ISP CALEA compliance

Jack Bates jbates at
Thu May 10 20:42:27 UTC 2007

William Allen Simpson wrote:
> Speaking from experience, that's very likely -- a lot of negotiation
> trouble.  No matter what happens, you'll pay some attorney fees.
> Also, the gag order was ruled unconstitutional, so always inform your
> customer!  They may be willing to work out attorney fees, and/or join
> you in a suppression hearing.
> You probably should remember to call your congresscritters to complain
> each and every time it happens.
> Most important: call your state ACLU, as they are trying to keep track,
> and might be of some help. ;-)
You work so hard to defend people that exploit children? Interesting. We are 
talking LEA here and not the latest in piracy law suits. The #1 request from a 
LEA in my experience concerns child exploitation.

> Follow the usual best practices, and you may save time and money.
> 1. Ensure that your DHCP, RADIUS, SMTP, and other logs are always,
> ALWAYS, *ALWAYS* rolled over and deleted within 7 days without backup.
> I'd recommend 3 days, but operational requirements vary.
This has been a nice trick by many, and it does circumvent CALEA as if you can't 
give the the customer info to begin with, they probably won't be able to request 
a tap. The exception is emergency taps requested while an action is going on.

> 2. Insist that you receive payment *in advance* before doing anything!
> And wait until the check clears.

I'm not sure that this would work with all LEA orders.

> 3. Remind the requesting agency that everything must be signed by a
> judge.  Call the issuing court to confirm.  Don't accept "exigent"
> administrative requests.  The recent inspector general report showed
> that most administrative requests were never followed up by actual
> judicially approved requests, and virtually none of them warranted
> exigent status -- they were illegal shortcuts.

The last I checked, LEAs have a 48 hour window for emergency orders, and they 
are supposed to be honored. I'd definitely check with a lawyer on that one.

> 4. Never, NEVER, *NEVER* speak to a federal agent of any kind.  Do not
> allow them into the building.  Require them to speak to your attorney.
> Require everything in writing.  No exceptions!
> We returned the first request as inadequate -- since it misspelled the
> name of the company and the address, and wasn't accompanied by a check.
> Our problem was that we weren't rigorous about #1 (some staff had been
> keeping some backups sometimes), and the resulting time and expense for
> extracting "lawful" information from all the rest was painful.  Learn
> from our mistake.

Hmmm, you must have been one of those types the agents I talked to were 
referring to. They said that those who give them the most flack usually get the 
least amount of slack. Play hardball with the government, and it will play 
hardball back at you. I'd definitely make sure you stick to #4 if following #1-3.

Of course, IANAL and YMMV.

Jack Bates

More information about the NANOG mailing list