Upload
kylene
View
38
Download
0
Embed Size (px)
DESCRIPTION
CALEA Discussion EDUCAUSE MARC Conference. Wilson Dillaway, Tufts University Doug Carlson, New York University January 18th, 2007. CALEA. C ommunications A ssistance for L aw E nforcement A ct (passed in 1994) - PowerPoint PPT Presentation
Citation preview
CALEA Discussion
EDUCAUSE MARC Conference
Wilson Dillaway, Tufts University
Doug Carlson, New York University
January 18th, 2007
2
CALEA
• Communications Assistance for Law Enforcement Act (passed in
1994)
• Deals with the manner in which assistance must be provided to Law Enforcement - not whether assistance must be provided (see USC Title 18)
• The FCC recently extended CALEA to apply to broadband Internet access and interconnected Voice over IP (2004, 2005 and 2006)
3
Good information source
http://www.educause.edu/calea
“…Document your decision process and include the names of those involved,
in case your decision is ever challenged.”
4
What’s the status?
• Uncertainty about which networks and institutions are exempt from CALEA
• Uncertainty about exactly what “compliance” means
• Uncertainty about systems and services available to implement compliance
5
Network Policy Council
• Formed in February 2006
• Memo to community issued August 2006
• “…has concluded that, with rare possible exceptions, universities, colleges, and libraries are exempt from CALEA. While this opinion does not comprise legal advice…”
http://www.educause.edu/ir/library/pdf/EPO0656.pdf
6
American Council on Education
• The Application of CALEA to Higher Education Networks, ACE, July 13, 2006
http://www.nacua.org/documents/ACECalea.pdf
• Thinking Through the CALEA Exempt/Non-Exempt Issue, August 2006
http://www.educause.edu/ir/library/pdf/CSD4607.pdf
(http://events.internet2.edu/speakers/speakers.php?go= people&id
=1933)
7
Exempt/Non-Exempt Tests
• Does the organization “support” the connection to the Internet? “Support” is undefined What is meant by Internet is unclear
• Is it a “private network”? “Private network” is not well-defined
8
What is compliance?
• Not yet completely defined
• FCC/DOJ looking to industry and Law Enforcement to work together to develop “safe harbor” standards
9
Options for Compliance
• Institution complies using own equipment Intercept capabilities (routers, probes) Format and send to Law Enforcement
Agencies (mediation device)
• Trusted Third Parties (e.g., Apogee, NeuStar, VeriSign, Subsentio, etc.) handle as a service
• EDUCAUSE CALEA Tech. group gathering information on what is available and/or planned by vendors
10
Compliance Datesif You Are Not Exempt…
• May 14th, 2007 – must be in full compliance
• March 12th, 2007 – System Security and Integrity
(SSI) Plan for your staff filed How can you be contacted 24 x 7 ? How will you respond ?
• February 12th, 2007 – Monitoring Report filed Will you be ready by May 14th? If not, why not? Which parts?
• But you may be exempt !!
11
Suggestions for actions
• Meet with your legal department and come to agreement on exempt/non-exempt status If not exempt, follow-up on compliance requirements
and options when available Observe the February and March filing dates Complete technical and procedural compliance by May 2007
• Watch the EDUCAUSE web site for best practices (also web sites for NACUA, ACUTA, ACE, etc.)
• Do not file unless you need to !!
12
Extra material below
13
How might a LI request work
Lawful Authorization
Law Enforcement
Telecommunication Service Provider
Service Provider Administration
(Turn on Lawful Intercept feature of switch)
Delivery Function
Collection Function
Access Function
Law Enforcement Administration
(Switch collects Lawful Intercept
data)
(Securely deliver information to LEA)
(Order generated)