subject:"RE\: CALEA Requirements"

Re: CALEA Requirements

2016-03-20 Thread Sean Donelan

The FBI CALEA folks have always had a somewhat expansive interpretation of 
their authorities.


For example, "dialed digit extraction."  The court cases supporting pen 
registers are based on business record exception, i.e. Smith v. Maryland 
says dial numbers are disclosed to the telephone company so the phone 
company can connect and bill the call do not have a reasonable 
expectation of privacy. The FBI expanded its pen-register authority to 
include all numbers dialed *DURING* the call because in the 1970's 
pen-register technology didn't stop recording digits (i.e. the "clicks") 
after a call was answered.  Although modern pen-register technology can 
distinguish between numbers dialed for the purpose of connecting the call, 
and numbers dialed during the call (i.e. your online banking PIN), and 
dialed digit extraction during VOIP calls is an extreme pain in the ass.


In the 1990's, the FBI convinced the FCC to order carriers under CALEA to 
do dialed digit extraction because "that's what they've always done," not 
because its what the law and court cases required.  Even the FCC says in 
its CALEA order, the FBI's justification was flimsy but the FCC wasn't 
willing to oppose the FBI.


As several folks have pointed out, talk to your own legal counsel.  The
FBI CALEA website is the FBI's interpretation of its authority, not 
necessarily what your own counsel would advise.

Re: CALEA Requirements

2016-03-20 Thread Robert Haylock

If you are a wireline ISP, start with the ATIS-113* docs, you will see
from the FBI link below, different services and carrier types (e.g. voice
or cable) have additional needs on top of this.

As Scott said, your legal/regulatory team needs to guide you to exactly
which in the listMAY apply in your situation, but from a technical point of
view you can at least get an idea about what you might have to do by
starting with the ATIS specs:

https://askcalea.fbi.gov/standards.html

Rob

On 14 March 2016 at 13:57, Scott Weeks  wrote:

>
>
> --- lor...@hathcock.org wrote:
> From: "Lorell Hathcock" 
>
> Can someone point me to the current CALEA requirements?
>
> As an ISP, should I be recording all internet traffic that passes my
> routers?  Or do I only have to record when and if I receive a court order?
>
> I'm not under any court order now, I just want to be sure that I am
> compliant going forward in my capabilities.
> -
>
>
> This is something your company's lawyers should hash out.
> That said, you shouldn't record anything unless forced to
> do so.  It'll just make pervasive surveillance easier.
>
> scott
>

Re: CALEA Requirements

2016-03-19 Thread Lorell Hathcock

Thanks for the tips. All good info. 

Sent from my iPhone

> On Mar 18, 2016, at 3:31 PM, Kraig Beahn  wrote:
> 
> I believe Scott, just hit the nail on the head...
> "but keep in mind that it's normal for people who have
> had to fulfill a request *to be disallowed from talking about it* which
> makes
> them seem even more rare than they actually are."
> 
>> On Fri, Mar 18, 2016 at 4:28 PM, Scott Helms  wrote:
>> 
>> Kevin,
>> 
>> That's largely true, but keep in mind that it's normal for people who have
>> had to fulfill a request to be disallowed from talking about it which makes
>> them seem even more rare than they actually are.  I'm also not familiar
>> with any laws that prevent state or local agencies from leveraging CALEA
>> and I've certainly seen it used on the voice side by state level law
>> enforcement.
>> 
>> 
>> Scott Helms
>> Chief Technology Officer
>> ZCorum
>> (678) 507-5000
>> 
>> http://twitter.com/kscotthelms
>> 
>> 
>> On Fri, Mar 18, 2016 at 4:19 PM, Kevin Burke > wrote:
>> 
>>> Ignore it until you get the paperwork.  The local law enforcement can not
>>> get a warrant for the real time, full data capture.  Only FBI or other
>>> national agencies can get those subpeona's.  We went through this with
>> our
>>> local police department.  They wanted to make sure we were prepared and
>>> wanted a test for the real time number capture on phone calls.  They
>> didn't
>>> mention they don't have any equipment on their side to connect the T1.
>>> 
>>> Ask your local neighbors.  Some area's have a number of local federal
>>> investigations.  If you get the deer in the headlights look from your
>>> competition then you may never get one of these.
>>> 
>>> The full data captures are rare.
>>> 
>>> Kevin Burke
>>> 802-540-0979
>>> Burlington Telecom - City of Burlington
>>> 200 Church St, Burlington, VT 05401
>>> 
>>> -Original Message-
>>> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Lorell
>> Hathcock
>>> Sent: Monday, March 14, 2016 4:47 PM
>>> To: 'NANOG list' 
>>> Subject: CALEA Requirements
>>> 
>>> NANOG:
>>> 
>>> 
>>> 
>>> Can someone point me to the current CALEA requirements?
>>> 
>>> 
>>> 
>>> As an ISP, should I be recording all internet traffic that passes my
>>> routers?  Or do I only have to record when and if I receive a court
>> order?
>>> 
>>> 
>>> 
>>> I'm not under any court order now, I just want to be sure that I am
>>> compliant going forward in my capabilities.
>>> 
>>> 
>>> 
>>> Thanks!
>>> 
>>> 
>>> 
>>> Lorell Hathcock
>>

Re: CALEA Requirements

2016-03-18 Thread Scott Helms

Kevin,

That's largely true, but keep in mind that it's normal for people who have
had to fulfill a request to be disallowed from talking about it which makes
them seem even more rare than they actually are.  I'm also not familiar
with any laws that prevent state or local agencies from leveraging CALEA
and I've certainly seen it used on the voice side by state level law
enforcement.


Scott Helms
Chief Technology Officer
ZCorum
(678) 507-5000

http://twitter.com/kscotthelms


On Fri, Mar 18, 2016 at 4:19 PM, Kevin Burke 
wrote:

> Ignore it until you get the paperwork.  The local law enforcement can not
> get a warrant for the real time, full data capture.  Only FBI or other
> national agencies can get those subpeona's.  We went through this with our
> local police department.  They wanted to make sure we were prepared and
> wanted a test for the real time number capture on phone calls.  They didn't
> mention they don't have any equipment on their side to connect the T1.
>
> Ask your local neighbors.  Some area's have a number of local federal
> investigations.  If you get the deer in the headlights look from your
> competition then you may never get one of these.
>
> The full data captures are rare.
>
> Kevin Burke
> 802-540-0979
> Burlington Telecom - City of Burlington
> 200 Church St, Burlington, VT 05401
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Lorell Hathcock
> Sent: Monday, March 14, 2016 4:47 PM
> To: 'NANOG list' 
> Subject: CALEA Requirements
>
> NANOG:
>
>
>
> Can someone point me to the current CALEA requirements?
>
>
>
> As an ISP, should I be recording all internet traffic that passes my
> routers?  Or do I only have to record when and if I receive a court order?
>
>
>
> I'm not under any court order now, I just want to be sure that I am
> compliant going forward in my capabilities.
>
>
>
> Thanks!
>
>
>
> Lorell Hathcock
>
>

Re: CALEA Requirements

2016-03-18 Thread Kraig Beahn

I believe Scott, just hit the nail on the head...
"but keep in mind that it's normal for people who have
had to fulfill a request *to be disallowed from talking about it* which
makes
them seem even more rare than they actually are."

On Fri, Mar 18, 2016 at 4:28 PM, Scott Helms  wrote:

> Kevin,
>
> That's largely true, but keep in mind that it's normal for people who have
> had to fulfill a request to be disallowed from talking about it which makes
> them seem even more rare than they actually are.  I'm also not familiar
> with any laws that prevent state or local agencies from leveraging CALEA
> and I've certainly seen it used on the voice side by state level law
> enforcement.
>
>
> Scott Helms
> Chief Technology Officer
> ZCorum
> (678) 507-5000
> 
> http://twitter.com/kscotthelms
> 
>
> On Fri, Mar 18, 2016 at 4:19 PM, Kevin Burke  >
> wrote:
>
> > Ignore it until you get the paperwork.  The local law enforcement can not
> > get a warrant for the real time, full data capture.  Only FBI or other
> > national agencies can get those subpeona's.  We went through this with
> our
> > local police department.  They wanted to make sure we were prepared and
> > wanted a test for the real time number capture on phone calls.  They
> didn't
> > mention they don't have any equipment on their side to connect the T1.
> >
> > Ask your local neighbors.  Some area's have a number of local federal
> > investigations.  If you get the deer in the headlights look from your
> > competition then you may never get one of these.
> >
> > The full data captures are rare.
> >
> > Kevin Burke
> > 802-540-0979
> > Burlington Telecom - City of Burlington
> > 200 Church St, Burlington, VT 05401
> >
> > -Original Message-
> > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Lorell
> Hathcock
> > Sent: Monday, March 14, 2016 4:47 PM
> > To: 'NANOG list' 
> > Subject: CALEA Requirements
> >
> > NANOG:
> >
> >
> >
> > Can someone point me to the current CALEA requirements?
> >
> >
> >
> > As an ISP, should I be recording all internet traffic that passes my
> > routers?  Or do I only have to record when and if I receive a court
> order?
> >
> >
> >
> > I'm not under any court order now, I just want to be sure that I am
> > compliant going forward in my capabilities.
> >
> >
> >
> > Thanks!
> >
> >
> >
> > Lorell Hathcock
> >
> >
>

RE: CALEA Requirements

2016-03-18 Thread Kevin Burke

Ignore it until you get the paperwork.  The local law enforcement can not get a 
warrant for the real time, full data capture.  Only FBI or other national 
agencies can get those subpeona's.  We went through this with our local police 
department.  They wanted to make sure we were prepared and wanted a test for 
the real time number capture on phone calls.  They didn't mention they don't 
have any equipment on their side to connect the T1.  

Ask your local neighbors.  Some area's have a number of local federal 
investigations.  If you get the deer in the headlights look from your 
competition then you may never get one of these.

The full data captures are rare.

Kevin Burke
802-540-0979
Burlington Telecom - City of Burlington
200 Church St, Burlington, VT 05401

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Lorell Hathcock
Sent: Monday, March 14, 2016 4:47 PM
To: 'NANOG list' 
Subject: CALEA Requirements

NANOG:

 

Can someone point me to the current CALEA requirements?

 

As an ISP, should I be recording all internet traffic that passes my routers?  
Or do I only have to record when and if I receive a court order?

 

I'm not under any court order now, I just want to be sure that I am compliant 
going forward in my capabilities.

 

Thanks!

 

Lorell Hathcock

Re: CALEA Requirements

2016-03-14 Thread Scott Weeks



--- lor...@hathcock.org wrote:
From: "Lorell Hathcock" 

Can someone point me to the current CALEA requirements?

As an ISP, should I be recording all internet traffic that passes my
routers?  Or do I only have to record when and if I receive a court order?

I'm not under any court order now, I just want to be sure that I am
compliant going forward in my capabilities.
-


This is something your company's lawyers should hash out.  
That said, you shouldn't record anything unless forced to 
do so.  It'll just make pervasive surveillance easier.

scott

Re: CALEA Requirements

Re: CALEA Requirements

Re: CALEA Requirements

Re: CALEA Requirements

Re: CALEA Requirements

RE: CALEA Requirements

Re: CALEA Requirements

7 matches

Site Navigation

Mail list logo

Footer information