology. This trend creates significant opportunities to improve service delivery and to move into new areas of endeavour. But reliance on an inherently insecure infrastructure exposes organizations to a constantly evolving threat environment. Not only has the nature of the threat changed, so too has the scope of the protection problem. Protection of information systems is now seen as a component of national security. As organizational assets move online, so does the threat. Key sources of threat information are now online, including within the network communications themselves. This puts organizations in a position where they must monitor network communications in order to obtain intelligence, indications and warnings of intrusions and evidence to support criminal prosecution as appropriate. One method,of performing this monitoring is through the use of intrusion detection systems (IDS). However, this may involve the monitoring of private communications, which introduces a number of legal privacy and criminal law) concerns. While existing legislation adequately addresses interception by S&I and law enforcement agencies, they generally fail to address interception of network traffic by other public or private sector organizations. This paper seeks to identify and discuss some of the key legal issues affecting the development of a general legal framework for intrusion detection for network protection.
