I see CALEA as a holdover from those days when most of the traffic on the internet was unecrypted. Law enforcement wanted to be able to wiretap the internet just like they could wiretap POTS.
Nowadays, I'm not sure what law enforcement could actually do with the captured data. What an isp has access to is largely encrypted over the wire. I guess some data might be useful but I'm guessing that law enforcement has learned that looking at a capture of customer data isn't as useful as they thought it would be. About the only thing I can think of right this second which might be at least frequently unencrypted anymore is VoIP and/or DNS depending on your configuration. But if I was carrying on criminal activities across the net I'd probably be looking at ways to encrypt everything which isn't hard to do. On Mon, Mar 18, 2024, 4:17 PM Mark Radabaugh <[email protected]> wrote: > While CALEA is still on the books it doesn’t seem to be of much interest > to LEA. > > No - you do not have to be able to identify the user. If LEA can identify > a specific end user for you out of the WiFi, then yes, they could ask for > you to monitor it but keep in mind that CALEA isn’t meant for historical > data. It’s meant to be real-time capture once they have identified a > particular person of interest (well, a specific phone number, IP address, > etc.). > > Every year I get a phone call from the FBI verifying our contact > information and how to get hold of us if they need something. I point out > that we file our CALEA documents and ask why they are calling - and they > say ‘oh, we don’t use that’. Uh, got it. But the FCC still thinks it’s > important and you best follow the rules and file it anyway. Local and > State LEA has never heard of CALEA. It’s just one more bureaucracy on > autopilot that has outlived it’s usefulness. > > Mark > > > On Mar 18, 2024, at 6:29 AM, [email protected] wrote: > > CALEA hasn’t been on my radar much, so this is probably an old topic, but > it’s one I don’t know much about. > > If you provide WiFi in a public space how do you handle compliance? We > have parks, airports, and other public spaces with managed WiFi. There are > also MDU’s with WiFi in a public area like a courtyard, lounge, lobby, etc. > > My understanding is you have to be able to capture traffic if you’re > ordered to do so. Do you also have to be able to identify the individual? > > If they ever asked me to capture all traffic from the park WiFi….sure no > problem. If they gave me a particular IP, port, and time, and they wanted > me to start capturing traffic AND identify who it was, then I would only be > able to tell them it was someone at the park. At *best* I could give > them a MAC address and hostname. If I have to identify the *customer* > that’s easy: the municipal parks department, but I’m guessing that’s not > what they will want to know. > > Will this stuff get us in trouble? > > -Adam > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
