nanog mailing list archives
Re: CALEA
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 31 May 2016 10:31:44 -0400
"Encryption The number of state wiretaps in which encryption was encountered decreased from 41 in 2013 to 22 in 2014. In two of these wiretaps, officials were unable to decipher the plain text of the messages. Three federal wiretaps were reported as being encrypted in 2014, of which two could not be decrypted. Encryption was also reported for five federal wiretaps that were conducted during previous years, but reported to the AO for the first time in 2014. Officials were able to decipher the plain text of the communications in four of the five intercepts." that's certainly interesting... On Tue, May 31, 2016 at 3:12 AM, Martin Hannigan <hannigan () gmail com> wrote:
Misfire. Sorry, early in the AM. The URL I intended to send is here: http://www.uscourts.gov/statistics-reports/wiretap-report-2014 Best, -M< On Tue, May 31, 2016 at 9:10 AM, Martin Hannigan <hannigan () gmail com> wrote:CALEA isn't a type of request, it's a law that enabled par function access for LEO's e.g. "the ladder" pin register, trap+trace, DTMF translation, three-way/off hook ops and the call content (not necessarily in that order). You can see the non national security activity here: On Sat, May 28, 2016 at 5:37 AM, Mike Joseph <mj () doze net> wrote:I can say via firsthand knowledge that CALEA requests are definitely happening and are not even that rare, proportional to a reasonably sized subscriber-base. It would be unlawful for me to comment specifically on any actual CALEA requests, however. But if you have general questions about my observations, feel free to reach out directly. -MJ On Thu, May 12, 2016 at 11:28 AM, Brian Mengel <bmengel () gmail com>wrote:My comments were strictly limited to my understanding of CALEA as it applied to ISPs, not telcos. A request for a lawful intercept canentailmirroring a real time stream of all data sent to/from a customer'sInternetconnection (cable modem/DSL/dedicated Ethernet) to a LEA. AFAIK this requires mediation before being sent to the LEA and it is the mediation server itself that initiates the intercept when so configured by theISP.Perhaps some LEAs have undertaken the mediation function so as to facilitate these intercepts where the neither the ISP nor a thirdparty cando so. If that were the case then very little would be needed on thepartof the ISP in order to comply with a request for lawful intercept. Icansay with certainty that these types of requests are being made ofbroadbandISPs though I agree that they are very rare. On Wed, May 11, 2016 at 2:58 PM, Ricky Beam <jfbeam () gmail com> wrote:On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel <bmengel () gmail com> wrote: AFAIK being able to do a lawful intercept on a specific, named,individual's service has been a requirement for providers since2007.It's been required for longer than that. The telco I worked for overadecade ago didn't build the infrastructure until the FCC said theyweregoing to stop funding upgrades. That really got 'em movin'. (suddenly"dataservices" people -- i.e. ME -- weren't redheaded stepchildren.) have never heard of a provider, big or small, being called out forbeingunable to provide this service when requested.Where existing infrastructure is not already in place (read:T1/BRI/etc.),the telco can take up to 60 days to get that setup. I know more thanonetelco that used that grace period to actually setup CALEA in thefirstplace. did not perform intercepts routinely.The historic published figures (i've not looked in years) suggestCALEArequests are statistically rare. The NC based telco I worked for hadneverreceived an order in the then ~40yr life of the company. The mediation server needed to "mediate" between your customeraggregationbox and the LEA is not inexpensive.And also is not the telco's problem. Mediation is done by the LEA or3rdparty under contract to any number of agencies. For example, a telcotaporder would mirror the control and voice traffic of a POTS line(T1/PRIchannel, etc.) into a BRI or specific T1 channel. (dialup was lateradded,but wasn't required in my era, so we didn't support it.) We used totestthat by tapping a tech's phone. Not having any mediation software,all Icould do is "yeap, it's sending data" and listen to the voicechannelson at-berd. --Ricky
Current thread:
- Re: CALEA, (continued)
- Re: CALEA Josh Reynolds (May 10)
- Re: CALEA Christopher Morrow (May 10)
- Re: CALEA Josh Reynolds (May 10)
- Re: CALEA Brian Mengel (May 11)
- Re: CALEA Ricky Beam (May 11)
- Re: CALEA Brian Mengel (May 12)
- Re: CALEA Mike Joseph (May 29)
- Re: CALEA Josh Luthman (May 29)
- Re: CALEA Martin Hannigan (May 31)
- Re: CALEA Martin Hannigan (May 31)
- Re: CALEA Christopher Morrow (May 31)
- Re: CALEA Leo Bicknell (May 11)