North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP CALEA compliance

  • From: Jared Mauch
  • Date: Thu May 10 12:47:51 2007

On Thu, May 10, 2007 at 08:44:00AM -0700, Nikos Mouat wrote:
> 
> 
> I have interpretted CALEA to apply only to providers of VOICE service, be 
> it VOIP or traditional, however I was told this morning point blank by the 
> FCC that CALEA most definitely applies to all ISPs that provide internet 
> access at speeds over 200k.
> 
> The FCC said that routers must send a copy of all packets to and from a 
> selected IP to law enforcement in real time from gateway routers.
> 
> I've seen very little CALEA related traffic on this list which reinforced 
> my belief that it did not apply to data providers.
> 
> Can anyone comment on this?

	Sure,

	You need to have a router or some appliances that will assist
you in the required lawful-intercept capabilities that are necessary.

	Take the time to read the 2nd order and report, and review FCC
form 445.  The filing date for that form passed, but that was a form to be
filed to capture a "snapshot" of the current state of compliance.

	Keep in mind that you may need to negotiate with the requesting
agency (ie: the folks that give you the subponea that cites CALEA).

	Take a moment and also review things like T1.IAS (I think it was
renamed again).

	There was also a brief CALEA presentation at the past nanog.  As
usual, make sure you chat with your legal counsel.  Finding some that have
FCC knowledge/competence (and technology) is a plus.

	If you're not offering VoIP services, your life may be easier as
you will only need to intercept the data.  Depending on your environment
you could do this with something like port-mirroring, or something
more advanced.  There are a number of folks that offer TTP (Trusted
third-provider) services.  Verisign comes to mind.  But using a TTP
doesn't mean you can hide behind them.  Compliance is ultimately your
(the company that gets the subponea) responsibility.

	This is a oversimplified summary and since IANAL nor am I a
CALEA expert all this may be bunk.

Some possibly useful links:

http://www.fcc.gov/calea/
http://www.askcalea.net/
http://www.access.gpo.gov/uscode/title47/chapter9_subchapteri_.html

	- Jared (IANAL!)

-- 
Jared Mauch  | pgp key available via finger from [email protected]
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.