CALEA options for small/midsize ISPs

Mon Jan 21 04:30:47 UTC 2013

I have yet to see a lot of networks in TRUE compliance with CALEA
requirements. Most of the time, it's some intermediate box that is doing a
netflow-esque imports from routers that net/j/xyzflow normally. The only
issue I/we ever ran into was how to in fact process the LEA request for an
actual CALEA intercept (as you pointed out, there are differences). At the
end of the day, I'm not totally convinced there is a completely tried and
true way to get it out. The burden is on the SP to show some level of
compliance, which I think is probably done pretty well at the end of the
day. The CALEA equipment is often very expensive, and often the expense is
just not feasible to many small to mid sized ISP's.

On another note, the CALEA for telephony is absolutely rock solid. They
can include Side A and Side B (to show a party was indeed talking on the
phone for evidence purposes), they can have the switch center
automatically call the LEA to listen in on the conversation in real time.
All said, the phone guys have been processing wire taps and LEA requests
for years, and do it on a fairly regular basis. I have never actually seen
a real life CALEA request for real time interception of data (not saying
they don't exist), so I have little experience in actually pressing the
button. I think as long as you're showing the local/state/feds that you
want to play ball, they take what you give with a smile. I would be
curious to see what would happen if a lawful intercept request came
through and the service provider refused to process it. I have been a
party to many discussions as to the application of CALEA and most people
believe (rightly or not) they are not required to comply.

On 1/20/13 8:10 PM, "Justin Wilson" <lists at mtin.net> wrote:

>	I agree with the TTP taking the IP traffic.  They simply re-package it
>for the LEA.
>
>	It's up to the LEA to take the traffic flow or not. If it's a true CALEA
>warrant, not a normal wire tap, the defense could argue they did not
>follow protocol.
>
>	Justin
>
>
>-----Original Message-----
>From: Frank Bulk <frnkblk at iname.com>
>Date: Sunday, January 20, 2013 11:03 PM
>To: Justin Wilson <lists at mtin.net>, <nanog at nanog.org>
>Subject: RE: CALEA options for small/midsize ISPs
>
>>Our Trusted Third Party (TTP) asked us to IP Traffic Export.  As others
>>commented in this forum, the LEAs is not looking for SPs to replace their
>>entire networks to create an ideal CALEA-compliant environment.  It's my
>>understanding that LEA will take a Cisco IP Traffic Export flow.
>>
>>Frank
>>
>>-----Original Message-----
>>From: Justin Wilson [mailto:lists at mtin.net]
>>Sent: Sunday, January 20, 2013 9:54 PM
>>To: nanog at nanog.org
>>Subject: Re: CALEA options for small/midsize ISPs
>>
>>	I don't see any mention of CALEA. A traffic dump won't satisfy a
>>CALEA
>>warrant.
>>
>>	Justin
>>
>>
>>-----Original Message-----
>>From: Frank Bulk <frnkblk at iname.com>
>>Date: Sunday, January 20, 2013 10:31 PM
>>To: 'Warren Bailey' <wbailey at satelliteintelligencegroup.com>, Byron
>>Hooper
>><bhooper at staff.gwi.net>, <nanog at nanog.org>
>>Subject: RE: CALEA options for small/midsize ISPs
>>
>>>Another option is the IP traffic export option.
>>>http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.
>>>h
>>>t
>>>ml
>>>
>>>Frank
>>>
>>>-----Original Message-----
>>>From: Warren Bailey [mailto:wbailey at satelliteintelligencegroup.com]
>>>Sent: Sunday, January 20, 2013 6:34 PM
>>>To: Byron Hooper; nanog at nanog.org
>>>Subject: RE: CALEA options for small/midsize ISPs
>>>
>>>We used Cisco for lawful intercept.. Their mibs are wanky and at the
>>>time
>>>only the 7206 was support for the LI functionality. Food for thought.
>>>
>>>
>>>From my Android phone on T-Mobile. The first nationwide 4G network.
>>>
>>>
>>>
>>>-------- Original message --------
>>>From: Byron Hooper <bhooper at staff.gwi.net>
>>>Date: 01/20/2013 3:00 PM (GMT-08:00)
>>>To: nanog at nanog.org
>>>Subject: CALEA options for small/midsize ISPs
>>>
>>>
>>>Hello All,
>>>
>>>My company is looking at updating our CALEA set up.  Our network has
>>>changed appreciably since our initial rollout and I am looking at
>>>utilizing
>>>Cisco's Lawful Intercept.  I'm wondering what people are using as
>>>"Mediator
>>>Devices", aka what the Cisco routers are sending the Lawful Intercept
>>>stream to.
>>>
>>>Cisco's Lawful Intercept seems like a solid option since all it requires
>>>for us is an IOS upgrade on our core routers and something to act as a
>>>Mediator, but I'm also interested in solutions others are using.
>>>
>>>
>>>
>>>--
>>>Byron Hooper
>>>Network Engineer
>>>GWI
>>>8 Pomerleau Street
>>>Biddeford, ME 04005
>>>Office & Cell: (207) 602-1215
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
>
>