nanog mailing list archives

Re: ISP CALEA compliance

From: Jared Mauch <jared () puck nether net>
Date: Thu, 10 May 2007 12:44:00 -0400


On Thu, May 10, 2007 at 08:44:00AM -0700, Nikos Mouat wrote:



I have interpretted CALEA to apply only to providers of VOICE service, be 
it VOIP or traditional, however I was told this morning point blank by the 
FCC that CALEA most definitely applies to all ISPs that provide internet 
access at speeds over 200k.

The FCC said that routers must send a copy of all packets to and from a 
selected IP to law enforcement in real time from gateway routers.

I've seen very little CALEA related traffic on this list which reinforced 
my belief that it did not apply to data providers.

Can anyone comment on this?


        Sure,

        You need to have a router or some appliances that will assist
you in the required lawful-intercept capabilities that are necessary.

        Take the time to read the 2nd order and report, and review FCC
form 445.  The filing date for that form passed, but that was a form to be
filed to capture a "snapshot" of the current state of compliance.

        Keep in mind that you may need to negotiate with the requesting
agency (ie: the folks that give you the subponea that cites CALEA).

        Take a moment and also review things like T1.IAS (I think it was
renamed again).

        There was also a brief CALEA presentation at the past nanog.  As
usual, make sure you chat with your legal counsel.  Finding some that have
FCC knowledge/competence (and technology) is a plus.

        If you're not offering VoIP services, your life may be easier as
you will only need to intercept the data.  Depending on your environment
you could do this with something like port-mirroring, or something
more advanced.  There are a number of folks that offer TTP (Trusted
third-provider) services.  Verisign comes to mind.  But using a TTP
doesn't mean you can hide behind them.  Compliance is ultimately your
(the company that gets the subponea) responsibility.

        This is a oversimplified summary and since IANAL nor am I a
CALEA expert all this may be bunk.

Some possibly useful links:

http://www.fcc.gov/calea/
http://www.askcalea.net/
http://www.access.gpo.gov/uscode/title47/chapter9_subchapteri_.html

        - Jared (IANAL!)

-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

Current thread:

ISP CALEA compliance Nikos Mouat (May 10)
- Re: ISP CALEA compliance Chris L. Morrow (May 10)
- Re: ISP CALEA compliance David E. Smith (May 10)
  - Re: ISP CALEA compliance Mike Hammett (May 10)
- Re: ISP CALEA compliance Jared Mauch (May 10)
  - Re: ISP CALEA compliance Jason Frisvold (May 10)
    - Re: ISP CALEA compliance Jeff Shultz (May 10)
    - Re: ISP CALEA compliance Patrick Muldoon (May 10)
    - Re: ISP CALEA compliance Jason Frisvold (May 10)
    - Re: ISP CALEA compliance Sean Donelan (May 10)
    - Re: ISP CALEA compliance Daniel Senie (May 10)
    - Re: ISP CALEA compliance Sean Donelan (May 10)
    - Re: ISP CALEA compliance Patrick Muldoon (May 10)
    - Re: ISP CALEA compliance Mike Hammett (May 10)
    - Re: ISP CALEA compliance Sean Donelan (May 10)

(Thread continues...)