ISP CALEA compliance

Steven M. Bellovin smb at
Fri May 11 19:03:13 UTC 2007

On Fri, 11 May 2007 10:42:14 -0400
"Jason Frisvold" <xenophage0 at> wrote:

> On 5/11/07, Brandon Galbraith <brandon.galbraith at> wrote:
> > My understanding was data you had needed to be turned over when
> > requested, but CALEA provides no specification/guidance on log
> > retention.
> Agreed.  My understanding, to date, is that the data to be turned over
> is data collected from the beginning of the CALEA tap.  Historical
> data can be requested, but I'm not aware of any official legal
> guidelines on retention time.
There are no legal requirements on proactive data retention in the
US.  Gonzales has suggested that there should be one, but at this
point it's just that -- a suggestion.  I think that at the moment,
the odds of Congress enacting a Gonzales proposal are rather low;
they'd much rather impeach him than listen to him...  There is now an EU
requirement on retention, but the EU's jurisdiction rules are, shall we
say, complex.

		--Steve Bellovin,

More information about the NANOG mailing list