[WISPA] CALEA FAQ Questions
Marlon, I have been reading the WISPA CALEA FAQ and was a little concerned about question #10. If the LEA does not know who the suspect is using an open access point does this mean that everyone that has used that access point will have their data handed over to the LEA? It would seem that if the LEA is only allowed to receive the data requested in the subpoena this would be a violation. As far as I can tell question #15 does not get answered in the paragraph following the question. It talks more about acceptable billing and the fact that WISPA might have a solution in the future. One of the questions in section 23 asks Does the FBI speak for other LEA's?. Unless I am mistaken this question does not get answered. Also the document says over and over again that the LEA's will work with WISP's, which sounds like there is no easy way this can always be done transparently with the current broadband equipment deployed by WISP's. So the workaround is the WISP should give them the all the data from the device in question and the LEA's will sort it out and separate it. If I am out of line please let me know but if I have questions about the FAQ then I am guessing there are others that do too. Regards, Dawn DiPietro -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA FAQ Questions
On Thu, 2007-05-10 at 09:37 -0400, Dawn DiPietro wrote: Marlon, I have been reading the WISPA CALEA FAQ and was a little concerned about question #10. If the LEA does not know who the suspect is using an open access point does this mean that everyone that has used that access point will have their data handed over to the LEA? It would seem that if the LEA is only allowed to receive the data requested in the subpoena this would be a violation. I asked a similar question in the Bear Hill webinar. I had asked about private IPs and how the request would be made to us, would it be an IP or name, unfortunately it can be either one. We would most likely need to provide the data from that IP if that is how the request was made. Now with a tap of a external IP of a private IP range, you would have to provide the data from the inside of the network, so that they could analyze it and determine what internal IP is the suspect. I have only been working in this industry for a little under a year and I have been amazed at the use of private IPs for customers. We have them setup here, in my opinion it cause more trouble than its worth I hope to move away from private IPs over the next year. They will still exist in our network for networking devices, but ideally no more customers would get them. As far as I can tell question #15 does not get answered in the paragraph following the question. It talks more about acceptable billing and the fact that WISPA might have a solution in the future. One of the questions in section 23 asks Does the FBI speak for other LEA's?. Unless I am mistaken this question does not get answered. Also the document says over and over again that the LEA's will work with WISP's, which sounds like there is no easy way this can always be done transparently with the current broadband equipment deployed by WISP's. So the workaround is the WISP should give them the all the data from the device in question and the LEA's will sort it out and separate it. If I am out of line please let me know but if I have questions about the FAQ then I am guessing there are others that do too. Regards, Dawn DiPietro -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA FAQ Questions
I have been reading the WISPA CALEA FAQ and was a little concerned about question #10. If the LEA does not know who the suspect is using an open access point does this mean that everyone that has used that access point will have their data handed over to the LEA? It would seem that if the LEA is only allowed to receive the data requested in the subpoena this would be a violation. In the past WISP's have asked if there was anyway to keep users from NATing and connecting more then 1 PC. There is no way to block this and no easy way to prevent or detect it. From the ISP perspective there is no way isolate single hotspot user since they all come in on the same IP. If the ISP has control and management of the hotspot they may be able to isolate the traffic of a given mac but this would not be reliable if they connect with a different laptop the next day. Of course it depends what kind of hotspot and how its setup. I would say your going to have to give the LEA all the traffic for the hotspot and let them filter/figure out what they need. Moral of the story: open non-encrypted wireless routers are NOT secure to use. Unless your a bad guy and just drive around tell you find one then do your ill deeds there. Just my opinion. Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA FAQ Questions
This is not the sense that I get from the meeting we had with the FBI. They will know who the target is and be issuing an order for that person. However, if they happen to live with several people all on one wireless network, then the traffic is going to be mixed most likely. The best you can do is give them the traffic at that IP. According to the FBI, it's just like when they tap phones. The are to listen to only the target conversations and not the other people in the home. Lonnie Nunweiler wrote: Do they issue search warrants for a whole apartment building because they suspect someone living there is doing something bad? It was my understanding that a bit more info is required and it has to actually have a person or persons in mind. Why would data taps be treated any differently? Lonnie On 5/10/07, Matt [EMAIL PROTECTED] wrote: I have been reading the WISPA CALEA FAQ and was a little concerned about question #10. If the LEA does not know who the suspect is using an open access point does this mean that everyone that has used that access point will have their data handed over to the LEA? It would seem that if the LEA is only allowed to receive the data requested in the subpoena this would be a violation. In the past WISP's have asked if there was anyway to keep users from NATing and connecting more then 1 PC. There is no way to block this and no easy way to prevent or detect it. From the ISP perspective there is no way isolate single hotspot user since they all come in on the same IP. If the ISP has control and management of the hotspot they may be able to isolate the traffic of a given mac but this would not be reliable if they connect with a different laptop the next day. Of course it depends what kind of hotspot and how its setup. I would say your going to have to give the LEA all the traffic for the hotspot and let them filter/figure out what they need. Moral of the story: open non-encrypted wireless routers are NOT secure to use. Unless your a bad guy and just drive around tell you find one then do your ill deeds there. Just my opinion. Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA FAQ Questions
Hi Dawn, Please let me preface this by saying that there are not always easy answers. And we can't always come up with a pre-made solution for every situation that may arise. We've talked with the FBI about all of these issues. We all know what the law says, and we all know what's actually possible. They aren't always lined up in nice little rows with all of the i's dotted and t's crossed. More below. Marlon (509) 982-2181 (408) 907-6910 (Vonage)Consulting services 42846865 (icq)WISP Operator since 1999! [EMAIL PROTECTED] www.odessaoffice.com/wireless www.odessaoffice.com/marlon/cam - Original Message - From: Dawn DiPietro [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Thursday, May 10, 2007 6:37 AM Subject: [WISPA] CALEA FAQ Questions Marlon, I have been reading the WISPA CALEA FAQ and was a little concerned about question #10. If the LEA does not know who the suspect is using an open access point does this mean that everyone that has used that access point will have their data handed over to the LEA? It would seem that if the LEA is only allowed to receive the data requested in the subpoena this would be a violation. We've talked about this a lot. *I've* personally talked with the head of the FBI CALEA division about this issue both via email and phone. It's one of the very first issues we talked about and why the WISPA standards effort is so important. If we can clear it, things like this will fall under the safe harbor. They (the FBI) know that some things just won't be possible/practical. Lets use my office as an example (I've done this with them so don't go hollering from the mountains about how I'm being a fool, too late). I have a FREE OPEN Linksys wireless router set up as a hotspot. Anyone that comes to town can sit in my office, in their car out front, or soon on a picinic table that I'll provide, and get all the free internet that they need while they are in the area. No charge. No tracking, heck, I won't even know it's happened. What happens when that IP addy shows up on a wire tap order? I can't change the ap so that we can insert an MT unit or some other box that would allow an individual's tap. Doing so would tip off the suspect. There are only two ways to get the data. One, tap the wireless transmissions and sort it all out on that side. Not something I have the ability, expertise, tools etc. to do. OR, we can just grab all of the data going to/from that device on the ethernet side. The LEA will have to sort out the data streams on their own. WE can't do it because we're not going to know exactly what data they are looking for. It's not a perfect solution but it's all there is. They'll have to do the same thing if the local Starbucks has a user that shows up somewhere. As far as I can tell question #15 does not get answered in the paragraph following the question. It talks more about acceptable billing and the fact that WISPA might have a solution in the future. The FAQ is only a starting point. We took the major questions people had, condenced them and got the best answers we could. We're also hanstrung a little bit because there are some things that we're not allowed to tell publicly. Much more of that coming. Might as well get ready to be even more frustrated by those of us on the committee telling you things that you can't verify other ways and we won't be able to tell you exactly what we're basing our statements on due to NDA's signed with the FBI. One of the questions in section 23 asks Does the FBI speak for other LEA's?. Unless I am mistaken this question does not get answered. They do and they don't. They are the ones to approve a standard. If they clear it, all other LEAs are bound by it. But there may be things we are asked to do etc. that are not up to the FBI. Also the document says over and over again that the LEA's will work with WISP's, which sounds like there is no easy way this can always be done transparently with the current broadband equipment deployed by WISP's. So the workaround is the WISP should give them the all the data from the device in question and the LEA's will sort it out and separate it. There are likely going to be times when this is true. The reason for CALEA is to make sure that the LEA can't get to things that they've not been specifically cleared to get. I believe that sometimes they get things that they weren't looking for in physical searches too. If they raid a house looking for stolen property and run into a meth lab, that doesn't mean that they shouldn't have gone into the house in the first place. OR, if on their way to a bust they see a stolen car in your driveway, they just happened to be in the right place at the right time. As I said before, we can all come up with more situations that don't fit the law than the law can possibly deal
Re: [WISPA] CALEA FAQ Questions
This is one of the things that has always bothered me when it comes to wire tapping a data connection. On a phone call it can be pretty easy to tell if your suspect is involved in the conversation, assuming they have not used a voice modulator. But when it comes to a data connection, how do you know? Sam Tetherow Sandhills Wireless Martha Huizenga wrote: This is not the sense that I get from the meeting we had with the FBI. They will know who the target is and be issuing an order for that person. However, if they happen to live with several people all on one wireless network, then the traffic is going to be mixed most likely. The best you can do is give them the traffic at that IP. According to the FBI, it's just like when they tap phones. The are to listen to only the target conversations and not the other people in the home. Lonnie Nunweiler wrote: Do they issue search warrants for a whole apartment building because they suspect someone living there is doing something bad? It was my understanding that a bit more info is required and it has to actually have a person or persons in mind. Why would data taps be treated any differently? Lonnie On 5/10/07, Matt [EMAIL PROTECTED] wrote: I have been reading the WISPA CALEA FAQ and was a little concerned about question #10. If the LEA does not know who the suspect is using an open access point does this mean that everyone that has used that access point will have their data handed over to the LEA? It would seem that if the LEA is only allowed to receive the data requested in the subpoena this would be a violation. In the past WISP's have asked if there was anyway to keep users from NATing and connecting more then 1 PC. There is no way to block this and no easy way to prevent or detect it. From the ISP perspective there is no way isolate single hotspot user since they all come in on the same IP. If the ISP has control and management of the hotspot they may be able to isolate the traffic of a given mac but this would not be reliable if they connect with a different laptop the next day. Of course it depends what kind of hotspot and how its setup. I would say your going to have to give the LEA all the traffic for the hotspot and let them filter/figure out what they need. Moral of the story: open non-encrypted wireless routers are NOT secure to use. Unless your a bad guy and just drive around tell you find one then do your ill deeds there. Just my opinion. Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA FAQ Questions
Sam, The evidence that LEAs collect is just part of a case. If a suspect is doing bad things then data will be collected. Next steps would usually involve a warrant to get the computer and have it looked over. I have seen other tools used by LEAs to gather evidence. I am guessing that data-taps will rarely be the basis for an entire case. If it is then defense attorneys better call on us because I can tell them how easy it is to make data traffic appear to come from one person or another without the person's knowledge. That is Hacker 101 type stuff. People sneaking access on open APs is obviously going to lead to some false data tap information in many cases. Maybe people will start locking down their home APs after that happens a few times. Scriv Sam Tetherow wrote: This is one of the things that has always bothered me when it comes to wire tapping a data connection. On a phone call it can be pretty easy to tell if your suspect is involved in the conversation, assuming they have not used a voice modulator. But when it comes to a data connection, how do you know? Sam Tetherow Sandhills Wireless Martha Huizenga wrote: This is not the sense that I get from the meeting we had with the FBI. They will know who the target is and be issuing an order for that person. However, if they happen to live with several people all on one wireless network, then the traffic is going to be mixed most likely. The best you can do is give them the traffic at that IP. According to the FBI, it's just like when they tap phones. The are to listen to only the target conversations and not the other people in the home. Lonnie Nunweiler wrote: Do they issue search warrants for a whole apartment building because they suspect someone living there is doing something bad? It was my understanding that a bit more info is required and it has to actually have a person or persons in mind. Why would data taps be treated any differently? Lonnie On 5/10/07, Matt [EMAIL PROTECTED] wrote: I have been reading the WISPA CALEA FAQ and was a little concerned about question #10. If the LEA does not know who the suspect is using an open access point does this mean that everyone that has used that access point will have their data handed over to the LEA? It would seem that if the LEA is only allowed to receive the data requested in the subpoena this would be a violation. In the past WISP's have asked if there was anyway to keep users from NATing and connecting more then 1 PC. There is no way to block this and no easy way to prevent or detect it. From the ISP perspective there is no way isolate single hotspot user since they all come in on the same IP. If the ISP has control and management of the hotspot they may be able to isolate the traffic of a given mac but this would not be reliable if they connect with a different laptop the next day. Of course it depends what kind of hotspot and how its setup. I would say your going to have to give the LEA all the traffic for the hotspot and let them filter/figure out what they need. Moral of the story: open non-encrypted wireless routers are NOT secure to use. Unless your a bad guy and just drive around tell you find one then do your ill deeds there. Just my opinion. Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
