SOLERA Says CALEA Equipment Can Do More

The company understands that ISPs find the investment painful and is showing that a packet capture system can do more than CALEA compliance.

by Alex Goldman ISP-Planet Managing Editor [October 18, 2007]

Yes, it's a surveillance system. It's mandated by law. Some companies are still telling ISPs that it costs $100,000 or more to comply with CALEA, but the average ISP can pay a lot less. Open source solutions are available, based on OpenCALEA, and even ATIS-based solutions can be cheaper.

Some ISPs don't want to spend any money at all. If you're going to get either one or zero subpoenas each year, any price is too high. Even the outsourced solution allowed by the CALEA law, Trusted Third Parties (TTPs), can be expensive. Neustar charges at least $10,000 per year but is working with associations such as the National Rural Telephone Cooperative (NRTC) to provide cheaper service.

The new idea
So Solera realized it had to show that the ISP could use its equipment for other things if it wasn't being used to handle a CALEA subpoena, which might not happen even once per year on a small network (but then in the next year you could get several).

The company put us in touch with Charles Boening of Dorris and Tulake, Calif.-based ISP Cal-Ore.

We wanted a specific example of how this equipment could be used, but could he provide it without compromising his own company's security? Yes.

"I don't like to turn off a customer based on allegations," said Boening. ISPs do regularly receive spam complaints and usually the culprit is a bot-infected PC. He emphasizes that there are not many complaints, but that when he receives one, he can look at the traffic history and check for the spam pattern. This is something he could do with other equipment, but with the Solera equipment, packet capture is already set up (with over 1 TB of storage). In this case, it's not about doing something that would otherwise be impossible—it's about saving time.

Boening said he's also using the equipment to test a VoIP service that Cal-Ore is getting ready to roll out. He can see call setup and teardown and if there are issues, he can see how they occurred.

A small but very nice benefit of the system is the "I didn't receive your e-mail" issue. If a customer claims to have not received an e-mail Boening can check and see whether or not they're telling the truth.

Finally, if a firewall is probed, the system captures all the data on the probe. Of course, you're not likely to be able to trace an attack because the hacker will have moved on, but you can investigate the methods used in the attack.

"It lends itself to a reactive situation," Boening told us. "The box itself doesn't provide any analysis; it's just capturing traffic."

But if something bad does happen on the network, he will have the data he needs to figure out why, and if law enforcement get involved, he'll have evidence to provide.

— End