CALEA Discussion

Network Policy Council

February 4, 2007

Status Highlights

• Based on discussions at Snowmass, the NPC published a statement on CALEA Key message: Few higher-education institutions need

to be concerned about CALEA Positive feedback

• Due dates for filings were set by the FCC for institutions which need to comply with CALEA February 12th - Monitoring Report March 12th - System Security Report

Status Highlights

• FCC continues to strongly assert compliance required by May 14th

• Network equipment vendors and Trusted Third Parties still developing their offerings (somewhat surprising at this late date)

Status Highlights

• Many institutions continue to work to determine if they are covered by CALEA

Note: Nice updates to the EDUCAUSE

CALEA website

Exempt/Not Exempt

• Institutions first evaluating if there is any possible need to comply Different interpretations of vague terms

• If yes, often doing risk analysis based on: Possible fines Possible bad PR

How might an Intercept work?

Lawful Authorization

Law Enforcement

Telecommunication Service Provider

Service Provider Administration

(Turn on Lawful Intercept feature of switch)

Delivery Function

Collection Function

Access Function

Law Enforcement Administration

(Switch collects Lawful Intercept

data)

(Securely deliver information to LEA)

(Order generated)

Compliance Options

• Purchase equipment Intercept capability

• Upgrade existing network hardware, if Lawful Intercept (LI) features available, or

• Acquire network probes to install in network

ALSO NEED MEDIATION DEVICE TO FORMAT AND SEND DATA TO LAW ENFORCEMENT (vendors such as SS8 and Verint)

Compliance Options

• Trusted Third Parties (TTP) Vendors can provide full suite of services

including:• Installing equipment to perform Lawful Intercept• Receiving and validating an intercept request from

Law Enforcement• Performing the intercept and forwarding the data to

Law Enforcement

Could be less costly option if need to comply

Compliance Options

• Trusted Third Parties (TTPs) (continued)

Mixed results in interacting with TTP vendors so far

Service offerings CALEA Tech Group has seen are very new (NeuStar, Apogee - soon to see VeriSign)

Compliance Options

• “Do it yourself” options Example: Merit

Related Issues

• “Vacuum cleaner” approach utilized by LE “Call it the vacuum-cleaner approach. It's employed

when police have obtained a court order and an Internet service provider can't "isolate the particular person or IP address" because of technical constraints, says Paul Ohm, a former trial attorney at the Justice Department's Computer Crime and Intellectual Property Section. (An Internet Protocol address is a series of digits that can identify an individual computer.)” From ZDNet News, 1/30/2007

Related Issues

• Will CALEA be used on campuses? Or just Title 18, etc., so that better data can be collected closer

to the source?

• Potential for legislation related to Lawful Intercept How likely? What would we want it to say?

• Data Retention

• ATIS Draft Standard http://contributions.atis.org/UPLOAD/PTSC/LAES/PTSC-LAES-2006-084R6.doc