Upcoming SlideShare
Loading in...5







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Thank you to Mark Eckenwiler
  • [1] In an informal survey conducted by ACUTA in 2004, out of 700 schools surveyed, there were no reports of wiretap requests for the entire year of 2003. We recognize that the survey responses may not have included national security wiretaps. Official total number of wiretap requests authorized for the year 2004 across all types of service providers and networks, at both the state and federal level, was 1,712. Of those, 1,633 were actually installed. . Wiretaps authorized under FISA orders in 2004 totaled 1754. http://
  • Legally authorized wiretaps have been available as a tool for LE since the 1960s. Internet communications can be wiretapped legally, and are tapped today. CALEA has nothing to do with whether or not LE can wiretap. It makes it mandatory for communications providers to design their systems so that they can be easily wiretapped.
  • So, if your network does not provide access to the Public Internet you can leave… you have no new obligations or worries.
  • Other arguments:1.FCC has gone beyond its purview in extending CALEA to the Internet when Congress specifically exempted it in 1994. 2. Creates a “backdoor” that is susceptible to hacking and a danger to privacy;
  • The definition of Telecommunications Provider can be, and is, separate and distinct for CALEA than it is in the Communications ACT of 1934 (Telecommunications Act of 1996)
  • Our most recent proposal was sent to the DoJ on Sept. 12, 2005. We are still awaiting their reply.

calea.ppt calea.ppt Presentation Transcript

  • CALEA Communications Assistance for Law Enforcement Act October 20, 2005
  • A brief history of wiretapping
    • 1960’s : Wiretapping was easy; one phone company; basic technology
    • 1980’s: Deregulation means multiple carriers; cell phones; analog to digital transition begins
    • 1994: CALEA passed with several compromises; specifically no Internet; no private networks
    • 2004: VoIP: Wiretapping isn’t getting any easier…
  • How many wiretaps are there? Subpoena/Court Order Warrant/Subpoena Other information: subscriber; transactional data Warrant/Subpoena Title III “Wiretap Order” Content Historical Real Time
  • Federal, State, Local and FISA Wiretap Orders for 2004
    • 1,712 regular court
    • 1,754 under FISA
  • What is CALEA?
    • CALEA is the C ommunications A ssistance for L aw E nforcement A ct. It requires providers of commercial voice services to engineer their networks in such a way as to assist law enforcement agencies in executing wiretap orders.
    • Until August 5, 2005 that is…..
  • CALEA: New Report and Order
    • On August 5, 2005, in response to a request by law enforcement, the FCC voted to extend CALEA to include facilities-based Internet service providers.
    • Facilities-based Internet service providers are defined as: "entities that provide transmission or switching over their own facilities between the end user and the Internet Service Provider."
  • Private Networks are still exempt, but….
    • Private Networks are now defined as networks that do not allow access to the “public” Internet or the public switched telephone network (PSTN).
    • If your network provides access to the “public” Internet you are no longer exempt as a private network.
  • Arguments for/against extending CALEA to ISPs
    • Law Enforcement
      • The Internet is increasingly the communication of choice for criminal activity
      • Legal intercepts need to be easier and less expensive for LE
      • An “exempt” system is a magnet for criminal activity
    • Education and Libraries
      • Congress should decide not the FCC or DoJ
      • LE has sufficient access now
      • Cost to comply can’t be justified
      • Will slow innovation
  • Legal Justification: Substantial Replacement Provision
    • The term “Telecommunications Carrier” includes a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest …..
    • (Section 102. 8B(ii) CALEA)
  • Substantial Replacements
    • 1. Broadband Internet access substantially replaces Dial-up (a portion of the local exchange service)
    • 2. Interconnected VoIP substantially replaces POTS
    • 3. Therefore, Broadband and Interconnected VoIP providers are “Telecommunications Providers”.
  • Two Part Decision
    • Part #1: Decided: CALEA does apply to ISPs and all facilities-based Internet service providers are covered. Full compliance is required in 18 months..
    • Part #2: Still to be decided: What will be required (standards of compliance) and will there be an “special cases” allowed (i.e. small rural providers or education and research networks).
  • What is EDUCAUSE doing?
    • April 2004 in response to the original petition by LE, EDUCAUSE formed a coalition of 16 education and library associations and filed comments.
    • EDUCAUSE has been actively engaged in talks with Congress, the FCC, and the DoJ ever since.
    • We continue to hold out hope for a “special case” compromise that will mitigate the expense of changing our equipment.
  • Current Proposal: Some examples
    • Single point-of-contact on every campus
    • Standard procedures established
    • 24x7 assistance available
    • Personnel trained in procedural, legal and technical demands of assisting legal intercepts.
    • Some gateway equipment would be replaced, but only under the normal replacement cycle
  • Prediction
    • Law enforcement will want more concessions
    • Our community will have to seriously consider the options
  • CALEA: A Campus Perspective
    • What do we know for sure ?
      • Not much!
      • But sooner or later, some regulations requiring additional activity by universities in lawful surveillance seems likely
    • Cost to become CALEA compliant could be HUGE!!!
  • How might a request work Lawful Authorization Law Enforcement Telecommunication Service Provider Service Provider Administration (Turn on Lawful Intercept feature of switch) Delivery Function Collection Function Access Function Law Enforcement Administration (Switch collects Lawful Intercept data) (Securely deliver information to LEA) (Order generated)
  • Some Vocabulary (ref. TIA J-STD-025-B)
    • Access Function(s) (provided by campus)
      • Provides unobtrusive intercept access points to intercept subject’s communications and passes to Delivery Function
    • Delivery Function (provided by campus)
      • Responsible to delivering intercepted communications to the Law Enforcement Agency (LEA) Collection Function
    • Collection function (provided by LEA)
      • Responsible for collecting lawfully authorized communications
    • Thanks to Al Gidari and Wendy Wigen for assistance!
    • Disclaimer: Current understanding – subject to change quickly
    • Who pays for what?
      • Campus must pay for equipment, systems and people to perform Service Provider Administration, Access Function and Delivery Function
      • Law Enforcement pays for leased lines (if necessary) to campus and Collection function
    • What do I need to buy for my campus to be CALEA-compliant?
      • Don’t know - detailed specifications not yet available
      • Current CALEA regulations seem to require significant equipment upgrades or replacements
    • When will FCC clarify requirements so we can start upgrading network?
      • Not known
    • Might CALEA regulations related to the Internet be declared invalid?
      • Yes, but universities will still need to support surveillance requests in the future
    • Is the university responsible for decrypting or decompressing message content?
      • No, not unless the university did the compressing/encrypting and has keys to decrypt
    • Is more than just Voice over IP covered by CALEA?
      • Yes – all communications will need to be forwarded, and (as of now) the VoIP packets will need to be decoded if the university provides the VoIP service, otherwise decoding responsibility is unclear
    • What might a LEA ask for?
      • All communications associated with an IP address or jack
      • All communications associated with a person!!!
        • Wired – specific location
        • Wired – any authenticated access!!!
        • Wireless!!!
    • Is surveillance of intra-campus traffic necessary (e.g., between two computers hooked to the same card on the same ethernet switch)?
      • Yes… …if the switch has the potential of passing traffic forward to the public Internet
    • Do the LEAs want to be able to turn on and perform surveillance remotely?
      • University personnel would be turning on, maintaining and turning off the wiretap, but the data would be sent to the designated LEA facility
    • It seems like some of the CALEA requirements will be very difficult (or impossible) to implement with commonly deployed systems and technology. Sound right?
      • Yes
    • Do campuses need to do anything beyond network upgrades to satisfy CALEA?
      • Yes - universities will need do training and background checks, have 7/24 point of contact for LEAs, create and document processes for interfacing with LEAs and file documentation attesting to CALEA compliance
    • Any other impacts?
      • Is E911 now extended to university VoIP systems?
  • CALEA: A Campus Perspective Higher Ed. has, and will continue to, support lawful surveillance, but effective, less costly alternatives should be explored
    • Where can I find out more?
      • Educause
      • AskCALEA
        • http:// /
      • FCC
      • Selected vendor information
        • “ Cisco Service Independent Intercept Architecture” (sign on required to access on Cisco web site)
        • RFC 3924
  • Discussion
    • Questions
    • or
    • Discussion?
  • Call Content Channels and Call Data Channels Delivery Collection CDCs CCCs
  • Some More Vocabulary (ref. TIA J-STD-025-B)
    • Call Content Channel:
      • Logical link to LEA Delivery Function carrying call content
    • Call Detail Channel
      • Logical link to LEA Delivery Function carrying call-identifying information