Re: [WISPA] Re: CALEA
ELSUR = Electronic Surveillance Frank Muto President FSM Marketing Group, Inc www.SecureEmailPlus.com ISPCON Spring 2007 May 23-25 in Orlando, FL. LaunchPad Pavilion J - Original Message - From: "Mark Koskenmaki" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Friday, April 27, 2007 7:54 PM Subject: Re: [WISPA] Re: CALEA - Original Message - From: "Matt Liotta" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "WISPA General List" Sent: Friday, April 27, 2007 4:03 PM Subject: [WISPA] Re: CALEA Getting the data for the LEA is just one part of compliance. What about the more practical issues? CALEA requires: Establishment of policies and procedures for supervision and control of officers and employees Who's got a coupel days to write legalese documents that detail everyting they wanna know? Designating a 24/7/265 POC for the LEA This means that no one or two man WISP can be compliant, unless you hire an answering service, and have people on contact, or else have two of you on duty 365 days a year, 12 hours a day.One man can't do it himself. Validating legal authorization for the ELSUR What's ELSUR? I thought I'd managed to uncover all the acronyms already.. Guess not. Maintaining secure and accurate records A summary of all the records you have to maintain would be helpful. Reporting any CALEA security breaches AND... filling with the FCC how you are going to do the above. Not implementing the policies and procedures may result in legal liability. Assuming you have all that is needed to be compliant how do you actually comply with an order? You are going to at least need to collect the following information: Telephone number/circuit ID Start date/time Officer presenting order Judge issuing order Type of ELSUR Supervising carrier personnel Certification of “senior official...” Subscriber name Date/time order served Court issuing order Court docket/file number Law enforcement officers authorized to receive info LEA contact numbers Carrier employees involved And what about the warrant's validity? CALEA requires the carrier to determine the following: Does the Court have jurisdiction over Carrier? Does the Court Order provide for Technical Assistance? Has the Court provided for compensation? If problems arise, how does the carrier address the issues – inside/outside counsel, Service Bureau, etc Just in case you are wondering, acting on an invalid subpoena is $1,000 min fine. Further, if you are acting in bad faith, the court can create, at carrier expense, a court-supervised monitor of your compliance to ensure due diligence. Any violations detected by the monitor can result in additional fines. -Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Re: CALEA
- Original Message - From: "Matt Liotta" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "WISPA General List" Sent: Friday, April 27, 2007 4:03 PM Subject: [WISPA] Re: CALEA > Getting the data for the LEA is just one part of compliance. What about > the more practical issues? > > CALEA requires: > Establishment of policies and procedures for supervision and control of > officers and employees Who's got a coupel days to write legalese documents that detail everyting they wanna know? > Designating a 24/7/265 POC for the LEA This means that no one or two man WISP can be compliant, unless you hire an answering service, and have people on contact, or else have two of you on duty 365 days a year, 12 hours a day.One man can't do it himself. > Validating legal authorization for the ELSUR What's ELSUR? I thought I'd managed to uncover all the acronyms already.. Guess not. > Maintaining secure and accurate records A summary of all the records you have to maintain would be helpful. > Reporting any CALEA security breaches > > AND... filling with the FCC how you are going to do the above. > > Not implementing the policies and procedures may result in legal liability. > > Assuming you have all that is needed to be compliant how do you actually > comply with an order? You are going to at least need to collect the > following information: > Telephone number/circuit ID > Start date/time > Officer presenting order > Judge issuing order > Type of ELSUR > Supervising carrier personnel > Certification of “senior official...” > Subscriber name > Date/time order served > Court issuing order > Court docket/file number > Law enforcement officers authorized to receive info > LEA contact numbers > Carrier employees involved > > And what about the warrant's validity? CALEA requires the carrier to > determine the following: > Does the Court have jurisdiction over Carrier? > Does the Court Order provide for Technical Assistance? > Has the Court provided for compensation? > If problems arise, how does the carrier address the issues – > inside/outside counsel, Service Bureau, etc > > Just in case you are wondering, acting on an invalid subpoena is $1,000 > min fine. Further, if you are acting in bad faith, the court can create, > at carrier expense, a court-supervised monitor of your compliance to > ensure due diligence. Any violations detected by the monitor can result > in additional fines. > > -Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Re: CALEA
Getting the data for the LEA is just one part of compliance. What about the more practical issues? CALEA requires: Establishment of policies and procedures for supervision and control of officers and employees Designating a 24/7/265 POC for the LEA Validating legal authorization for the ELSUR Maintaining secure and accurate records Reporting any CALEA security breaches AND... filling with the FCC how you are going to do the above. Not implementing the policies and procedures may result in legal liability. Assuming you have all that is needed to be compliant how do you actually comply with an order? You are going to at least need to collect the following information: Telephone number/circuit ID Start date/time Officer presenting order Judge issuing order Type of ELSUR Supervising carrier personnel Certification of “senior official...” Subscriber name Date/time order served Court issuing order Court docket/file number Law enforcement officers authorized to receive info LEA contact numbers Carrier employees involved And what about the warrant's validity? CALEA requires the carrier to determine the following: Does the Court have jurisdiction over Carrier? Does the Court Order provide for Technical Assistance? Has the Court provided for compensation? If problems arise, how does the carrier address the issues – inside/outside counsel, Service Bureau, etc Just in case you are wondering, acting on an invalid subpoena is $1,000 min fine. Further, if you are acting in bad faith, the court can create, at carrier expense, a court-supervised monitor of your compliance to ensure due diligence. Any violations detected by the monitor can result in additional fines. -Matt Peter R. wrote: Well, just over 2 weeks away from the deadline. We have a webinar with Solera Networks on Tuesday, May 01, 2007 11:00 AM. RSVP for info. After many webinars, white papers, legal briefs, it seems that although your edge router may be CALEA compliant, that might not be enough. You might need a mediation box to take the data into an acceptable format for the DOJ. (In most cases, you will need to transmit in real-time without adding noticeable latency or lag). Lots of my notes and thoughts are here: http://radinfo.blogspot.com/2007/04/calea-tpp.html More info here: www.rad-info.net/fcc/calea1.htm & www.rad-info.net/fcc/calea3.htm Comment away - all serious input is welcome. If you have questions, contact us for answers or ideas. Thank you. Regards, Peter Radizeski RAD-INFO, Inc. 813.963.5884 www.rad-info.net www.marketingideaguy.com RAD-INFO, Inc. 813.963.5884 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/