Mike Joseph mj at
Sat May 28 03:37:51 UTC 2016

I can say via firsthand knowledge that CALEA requests are definitely
happening and are not even that rare, proportional to a reasonably sized
subscriber-base.  It would be unlawful for me to comment specifically on
any actual CALEA requests, however.  But if you have general questions
about my observations, feel free to reach out directly.


On Thu, May 12, 2016 at 11:28 AM, Brian Mengel <bmengel at> wrote:

> My comments were strictly limited to my understanding of CALEA as it
> applied to ISPs, not telcos.  A request for a lawful intercept can entail
> mirroring a real time stream of all data sent to/from a customer's Internet
> connection (cable modem/DSL/dedicated Ethernet) to a LEA.  AFAIK this
> requires mediation before being sent to the LEA and it is the mediation
> server itself that initiates the intercept when so configured by the ISP.
> Perhaps some LEAs have undertaken the mediation function so as to
> facilitate these intercepts where the neither the ISP nor a third party can
> do so.  If that were the case then very little would be needed on the part
> of the ISP in order to comply with a request for lawful intercept.  I can
> say with certainty that these types of requests are being made of broadband
> ISPs though I agree that they are very rare.
> On Wed, May 11, 2016 at 2:58 PM, Ricky Beam <jfbeam at> wrote:
> > On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel <bmengel at>
> > wrote:
> >
> > AFAIK being able to do a lawful intercept on a specific, named,
> >> individual's service has been a requirement for providers since 2007.
> >>
> >
> > It's been required for longer than that. The telco I worked for over a
> > decade ago didn't build the infrastructure until the FCC said they were
> > going to stop funding upgrades. That really got 'em movin'. (suddenly
> "data
> > services" people -- i.e. ME -- weren't redheaded stepchildren.)
> >
> > have never heard of a provider, big or small, being called out for being
> >> unable to provide this service when requested.
> >>
> >
> > Where existing infrastructure is not already in place (read:
> T1/BRI/etc.),
> > the telco can take up to 60 days to get that setup. I know more than one
> > telco that used that grace period to actually setup CALEA in the first
> > place.
> >
> > did not perform intercepts routinely.
> >>
> >
> > The historic published figures (i've not looked in years) suggest CALEA
> > requests are statistically rare. The NC based telco I worked for had
> never
> > received an order in the then ~40yr life of the company.
> >
> > The mediation server needed to "mediate" between your customer
> aggregation
> >> box and the LEA is not inexpensive.
> >>
> >
> > And also is not the telco's problem. Mediation is done by the LEA or 3rd
> > party under contract to any number of agencies. For example, a telco tap
> > order would mirror the control and voice traffic of a POTS line (T1/PRI
> > channel, etc.) into a BRI or specific T1 channel. (dialup was later
> added,
> > but wasn't required in my era, so we didn't support it.) We used to test
> > that by tapping a tech's phone. Not having any mediation software, all I
> > could do is "yeap, it's sending data" and listen to the voice channels
> on a
> > t-berd.
> >
> > --Ricky
> >

More information about the NANOG mailing list