ISP CALEA compliance
jared at puck.nether.net
Thu May 10 16:44:00 UTC 2007
On Thu, May 10, 2007 at 08:44:00AM -0700, Nikos Mouat wrote:
> I have interpretted CALEA to apply only to providers of VOICE service, be
> it VOIP or traditional, however I was told this morning point blank by the
> FCC that CALEA most definitely applies to all ISPs that provide internet
> access at speeds over 200k.
> The FCC said that routers must send a copy of all packets to and from a
> selected IP to law enforcement in real time from gateway routers.
> I've seen very little CALEA related traffic on this list which reinforced
> my belief that it did not apply to data providers.
> Can anyone comment on this?
You need to have a router or some appliances that will assist
you in the required lawful-intercept capabilities that are necessary.
Take the time to read the 2nd order and report, and review FCC
form 445. The filing date for that form passed, but that was a form to be
filed to capture a "snapshot" of the current state of compliance.
Keep in mind that you may need to negotiate with the requesting
agency (ie: the folks that give you the subponea that cites CALEA).
Take a moment and also review things like T1.IAS (I think it was
There was also a brief CALEA presentation at the past nanog. As
usual, make sure you chat with your legal counsel. Finding some that have
FCC knowledge/competence (and technology) is a plus.
If you're not offering VoIP services, your life may be easier as
you will only need to intercept the data. Depending on your environment
you could do this with something like port-mirroring, or something
more advanced. There are a number of folks that offer TTP (Trusted
third-provider) services. Verisign comes to mind. But using a TTP
doesn't mean you can hide behind them. Compliance is ultimately your
(the company that gets the subponea) responsibility.
This is a oversimplified summary and since IANAL nor am I a
CALEA expert all this may be bunk.
Some possibly useful links:
- Jared (IANAL!)
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the NANOG