On Thu, May 10, 2007 at 08:44:00AM -0700, Nikos Mouat wrote:
I have interpretted CALEA to apply only to providers of VOICE service, be it VOIP or traditional, however I was told this morning point blank by the FCC that CALEA most definitely applies to all ISPs that provide internet access at speeds over 200k.
The FCC said that routers must send a copy of all packets to and from a selected IP to law enforcement in real time from gateway routers.
I've seen very little CALEA related traffic on this list which reinforced my belief that it did not apply to data providers.
Can anyone comment on this?
Sure, You need to have a router or some appliances that will assist you in the required lawful-intercept capabilities that are necessary. Take the time to read the 2nd order and report, and review FCC form 445. The filing date for that form passed, but that was a form to be filed to capture a "snapshot" of the current state of compliance. Keep in mind that you may need to negotiate with the requesting agency (ie: the folks that give you the subponea that cites CALEA). Take a moment and also review things like T1.IAS (I think it was renamed again). There was also a brief CALEA presentation at the past nanog. As usual, make sure you chat with your legal counsel. Finding some that have FCC knowledge/competence (and technology) is a plus. If you're not offering VoIP services, your life may be easier as you will only need to intercept the data. Depending on your environment you could do this with something like port-mirroring, or something more advanced. There are a number of folks that offer TTP (Trusted third-provider) services. Verisign comes to mind. But using a TTP doesn't mean you can hide behind them. Compliance is ultimately your (the company that gets the subponea) responsibility. This is a oversimplified summary and since IANAL nor am I a CALEA expert all this may be bunk. Some possibly useful links: http://www.fcc.gov/calea/ http://www.askcalea.net/ http://www.access.gpo.gov/uscode/title47/chapter9_subchapteri_.html - Jared (IANAL!) -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.