|
|
|
|
|
|
|
|
|
||
|
|
||
|
Partner With Us |
CALEA Approaches
Lacking specific information, WISPs are at a loss as to how to comply with CALEA, let alone fill out the latest FCC form, due February 12, 2007.
| [February 6, 2007] |
 |
Background: The Communications Assistance for Law Enforcement Act (CALEA) contains a deadline for VoIP wiretap that goes into effect on May 14, 2007. The FCC says:
A telecommunications carrier may comply with CALEA in different ways. First, the carrier may develop its own compliance solution for its unique network. Second, the carrier may purchase a compliance solution from vendors, including the manufacturers of the equipment it is using to provide service. Third, the carrier may purchase a compliance solution from a trusted third party (TPP).
Meanwhile, ISPs are expected to file Form 445 by February 12, 2007.
In a discussion of CALEA on the ISP-Wireless list in February, JB said:
Our understanding is that the broadband provider will have 48 hours to provide the data stream from a particular IP address under most circumstances, but only a couple of hours under an Amber Alert. If you deliver Internet service that is fast enough to carry voice (above dial-up), you are covered under CALEA.
The provider will either have to have a mediation box that they own ($100,000 or so), or have contracted through a Trusted Third Party (TTP) for a mediation box off site. For most service providers, the TTP option will be the way to go. It is a cost of doing business that ALL long-term service providers will have to pay.
In your network, you will need to mirror the required traffic to an encrypted tunnel to the TTP, the TTP provides the mediation, and then sends the traffic to the FBI in the LAES format. The kicker here is, that the safe harbor standard (being developed by ATIS) for communicating with the TTP or on-site mediation box has not yet been finalized, and won't be until the end of February. This standard is called T1.IAS. We are working directly with the TTPs and mediation box providers to make sure that we can communicate with them in other ways.
I can't emphasize enough that this is NOT optional. The penalties are apparently very large, and will probably close some businesses before this is all said and done. If you don't have a plan for this you are playing Russian roulette with your business.
[DR replied] "So what stops someone from making a mediation box that makes that LAES format conversion and be open source in a Linux box? I know the IEEE T1.IAS format spec was around $200, but is it covered by a patent or just a standard to follow like most protocols? I think TTP's should do it on a per-incident basis, make it expensive but one time cost rather than some ridiculous monthly fee for something that many of us may never even use. Just an initial setup fee, and then use it if you need it. That's probably just a dream unless WISPA or something decides to do that as a service for members so we don't get killed by these requirements.
DR further noted that on some wireless architectures, it would not be easy to track users:
An example would me a mesh system such as Locustworld's MeshAP or Qorvus's QCode. The customer could be on any node, anywhere, and is behind many layers of NAT...and could switch nodes (therefor IP addresses) frequently....and the IP addresses they're using aren't visible (because of the NAT) anywhere except the node they're connected to. But that's an extreme example. ;)
[JB replied] "This is correct. However, most wireless networks like this are authenticated with RADIUS, and we expect carriers to reserve some static IPs for intercept purposes, and assign a static IP address to the target for the duration of the intercept."
[DR replied] "Actually you can't give any indication of being targeted for an intercept and changing IP's would probably count. Service can't have extra delays (due to switching or tunneling to a TTP or whatever). I can say for sure that right now this isn't an option with either of these systems. I have been talking to Tom at Qorvus about it. I don't know anything about the more expensive solutions.
With the way it works now, I'll have to perform the intercept on the node the client is connected to (after tracking them down...which isn't as direct as I'd like it to be), and would have to do it with something that runs under Linux (and can be added to the nodes).
That stream could then be sent to the mediation device, etc....but first I'd have to have the tool to do the intercept with. ;)"
[SY claimed] "Nothing changes on their end at all. I can put a public IP on anyone in about 10 minutes, and they will not know when it happens."
[DR replied] "Considering that they specifically don't allow voice calls to be routed into a conference bridge to mirror the call (because a savy listener could detect the connection to the bridge), I doubt this method would pass muster."
[SY claimed] "If I knew what or how (Format) it needed to be collected and stored, I can easily write program to do this. Just need a bit more information."
[DR replied] "You'll also need to work with the LEAs to make sure they can receive the data you're sending. You sure don't want to find out it doesn't work when you're responding to a subpoena."
After some discussion, JB reported that ISPs need to transmit data in LAES protocol. JB added that it's expensive for equipment makers:
"The fee is actually a license fee for the specification. I believe that the license gives you the right to apply the protocol in product development, but I don't think they give you to right to distribute the standard freely. If they did, they would not be able to charge a license fee for the standard.
Right now, the only LAES capable devices are expensive because there is little competition. I expect others to develop lower cost products over time, but it is difficult for Open Source people to pay for specifications like this, that may not be able to offer an LAES implementation under Open Source because of the licensing restrictions."
Several ISPs thought they were exempt from CALEA:
[SY said] "All of our customers except the few that have public IPs, are behind our firewall. All customers do not have a public IP address."
[DR replied] "Just because your customers are behind your firewall doesn't mean you don't still have to provide intercept for them. Firewalling them doesn't turn them into an enterprise network. ;-)
CALEA has its own definition of 'facilities-based' independent of anything else.
Please, consult your legal council! MINE tells me that if I provide service across hardware (any hardware: Ethernet switch, router, wireless bridges, whatever), I'm facilities-based in the eyes of CALEA."
[JB replied] "That is our understanding as well."
[SY said] "Somewhat good news. I just got off the phone with our provider, they have already been working on this, They are wanting to make it so all we would have to do is tell them or send them the order and give them what IP the user they want the information about is on, and they will do what is needed to collect the data and get it to the them with the correct requirements. I'm hoping they do this. Sure will save [us] a lot of nightmares."
[RA asked] "What would prevent the provider who was subpoenaed from instantly saying, hmmmm, ????K$'s to follow this, or disconnect this user upon opening the envelop. Seems if I was going to have to pony up mucho bucks it would be much less expensive to immediately disconnect the user and respond that they aren't on my network anymore. Who sees what problems with that response?"
[DR replied] "I'm sure there's a law in place that has something to do with tampering with evidence (since it IS evidence upon being signed by a judge)... Like telling the mob they're phone lines are tapped or even just disconnecting them instead so they won't have anything to collect... Destruction of evidence, failure to follow a court order, obstruction of justice (big one), I could probably name a few more. If it were that easy the mob would just pay off the phone company to disconnect their lines first."
[JB agreed] ". . . my first instinct says you would be in contempt of the court that issued the subpoena."
[RA pondered] "Would be a whole lot less expensive all around if they could drop in a 100 Mbps wireless tap to a truck outside a facility and gather the data that way. Unless they are on a fishing expedition and don't really know where the data is. And that's supposed to be illegal."
DR found an alternative for small ISPs, citing this Jim Baller memo (.pdf):
"There is, however, a mechanism through which some affected providers may be able to shift the financial burden of their compliance to the DOJ. The DOJ, in turn, must then decide whether to pay these costs or to drop its request for assistance. If it chooses not to pay, the provider will be deemed to be in compliance. "
[RC vented] "I've come to the conclusion our society is ran from precedence, not Law, it's what everybody else is doing. . . as of right now, I have found nothing to support the FCC's claim that they can alter the definition of a facility. . . It is not fair to put the FCC on the spot and point a finger at them because they tried to do your work for you. After all it is our responsibility, not the FCC, to read the damn laws and see if they apply. I feel the majority of our Laws are fair, the problem is not that some governmental organization has become lazy with their responsibility to administer the Law, the problem is the people are too lazy to be responsible and learn the Law. We want someone else to do it for us, and then sit on our apathy and think about the good ole days when we were free."
[PL agreed] "It is the job of individual business owners to invest the time and resources to learn the facts themselves. Few WISPs do nor will ever make such an investment. Either they are "just too busy" to do it or refuse to make the investment. (I've known an uncountable number of WISPs that can't articulate even the most basic tenets of Part 15.247, from the "big guys" like Clearwire down to the smallest Mom and PoP.)
BUT, that may be entirely understandable and even reasonable strangely enough, since FCC policy and rules ignorance seldom has ever hurt any WISP, even those making the most egregious and/or intentional violations. Even flagrantly illegal vendors doing tens of millions a year in the U.S. with well-established and easily located distribution channels operate with complete impunity and I'm talking about new product. "
—End
| Related articles: | ||
| [Feb. 1, 2007] | FCC Fines Puerto Rico WISP $20,000 | |
| [Jan. 10, 2007] | Editorial: Anticipating 2007 | |
| [May 31, 2001] | Making the FCC Your Business | |
ISP-Planet's
RSS feed
The Network for Technology Professionals
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers
Webcasts
|
Video: How System Center Helps Reduce IT Costs IBM Cloud Computing for Developers Virtual Event, April 6-8 |
Microsoft Video: OCS and Exchange: Platform Futures MORE WEBCASTS, PODCASTS, AND VIDEOS |