ISP CALEA compliance
Steven M. Bellovin
smb at cs.columbia.edu
Fri May 11 19:03:13 UTC 2007
On Fri, 11 May 2007 10:42:14 -0400
"Jason Frisvold" <xenophage0 at gmail.com> wrote:
>
> On 5/11/07, Brandon Galbraith <brandon.galbraith at gmail.com> wrote:
> > My understanding was data you had needed to be turned over when
> > requested, but CALEA provides no specification/guidance on log
> > retention.
>
> Agreed. My understanding, to date, is that the data to be turned over
> is data collected from the beginning of the CALEA tap. Historical
> data can be requested, but I'm not aware of any official legal
> guidelines on retention time.
>
There are no legal requirements on proactive data retention in the
US. Gonzales has suggested that there should be one, but at this
point it's just that -- a suggestion. I think that at the moment,
the odds of Congress enacting a Gonzales proposal are rather low;
they'd much rather impeach him than listen to him... There is now an EU
requirement on retention, but the EU's jurisdiction rules are, shall we
say, complex.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG
mailing list