[WISPA] Re: CALEA

2007-04-27 Thread Matt Liotta
Getting the data for the LEA is just one part of compliance. What about 
the more practical issues?


CALEA requires:
Establishment of policies and procedures for supervision and control of 
officers and employees

Designating a 24/7/265 POC for the LEA
Validating legal authorization for the ELSUR
Maintaining secure and accurate records
Reporting any CALEA security breaches

AND... filling with the FCC how you are going to do the above.

Not implementing the policies and procedures may result in legal liability.

Assuming you have all that is needed to be compliant how do you actually 
comply with an order? You are going to at least need to collect the 
following information:

Telephone number/circuit ID
Start date/time
Officer presenting order
Judge issuing order
Type of ELSUR
Supervising carrier personnel
Certification of “senior official...”
Subscriber name
Date/time order served
Court issuing order
Court docket/file number
Law enforcement officers authorized to receive info
LEA contact numbers
Carrier employees involved

And what about the warrant's validity? CALEA requires the carrier to 
determine the following:

Does the Court have jurisdiction over Carrier?
Does the Court Order provide for Technical Assistance?
Has the Court provided for compensation?
If problems arise, how does the carrier address the issues – 
inside/outside counsel, Service Bureau, etc


Just in case you are wondering, acting on an invalid subpoena is $1,000 
min fine. Further, if you are acting in bad faith, the court can create, 
at carrier expense, a court-supervised monitor of your compliance to 
ensure due diligence. Any violations detected by the monitor can result 
in additional fines.


-Matt

Peter R. wrote:

Well, just over 2 weeks away from the deadline.

We have a webinar with Solera Networks on Tuesday, May 01, 2007 11:00 AM.
RSVP for info.

After many webinars, white papers, legal briefs, it seems that although your
edge router may be CALEA compliant, that might not be enough. You might need
a mediation box to take the data into an acceptable format for the DOJ. (In
most cases, you will need to transmit in real-time without adding noticeable
latency or lag).

Lots of my notes and thoughts are here:
http://radinfo.blogspot.com/2007/04/calea-tpp.html

More info here: www.rad-info.net/fcc/calea1.htm 
www.rad-info.net/fcc/calea3.htm

Comment away - all serious input is welcome.

If you have questions, contact us for answers or ideas. Thank you.

Regards,

Peter Radizeski
RAD-INFO, Inc.
813.963.5884
www.rad-info.net
www.marketingideaguy.com



RAD-INFO, Inc.
813.963.5884


  


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Re: CALEA

2007-04-27 Thread Mark Koskenmaki

- Original Message - 
From: Matt Liotta [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: WISPA General List wireless@wispa.org
Sent: Friday, April 27, 2007 4:03 PM
Subject: [WISPA] Re: CALEA


 Getting the data for the LEA is just one part of compliance. What about
 the more practical issues?

 CALEA requires:
 Establishment of policies and procedures for supervision and control of
 officers and employees

Who's got a coupel days to write legalese documents that detail everyting
they wanna know?

 Designating a 24/7/265 POC for the LEA

This means that no one or two man WISP can be compliant, unless you hire an
answering service, and have people on contact, or else have two of you on
duty 365 days a year, 12 hours a day.One man can't do it himself.

 Validating legal authorization for the ELSUR

What's ELSUR?   I thought I'd managed to uncover all the acronyms already..
Guess not.

 Maintaining secure and accurate records

A summary of all the records you have to maintain would be helpful.

 Reporting any CALEA security breaches




 AND... filling with the FCC how you are going to do the above.

 Not implementing the policies and procedures may result in legal
liability.

 Assuming you have all that is needed to be compliant how do you actually
 comply with an order? You are going to at least need to collect the
 following information:
 Telephone number/circuit ID
 Start date/time
 Officer presenting order
 Judge issuing order
 Type of ELSUR
 Supervising carrier personnel
 Certification of “senior official...”
 Subscriber name
 Date/time order served
 Court issuing order
 Court docket/file number
 Law enforcement officers authorized to receive info
 LEA contact numbers
 Carrier employees involved

 And what about the warrant's validity? CALEA requires the carrier to
 determine the following:
 Does the Court have jurisdiction over Carrier?
 Does the Court Order provide for Technical Assistance?
 Has the Court provided for compensation?
 If problems arise, how does the carrier address the issues –
 inside/outside counsel, Service Bureau, etc

 Just in case you are wondering, acting on an invalid subpoena is $1,000
 min fine. Further, if you are acting in bad faith, the court can create,
 at carrier expense, a court-supervised monitor of your compliance to
 ensure due diligence. Any violations detected by the monitor can result
 in additional fines.

 -Matt

-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] Re: CALEA

2007-04-27 Thread Frank Muto

ELSUR = Electronic Surveillance


Frank Muto
President
FSM Marketing Group, Inc
www.SecureEmailPlus.com

ISPCON Spring 2007
May 23-25 in Orlando, FL.
LaunchPad Pavilion J












- Original Message - 
From: Mark Koskenmaki [EMAIL PROTECTED]

To: WISPA General List wireless@wispa.org
Sent: Friday, April 27, 2007 7:54 PM
Subject: Re: [WISPA] Re: CALEA




- Original Message - 
From: Matt Liotta [EMAIL PROTECTED]

To: [EMAIL PROTECTED]
Cc: WISPA General List wireless@wispa.org
Sent: Friday, April 27, 2007 4:03 PM
Subject: [WISPA] Re: CALEA



Getting the data for the LEA is just one part of compliance. What about
the more practical issues?

CALEA requires:
Establishment of policies and procedures for supervision and control of
officers and employees


Who's got a coupel days to write legalese documents that detail everyting
they wanna know?


Designating a 24/7/265 POC for the LEA


This means that no one or two man WISP can be compliant, unless you hire 
an

answering service, and have people on contact, or else have two of you on
duty 365 days a year, 12 hours a day.One man can't do it himself.


Validating legal authorization for the ELSUR


What's ELSUR?   I thought I'd managed to uncover all the acronyms 
already..

Guess not.


Maintaining secure and accurate records


A summary of all the records you have to maintain would be helpful.


Reporting any CALEA security breaches






AND... filling with the FCC how you are going to do the above.

Not implementing the policies and procedures may result in legal

liability.


Assuming you have all that is needed to be compliant how do you actually
comply with an order? You are going to at least need to collect the
following information:
Telephone number/circuit ID
Start date/time
Officer presenting order
Judge issuing order
Type of ELSUR
Supervising carrier personnel
Certification of “senior official...”
Subscriber name
Date/time order served
Court issuing order
Court docket/file number
Law enforcement officers authorized to receive info
LEA contact numbers
Carrier employees involved

And what about the warrant's validity? CALEA requires the carrier to
determine the following:
Does the Court have jurisdiction over Carrier?
Does the Court Order provide for Technical Assistance?
Has the Court provided for compensation?
If problems arise, how does the carrier address the issues –
inside/outside counsel, Service Bureau, etc

Just in case you are wondering, acting on an invalid subpoena is $1,000
min fine. Further, if you are acting in bad faith, the court can create,
at carrier expense, a court-supervised monitor of your compliance to
ensure due diligence. Any violations detected by the monitor can result
in additional fines.

-Matt


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/



--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/