ISP CALEA compliance

Mike Hammett nanog at
Thu May 10 20:39:12 UTC 2007

I believe if you have any equipment in the process at all, you're to be 
CALEA compliant.

Mike Hammett
Intelligent Computing Solutions

----- Original Message ----- 
From: "Sean Donelan" <sean at>
To: <nanog at>
Sent: Thursday, May 10, 2007 2:23 PM
Subject: Re: ISP CALEA compliance

> On Thu, 10 May 2007, Patrick Muldoon wrote:
>> We've been under the impression that is *all* data.  So for us, things 
>> like PPPoE Sessions, just putting a tap/span port upstream of the 
>> aggregation router will not work as you would miss any traffic going from 
>> USER A <-> USER B, if they where on the same aggregation device.   Since 
>> the Intercept has to be invisible to the parties being tapped, you can't 
>> route their traffic back out and then in either, since the tap would 
>> change the flow.    In that regard, we've been upgrading our older NPE's 
>> to newer ones in order to support SII,  All the while I keep having 
>> something a co-worker said stuck in my head.  "CALEA - Consultant And 
>> Lawyer Enrichment Act" :)
> If you are doing PPPOE over another carrier's ATM network, are you really
> a "facilities-based" provider?  Or is the CALEA compliance the 
> responsibility of the underlying ATM network provider to give LEA access 
> to the ATM VC of the subscriber under surviellance?

More information about the NANOG mailing list