ISP CALEA compliance

Sean Donelan sean at
Thu May 10 19:23:26 UTC 2007

On Thu, 10 May 2007, Patrick Muldoon wrote:
> We've been under the impression that is *all* data.  So for us, things like 
> PPPoE Sessions, just putting a tap/span port upstream of the aggregation 
> router will not work as you would miss any traffic going from USER A <-> USER 
> B, if they where on the same aggregation device.   Since the Intercept has to 
> be invisible to the parties being tapped, you can't route their traffic back 
> out and then in either, since the tap would change the flow.    In that 
> regard, we've been upgrading our older NPE's to newer ones in order to 
> support SII,  All the while I keep having something a co-worker said stuck in 
> my head.  "CALEA - Consultant And Lawyer Enrichment Act" :)

If you are doing PPPOE over another carrier's ATM network, are you really
a "facilities-based" provider?  Or is the CALEA compliance the 
responsibility of the underlying ATM network provider to give LEA access 
to the ATM VC of the subscriber under surviellance?

More information about the NANOG mailing list