On May 10, 2011, at 3:51 32PM, Michael Holstein wrote:
In the US, I believe that CALEA requires you to have those records for 7 years.
No, it doesn't (records *of the requests* are required, but no obligation to create subscriber records exists).
Even if it did .. academic institutions are exempt (to CALEA) as private networks.*
There are various legislative attempts afoot to create one here in the US .. but none have passed.
Regards,
Michael Holstein Information Security Administrator Cleveland State Unviersity
(*): US Court of Appeals, District of Columbia, 50-1504.
If I've found the right case, it was 05-1404, and published as 451 F.3d 226 (2006); see http://law.justia.com/cases/federal/appellate-courts/F3/451/226/627290/ I have no idea if it's still good law.
--Steve Bellovin, https://www.cs.columbia.edu/~smb