CALEA is the C ommunications A ssistance for L aw E nforcement A ct. It requires providers of commercial voice services to engineer their networks in such a way as to assist law enforcement agencies in executing wiretap orders.
Until August 5, 2005 that is…..
CALEA: New Report and Order
On August 5, 2005, in response to a request by law enforcement, the FCC voted to extend CALEA to include facilities-based Internet service providers.
Facilities-based Internet service providers are defined as: "entities that provide transmission or switching over their own facilities between the end user and the Internet Service Provider."
Private Networks are still exempt, but….
Private Networks are now defined as networks that do not allow access to the “public” Internet or the public switched telephone network (PSTN).
If your network provides access to the “public” Internet you are no longer exempt as a private network.
Arguments for/against extending CALEA to ISPs
The Internet is increasingly the communication of choice for criminal activity
Legal intercepts need to be easier and less expensive for LE
An “exempt” system is a magnet for criminal activity
The term “Telecommunications Carrier” includes a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest …..
(Section 102. 8B(ii) CALEA)
1. Broadband Internet access substantially replaces Dial-up (a portion of the local exchange service)
2. Interconnected VoIP substantially replaces POTS
3. Therefore, Broadband and Interconnected VoIP providers are “Telecommunications Providers”.
Two Part Decision
Part #1: Decided: CALEA does apply to ISPs and all facilities-based Internet service providers are covered. Full compliance is required in 18 months..
Part #2: Still to be decided: What will be required (standards of compliance) and will there be an “special cases” allowed (i.e. small rural providers or education and research networks).
What is EDUCAUSE doing?
April 2004 in response to the original petition by LE, EDUCAUSE formed a coalition of 16 education and library associations and filed comments.
EDUCAUSE has been actively engaged in talks with Congress, the FCC, and the DoJ ever since.
We continue to hold out hope for a “special case” compromise that will mitigate the expense of changing our equipment.
Current Proposal: Some examples
Single point-of-contact on every campus
Standard procedures established
24x7 assistance available
Personnel trained in procedural, legal and technical demands of assisting legal intercepts.
Some gateway equipment would be replaced, but only under the normal replacement cycle
Law enforcement will want more concessions
Our community will have to seriously consider the options
CALEA: A Campus Perspective
What do we know for sure ?
But sooner or later, some regulations requiring additional activity by universities in lawful surveillance seems likely
Cost to become CALEA compliant could be HUGE!!!
How might a request work Lawful Authorization Law Enforcement Telecommunication Service Provider Service Provider Administration (Turn on Lawful Intercept feature of switch) Delivery Function Collection Function Access Function Law Enforcement Administration (Switch collects Lawful Intercept data) (Securely deliver information to LEA) (Order generated)
Some Vocabulary (ref. TIA J-STD-025-B)
Access Function(s) (provided by campus)
Provides unobtrusive intercept access points to intercept subject’s communications and passes to Delivery Function
Delivery Function (provided by campus)
Responsible to delivering intercepted communications to the Law Enforcement Agency (LEA) Collection Function
Collection function (provided by LEA)
Responsible for collecting lawfully authorized communications
Thanks to Al Gidari and Wendy Wigen for assistance!
Disclaimer: Current understanding – subject to change quickly
Who pays for what?
Campus must pay for equipment, systems and people to perform Service Provider Administration, Access Function and Delivery Function
Law Enforcement pays for leased lines (if necessary) to campus and Collection function
What do I need to buy for my campus to be CALEA-compliant?
Don’t know - detailed specifications not yet available
Current CALEA regulations seem to require significant equipment upgrades or replacements
When will FCC clarify requirements so we can start upgrading network?
Might CALEA regulations related to the Internet be declared invalid?
Yes, but universities will still need to support surveillance requests in the future
Is the university responsible for decrypting or decompressing message content?
No, not unless the university did the compressing/encrypting and has keys to decrypt
Is more than just Voice over IP covered by CALEA?
Yes – all communications will need to be forwarded, and (as of now) the VoIP packets will need to be decoded if the university provides the VoIP service, otherwise decoding responsibility is unclear
What might a LEA ask for?
All communications associated with an IP address or jack
All communications associated with a person!!!
Wired – specific location
Wired – any authenticated access!!!
Is surveillance of intra-campus traffic necessary (e.g., between two computers hooked to the same card on the same ethernet switch)?
Yes… …if the switch has the potential of passing traffic forward to the public Internet
Do the LEAs want to be able to turn on and perform surveillance remotely?
University personnel would be turning on, maintaining and turning off the wiretap, but the data would be sent to the designated LEA facility
It seems like some of the CALEA requirements will be very difficult (or impossible) to implement with commonly deployed systems and technology. Sound right?
Do campuses need to do anything beyond network upgrades to satisfy CALEA?
Yes - universities will need do training and background checks, have 7/24 point of contact for LEAs, create and document processes for interfacing with LEAs and file documentation attesting to CALEA compliance
Any other impacts?
Is E911 now extended to university VoIP systems?
CALEA: A Campus Perspective Higher Ed. has, and will continue to, support lawful surveillance, but effective, less costly alternatives should be explored
Where can I find out more?
http:// www.askcalea.net /
Selected vendor information
“ Cisco Service Independent Intercept Architecture” (sign on required to access on Cisco web site)
Call Content Channels and Call Data Channels Delivery Collection CDCs CCCs
Some More Vocabulary (ref. TIA J-STD-025-B)
Call Content Channel:
Logical link to LEA Delivery Function carrying call content
Call Detail Channel
Logical link to LEA Delivery Function carrying call-identifying information