ISP CALEA compliance

Jared Mauch jared at
Thu May 10 16:44:00 UTC 2007

On Thu, May 10, 2007 at 08:44:00AM -0700, Nikos Mouat wrote:
> I have interpretted CALEA to apply only to providers of VOICE service, be 
> it VOIP or traditional, however I was told this morning point blank by the 
> FCC that CALEA most definitely applies to all ISPs that provide internet 
> access at speeds over 200k.
> The FCC said that routers must send a copy of all packets to and from a 
> selected IP to law enforcement in real time from gateway routers.
> I've seen very little CALEA related traffic on this list which reinforced 
> my belief that it did not apply to data providers.
> Can anyone comment on this?


	You need to have a router or some appliances that will assist
you in the required lawful-intercept capabilities that are necessary.

	Take the time to read the 2nd order and report, and review FCC
form 445.  The filing date for that form passed, but that was a form to be
filed to capture a "snapshot" of the current state of compliance.

	Keep in mind that you may need to negotiate with the requesting
agency (ie: the folks that give you the subponea that cites CALEA).

	Take a moment and also review things like T1.IAS (I think it was
renamed again).

	There was also a brief CALEA presentation at the past nanog.  As
usual, make sure you chat with your legal counsel.  Finding some that have
FCC knowledge/competence (and technology) is a plus.

	If you're not offering VoIP services, your life may be easier as
you will only need to intercept the data.  Depending on your environment
you could do this with something like port-mirroring, or something
more advanced.  There are a number of folks that offer TTP (Trusted
third-provider) services.  Verisign comes to mind.  But using a TTP
doesn't mean you can hide behind them.  Compliance is ultimately your
(the company that gets the subponea) responsibility.

	This is a oversimplified summary and since IANAL nor am I a
CALEA expert all this may be bunk.

Some possibly useful links:

	- Jared (IANAL!)

Jared Mauch  | pgp key available via finger from jared at
clue++;      |  My statements are only mine.

More information about the NANOG mailing list