ISP CALEA compliance

Jack Bates jbates at
Fri May 11 14:18:05 UTC 2007

Donald Stahl wrote:
> Working hard to defend privacy does not automatically equal protecting 
> people who exploit children- and I'm getting sick and tired of people 
> screaming "Think of the children!" It's a stupid, fear mongering tactic- 
> and hopefully one day people will think of it in the same way as crying 
> wolf.

Confirming a warrant == working hard to defend privacy.

Making sure check clears != working hard to defend privacy
("Yep, you are protected from the government until they pay me.")

Deleting logs to inhibit valid warrants != working hard to defend privacy.

CALEA itself is only for taps, and does not cover record storage. We'll 
be hit with that next, and it probably won't be nice legislation based 
on what other countries have passed. Lack of maintaining any more of 
records and even purposefully deleting them to inhibit law enforcement 
will leave the government no choice but to let a bunch of non-technical 
people design how we should store records.

The new rules for cnpi come into effect later this year, designed to 
keep telco's a little sharper on maintaining customer privacy.

As for CALEA and data taps, who are you fooling? Do you tell customers 
they have an expectation of privacy on the Internet? Does anyone here 
actually believe that? If so, why are there rantings and ravings about 
the weakness in encryption protocols? Why encrypt data at all over the 
Internet? Why sign code? If there's an expectation of privacy, then 
there should be an expectation of security. If my data can't be viewed, 
it won't be modified. Perhaps you believe that criminals have the right 
to invade privacy, but the government doesn't have that right even when 
they do have just cause.

> Great- so a bunch of people who want the laws bent for them go on a 
> power trip because you expect them to OBEY THE LAW and you end up with 
> no recourse against them. Yeah- this is the America I want to live in. 
> You're absolutely right- it's a crying shame we aren't all buddies with 
> the fed's- after all- they only want what's best for us! I'm looking 
> forward to the day when the government tells me what to think- thinking 
> is hard after all.

I have no problem with expecting a LEA to follow the law. I do have an 
issue with making life as difficult as possible for them to do their job 
when they are within the law. I'm not surprised that when they are 
dealing with companies that delete all evidence they might need or push 
as much red tape as possible, that the LEA turns around and scrutinizes 
the company to find where they might be in breach of the law.

> If you don't have anything to hide- then why should you care right?

Privacy is always a large concern. However, privacy should be addressed 
through proper channels, not by trying to circumvent the laws that have 

> On the other hand- these sorts of laws may just be enough to push 
> everyone to use encryption- and then what will LE do?

I agree that it will most likely push criminals to use encryption. On 
the other hand, lots of criminals are stupid, so perhaps some good will 
come out of it. If it pushes everyone to use encryption, we are better 
for it. See above, what expectation of privacy did we have to begin 
with? Encryption good.


More information about the NANOG mailing list