ISP CALEA compliance
jared at puck.nether.net
Fri May 11 16:17:04 UTC 2007
On Fri, May 11, 2007 at 10:42:14AM -0400, Jason Frisvold wrote:
> On 5/11/07, Brandon Galbraith <brandon.galbraith at gmail.com> wrote:
> > My understanding was data you had needed to be turned over when requested,
> > but CALEA provides no specification/guidance on log retention.
> Agreed. My understanding, to date, is that the data to be turned over
> is data collected from the beginning of the CALEA tap. Historical
> data can be requested, but I'm not aware of any official legal
> guidelines on retention time.
CALEA is not a subscriber records type of subponea or similar.
I'm very concerned with the comments here that folks may come up
with an opinion that CALEA is something they don't need to pay attention
to. You may luck out and never see a request, nor a Title III, nor
FISA, NSL, or any other lawful request. This is not a political thing
the way some here on the list appear to be coloring it.
We (as an industry) need to comply with a lawful request, the same
as any other industry (eg: financial services, or otherwise).
If you take a casual moment to read the CALEA statute, you will
notice it's a capability to perform intercepts, not logs, etc..
If you do not have experience in dealing with court orders, when
you get one, engage some legal counsel immediately. There are some
small things that you can inadvertently do that can either compromise
the evidence for the LEA, or possibly place your company at significant
legal risk. I know that DoJ specifically has trained folks about
CALEA. Call your local FBI office. Also CALEA isn't just a DoJ thing,
it could be your local police, state police, or otherwise.
You will need to have the capability to relay to them (in
realtime or pseudo-realtime) via the LES protocol. If your customer
is a 10G or 40G customer, you need to have the ability to perform
that intercept. There is not a cutting-edge technology safe-harbor.
Your only safe-harbor for problems is "the industry standard", which
currently is interpreted for internet stuff as the T1.IAS. You
can buy it for $185 (or $164) here:
You really need to be talking to a mediation device provider
and/or your vendors. They each have a lawful-intercept story. Don't
expect any of these solutions to be elegant, as most of them use
stuff like snmp-set and other things to hide the configuration, as per
your Systems Security and Integrity Plan that you had to file already
(you did file this, right? as well as filing form 445 ;) not everyone
in your company should know about the intercept.
If there is interest, perhaps I can make a call to DoJ and
see if someone can present on CALEA at nanog in a few weeks? (incase
the PC can accomodate them).
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the NANOG