CALEA General Session
22
CALEA General Session NET@EDU February 6, 2007
-
Upload
ethan-young -
Category
Documents
-
view
40 -
download
0
description
CALEA General Session. NET@EDU February 6, 2007. CALEA. C ommunications A ssistance for L aw E nforcement A ct. Basic purpose: to provide an easier way for Law Enforcement to “wiretap” the Internet. Agenda. Status Highlights CALEA-Related Standards - PowerPoint PPT Presentation
Transcript of CALEA General Session
CALEA General Session
NET@EDUFebruary 6, 2007
CALEA
CommunicationsAssistance for LawEnforcement Act
Basic purpose: to provide an easier way for Law Enforcement to “wiretap” the Internet
Agenda
• Status Highlights
• CALEA-Related Standards
• Short presentations and discussion NPC position paper The Exempt/Non-Exempt Decision Process CALEA and the University of California CALEA and State Networks Related Issues
Use of CALEA vs. Title 18 Potential for CALEA-like legislation Data retention
Status Highlights
• Due dates for filings were set by the FCC for institutions which need to comply with CALEA
February 12th - Monitoring Report
March 12th - System Security Report
Status Highlights
• Many institutions continue to work to determine if they are covered by CALEA
Note: Nice updates to the EDUCAUSE CALEA website!
Status Highlights
• FCC continues to strongly assert compliance required by May 14th
• Network equipment vendors and Trusted Third Parties still developing their offerings based on emerging standards
CALEA-Related Standards
Craig Mulholland
Cisco
NPC Position Paper
Exempt/Not Exempt
• Institutions first evaluating if there is any possible need to comply Different interpretations of vague terms
• If yes, often doing risk analysis based on: Possible fines Possible bad PR (risk to reputation)
• Cost to comply: the trade-offs
Information Resources and Communications University of California, Office of the President
CALEA at the University of California
David WalkerOffice of the President
University of [email protected]
Information Resources and Communications University of California, Office of the President
Background and Status The University of California
Ten campuses, five medical centers Intercampus connectivity provided by non-profit
state R&E network Legal analysis of the campuses' need to
comply is nearly complete, based largely on the results of a survey of campus network managers.
Information Resources and Communications University of California, Office of the President
Issues Addressed Is the campus network public or private?
Public access points on the campus Network connections with research and other
partners How does the campus connect to the public
Internet? ISPs used Responsibility for support of the campus
connection Does the campus provide “public” VoIP?
State Networks and CALEA
Shaun Abshere
WiscNet
Related Issues
“Vacuum cleaner” approach utilized by LE “Call it the vacuum-cleaner approach. It's
employed when police have obtained a court order and an Internet service provider can't "isolate the particular person or IP address" because of technical constraints, says Paul Ohm, a former trial attorney at the Justice Department's Computer Crime and Intellectual Property Section. (An Internet Protocol address is a series of digits that can identify an individual computer.)”
From ZDNet News, 1/30/2007
Related Issues
• Will CALEA be used on campuses? Or just Title 18, etc., so that better data can be
collected closer to the source?
• Potential for CALEA-like legislation How likely? What would we want it to say?
• Data Retention
Discussion
EXTRA MATERIALS BELOW
How might an Intercept work?
Lawful Authorization
Law Enforcement
Telecommunication Service Provider
Service Provider Administration
(Turn on Lawful Intercept feature of switch)
Delivery Function
Collection Function
Access Function
Law Enforcement Administration
(Switch collects Lawful Intercept
data)
(Securely deliver information to LEA)
(Order generated)
Compliance Options
• Purchase equipment Intercept capability
Upgrade existing network hardware, if Lawful Intercept (LI) features available, or
Acquire network probes to install in network
ALSO NEED MEDIATION DEVICE TO FORMAT AND SEND DATA TO LAW ENFORCEMENT (vendors such as SS8 and Verint)
Compliance Options
• Trusted Third Parties (TTP) Vendors can provide full suite of services
including: Installing equipment to perform Lawful Intercept Receiving and validating an intercept request from
Law Enforcement Performing the intercept and forwarding the data to
Law Enforcement
Could be less costly option if need to comply
Compliance Options
• Trusted Third Parties (TTPs) (continued)
Mixed results in interacting with TTP vendors so far
Service offerings CALEA Tech Group has seen are very new (NeuStar, Apogee - soon to see VeriSign)
Compliance Options
• “Do it yourself” optionsExample: Merit
