On Fri, May 11, 2007 at 10:42:14AM -0400, Jason Frisvold wrote:
On 5/11/07, Brandon Galbraith <brandon.galbraith@gmail.com> wrote:
My understanding was data you had needed to be turned over when requested, but CALEA provides no specification/guidance on log retention.
Agreed. My understanding, to date, is that the data to be turned over is data collected from the beginning of the CALEA tap. Historical data can be requested, but I'm not aware of any official legal guidelines on retention time.
CALEA is not a subscriber records type of subponea or similar. I'm very concerned with the comments here that folks may come up with an opinion that CALEA is something they don't need to pay attention to. You may luck out and never see a request, nor a Title III, nor FISA, NSL, or any other lawful request. This is not a political thing the way some here on the list appear to be coloring it. We (as an industry) need to comply with a lawful request, the same as any other industry (eg: financial services, or otherwise). If you take a casual moment to read the CALEA statute, you will notice it's a capability to perform intercepts, not logs, etc.. If you do not have experience in dealing with court orders, when you get one, engage some legal counsel immediately. There are some small things that you can inadvertently do that can either compromise the evidence for the LEA, or possibly place your company at significant legal risk. I know that DoJ specifically has trained folks about CALEA. Call your local FBI office. Also CALEA isn't just a DoJ thing, it could be your local police, state police, or otherwise. You will need to have the capability to relay to them (in realtime or pseudo-realtime) via the LES protocol. If your customer is a 10G or 40G customer, you need to have the ability to perform that intercept. There is not a cutting-edge technology safe-harbor. Your only safe-harbor for problems is "the industry standard", which currently is interpreted for internet stuff as the T1.IAS. You can buy it for $185 (or $164) here: https://www.atis.org/docstore/product.aspx?id=22665 You really need to be talking to a mediation device provider and/or your vendors. They each have a lawful-intercept story. Don't expect any of these solutions to be elegant, as most of them use stuff like snmp-set and other things to hide the configuration, as per your Systems Security and Integrity Plan that you had to file already (you did file this, right? as well as filing form 445 ;) not everyone in your company should know about the intercept. If there is interest, perhaps I can make a call to DoJ and see if someone can present on CALEA at nanog in a few weeks? (incase the PC can accomodate them). - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.