Re: [WISPA] Calea Compliance
Re: [WISPA] Calea ComplianceRight. There are documents that WISPA has created to help with this. http://www.wispa.org/?page_id=2022 We also have an implementation guide but the board has not determined how that's to be distributed. We can certainly get a copy to you if you are a member. Please note, that we're in the middle of a minor re-write that will focus on IPv6 issues and a couple of clarifications that needed work in the original version. marlon - Original Message - From: Jeff Broadwick - Lists To: ro...@g5i.net ; 'WISPA General List' Sent: Monday, March 07, 2011 5:59 AM Subject: Re: [WISPA] Calea Compliance You would be better off putting a passive tap inline and the router as a probe. If you do that, it will be completely invisible to the end customer. Regards, Jeff ImageStream Sales Manager 800-813-5123 x106 -- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Roger Howard Sent: Saturday, March 05, 2011 10:50 PM To: WISPA General List Subject: Re: [WISPA] Calea Compliance Ok, but the FBI wouldn't know I stuck the hardware there at the last minute. And the tower glitches off whenever I do a firmware upgrade anyway. The customer wouldn't know the difference. On Sat, Mar 5, 2011 at 9:45 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Depends who you ask. Some might say the customer could notice a change in network and hence non compliant. On Mar 5, 2011 10:43 PM, Roger Howard g5inter...@gmail.com wrote: Would I cover myself for calea by having a mikrotik router on the shelf, set up as a bridge, with the calea module installed. Then if I get subpoenaed for a tap, I just run out to the appropriate tower and put it on the ethernet interface of whichever AP the subscriber is on? Thanks, Roger WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1204 / Virus Database: 1435/3487 - Release Date: 03/07/11 -- WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Calea Compliance
You would be better off putting a passive tap inline and the router as a probe. If you do that, it will be completely invisible to the end customer. Regards, Jeff ImageStream Sales Manager 800-813-5123 x106 _ From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Roger Howard Sent: Saturday, March 05, 2011 10:50 PM To: WISPA General List Subject: Re: [WISPA] Calea Compliance Ok, but the FBI wouldn't know I stuck the hardware there at the last minute. And the tower glitches off whenever I do a firmware upgrade anyway. The customer wouldn't know the difference. On Sat, Mar 5, 2011 at 9:45 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Depends who you ask. Some might say the customer could notice a change in network and hence non compliant. On Mar 5, 2011 10:43 PM, Roger Howard g5inter...@gmail.com wrote: Would I cover myself for calea by having a mikrotik router on the shelf, set up as a bridge, with the calea module installed. Then if I get subpoenaed for a tap, I just run out to the appropriate tower and put it on the ethernet interface of whichever AP the subscriber is on? Thanks, Roger WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1204 / Virus Database: 1435/3487 - Release Date: 03/07/11 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Calea Compliance
The FBI told me (and I am paraphrasing) that if you work with them that they will work with you. Basically as long as you are not acting like you do not think they have a right to do the tap and are not being a pain in the behind then you will get all the support you need from them in a lawful intercept situation. I would say that having this box on the shelf shows your intentions of being compliant to the act. CALEA is all about 2 things. It is about making sure that tools exist to find and stop crime on the Internet and about making sure that we help be a check against government becoming too intrusive. CALEA has many regs which say when we are doing too much to help tap connections. The WISPA CALEA standard was created to act as a guideline for WISPs. It tells precisely what our obligations are in helping assure we can perform lawful intercepts in our network and in preventing overstepping the bounds of what is lawful. Scriv On Sat, Mar 5, 2011 at 9:49 PM, Roger Howard g5inter...@gmail.com wrote: Ok, but the FBI wouldn't know I stuck the hardware there at the last minute. And the tower glitches off whenever I do a firmware upgrade anyway. The customer wouldn't know the difference. On Sat, Mar 5, 2011 at 9:45 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Depends who you ask. Some might say the customer could notice a change in network and hence non compliant. On Mar 5, 2011 10:43 PM, Roger Howard g5inter...@gmail.com wrote: Would I cover myself for calea by having a mikrotik router on the shelf, set up as a bridge, with the calea module installed. Then if I get subpoenaed for a tap, I just run out to the appropriate tower and put it on the ethernet interface of whichever AP the subscriber is on? Thanks, Roger WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Calea Compliance
On 03/06/2011 09:18 AM, John Scrivner wrote: The FBI told me (and I am paraphrasing) that if you work with them that they will work with you. Basically as long as you are not acting like you do not think they have a right to do the tap and are not being a pain in the behind then you will get all the support you need from them in a lawful intercept situation. I would say that having this box on the shelf shows your intentions of being compliant to the act. CALEA is all about 2 things. It is about making sure that tools exist to find and stop crime on the Internet and about making sure that we help be a check against government becoming too intrusive. Correct. Protect the rights of our customers, protect the rights of the service provider AND allow for what LEA needs to get a conviction for the guilty party. All of these are built into CALEA. CALEA has many regs which say when we are doing too much to help tap connections. The WISPA CALEA standard was created to act as a guideline for WISPs. It tells precisely what our obligations are in helping assure we can perform lawful intercepts in our network and in preventing overstepping the bounds of what is lawful. In addition, the WCS for IPNA provides technical requirements as well. It defines the technical standard that our software/hardware MUST meet. For the original poster: Be sure you are familiar enough with the way the MT handles the CALEA software so that you can properly capture this data for the LEA. Mikrotik's CALEA implementation is 2 parts. It requires a server AND a tap. One box CAN be both pieces. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://store.wispgear.net/* Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * *NOTE THE NEW PHONE NUMBER: 702-537-0979 * WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Calea Compliance
The easy answer is if you get a warrant you should ask the agency for help before doing anything. They are more than willing to help in my experience. My advice is: 1.Get your attorney involved to the point they know what you are doing 2.Call the agency who the warrant is for and ask for technical assistance. They have done this many times and can make sure you don't mess things up. Justin -- Justin Wilson j...@mtin.net Aol Yahoo IM: j2sw http://www.mtin.net/blog xISP News http://www.twitter.com/j2sw Follow me on Twitter Wisp Consulting Tower Climbing Network Support On 3/6/11 11:02 AM, Butch Evans but...@butchevans.com wrote: On 03/06/2011 09:18 AM, John Scrivner wrote: The FBI told me (and I am paraphrasing) that if you work with them that they will work with you. Basically as long as you are not acting like you do not think they have a right to do the tap and are not being a pain in the behind then you will get all the support you need from them in a lawful intercept situation. I would say that having this box on the shelf shows your intentions of being compliant to the act. CALEA is all about 2 things. It is about making sure that tools exist to find and stop crime on the Internet and about making sure that we help be a check against government becoming too intrusive. Correct. Protect the rights of our customers, protect the rights of the service provider AND allow for what LEA needs to get a conviction for the guilty party. All of these are built into CALEA. CALEA has many regs which say when we are doing too much to help tap connections. The WISPA CALEA standard was created to act as a guideline for WISPs. It tells precisely what our obligations are in helping assure we can perform lawful intercepts in our network and in preventing overstepping the bounds of what is lawful. In addition, the WCS for IPNA provides technical requirements as well. It defines the technical standard that our software/hardware MUST meet. For the original poster: Be sure you are familiar enough with the way the MT handles the CALEA software so that you can properly capture this data for the LEA. Mikrotik's CALEA implementation is 2 parts. It requires a server AND a tap. One box CAN be both pieces. -- * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/* Network Engineering * * http://store.wispgear.net/* Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * *NOTE THE NEW PHONE NUMBER: 702-537-0979 * -- -- WISPA Wants You! Join today! http://signup.wispa.org/ -- -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Calea Compliance
Depends who you ask. Some might say the customer could notice a change in network and hence non compliant. On Mar 5, 2011 10:43 PM, Roger Howard g5inter...@gmail.com wrote: Would I cover myself for calea by having a mikrotik router on the shelf, set up as a bridge, with the calea module installed. Then if I get subpoenaed for a tap, I just run out to the appropriate tower and put it on the ethernet interface of whichever AP the subscriber is on? Thanks, Roger WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Calea Compliance
Ok, but the FBI wouldn't know I stuck the hardware there at the last minute. And the tower glitches off whenever I do a firmware upgrade anyway. The customer wouldn't know the difference. On Sat, Mar 5, 2011 at 9:45 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Depends who you ask. Some might say the customer could notice a change in network and hence non compliant. On Mar 5, 2011 10:43 PM, Roger Howard g5inter...@gmail.com wrote: Would I cover myself for calea by having a mikrotik router on the shelf, set up as a bridge, with the calea module installed. Then if I get subpoenaed for a tap, I just run out to the appropriate tower and put it on the ethernet interface of whichever AP the subscriber is on? Thanks, Roger WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Calea compliance contractors
Hi Chris, Butch would be a good place to start. I've also cc'd the rest of the WISPA calea team. Maybe there are people on there that do things I don't know about. laters, Marlon (509) 982-2181 (408) 907-6910 (Vonage)Consulting services 42846865 (icq)WISP Operator since 1999! [EMAIL PROTECTED] www.odessaoffice.com/wireless www.odessaoffice.com/marlon/cam - Original Message - From: Christopher Orr [EMAIL PROTECTED] To: wireless@wispa.org Sent: Tuesday, November 25, 2008 9:42 AM Subject: [WISPA] Calea compliance contractors Hi all- I'm just curious if anyone has a contact for someone that is a CALEA compliance contractor. Essentially we are looking for a third party that can verify compliance. Hit me offlist, please. Regards, -chris WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
I appreciated Tim's remarks, but this sounded very much like a response from someone that is getting fed by the process of CALEA. If I am wrong I duly appologize. if I am correct then I have said enough. I agree with you Sam. It boils down to Uncle Sam is pushing an INTERNET SECURITY TAX on the everyone in the industry and only funding the TELCO's Side of it and we have no say so in the matter. They have plenty of resources and just determined that we can take it or shut down. This too is another way that the multi funded telcos will continue to be fed by the feds and we will have to pickup the scraps that the telco's don't have time or the interest to reach. Now doing that will just be a tougher battle. It must be nice getting a subcity... only a telcos know how to spell that the rest of us have never had money give to us we have to earn it. lol Ross - Original Message - From: Sam Tetherow [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Wednesday, May 02, 2007 4:20 PM Subject: Re: [WISPA] CALEA Compliance Tim Kery wrote: Hi Ross, SNIP You also have to remember that Law Enforcement's primary focus is Law Enforcement and not developing technology. The FBI/DEA/DOJ said as much when in 2004 they petitioned the FCC to expand CALEA to broadband and VoIP. Essentially, they argued that it isn't possible for them to keep up with the pace of technology. (By the way, this isn't an ability issue, the FBI and Secret Service, ect. have exceptionally talented teams. Instead it really is a resource issue; the number of staff they have to cover these issues can't cover the scale of the problem.) So I, as a small provider, am suppose to have more and better resources than the federal government and their various agencies? Sam Tetherow Sandhills Wireless -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance (Netequalizer)
For people that run Netequalizers, they are helping you comply As promised, NetEqualizer is now offering the utilities necessary to meet requirements set forth this month by CALEA, or the Communications Assistance for Law Enforcement Act. This law oversees telecommunication security and has now been expanded to Internet security. There are some fairly harsh federal penalties for noncompliance that became effective May 1. John Marlon K. Schafer wrote: There won't be a WISPA standard done in time. We're still waiting on some documentation from the FBI and we need to get some internal documentation together as well. But you don't have to be compliant with ANY standard to be CALEA compliant! You just have to understand what you have to do if they ask and have mechanisms in place to do it. The basic parts you'll need are: Linux based router or tap capabilities on the on you have. OR a managed switch that will allow you to mirror a port. Linux server with OpenCALEA and an FTP program on it. Knowledge of how to make it record and distribute the needed data for LEA. You don't HAVE to use a TTP. You don't HAVE to follow a standard. You don't HAVE to panic just yet. *I've* talked to the folks at the FBI. They are NOT interested in running anyone out of business. They just want to catch bad guys and they *may* need our help to do it. Everything past that point is FUD. Why have a standard at all then? Because if you don't follow a standard you have to TRY to do anything that LEA asks of you. If you are standards compliant you only have to do what the standard says you have to do. Believe it or not, guys like Tim at Bearhill are working WITH WISPA in our efforts to develop a low cost/no cost solution to CALEA. We all know that many in this industry are still trying to figure out how to pay the bill on that latest order for 3 cpe units. I was sometimes 60 days behind with EC. I always paid but rarely on time. Sucked for me and for them. Fortunately, they hung with me and today we're as likely to be prepaid as we are to owe them. It's a nice change of pace. We also order radios in bulk, every couple to few weeks, rather than 1 or 2 at a time. Wondering how to make payroll, or buy diapers sucks. Most of us have been there. We got through those times partly because others reached a hand down and helped us where they could. We worked hard, honestly and consistently. I suggest that those of you in panic mode over CALEA go to www.askcalea.net and read up on it. Contact the FCC and the FBI yourselves if you don't believe those of us that are doing this work. So far I've found that folks are more than happy to answer my direct questions. At LEAST contact those that WISPA sent to the FBI! They know a lot of answers and they have a direct line to the FBI if they don't know the answer. Yeah, CALEA is a big deal. Yeah it's complicated. Yeah, it'll suck to have to perform. Yeah, you have to do it anyway :-). Might as well stop whining and start figuring out what all of those ttp's have already gotten figured out. Someone's gonna make money off of those out there that can't/won't figure it out for themselves. Might as well be you! marlon - Original Message - From: Todd Barber [EMAIL PROTECTED] To: 'WISPA General List' wireless@wispa.org Sent: Monday, April 30, 2007 8:19 PM Subject: RE: [WISPA] CALEA Compliance John, The part that is causing disbelief for me is the deadline is only days away and I haven't seen this solution or the costing for the solution. Todd Barber Skylink Broadband Internet [EMAIL PROTECTED] 970-454-9499 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Scrivner Sent: Monday, April 30, 2007 9:14 PM To: WISPA General List Subject: Re: [WISPA] CALEA Compliance I personally do not believe that any CALEA can be cost effective. Quite simply, solving CALEA requires spending money without earning any additional revenue. The only way to justify the CALEA expense is to accept it as a cost of doing business. This means simply that your market opportunity is lost if you aren't CALEA compliant. I firmly believe every service provider should have plans for being CALEA compliant or have plans for exiting the business. This one is different than E911; the liability will be staggering. -Matt Matt, We look forward to proving that this thinking is wrong. What part of CALEA compliance is it that makes you think we cannot develop a low cost and reasonable solution which will not break the bank? Scriv -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.467 / Virus Database: 269.6.2/781 - Release Date: 4/30/2007 9:14 AM -- WISPA Wireless List: wireless
Re: [WISPA] CALEA Compliance
- Original Message - From: Jack Unger [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Monday, April 30, 2007 7:56 PM Subject: Re: [WISPA] CALEA Compliance I went to email him, but his website says he will not respond to emails from outside his district. his website has no mention of his letter to the FCC. Is there anyone in his district on-list who can email or call him? People from outside his district are obviously going to be far back on the list of things to take time to deal with. I won't call unless there's nobody in his district. I did a lot of searching for additional information about his request, but I found nothing. I did find he has a lot of interest in internet / telecommunications, though I see he and I are on the opposite sides of a lot of things. His district is the upper peninsula of Michigan. Anyone? I'd like to hear the FCC response to Rep. Bart Stupak's request to waive the CALEA regulations for small broadband providers, as described in the following link. http://www.wispa.org/?p=21 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
On Mon, 30 Apr 2007, Todd Barber wrote: I have seen numerous posts on the WISPA list indicating that a cost effective and compliant solution for this issue was being worked on and would become available in the near future. All I can say is please be patient. An answer to your question is coming. We (the wispa calea committee) are working on building the standard now. I have seen numerous posts indicating that small providers should not be concerned and that attaining CALEA compliance would not put them out of business. Those posts would be correct. I contacted them today. If this is the cost effective solution that is available, it isnt cost effective enough for our operation. The monthly is ¼ of our current bandwidth costs and the upfront is twice the cost of our head-end router that is servicing all of our customers. Bearhill (or any other TTP) is a good solution if you want someone else to assist in managing your CALEA compliance. A TTP is NOT a requirement, however. If someone has better information on how a small ISP can become CALEA compliant in a cost effective manner, please contact me as I am all ears. If there is better information or a defined solution being presented on the WISPA member list, I am more than willing to pay membership dues to access it. If there isnt a better solution being discussed there, I would just as well save the due money as it will probably not be long before we are out of business or sell to a larger competitor and the membership will be useless. All I can say is (again), be patient. This information is coming. BTW, becoming a WISPA member is a good idea anyway. CALEA will not be the downfall of anyone (except those that refuse to obey the law). -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant http://www.mikrotik.com/consultants.html-- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
John Scrivner wrote: We look forward to proving that this thinking is wrong. What part of CALEA compliance is it that makes you think we cannot develop a low cost and reasonable solution which will not break the bank? Even if you do come up with a way to handle LI in time for the deadline that is only going to solve one part of CALEA. We checked with Cisco in the beginning regarding CALEA. We were assured they were working on it and would have a solution in time (much the same way WISPA has). We now have Cisco's solution and understand it does exactly what they say it would do; namely LI. Unfortunately, LI isn't enough as I have outlined in other posts. We have had to develop the rest of the solution on our own. Reread my post on the practical requirements of dealing with ELSUR and check with your attorneys. I think you'll find no technical solution to those requirements. -Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
I still would like to know the amount of incident that this CALEA will cause for all of its costs to our industry. Did anyone ask the FBI, why they cannot have several machines and deliver them as needed pre-configured then we can install them when they are needed. It is highly unreasonable for the FBI to ask everyone to have a utility and manage this utility when it will never be used by a very large portion of our industry. It is far cheaper for the government to sameday ship their device to us anywhere in the nation then it is to have everyone else trying to scramble to satisfy a need that will largely be an expensive dust collector in most businesses. Anyone know if this has been posed to the FBI. - Original Message - From: Matt Liotta [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Tuesday, May 01, 2007 7:54 AM Subject: Re: [WISPA] CALEA Compliance John Scrivner wrote: We look forward to proving that this thinking is wrong. What part of CALEA compliance is it that makes you think we cannot develop a low cost and reasonable solution which will not break the bank? Even if you do come up with a way to handle LI in time for the deadline that is only going to solve one part of CALEA. We checked with Cisco in the beginning regarding CALEA. We were assured they were working on it and would have a solution in time (much the same way WISPA has). We now have Cisco's solution and understand it does exactly what they say it would do; namely LI. Unfortunately, LI isn't enough as I have outlined in other posts. We have had to develop the rest of the solution on our own. Reread my post on the practical requirements of dealing with ELSUR and check with your attorneys. I think you'll find no technical solution to those requirements. -Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
If we can come up with a device to capture and send to an FTP server and allow for VPN connectivity then why can the most powerful law agency in the world not do the same. This way they controll it all. We just provide the pipe to get the data back to their preferred location. I do not know much about CALEA. I am still reading more and more, but if they are asking us to do something, then they had better already know how to do it. ross - Original Message - From: Matt Liotta [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Tuesday, May 01, 2007 9:54 AM Subject: Re: [WISPA] CALEA Compliance Ross Cornett wrote: I still would like to know the amount of incident that this CALEA will cause for all of its costs to our industry. Did anyone ask the FBI, why they cannot have several machines and deliver them as needed pre-configured then we can install them when they are needed. It is highly unreasonable for the FBI to ask everyone to have a utility and manage this utility when it will never be used by a very large portion of our industry. It is far cheaper for the government to sameday ship their device to us anywhere in the nation then it is to have everyone else trying to scramble to satisfy a need that will largely be an expensive dust collector in most businesses. Let's assume that the FBI would send you a box for LI. What about the remaining requirements for CALEA? -Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
You'd come across a lot of privacy issues giving the FBI that sort of access. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Ross Cornett [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Tuesday, May 01, 2007 9:59 AM Subject: Re: [WISPA] CALEA Compliance If we can come up with a device to capture and send to an FTP server and allow for VPN connectivity then why can the most powerful law agency in the world not do the same. This way they controll it all. We just provide the pipe to get the data back to their preferred location. I do not know much about CALEA. I am still reading more and more, but if they are asking us to do something, then they had better already know how to do it. ross - Original Message - From: Matt Liotta [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Tuesday, May 01, 2007 9:54 AM Subject: Re: [WISPA] CALEA Compliance Ross Cornett wrote: I still would like to know the amount of incident that this CALEA will cause for all of its costs to our industry. Did anyone ask the FBI, why they cannot have several machines and deliver them as needed pre-configured then we can install them when they are needed. It is highly unreasonable for the FBI to ask everyone to have a utility and manage this utility when it will never be used by a very large portion of our industry. It is far cheaper for the government to sameday ship their device to us anywhere in the nation then it is to have everyone else trying to scramble to satisfy a need that will largely be an expensive dust collector in most businesses. Let's assume that the FBI would send you a box for LI. What about the remaining requirements for CALEA? -Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
Ross Cornett wrote: I still would like to know the amount of incident that this CALEA will cause for all of its costs to our industry. Did anyone ask the FBI, why they cannot have several machines and deliver them as needed pre-configured then we can install them when they are needed. It is highly unreasonable for the FBI to ask everyone to have a utility and manage this utility when it will never be used by a very large portion of our industry. It is far cheaper for the government to sameday ship their device to us anywhere in the nation then it is to have everyone else trying to scramble to satisfy a need that will largely be an expensive dust collector in most businesses. Let's assume that the FBI would send you a box for LI. What about the remaining requirements for CALEA? -Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
You need to filter out data that is not under the subpoena. And (as I understand it) the LEA should work with you to get the data. Ross Cornett wrote: If we can come up with a device to capture and send to an FTP server and allow for VPN connectivity then why can the most powerful law agency in the world not do the same. This way they controll it all. We just provide the pipe to get the data back to their preferred location. I do not know much about CALEA. I am still reading more and more, but if they are asking us to do something, then they had better already know how to do it. ross -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
Prior to CALEA, my plan for helping law enforcement consisted of the following... Introducing them to my upstream (they'd already know them anyway, because my netblocks belong to them) and having them use my provider's nice, secure NOC for tapping into my upstream traffic via a managed switch and mirroring. I have no place to put a mediation box, no place to put any kind of physical tap. I have no physical point this can be done, WITHIN THE BOUNDARIES OF MY NETWORK. Physically, it has to be located at someone else's facility. This is not compliant. And one says why are you stressing? Ok, how many of you have dealt with the IRS? How about electrical codes? Building codes? OSHA? Saying that the feds just want the data is just like saying the IRS just wants some money. Wrong. They want absolute compliance, to the letter. When we had to dispose of solvents and cleaners, we went many rounds with the DEQ for Oregon. There was no accomplish this goal, it was obey the letter, period. Great solutions were not allowed, because they didn't fit the absolute letter. Welcome to the world of regulatory hell. Conversations with people in DC are one thing. They will present as a nice of face as possible to disarm you. The IRS people are pleasant... at first.. too.So was the DEQ. Oh, we don't want to fine you, just get you into compliance, but the moment we talked to them, we had to immediately do what they demanded, or face fines. For instance, we had to clean some parts in something like carb cleaner. It is washed off with high pressure hot water. That means that it, and the water you wash it off with... is hazardous waste. So, limits on the disposal of hazardous waste? Well, we had a gallon limit. So, we said, we buy 20 gallons a year, does this mean we generate 20 gallons of waste? The answer was no. Every gallon of water used to rinse it off became another measured gallon. They told us that the preferred method of disposal was to evaporate the carb cleaner. So, we said great... we'll just rinse it off with water and evaporate the water and cleaner. Nope. if we rinse it with water, then that water counts toward hazardous waste gallons. Stupid, eh? No matter how much water we used, we were still evaporating 20 gallons of this solvent. But the evaporated water was 'hazardous waste and if we mixed too much water in this, we went over the gallon limit. Read the document... They will read your filings, and then they will start on a process of bringing you into compliance. Tapping at your gateway? That's fine. That's good faith to start. Then you will have to demonstrate contined progress toward compliance. Dont' have 24 hour response? That's fine. You will only need to say WHEN you'll have it. You WILL eventually have to capture it at the client end, or at the AP if you're wireless. You WILL provide a date when this will happen. I hate to say it, but it sounds like some very gullible people talked to the feds. They're not the ones who will be reading the forms and assessing fines. They are there to put a nice face on things. But compliance, to the letter? That's what the name of the game is. Always will be. Always has been. What has to be gotten across, is that some technologies do not work this way. They will have to make a definitive statement ( the calea faq is woefully out of date - www.askcalea.net , with contradictory information published later) . I quote: The primary goal of the Order is to ensure that Law Enforcement Agencies have all of the resources that CALEA authorizes with regard to facilities-based broadband Internet access providers (ISP) and interconnected voice over Internet protocol (VOIP) providers. Not to do what you can but to get EVERYTHING they they are authorized to get. That's my opinion of how the future is going to play out, unless something changes between now and then. They make the statement that we don't intend to alter the way networks work. But when you read the way enforcement works.. You will. Just witness how many people are talking about fundamentally altering network operations to be compliant now. But more importantly... from this day forward, you will not be able to start, or deploy a wireless or any other kind of internet providing network that doesn't have ALL aspects of CALEA compatibility built in. That pretty much rules out the vast majority of present equipment and methods of deployment. - Original Message - From: Ross Cornett [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Tuesday, May 01, 2007 7:40 AM Subject: Re: [WISPA] CALEA Compliance I still would like to know the amount of incident that this CALEA will cause for all of its costs to our industry. Did anyone ask the FBI, why they cannot have several machines and deliver them as needed pre-configured then we can install them when they are needed. It is highly unreasonable for the FBI to ask
Re: [WISPA] CALEA Compliance
Hi Ross, To your point below, it was actually the FBI's (and other law enforcement agencies(LEAs)) inability to do just what you describe that precipitated expanding CALEA to facilitates based broadband and interconnected VOIP providers. To date, every time law enforcement has shown up at one of our clients' doors, the intercept had to be handled on an individual case basis (ICB). Now if you think about the variety of broadband offerings (DSL, Cable, Fiber, Wireless, Satellite, Broadband over Power Lines, etc), the endless possible backbone configurations and vendor equipment choices, and then factor in the complexity and mobility of VOIP offerings from Skype to Vonnage, ect, you end-up with a situation where no one LEA can have a 'magic box' that they can drop into every environment that: 1.)collects evidence in a legally admissible manner 2.)protects the privacy of users that aren't targeted Because of this it isn't possible for the LEA to quickly get a intercept up and running in many environments and in time sensitive situations such as an Amber Alert or public safety emergency (i.e. - terrorism), this can be a serious impediment. You also have to remember that Law Enforcement's primary focus is Law Enforcement and not developing technology. The FBI/DEA/DOJ said as much when in 2004 they petitioned the FCC to expand CALEA to broadband and VoIP. Essentially, they argued that it isn't possible for them to keep up with the pace of technology. (By the way, this isn't an ability issue, the FBI and Secret Service, ect. have exceptionally talented teams. Instead it really is a resource issue; the number of staff they have to cover these issues can't cover the scale of the problem.) As a result of the FBI/DEA/DOJ request, the FCC posted a Notice of Proposed Rulemaking (NPRM) in August of 2004 seeking comment from all effected parties (industry, consumers, and law enforcement). In August of 2005 the FCC Released the First Report and Order and Further NPRM that outlined some of the FCC's ruling sought further comment on certain aspects the ruling. In May of 2006 the FCC's Second Order and Report on this issue finalized the expansion of CALEA to facilities based broadband providers and interconnected VoIP providers. Shortly thereafter in June 2006, the DC circuit court of appeals upheld FCC's CALEA Broadband Order in American Council on Education vs. FCC. Hope this helps. Tim Kery BearHill Security, Inc. [EMAIL PROTECTED] Date: Tue, 1 May 2007 09:40:06 -0500 From: Ross Cornett [EMAIL PROTECTED] Subject: Re: [WISPA] CALEA Compliance To: WISPA General List wireless@wispa.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; format=flowed; charset=iso-8859-1; reply-type=response I still would like to know the amount of incident that this CALEA will cause for all of its costs to our industry. Did anyone ask the FBI, why they cannot have several machines and deliver them as needed pre-configured then we can install them when they are needed. It is highly unreasonable for the FBI to ask everyone to have a utility and manage this utility when it will never be used by a very large portion of our industry. It is far cheaper for the government to sameday ship their device to us anywhere in the nation then it is to have everyone else trying to scramble to satisfy a need that will largely be an expensive dust collector in most businesses. Anyone know if this has been posed to the FBI. http://www.bearhill.com/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
I have seen numerous posts on the WISPA list indicating that a cost effective and compliant solution for this issue was being worked on and would become available in the near future. I think that is wishful thinking on some people's part. When you see companies like Cisco struggle to provide a minimum of support on a small subset of their products you can begin to imagine the scope of the problem. Every post I have seen where people have suggest a solution, the suggestion only solved one specific part of CALEA. Solving part of the problem is not enough. I have seen numerous posts indicating that small providers should not be concerned and that attaining CALEA compliance would not put them out of business. I would argue that small providers should be very concerned. Not just about CALEA, but a concerted effort on the part of large telcos to ruin competition through seemingly legimate public safety issues. The facts remain that our business model currently is profitable and we are providing a valuable service in a rural area. The added costs of CALEA compliance jeopardize our ability to continue providing service. Who needs to explain to the hundreds of happy customers I currently service in a rural community that they no longer have high speed internet and dont have an alternative broadband solution? Unfortunately, many consumers will lose as small companies go under. This won't be the first policy that is designed for the good of the many as opposed to the few. It isn't fair, but it is done. If someone has better information on how a small ISP can become CALEA compliant in a cost effective manner, please contact me as I am all ears. If there is better information or a defined solution being presented on the WISPA member list, I am more than willing to pay membership dues to access it. If there isnt a better solution being discussed there, I would just as well save the due money as it will probably not be long before we are out of business or sell to a larger competitor and the membership will be useless. I personally do not believe that any CALEA can be cost effective. Quite simply, solving CALEA requires spending money without earning any additional revenue. The only way to justify the CALEA expense is to accept it as a cost of doing business. This means simply that your market opportunity is lost if you aren't CALEA compliant. I firmly believe every service provider should have plans for being CALEA compliant or have plans for exiting the business. This one is different than E911; the liability will be staggering. -Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
I'd like to add my own brief CALEA comments and concerns. Out of respect for the maximum of 5 posts per day proposal, I'll keep it short. I'm thinking that extending CALEA to small WISPs without compensating them for their costs has more to do with the big fish eating the little fish than it has to do with national security or fighting crime. It also has a lot to do with Big Brother's quest for efficient control of the citizenry. It's much easier for government overseers to deal with a few big businesses than it is for them to deal with thousands of small businesses. I also can't help but wonder who owns the TTPs. Heck, if some of those are government front companies or owned by friends of people already installed in the Justice Department or the CIA, wouldn't that make illegal information gathering (for business or political purposes) even easier? But that's only my 2 cents worth... and I could be wrong. I'd like to hear the FCC response to Rep. Bart Stupak's request to waive the CALEA regulations for small broadband providers, as described in the following link. http://www.wispa.org/?p=21 In addition, this next link provides an interesting summary of what CALEA means to small ISPs and WISPs. http://www.freerepublic.com/focus/f-chat/1825361/posts jack [EMAIL PROTECTED] wrote: I have seen numerous posts on the WISPA list indicating that a cost effective and compliant solution for this issue was being worked on and would become available in the near future. I think that is wishful thinking on some people's part. When you see companies like Cisco struggle to provide a minimum of support on a small subset of their products you can begin to imagine the scope of the problem. Every post I have seen where people have suggest a solution, the suggestion only solved one specific part of CALEA. Solving part of the problem is not enough. I have seen numerous posts indicating that small providers should not be concerned and that attaining CALEA compliance would not put them out of business. I would argue that small providers should be very concerned. Not just about CALEA, but a concerted effort on the part of large telcos to ruin competition through seemingly legimate public safety issues. The facts remain that our business model currently is profitable and we are providing a valuable service in a rural area. The added costs of CALEA compliance jeopardize our ability to continue providing service. Who needs to explain to the hundreds of happy customers I currently service in a rural community that they no longer have high speed internet and don’t have an alternative broadband solution? Unfortunately, many consumers will lose as small companies go under. This won't be the first policy that is designed for the good of the many as opposed to the few. It isn't fair, but it is done. If someone has better information on how a small ISP can become CALEA compliant in a cost effective manner, please contact me as I am all ears. If there is better information or a defined solution being presented on the WISPA member list, I am more than willing to pay membership dues to access it. If there isn’t a better solution being discussed there, I would just as well save the due money as it will probably not be long before we are out of business or sell to a larger competitor and the membership will be useless. I personally do not believe that any CALEA can be cost effective. Quite simply, solving CALEA requires spending money without earning any additional revenue. The only way to justify the CALEA expense is to accept it as a cost of doing business. This means simply that your market opportunity is lost if you aren't CALEA compliant. I firmly believe every service provider should have plans for being CALEA compliant or have plans for exiting the business. This one is different than E911; the liability will be staggering. -Matt -- Jack Unger ([EMAIL PROTECTED]) - President, Ask-Wi.Com, Inc. FCC License # PG-12-25133 Serving the Broadband Wireless Industry Since 1993 Author of the WISP Handbook - Deploying License-Free Wireless WANs True Vendor-Neutral Wireless Consulting-Training-Troubleshooting FCC Part 15 Certification Assistance for Wireless Service Providers Phone (VoIP Over Broadband Wireless) 818-227-4220 www.ask-wi.com -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
I personally do not believe that any CALEA can be cost effective. Quite simply, solving CALEA requires spending money without earning any additional revenue. The only way to justify the CALEA expense is to accept it as a cost of doing business. This means simply that your market opportunity is lost if you aren't CALEA compliant. I firmly believe every service provider should have plans for being CALEA compliant or have plans for exiting the business. This one is different than E911; the liability will be staggering. -Matt Matt, We look forward to proving that this thinking is wrong. What part of CALEA compliance is it that makes you think we cannot develop a low cost and reasonable solution which will not break the bank? Scriv -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] CALEA Compliance
John, The part that is causing disbelief for me is the deadline is only days away and I haven't seen this solution or the costing for the solution. Todd Barber Skylink Broadband Internet [EMAIL PROTECTED] 970-454-9499 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Scrivner Sent: Monday, April 30, 2007 9:14 PM To: WISPA General List Subject: Re: [WISPA] CALEA Compliance I personally do not believe that any CALEA can be cost effective. Quite simply, solving CALEA requires spending money without earning any additional revenue. The only way to justify the CALEA expense is to accept it as a cost of doing business. This means simply that your market opportunity is lost if you aren't CALEA compliant. I firmly believe every service provider should have plans for being CALEA compliant or have plans for exiting the business. This one is different than E911; the liability will be staggering. -Matt Matt, We look forward to proving that this thinking is wrong. What part of CALEA compliance is it that makes you think we cannot develop a low cost and reasonable solution which will not break the bank? Scriv -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.467 / Virus Database: 269.6.2/781 - Release Date: 4/30/2007 9:14 AM -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
There won't be a WISPA standard done in time. We're still waiting on some documentation from the FBI and we need to get some internal documentation together as well. But you don't have to be compliant with ANY standard to be CALEA compliant! You just have to understand what you have to do if they ask and have mechanisms in place to do it. The basic parts you'll need are: Linux based router or tap capabilities on the on you have. OR a managed switch that will allow you to mirror a port. Linux server with OpenCALEA and an FTP program on it. Knowledge of how to make it record and distribute the needed data for LEA. You don't HAVE to use a TTP. You don't HAVE to follow a standard. You don't HAVE to panic just yet. *I've* talked to the folks at the FBI. They are NOT interested in running anyone out of business. They just want to catch bad guys and they *may* need our help to do it. Everything past that point is FUD. Why have a standard at all then? Because if you don't follow a standard you have to TRY to do anything that LEA asks of you. If you are standards compliant you only have to do what the standard says you have to do. Believe it or not, guys like Tim at Bearhill are working WITH WISPA in our efforts to develop a low cost/no cost solution to CALEA. We all know that many in this industry are still trying to figure out how to pay the bill on that latest order for 3 cpe units. I was sometimes 60 days behind with EC. I always paid but rarely on time. Sucked for me and for them. Fortunately, they hung with me and today we're as likely to be prepaid as we are to owe them. It's a nice change of pace. We also order radios in bulk, every couple to few weeks, rather than 1 or 2 at a time. Wondering how to make payroll, or buy diapers sucks. Most of us have been there. We got through those times partly because others reached a hand down and helped us where they could. We worked hard, honestly and consistently. I suggest that those of you in panic mode over CALEA go to www.askcalea.net and read up on it. Contact the FCC and the FBI yourselves if you don't believe those of us that are doing this work. So far I've found that folks are more than happy to answer my direct questions. At LEAST contact those that WISPA sent to the FBI! They know a lot of answers and they have a direct line to the FBI if they don't know the answer. Yeah, CALEA is a big deal. Yeah it's complicated. Yeah, it'll suck to have to perform. Yeah, you have to do it anyway :-). Might as well stop whining and start figuring out what all of those ttp's have already gotten figured out. Someone's gonna make money off of those out there that can't/won't figure it out for themselves. Might as well be you! marlon - Original Message - From: Todd Barber [EMAIL PROTECTED] To: 'WISPA General List' wireless@wispa.org Sent: Monday, April 30, 2007 8:19 PM Subject: RE: [WISPA] CALEA Compliance John, The part that is causing disbelief for me is the deadline is only days away and I haven't seen this solution or the costing for the solution. Todd Barber Skylink Broadband Internet [EMAIL PROTECTED] 970-454-9499 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Scrivner Sent: Monday, April 30, 2007 9:14 PM To: WISPA General List Subject: Re: [WISPA] CALEA Compliance I personally do not believe that any CALEA can be cost effective. Quite simply, solving CALEA requires spending money without earning any additional revenue. The only way to justify the CALEA expense is to accept it as a cost of doing business. This means simply that your market opportunity is lost if you aren't CALEA compliant. I firmly believe every service provider should have plans for being CALEA compliant or have plans for exiting the business. This one is different than E911; the liability will be staggering. -Matt Matt, We look forward to proving that this thinking is wrong. What part of CALEA compliance is it that makes you think we cannot develop a low cost and reasonable solution which will not break the bank? Scriv -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.467 / Virus Database: 269.6.2/781 - Release Date: 4/30/2007 9:14 AM -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA Compliance
John, the reason I don't buy it, is as has been said...we're days from the deadline, and we have nothing. And, further, we don't know what's being worked on. There's a whole LOT of issues. There's extraction. There's picking out what's required. There's storage, there's VPN to the LEA, the list just goes on and on and on. Nobody can build a single device or program that can be applied to even the majority of networks. Not even a single point passthrough device that caches everyting (think solera) is going to work, if we have mutliple gateways in physically diverse locations.No solution is going to be universal. We all have such diverse ways of doing things that I'd say that any single solution won't even apply to the majority. There's the data format requirement, and the list goes on and on. What particular aspect is being worked on? The part that converts data to what they want? What about the tools to get the right information? What about a handbook that explains what data is required by the babble that shows up as acronyms or legalese?What about LEA's VPN's? What standard do they follow? Once you start down the road analyzing what you have to do after looking at the requirements, the 'assurances' here, at least, leave more questions than before. Without knowing what WISPA's doing, or anyone else is doing, we don't even know what parts won't work for us and we need to try to synthesize in two weeks. I have many hours of reading everything I can find, starting with the rules published by the FCC. Much of what is being said on this list by WISPA CALEA project people appears to conflict with what I read from the FCC itself.Once you start through the process they outline, you will FULLY comply, or you will exit the business, and that FULLY comply requires a lot of things that have been pooh-pooh'ed publicly here. Now, not to pick a fight, which I don't want to do. Nor to argue the merits of ANY of this, I consider myself reasonably bright and at least somewhat capable of running a WISP... And yet I cannot, seriusly, cannot figure out what I really have to do and not do. Much of what's being discussed here and elsewhere is VERY confusing.For instance, I keep reading that if you follow the industry standard, then you only have to do what's in the standard. But if you don't, then you have to do everything they ask. How the heck can the standard be acceptable if it doesn't do everything they want?If we must capture all the traffic, then it must be done at the client end. If we can't, then we really ARE NOT compliant. What's the point in working on something that's obviously deficient in the first place? Mostly, a lot of us just understand in our guts, that they have all the power, and absolutely NO hesitation in destroying us individually. Washington DC DOES NOT CARE ABOUT INDIVIDUAL PROVIDERS. Learn this, accept it, it is the definitive truth.Reassurances that they're not out to get us is nothing more than the attitude of a few political types in DC that have talked to WISPA people. We won't be dealing with them. Their assurances are... worth less than the ink required to print them out. The only hesitation they have, is if they get painted badly in the evening news.And we'll never make the news. The fact is, the people enforcing the rules are going to go by the letter. The absolute letter, bent as far as possible in the direction they want it bent. And that won't be our favor.Enforcement won't be impressed by but I was assured you won't put me out of business.We're just a number and name, and not even a face. They'll do what government does... hand out fines as agressively as they can justify. And since none of us can individually mount a defense of any kind, we ARE gone and dead. Why WISPA did not say in first response This CANNOT BE DONE, I have no idea. But you spoke for us and said you thought it ws a good idea. You killed us without any more consideration, apparently, than DC has for us. I say this to the people who communicated / filed / responded to the FCC and FBI. Frankly, I suggest we collectively hire some legal counsel to find some way of just stepping around it or a solid strategy for dealing with the fallout. Some real legal eagle shark type stuff. I suspect whether we do our utmost or ignore it, we're mostly going to end up in the same shoes. - Original Message - From: John Scrivner [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Monday, April 30, 2007 8:13 PM Subject: Re: [WISPA] CALEA Compliance I personally do not believe that any CALEA can be cost effective. Quite simply, solving CALEA requires spending money without earning any additional revenue. The only way to justify the CALEA expense is to accept it as a cost of doing business. This means simply that your market opportunity is lost if you aren't CALEA compliant. I firmly believe every
Re: [WISPA] CALEA compliance methods
On another subject Two months ago, we were ready to join WISPA. At the time, I felt that WISPA had proven its longevity and was becoming a mature voice for the WISP's. But, after the form 477 issue, FCC sticker issue, and now the CALEA issue, I'm pretty sure that I disagree with the majority of the members on what stance should be taken on these issues. Can you please share your thoughts on where you think WISPA should stand on these issues? This is public list and your feedback is appreciated. That being the case, why should I still join? Because you can be as much a part of the direction of WISPA as any one else who is a member. Why would you ignore that opportunity to shape your industry? Scriv -- Blair Davis West Michigan Wireless ISP 269-686-8648 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods- For Clint
Clint, Thanks for the great information, in this and your other posts. One of the Linux guys here downloaded the opencalea package and started testing it. It sure is nice seeing the information it generates. And activity is picking up on the mailing list. I feel a glimmer of hope ... Adam - Original Message - From: Clint Ricker [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Wednesday, March 28, 2007 12:01 AM Subject: Re: [WISPA] CALEA compliance methods- For Clint Ralph, My apologies for the confusion. I think we are more or less on the same page method-wise for gathering that information; I made some assumptions that may have been applicable to your network. Now, as far as the pretty red package and bow for transferring the information to a law enforcement agency (LEA), I'll take a stab at that, although, as I'm not a lawyer, my usefulness is limited. Still, having paid for and read through the spec, it's not all that complicated of a red package. I don't think that it's worth the $10,000+ commercial solutions are going for. However, I've not been able (yet) to track down the actual transmission to the LEA, other than it is over some sort of VPN, so I am missing that piece of the puzzle. But the format itself is seems fairly simple to implement and, indeed, is already at least somewhat implemented with opencalea. Good resources to look at: - OpenCALEA (http://www.opencalea.org/) OpenCALEA is an initiative to create an open source platform to comply with CALEA. The mailing list is a very good resource. The software is rough, but already covers the basic needs of most ISPS to a point except the actual handoff to the law enforcement agency (LEA) OpenCALEA Overview (PDF) (http://www.nanog.org/mtg-0702/presentations/karir.pdf) PDF overview of OpenCalea along with some conceptual network diagrams. Draft Specification (http://contributions.atis.org/UPLOAD/PTSC/LAES/PTSC-LAES-2006-084R8.doc) Reference specification for data portion of CALEA. Is functionally the same as the current (pay required) Baller Herbst Law Group CALEA Page (http://www.baller.com/calea.html) Great page with most of the important links. Look here for legal explanation, especially in the Plain Language Summary section. Cisco CALEA Webinar (http://www.opastco.org/docs/SP_CALEA_Webinar.ppt) CALEA Standards (http://www.askcalea.net/standards.html) Official list of standards CALEA interface. -- Notes from the above 1. The commercial packages are effectively devices that query a radius/authentication server and sniff on the network and then format the information to send to the law enforcement agency. No real magic. 2. OpenCALEA already has the basics of the system, although it doesn't seem to have any support (yet) for the authentication (AAA) portion. Future features will possibly include handoff to the LEA and more complex infrastructure for handling a wide, disparate network. 3. The only real requirements are 1. That the tap happens 2. The tap gathers both authentication/control information AND a complete capture of the session 3. That the output of 2 gets formatted according the the standard 4. That the information be transmitted to the LEA (seemingly through a VPN). 4. Based on 3, most of the equipment/solutions out there are heavily overengineered (see Cisco Webinar for an example). Most of the solutions are geared to a process that can be managed across carrier networks with subscribers into the millions. This is overkill for most WISPS :) On a given WISP of 1,000 subs, how often is a CALEA order actually going to happen? Infrequently enough that having to do some manual work each time is better than a high upfront cost (by manual work, I mean turning on a monitoring port/tap and manually initiating a VPN to the law enforcement agency as necessary). -- Clint Ricker Kentnis Technologies 800.783.5753 On 3/27/07, Ralph [EMAIL PROTECTED] wrote: Hello Clint. You are confusing me. When I mention MT, I said routers, not CPE. We don't use non type accepted CPE and therefore don't have MT in any form at the customer end. However our site routers and even the edge router ARE MT- even the edge router. Those are what I am talking about. I didn't say anything about putting any certain number of units in. And I really don't see how that would turn into hundreds of monitoring nodes. I'd just as soon only have to mess with it at one or two places. Our network is fed from two different points, but from the same provider. This provider told another WISP in the area (that he also upstreams) that he would not be able to do CALEA capture for us, but has now publicly said that he can. We'll have to see how that goes as it develops. If he will, then that makes him an even more valuable provider. Cisco's CALEA solution is at the router level. This seems to be the most logical place to do the tap- especially if the equipment/license/whatever is costly
Re: [WISPA] CALEA compliance methods
On Mon, 26 Mar 2007 22:09:23 -0700, Marlon K. Schafer wrote Mark, your info is 3 years old We have to be ready to tap our lines. Even IMs. marlon I think you missed my point, Marlon... That being that not even the government is a reliable source of information about what the government wants and demands. www.askcalea.com is direct from their mouths. Yes, it's old, but then the site is still considered live. THE FCC is saying one thing, a different agency is saying another. Concurrently. I have been attempting for how long now, to get across to you people that this whole CALEA flap for ISP's is NOT LAW, but opinion from the FCC, where it's attempting to write law instead of Congress. It's a mess, because it's NOT LAW, only Congress can write law and it has yet to write a law that says we have to do squat. Frankly, I think every broadband ISP should file and say we will never be compliant and just let them TRY to shut down every ISP in the country. It's about time we told THEM where to get off, rather than being lambs to the slaughter. But no. WISPA leads the charge to slaughter it's own industry by begging to be regulated out of existence. Just three years ago, the WISP industry and WISPA was going to show the world just how scrappy, independent and courageous we were. We did alright. We turned into worms and mashed ourselves into the pavement instead. One can only imagine the reaction if some actual competitive threat came along. Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
Mark, wispa wrote: I have been attempting for how long now, to get across to you people that this whole CALEA flap for ISP's is NOT LAW, but opinion from the FCC, where it's attempting to write law instead of Congress. It's a mess, because it's NOT LAW, only Congress can write law and it has yet to write a law that says we have to do squat. Did you even bother to read the press release mentioned in your recent post? http://www.askcalea.com/docs/20040317.fbi.release.pdf As quoted from the press release mentioned above; Congress enacted CALEA in 1994 to help the nation's law enforcement community maintain its ability to use court-authorized electronic surveillance as an important investigative tool in an era of new telecommunications technologies and services. Today, electronic surveillance plays a vitally important role in law enforcement's ability to ensure national security and public safety. Also quoted from the same press release; Specifically, the petition requests the FCC establish rules that formally identify services and entities covered by CALEA, so both law enforcement and industry are on notice with respect to CALEA obligations and compliance. The petition makes this request because disagreements continue between industry and law enforcement over whether certain services are subject to CALEA. The petition requests the FCC find “broadband access” and “broadband telephony” to be subject to CALEA. Got any links for these other places you speak of? Below is a link to the latest report about CALEA and the reclassification of Wireless Providers as information services in case anyone is interested in reading. Page 18 and 19 make for some interesting reading. ;-) http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-30A1.pdf Regards, Dawn DiPietro -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
Mark, CALEA IS LAW. There are interpretations of that law, but they have been upheld by courts. CALEA is not the opinion of the DOJ or FCC. It is not far-reaching (like say the Patriot Act) or secret and possibly illegal like the NSA-ATT wiretapping / surveillance. It is part of the 2 biggest communications laws - TA96 and the Comm. Act of 19 Begun and held at the City of Washington on Tuesday, the twenty-fifth day of January, one thousand nine hundred and ninety-four An Act To amend title 18, United States Code, to make clear a telecommunications carrier's duty to cooperate in the interception of communications for law enforcement purposes, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, TITLE I--INTERCEPTION OF DIGITAL AND OTHER COMMUNICATIONS SEC. 101. SHORT TITLE. This title may be cited as the `Communications Assistance for Law Enforcement Act'. Communications Act of 1934 (amended by the Telecommunications Act of 1996) Pub. L. No. 104-104, 110 Stat. 5647 (1996); 47 U.S.C. § 151 http://www4.law.cornell.edu/uscode/47/ch5schI.html /et seq/.; 47 U.S.C. §§ 153 http://www4.law.cornell.edu/uscode/47/153.html, 251 http://www4.law.cornell.edu/uscode/47/251.html, 252 http://www4.law.cornell.edu/uscode/47/252.html, 253 http://www4.law.cornell.edu/uscode/47/253.html, and 255 http://www4.law.cornell.edu/uscode/47/255.html and amended by the Communications Assistance for Law Enforcement Act, (CALEA) 47 USC §§ 1001-1010 http://www.law.cornell.edu/uscode/html/uscode47/usc_sup_01_47_10_9_20_I.html The Communications Act of 1934 created the FCC and gave this new agency the power to regulate telephones and radio. The 1996 Act amends the 1934, but is actually much longer. The purpose of the law was to encourage competition, but it also has a vast regulatory scheme. //*ACE v. CALEA*/ http://pacer.cadc.uscourts.gov/docs/common/opinions/200606/05-1404a.pdf/*, No. 05-1404*, U.S. Court of Appeals for the D.C. Circuit, Decided June 9, 2006 This case involves a statutory interpretation of 47 USC § 1002 http://www.law.cornell.edu/uscode/html/uscode47/usc_sec_47_1002000-.html. This law provides that a telecommunications carrier shall ensure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable of being expeditiously isolated and accessed by the government pursuant to a court order or other lawful authorization. The communication must be able to be accessed before, during, or immediately after the transmission of a wire or electronic communication. An exception in section 1002 excludes from this requirement information services; or equipment, facilities, or services that support the transport or switching of communications for private networks or for the sole purpose of interconnecting telecommunications carriers. In September of 2005, the FCC issued an Order (FCC 05-153) that stated that broadband and VoIP (Voice over Internet Protocol) providers were covered (at least in part) by CALEA's definition of telecommunications carriers. Implementation of this Order (required by May 14, 2007) would necessitate colleges and universities that are broadband or VoIP providers to redesign their networks at a cost estimated to be over $450* per student in tuition fees. Given these high stakes, the America Council on Education (ACE) challenged the order, and this decision, which upheld the FCC Order is the result of the litigation. In a 2-1 decision, the Court of Appeals for the DC Circuit agreed with the FCC that providers of both broadband and VoIP serve as replacements for a substantial functionality of local telephone exchange service. This is key, as the definition of a telecommunications carrier in 47 USC § 1001(8) includes those providers that substantially replaces traditional transmission or switching. The court also found CALEA differed from the Telecom Act by not using the phrases telecommunications carrier and information services as mutually exclusive terms. The court found the FCC interpretation of the law reasonable. The court did state that if the case had been reviewed /de novo/, the ACE argument might have been found to be the more persuasive one. The U.S. Court of Appeals for the District of Columbia Circuit issued a decision on June 9, 2006 in the lawsuit brought by the American Council on Education (ACE) challenging the FCC's CALEA rules. Nor does our interpretation of section 332 of the Communications Act and its implementing regulations here alter either our decision in the CALEA proceeding to apply CALEA obligations to all wireless broadband Internet access providers, including mobile wireless providers, or our interpretations of the
Re: [WISPA] CALEA compliance methods
On Tue, 27 Mar 2007 07:31:56 -0400, Dawn DiPietro wrote Mark, wispa wrote: I have been attempting for how long now, to get across to you people that this whole CALEA flap for ISP's is NOT LAW, but opinion from the FCC, where it's attempting to write law instead of Congress. It's a mess, because it's NOT LAW, only Congress can write law and it has yet to write a law that says we have to do squat. Did you even bother to read the press release mentioned in your recent post? http://www.askcalea.com/docs/20040317.fbi.release.pdf As quoted from the press release mentioned above; Congress enacted CALEA in 1994 to help the nation's law enforcement community maintain its ability to use court-authorized electronic surveillance as an important investigative tool in an era of new telecommunications technologies and services. Today, electronic surveillance plays a vitally important role in law enforcement's ability to ensure national security and public safety. Also quoted from the same press release; Specifically, the petition requests the FCC establish rules that formally identify services and entities covered by CALEA, so both law enforcement and industry are on notice with respect to CALEA obligations and compliance. The petition makes this request because disagreements continue between industry and law enforcement over whether certain services are subject to CALEA. The petition requests [WINDOWS-1252?] the FCC find broadband access and broadband telephony to be subject to CALEA. Ok... here's an old joke. What's the difference between dogs and cats? The dog looks at you and says you give me everything, provide me with home, care, medicine, food, take care of all my needs... You must be a god!. The cat looks at you and says you give me everything, provide me with home, care, medicine, food, take care of all my needs... I must be a god!. We're saying EXACTLY the same thing, but the perspective is different. Read up on CALEA itself. There's absolutely NOTHING in it that even remotely addresses ISP's. It addresses TAPPING TELEPHONE CONVERSATIONS. Nothing else. It is VERY specific. When it was written, broadband didn't even EXIST, how COULD they have written a law that applies to it? It's as if Congress wrote a law that regulates the maintenance schedules on trains. Along comes OSHA, and demands that the DOT rule that the law must apply to trucking, as well, even though the whole concept is absurd. Congress knew it would NEVER get away with just wholesale handing it's shopping list of demands to industry for changes in the way it's equipment worked, and making industry PAY for it. Duhhh. That would never have made it past... well... even a kangaroo court. And the telcos would have fought it, collectively, with all thier legal muscle. Over the years, the FCC has (correctly) and and consistently insisted we are NOT telecommunications services or providers. Now, it suddenly says we ARE, but only for purposes of CALEA. Ohhh, could you park that decision on anything closer to what resembles vapor? I doubt it. Even worse, since the law didn't apply to us, it doesn't pay for what it OBVIOUSLY has to pay for. The FCC cannot just spend money, Congress has to do that. So, along comes the FCC and says WE have to pay for it. I've said this before, I'll say it again, the FCC threw in the most egregious demands they could think of (like requiring us to pay for it), in order to ensure this would LOSE in a legal challenge, since they weren't inclined to continue arguing with the FBI and DOJ. So, instead of defending what was defensible, they sidestepped and tossed the mess in our laps, and we're just sitting here taking it without so much as a word of protest. Gee, we must look like real shmucks to them by now. EVERYONE fights or at least ARGUES back when they do stuff... well, except for us. We beat on our own people for objecting. MAn, READ THE PUBLIC COMMENTS ON EVERYTHING THE FCC DOES! Fear to tell them they're wrong? Heck no, they say it every possible way they can think of! Had Congress tried CALEA without paying for it initially, the fight would have been HUGE, CALEA would have been tossed out in court on very firm ground I am sure. The FCC doesn't write law. It can't. The DOJ and FBI have NO END TO THE LIST OF DEMANDS, their wishes are infinitely long. But just because they WANT it doesn't mean they get it, at our expense. You and I pay taxes, so that when the government wants something, it has to debate, vote, and pony up and pay in the public budget for it. If we, the people, were not protected by the Constitution, the police would just stop us and demand we fill their car with gas, buy them new tires, tune it up, repaint their cars, use OUR building for their office, provide them internet for free, the list goes on and on and on. After all, we have to have cops
Re: [WISPA] CALEA compliance methods
On Tue, 27 Mar 2007 08:21:53 -0400, Peter R. wrote Mark, CALEA IS LAW. There are interpretations of that law, but they have been upheld by courts. YOu're arguing against things I'm not saying. CALEA is not the opinion of the DOJ or FCC. It is not far-reaching (like say the Patriot Act) or secret and possibly illegal like the NSA-ATT wiretapping / surveillance. The whole idea that WE are covered under CALEA is just FCC opinion, which is as changeable and variable as the wind. The ruling is capricious and founded on VAPOR, not substance. I just cannot believe you approve of unfunded federal mandates for public purposes. CALEA was not. Misapplying CALEA is. This is not OSHA mandates. This is not the same as requiring that a tower service company require their climbers to use a safety system. Not even close. If the federal government is justified with making us provide, AT OUR EXPENSE, law enforcement services, then we're one little itty bitty non- existent step from from being mandated to do ANYTHING they happen to wish for, and the wish lists from the swamp on the Potomac are so large they boggle the mind. And don't give me the we play dead for regulatory favors in the future crap. Nothing we do will buy us one MOMENT's worth of consideration, in EITHER direction. Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
Hi, While I appreciate Mark's comments and point of view, I for one would like to also start looking for ways to possibly comply with CALEA in a cost-effective way. I'm afraid that if the conversation here is limited to whether we should comply or not, we might lose the opportunity to share with each other about technical implementation. Don't get me wrong, I'm not suggesting that the conversation about whether to comply should be halted, just that some room be given to those of us who also want to speak about implementation. I'm still interested if anyone has any point of view about any of the compliance methods that I discussed in my original post, from a technical standpoint. Thanks, Adam - Original Message - From: wispa [EMAIL PROTECTED] To: [EMAIL PROTECTED]; WISPA General List wireless@wispa.org Sent: Tuesday, March 27, 2007 1:16 PM Subject: Re: [WISPA] CALEA compliance methods On Tue, 27 Mar 2007 08:21:53 -0400, Peter R. wrote Mark, CALEA IS LAW. There are interpretations of that law, but they have been upheld by courts. YOu're arguing against things I'm not saying. CALEA is not the opinion of the DOJ or FCC. It is not far-reaching (like say the Patriot Act) or secret and possibly illegal like the NSA-ATT wiretapping / surveillance. The whole idea that WE are covered under CALEA is just FCC opinion, which is as changeable and variable as the wind. The ruling is capricious and founded on VAPOR, not substance. I just cannot believe you approve of unfunded federal mandates for public purposes. CALEA was not. Misapplying CALEA is. This is not OSHA mandates. This is not the same as requiring that a tower service company require their climbers to use a safety system. Not even close. If the federal government is justified with making us provide, AT OUR EXPENSE, law enforcement services, then we're one little itty bitty non- existent step from from being mandated to do ANYTHING they happen to wish for, and the wish lists from the swamp on the Potomac are so large they boggle the mind. And don't give me the we play dead for regulatory favors in the future crap. Nothing we do will buy us one MOMENT's worth of consideration, in EITHER direction. Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
I bet the technical aspects of how to comply will be emerging soon. I understand the wispa calea meeting went very well. So there must be some good news. Adam Greene wrote: Hi, While I appreciate Mark's comments and point of view, I for one would like to also start looking for ways to possibly comply with CALEA in a cost-effective way. I'm afraid that if the conversation here is limited to whether we should comply or not, we might lose the opportunity to share with each other about technical implementation. Don't get me wrong, I'm not suggesting that the conversation about whether to comply should be halted, just that some room be given to those of us who also want to speak about implementation. I'm still interested if anyone has any point of view about any of the compliance methods that I discussed in my original post, from a technical standpoint. Thanks, Adam - Original Message - From: wispa [EMAIL PROTECTED] To: [EMAIL PROTECTED]; WISPA General List wireless@wispa.org Sent: Tuesday, March 27, 2007 1:16 PM Subject: Re: [WISPA] CALEA compliance methods On Tue, 27 Mar 2007 08:21:53 -0400, Peter R. wrote Mark, CALEA IS LAW. There are interpretations of that law, but they have been upheld by courts. YOu're arguing against things I'm not saying. CALEA is not the opinion of the DOJ or FCC. It is not far-reaching (like say the Patriot Act) or secret and possibly illegal like the NSA-ATT wiretapping / surveillance. The whole idea that WE are covered under CALEA is just FCC opinion, which is as changeable and variable as the wind. The ruling is capricious and founded on VAPOR, not substance. I just cannot believe you approve of unfunded federal mandates for public purposes. CALEA was not. Misapplying CALEA is. This is not OSHA mandates. This is not the same as requiring that a tower service company require their climbers to use a safety system. Not even close. If the federal government is justified with making us provide, AT OUR EXPENSE, law enforcement services, then we're one little itty bitty non- existent step from from being mandated to do ANYTHING they happen to wish for, and the wish lists from the swamp on the Potomac are so large they boggle the mind. And don't give me the we play dead for regulatory favors in the future crap. Nothing we do will buy us one MOMENT's worth of consideration, in EITHER direction. Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- George Rogato Welcome to WISPA www.wispa.org http://signup.wispa.org/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
Mark, Wireless providers DO have to comply with CALEA whether you like it or not. As quoted from the link I sent you earlier; Nor does our interpretation of section 332 of the Communications Act and its implementing regulations here alter either our decision in the CALEA proceeding to apply CALEA obligations to all wireless broadband Internet access providers, including mobile wireless providers, or our interpretations of the provisions of CALEA itself. As the Commission found, and the U.S. Court of Appeals for the D.C. Circuit affirmed, the purposes and intent of CALEA are strikingly different than those of the 1996 Telecommunications Act, which is embedded in the Communications Act. As the Court noted, “CALEA--unlike the 1996 Act--is a law-enforcement statute . . . (requiring telecommunications carriers to enable ‘the government’ to conduct electronic surveillance) . . . . The Communications Act (of which the Telecom Act is part), by contrast, was enacted ‘[f]or the purpose of regulating interstate and foreign commerce in communication by wire and radio’ . . . . The Commission's interpretation of CALEA reasonably differs from its interpretation of the 1996 Act, given the differences between the two statutes.”121 Thus, our interpretation of the separate statutory provisions in section 332 of the Communications Act, whose purposes closely track those of the Telecommunications Act of 1996 and the Communications Act generally, in no way affects our determination that mobile wireless broadband Internet access service providers are subject to the CALEA statute.122 Here is the link again so you can read it if you choose to do so. http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-30A1.pdf Regards, Dawn DiPietro wispa wrote: On Tue, 27 Mar 2007 07:31:56 -0400, Dawn DiPietro wrote Mark, wispa wrote: I have been attempting for how long now, to get across to you people that this whole CALEA flap for ISP's is NOT LAW, but opinion from the FCC, where it's attempting to write law instead of Congress. It's a mess, because it's NOT LAW, only Congress can write law and it has yet to write a law that says we have to do squat. Did you even bother to read the press release mentioned in your recent post? http://www.askcalea.com/docs/20040317.fbi.release.pdf As quoted from the press release mentioned above; Congress enacted CALEA in 1994 to help the nation's law enforcement community maintain its ability to use court-authorized electronic surveillance as an important investigative tool in an era of new telecommunications technologies and services. Today, electronic surveillance plays a vitally important role in law enforcement's ability to ensure national security and public safety. Also quoted from the same press release; Specifically, the petition requests the FCC establish rules that formally identify services and entities covered by CALEA, so both law enforcement and industry are on notice with respect to CALEA obligations and compliance. The petition makes this request because disagreements continue between industry and law enforcement over whether certain services are subject to CALEA. The petition requests [WINDOWS-1252?] the FCC find “broadband access” and “broadband telephony” to be subject to CALEA. Ok... here's an old joke. What's the difference between dogs and cats? The dog looks at you and says you give me everything, provide me with home, care, medicine, food, take care of all my needs... You must be a god!. The cat looks at you and says you give me everything, provide me with home, care, medicine, food, take care of all my needs... I must be a god!. We're saying EXACTLY the same thing, but the perspective is different. Read up on CALEA itself. There's absolutely NOTHING in it that even remotely addresses ISP's. It addresses TAPPING TELEPHONE CONVERSATIONS. Nothing else. It is VERY specific. When it was written, broadband didn't even EXIST, how COULD they have written a law that applies to it? It's as if Congress wrote a law that regulates the maintenance schedules on trains. Along comes OSHA, and demands that the DOT rule that the law must apply to trucking, as well, even though the whole concept is absurd. Congress knew it would NEVER get away with just wholesale handing it's shopping list of demands to industry for changes in the way it's equipment worked, and making industry PAY for it. Duhhh. That would never have made it past... well... even a kangaroo court. And the telcos would have fought it, collectively, with all thier legal muscle. Over the years, the FCC has (correctly) and and consistently insisted we are NOT telecommunications services or providers. Now, it suddenly says we ARE, but only for purposes of CALEA. Ohhh, could you park that decision on anything closer to what resembles vapor? I doubt it. Even worse, since the law
Re: [WISPA] CALEA compliance methods
The best stratergy to take towards CALEA is to get familiar and get ready to comply. If for some reason it turns out some don't have to comply, then no loss. If it turns out that we all have to comply, then we're ahead of the game. Think positive! Dawn DiPietro wrote: Mark, Wireless providers DO have to comply with CALEA whether you like it or not. As quoted from the link I sent you earlier; Nor does our interpretation of section 332 of the Communications Act and its implementing regulations here alter either our decision in the CALEA proceeding to apply CALEA obligations to all wireless broadband Internet access providers, including mobile wireless providers, or our interpretations of the provisions of CALEA itself. As the Commission found, and the U.S. Court of Appeals for the D.C. Circuit affirmed, the purposes and intent of CALEA are strikingly different than those of the 1996 Telecommunications Act, which is embedded in the Communications Act. As the Court noted, “CALEA--unlike the 1996 Act--is a law-enforcement statute . . . (requiring telecommunications carriers to enable ‘the government’ to conduct electronic surveillance) . . . . The Communications Act (of which the Telecom Act is part), by contrast, was enacted ‘[f]or the purpose of regulating interstate and foreign commerce in communication by wire and radio’ . . . . The Commission's interpretation of CALEA reasonably differs from its interpretation of the 1996 Act, given the differences between the two statutes.”121 Thus, our interpretation of the separate statutory provisions in section 332 of the Communications Act, whose purposes closely track those of the Telecommunications Act of 1996 and the Communications Act generally, in no way affects our determination that mobile wireless broadband Internet access service providers are subject to the CALEA statute.122 Here is the link again so you can read it if you choose to do so. http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-30A1.pdf Regards, Dawn DiPietro wispa wrote: On Tue, 27 Mar 2007 07:31:56 -0400, Dawn DiPietro wrote Mark, wispa wrote: I have been attempting for how long now, to get across to you people that this whole CALEA flap for ISP's is NOT LAW, but opinion from the FCC, where it's attempting to write law instead of Congress. It's a mess, because it's NOT LAW, only Congress can write law and it has yet to write a law that says we have to do squat. Did you even bother to read the press release mentioned in your recent post? http://www.askcalea.com/docs/20040317.fbi.release.pdf As quoted from the press release mentioned above; Congress enacted CALEA in 1994 to help the nation's law enforcement community maintain its ability to use court-authorized electronic surveillance as an important investigative tool in an era of new telecommunications technologies and services. Today, electronic surveillance plays a vitally important role in law enforcement's ability to ensure national security and public safety. Also quoted from the same press release; Specifically, the petition requests the FCC establish rules that formally identify services and entities covered by CALEA, so both law enforcement and industry are on notice with respect to CALEA obligations and compliance. The petition makes this request because disagreements continue between industry and law enforcement over whether certain services are subject to CALEA. The petition requests [WINDOWS-1252?] the FCC find “broadband access” and “broadband telephony” to be subject to CALEA. Ok... here's an old joke. What's the difference between dogs and cats? The dog looks at you and says you give me everything, provide me with home, care, medicine, food, take care of all my needs... You must be a god!. The cat looks at you and says you give me everything, provide me with home, care, medicine, food, take care of all my needs... I must be a god!. We're saying EXACTLY the same thing, but the perspective is different. Read up on CALEA itself. There's absolutely NOTHING in it that even remotely addresses ISP's. It addresses TAPPING TELEPHONE CONVERSATIONS. Nothing else. It is VERY specific. When it was written, broadband didn't even EXIST, how COULD they have written a law that applies to it? It's as if Congress wrote a law that regulates the maintenance schedules on trains. Along comes OSHA, and demands that the DOT rule that the law must apply to trucking, as well, even though the whole concept is absurd. Congress knew it would NEVER get away with just wholesale handing it's shopping list of demands to industry for changes in the way it's equipment worked, and making industry PAY for it. Duhhh. That would never have made it past... well... even a kangaroo court. And the telcos would have fought it, collectively, with all thier legal muscle. Over the years, the FCC has (correctly) and and
Re: [WISPA] CALEA compliance methods
On Tue, 27 Mar 2007 14:07:51 -0400, Adam Greene wrote Hi, While I appreciate Mark's comments and point of view, I for one would like to also start looking for ways to possibly comply with CALEA in a cost-effective way. I'm afraid that if the conversation here is limited to whether we should comply or not, we might lose the opportunity to share with each other about technical implementation. EVen if tomorrow, CALEA vanished, it is true that we need the capabilities of doing this. Thanks for pointing that out. The problem lies in that the CALEA technical discussion revolves around unknown technical requirements / capabilities. We can only discuss it in sort of a theoretical concept. At the moment, my abilities are ... well, they don't exist. Nothing in the software / hardware on my network, AT ANY POINT can be modified to do this. I would have to go to my upstream and ask them to mirror or log or otherwise catch the traffic, since that is the only present single point ot exist where all traffic in / out of my network passes. And that won't be for long, as I'll soon have multiple providers and dynamic routing. I can't even do policy based routing at the moment to force all the traffic from one client to anywhere. However, none of this really matters. We don't know what the demands are technically. The theoretical requirements are that we intercept at the CPE. Who the bloody heck has CPE that can do that? Few WISP's do. The vast majority do not. Further, if CALEA requirements apply to WISP's, then CALEA requirements apply to WISP equipment providers, just like they do to telco equipment providers. Another can of worms, entirely. Don't get me wrong, I'm not suggesting that the conversation about whether to comply should be halted, just that some room be given to those of us who also want to speak about implementation. To add to that, I welcome the conversation about not compliance, since that's a very specific and detailed demand, but simply about how to assist LEA's in catching bad guys. That's something a good lot of us will eventually end up doing. I just don't believe it is proper or right for me to be an unpaid lackey who is forced to do whatever they want out of my own pocket. I'm still interested if anyone has any point of view about any of the compliance methods that I discussed in my original post, from a technical standpoint. Thanks, Adam - Original Message - From: wispa [EMAIL PROTECTED] To: [EMAIL PROTECTED]; WISPA General List wireless@wispa.org Sent: Tuesday, March 27, 2007 1:16 PM Subject: Re: [WISPA] CALEA compliance methods Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
On Tue, 27 Mar 2007 14:17:09 -0400, Dawn DiPietro wrote Mark, Wireless providers DO have to comply with CALEA whether you like it or not. As quoted from the link I sent you earlier; Nor does our interpretation of section 332 of the Communications Act and its implementing regulations here alter either our decision in the CALEA proceeding to apply CALEA obligations to all wireless broadband Internet access providers, including mobile wireless providers, or our interpretations of the provisions of CALEA itself. As the Commission found, and the U.S. Court of Appeals for the D.C. Circuit affirmed, the purposes and intent of CALEA are strikingly different than those of the 1996 Telecommunications Act, which is [WINDOWS-1252?] embedded in the Communications Act. As the Court noted, CALEA- -unlike the 1996 Act--is a law-enforcement statute . . . [WINDOWS-1252?] (requiring telecommunications carriers to enable the government to conduct electronic surveillance) . . . . The Communications Act (of [WINDOWS-1252?] which the Telecom Act is part), by contrast, was enacted [f] or the purpose of regulating interstate and foreign commerce in [WINDOWS-1252?] communication by wire and radio . . . . The Commission's interpretation of CALEA reasonably differs from its interpretation [WINDOWS-1252?] of the 1996 Act, given the differences between the two statutes.121 Thus, our interpretation of the separate statutory provisions in section 332 of the Communications Act, whose purposes closely track those of the Telecommunications Act of 1996 and the Communications Act generally, in no way affects our determination that mobile wireless broadband Internet access service providers are subject to the CALEA statute.122 Here is the link again so you can read it if you choose to do so. http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-30A1.pdf Dawn, respectfully... But, please understand my point. Tomorrow, the FCC COULD reverse it's opinion and we'd be exempt. JUST LIKE THAT, without a single court decision, without a single sentence from Congress, etc. In fact, WE WERE EXEMPT until 2006, when the FCC changed its mind. So, what kind of law applies ... or doesn't... Depending on the whim of unelected beaurocrats? CALEA isn't that vague. It's just misapplied. I maintain that the FCC is in error in it's interpretation of what is a telecommunications provider and we should be shouting it at them at 36dbm and 102 decibels. In fact, EVERY ISP, NSP, etc, organization should be snowing the FCC under in objections. And maybe some legal efforts, too. Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] CALEA compliance methods
I have posted a couple of messages over on the Mikrotik forum over the last month or so. Mikrotik first basically said why should we care- we are in Latvia. After a little pressure from users, they began to ask for more information about the subject. I'm not at all knowledgeable enough to discuss the technical specs of the format, but I'm sure there are some folks around that are. Let's get MT users and prospective users rallied and do what we can to ebcourage MT to comply. It can only help us more and should also create a yardstick for other manufacturers. Here is a link to the threads http://forum.mikrotik.com/search.php?mode=resultssid=723d81c229563812d900d2 0b3a31a900 Ralph -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Greene Sent: Tuesday, March 27, 2007 1:08 PM To: WISPA General List Subject: Re: [WISPA] CALEA compliance methods Hi, While I appreciate Mark's comments and point of view, I for one would like to also start looking for ways to possibly comply with CALEA in a cost-effective way. I'm afraid that if the conversation here is limited to whether we should comply or not, we might lose the opportunity to share with each other about technical implementation. Don't get me wrong, I'm not suggesting that the conversation about whether to comply should be halted, just that some room be given to those of us who also want to speak about implementation. I'm still interested if anyone has any point of view about any of the compliance methods that I discussed in my original post, from a technical standpoint. Thanks, Adam - Original Message - From: wispa [EMAIL PROTECTED] To: [EMAIL PROTECTED]; WISPA General List wireless@wispa.org Sent: Tuesday, March 27, 2007 1:16 PM Subject: Re: [WISPA] CALEA compliance methods On Tue, 27 Mar 2007 08:21:53 -0400, Peter R. wrote Mark, CALEA IS LAW. There are interpretations of that law, but they have been upheld by courts. YOu're arguing against things I'm not saying. CALEA is not the opinion of the DOJ or FCC. It is not far-reaching (like say the Patriot Act) or secret and possibly illegal like the NSA-ATT wiretapping / surveillance. The whole idea that WE are covered under CALEA is just FCC opinion, which is as changeable and variable as the wind. The ruling is capricious and founded on VAPOR, not substance. I just cannot believe you approve of unfunded federal mandates for public purposes. CALEA was not. Misapplying CALEA is. This is not OSHA mandates. This is not the same as requiring that a tower service company require their climbers to use a safety system. Not even close. If the federal government is justified with making us provide, AT OUR EXPENSE, law enforcement services, then we're one little itty bitty non- existent step from from being mandated to do ANYTHING they happen to wish for, and the wish lists from the swamp on the Potomac are so large they boggle the mind. And don't give me the we play dead for regulatory favors in the future crap. Nothing we do will buy us one MOMENT's worth of consideration, in EITHER direction. Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] CALEA compliance methods
Mark, Right or wrong, Congress regularly delegates rule-making to the various agencies. They pass laws that are purposely vague and/or broad and they empower the various agencies (and the courts, ultimately) to fill in the blanks. It's questionable Constitutionally, if you believe that we should follow the original intent of the Constitution...but that cat left the bag decades ago. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wispa Sent: Tuesday, March 27, 2007 3:20 PM To: WISPA General List Subject: Re: [WISPA] CALEA compliance methods On Tue, 27 Mar 2007 14:17:09 -0400, Dawn DiPietro wrote Mark, Wireless providers DO have to comply with CALEA whether you like it or not. As quoted from the link I sent you earlier; Nor does our interpretation of section 332 of the Communications Act and its implementing regulations here alter either our decision in the CALEA proceeding to apply CALEA obligations to all wireless broadband Internet access providers, including mobile wireless providers, or our interpretations of the provisions of CALEA itself. As the Commission found, and the U.S. Court of Appeals for the D.C. Circuit affirmed, the purposes and intent of CALEA are strikingly different than those of the 1996 Telecommunications Act, which is [WINDOWS-1252?] embedded in the Communications Act. As the Court noted, CALEA- -unlike the 1996 Act--is a law-enforcement statute . . . [WINDOWS-1252?] (requiring telecommunications carriers to enable 'the government' to conduct electronic surveillance) . . . . The Communications Act (of [WINDOWS-1252?] which the Telecom Act is part), by contrast, was enacted '[f] or the purpose of regulating interstate and foreign commerce in [WINDOWS-1252?] communication by wire and radio' . . . . The Commission's interpretation of CALEA reasonably differs from its interpretation [WINDOWS-1252?] of the 1996 Act, given the differences between the two statutes.121 Thus, our interpretation of the separate statutory provisions in section 332 of the Communications Act, whose purposes closely track those of the Telecommunications Act of 1996 and the Communications Act generally, in no way affects our determination that mobile wireless broadband Internet access service providers are subject to the CALEA statute.122 Here is the link again so you can read it if you choose to do so. http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-30A1.pdf Dawn, respectfully... But, please understand my point. Tomorrow, the FCC COULD reverse it's opinion and we'd be exempt. JUST LIKE THAT, without a single court decision, without a single sentence from Congress, etc. In fact, WE WERE EXEMPT until 2006, when the FCC changed its mind. So, what kind of law applies ... or doesn't... Depending on the whim of unelected beaurocrats? CALEA isn't that vague. It's just misapplied. I maintain that the FCC is in error in it's interpretation of what is a telecommunications provider and we should be shouting it at them at 36dbm and 102 decibels. In fact, EVERY ISP, NSP, etc, organization should be snowing the FCC under in objections. And maybe some legal efforts, too. Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] CALEA compliance methods
On Tue, 27 Mar 2007 15:29:18 -0400, Jeff Broadwick wrote Mark, Right or wrong, Congress regularly delegates rule-making to the various agencies. They pass laws that are purposely vague and/or broad and they empower the various agencies (and the courts, ultimately) to fill in the blanks. But CALEA wasn't vague. They used as precise of wording as they could in 1994 and there wasn't an iota of doubt as to what they wanted and who they wanted it from. It's questionable Constitutionally, if you believe that we should follow the original intent of the Constitution...but that cat left the bag decades ago. Time for some stuffing the cat BACK, then. Gee, every day I read some man or woman died serving me in some far off place. And we're afraid to say NO! to the overreaching fat sow in DC? Forget that noise, as my dad used to say when he thought my arguments were weak. Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
Just as a general rule, CALEA monitoring is not something that you need to--or want to--do at each individual CPE or router. Likewise, although assistance from manufacturors is nice, it is not requisite and in some ways may complicate matters since you can end up with hundreds of different monitoring nodes and several different interfaces unless you have complete uniformity across your network. Generally, the easiest and most cost effective approach is to place taps at key points in your network that give you access to traffic. If you backhaul all of your wireless traffic to a central points, a single tap at the central point can monitor all of the traffic from the wireless cells. The tapping process itself does not need to be expensive or complicated. Any decent switch (if it doesn't, you probably shouldn't be using it to begin with) has some sort of port mirroring built in that can easily function as a tap. If not, ethernet and fiber taps are fairly cheap ($100-$200 or so on the second hand market). The tap can be hooked into a server running tcpdump or similiar software or various commercially available. This provides complete compliance for a fairly reasonable cost. Having a tap on each wireless access point, etc...needlessly complicates the whole affair and increases cost drastically. If you are doing backhaul via an Internet T1 or similiar, the upstream carrier may be doing some of this for you. However, you do have to analyze carefully to ensure that you are compliant in this situation. Note that this actually is a good idea to have even without CALEA as you can get a good idea as to what traffic is actually running on your network and can better track down virus/hackers/other malicious traffic. - I have posted a couple of messages over on the Mikrotik forum over the last month or so. Mikrotik first basically said why should we care- we are in Latvia. After a little pressure from users, they began to ask for more information about the subject. I'm not at all knowledgeable enough to discuss the technical specs of the format, but I'm sure there are some folks around that are. Let's get MT users and prospective users rallied and do what we can to ebcourage MT to comply. It can only help us more and should also create a yardstick for other manufacturers. Here is a link to the threads http://forum.mikrotik.com/search.php?mode=resultssid=723d81c229563812d900d2 0b3a31a900 Ralph -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Greene Sent: Tuesday, March 27, 2007 1:08 PM To: WISPA General List Subject: Re: [WISPA] CALEA compliance methods Hi, While I appreciate Mark's comments and point of view, I for one would like to also start looking for ways to possibly comply with CALEA in a cost-effective way. I'm afraid that if the conversation here is limited to whether we should comply or not, we might lose the opportunity to share with each other about technical implementation. Don't get me wrong, I'm not suggesting that the conversation about whether to comply should be halted, just that some room be given to those of us who also want to speak about implementation. I'm still interested if anyone has any point of view about any of the compliance methods that I discussed in my original post, from a technical standpoint. Thanks, Adam - Original Message - From: wispa [EMAIL PROTECTED] To: [EMAIL PROTECTED]; WISPA General List wireless@wispa.org Sent: Tuesday, March 27, 2007 1:16 PM Subject: Re: [WISPA] CALEA compliance methods On Tue, 27 Mar 2007 08:21:53 -0400, Peter R. wrote Mark, CALEA IS LAW. There are interpretations of that law, but they have been upheld by courts. YOu're arguing against things I'm not saying. CALEA is not the opinion of the DOJ or FCC. It is not far-reaching (like say the Patriot Act) or secret and possibly illegal like the NSA-ATT wiretapping / surveillance. The whole idea that WE are covered under CALEA is just FCC opinion, which is as changeable and variable as the wind. The ruling is capricious and founded on VAPOR, not substance. I just cannot believe you approve of unfunded federal mandates for public purposes. CALEA was not. Misapplying CALEA is. This is not OSHA mandates. This is not the same as requiring that a tower service company require their climbers to use a safety system. Not even close. If the federal government is justified with making us provide, AT OUR EXPENSE, law enforcement services, then we're one little itty bitty non- existent step from from being mandated to do ANYTHING they happen to wish for, and the wish lists from the swamp on the Potomac are so large they boggle the mind. And don't give me the we play dead for regulatory favors in the future crap. Nothing we do will buy us one MOMENT's worth of consideration, in EITHER direction. Mark Koskenmaki Neofast, Inc Broadband for the Walla
Re: [WISPA] CALEA compliance methods
Mark, Enough with the analogies. CALEA is law - not once but twice - 1934 and 1996. Courts have upheld the FCC decision on what CALEA covers. The same laws that give the DOJ the right to wiretap, gives the FCC the right to create guidelines. I don't like it, any more than I like ATT letting the NSA tap every thing that runs through it's pipes or any more than I like the Patriot Act (which only helps strengthen the FCC and DOJ's right to decide what can and cannot be wiretapped). But there it is. How about we just concentrate on being compliance in the next 45 days? Regards, Peter Radizeski RAD-INFO, Inc. -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
I've been looking over OpenCALEA - I can't really see any reason for a NON-VOIP provider that it wouldn't do everything properly needed from a Linux command prompt on a 700mhz old HP Presario, all for a cost of less than $100 for a used computer. And when OpenCALEA is done, it will solve 99% of our problems, minus potential network design issues (routed vs. bridged) but even those can eventually be overcome. Now VOIP, maybe needs more in OpenCALEA to work, but why argue, let's just help make OpenCALEA work, if we NEED to do it, it's cheap, available and we're compliant should their opinion actually become fact. Already the FBI's accused of abusing their powers of the Patriot Act, but let's face it. Whether we like it or not EVENTUALLY the NEED to wiretap broadband connections WILL emerge. The bad guys aren't going to go away any time soon. So whether this year we're an information service, if every wired (DSL, Cable, etc) is wiretappable, and we are not, the bad guys will FLOCK to our networks.And then we will be forced in 1,2 years to do it anyways. I do NOT advocate spending hundreds of thousands to do this. I DO advocate developing a free solution like OpenCALEA and maybe even seeing it ported to Windows for those ISPs who don't have linux help at hand. It's inevitable guys, how can YOUR upstream give them YOUR customers information from an IP address? We can't sit around hoping to pawn this task off on someone else. When the FBI calls your upstream and asks them to tap Tony Montana's broadband connection, and they say, who the heck is that, that's XYZ Wireless ISP? Then they call you and ask, and you say We can't do it. And those ISPs who NAT their customers can't rely on the upstream for help. So then what? Big media press release that Wireless ISPs are the reason criminals are getting away with fraud, identity theft, etc. I'm not saying this will happen, but logically, what choice IS there other than having the ability to do this? - Original Message - From: Clint Ricker [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Tuesday, March 27, 2007 3:31 PM Subject: Re: [WISPA] CALEA compliance methods Just as a general rule, CALEA monitoring is not something that you need to--or want to--do at each individual CPE or router. Likewise, although assistance from manufacturors is nice, it is not requisite and in some ways may complicate matters since you can end up with hundreds of different monitoring nodes and several different interfaces unless you have complete uniformity across your network. Generally, the easiest and most cost effective approach is to place taps at key points in your network that give you access to traffic. If you backhaul all of your wireless traffic to a central points, a single tap at the central point can monitor all of the traffic from the wireless cells. The tapping process itself does not need to be expensive or complicated. Any decent switch (if it doesn't, you probably shouldn't be using it to begin with) has some sort of port mirroring built in that can easily function as a tap. If not, ethernet and fiber taps are fairly cheap ($100-$200 or so on the second hand market). The tap can be hooked into a server running tcpdump or similiar software or various commercially available. This provides complete compliance for a fairly reasonable cost. Having a tap on each wireless access point, etc...needlessly complicates the whole affair and increases cost drastically. If you are doing backhaul via an Internet T1 or similiar, the upstream carrier may be doing some of this for you. However, you do have to analyze carefully to ensure that you are compliant in this situation. Note that this actually is a good idea to have even without CALEA as you can get a good idea as to what traffic is actually running on your network and can better track down virus/hackers/other malicious traffic. - I have posted a couple of messages over on the Mikrotik forum over the last month or so. Mikrotik first basically said why should we care- we are in Latvia. After a little pressure from users, they began to ask for more information about the subject. I'm not at all knowledgeable enough to discuss the technical specs of the format, but I'm sure there are some folks around that are. Let's get MT users and prospective users rallied and do what we can to ebcourage MT to comply. It can only help us more and should also create a yardstick for other manufacturers. Here is a link to the threads http://forum.mikrotik.com/search.php?mode=resultssid=723d81c229563812d900d2 0b3a31a900 Ralph -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Greene Sent: Tuesday, March 27, 2007 1:08 PM To: WISPA General List Subject: Re: [WISPA] CALEA compliance methods Hi, While I appreciate Mark's comments and point of view, I for one would like
Re: [WISPA] CALEA compliance methods
Clint Ricker wrote: Just as a general rule, CALEA monitoring is not something that you need to--or want to--do at each individual CPE or router. Wouldn't it be cool, and cheap, if it was just that easy? Here's your encrypted access to xxx customers radio / port, it's yours to monitor...? Maybe a CALEA button that we can turn on at will Somehow I doubt it will be this easy. -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] CALEA compliance methods- For Clint
Hello Clint. You are confusing me. When I mention MT, I said routers, not CPE. We don't use non type accepted CPE and therefore don't have MT in any form at the customer end. However our site routers and even the edge router ARE MT- even the edge router. Those are what I am talking about. I didn't say anything about putting any certain number of units in. And I really don't see how that would turn into hundreds of monitoring nodes. I'd just as soon only have to mess with it at one or two places. Our network is fed from two different points, but from the same provider. This provider told another WISP in the area (that he also upstreams) that he would not be able to do CALEA capture for us, but has now publicly said that he can. We'll have to see how that goes as it develops. If he will, then that makes him an even more valuable provider. Cisco's CALEA solution is at the router level. This seems to be the most logical place to do the tap- especially if the equipment/license/whatever is costly. The fewer costly licenses that need to be bought, the better it is for the small guy. We are very small (make that tiny). We all know that a decent switch can mirror a port. We also know how to sniff packets. What we don't know is how to package this data up with a nice pretty red bow the way Joe Law wants it. As far as I understand it, this is what Cisco is saying they will do (although I'm sure it will not be free). Imagestream is promising something as well. Those of us who don't use Cisco or Imagestream have to hope that our hardware provider will come up with a way, too. Aren't we really on the same page, here? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clint Ricker Sent: Tuesday, March 27, 2007 3:31 PM To: WISPA General List Subject: Re: [WISPA] CALEA compliance methods Just as a general rule, CALEA monitoring is not something that you need to--or want to--do at each individual CPE or router. Likewise, although assistance from manufacturors is nice, it is not requisite and in some ways may complicate matters since you can end up with hundreds of different monitoring nodes and several different interfaces unless you have complete uniformity across your network. Generally, the easiest and most cost effective approach is to place taps at key points in your network that give you access to traffic. If you backhaul all of your wireless traffic to a central points, a single tap at the central point can monitor all of the traffic from the wireless cells. The tapping process itself does not need to be expensive or complicated. Any decent switch (if it doesn't, you probably shouldn't be using it to begin with) has some sort of port mirroring built in that can easily function as a tap. If not, ethernet and fiber taps are fairly cheap ($100-$200 or so on the second hand market). The tap can be hooked into a server running tcpdump or similiar software or various commercially available. This provides complete compliance for a fairly reasonable cost. Having a tap on each wireless access point, etc...needlessly complicates the whole affair and increases cost drastically. If you are doing backhaul via an Internet T1 or similiar, the upstream carrier may be doing some of this for you. However, you do have to analyze carefully to ensure that you are compliant in this situation. Note that this actually is a good idea to have even without CALEA as you can get a good idea as to what traffic is actually running on your network and can better track down virus/hackers/other malicious traffic. - I have posted a couple of messages over on the Mikrotik forum over the last month or so. Mikrotik first basically said why should we care- we are in Latvia. After a little pressure from users, they began to ask for more information about the subject. I'm not at all knowledgeable enough to discuss the technical specs of the format, but I'm sure there are some folks around that are. Let's get MT users and prospective users rallied and do what we can to ebcourage MT to comply. It can only help us more and should also create a yardstick for other manufacturers. Here is a link to the threads http://forum.mikrotik.com/search.php?mode=resultssid=723d81c229563812d900d2 0b3a31a900 Ralph -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Greene Sent: Tuesday, March 27, 2007 1:08 PM To: WISPA General List Subject: Re: [WISPA] CALEA compliance methods Hi, While I appreciate Mark's comments and point of view, I for one would like to also start looking for ways to possibly comply with CALEA in a cost-effective way. I'm afraid that if the conversation here is limited to whether we should comply or not, we might lose the opportunity to share with each other about technical implementation. Don't get me wrong, I'm not suggesting that the conversation about whether to comply should be halted, just
Re: [WISPA] CALEA compliance methods - 3rd party
There are 3rd party vendors, like IP Fabrics with CALEA compliance gear. For data it shouldn't be that big of a deal since the Edge Router (connecting your WAN with your upstream) should be able to be tapped, if you use what I will call a brand name (Cisco, Juniper, Redback, blah, blah and soon WISPA's vendor member, Image Stream). For VOIP, it is a bear. SIP streams have to be hooked at many different points. So 3rd party gear built for this might be preferred. Regards, Peter Radizeski RAD-INFO, Inc. Ralph wrote: As far as I understand it, this is what Cisco is saying they will do (although I'm sure it will not be free). Imagestream is promising something as well. Those of us who don't use Cisco or Imagestream have to hope that our hardware provider will come up with a way, too. -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
Thanks all for the interesting posts ... Regarding tapping at the edge between my upstream provider and me, I'm of the understanding that I need to be able to capture all of my customer's data, even that which passes between one customer and another, or between my customer and my mail server, or my customer and one of my other customers' colocated servers, etc. From that standpoint, the way I have been looking at it is to mirror the packets as close to the core of my network as possible, but no later than the first juncture where my customer's traffic can be routed or bridged to another customer or server. Since almost all of our customers have dedicated VLANs which terminate on a core layer 3 switch, for most of them I can just SPAN the corresponding layer 3 switch port. Some of them share a VLAN with other customers, though, so I will need to mirror a layer 2 switchport closer to the edge of my network for those. Regarding putting in a tap, is that something you put inline on the fiber / copper cable? If so, I wonder if that could be considered a completely compliant solution, as I was under the impression that the packet capture is not supposed to be noticeable to the customer at all. A tiny blip of downtime while I'm putting in the tap could theoretically be noticed I also have the impression (maybe wrongly) that we may need to be able to establish a VPN between the device capturing the traffic and the law enforcement agency, to pipe the data to them I agree it's really tough to know how to comply when the data format standards are simply not clear. That's why I'm really interested to hear from anyone who says they have a compliant solution already, to know what standard they are using I agree with those of us who are hoping that an open-source solution will be developed (for *nix or Windows) ... ... and here's an interesting document I found linked to from the Mikrotik threads: http://contributions.atis.org/UPLOAD/PTSC/LAES/PTSC-LAES-2006-084R8.doc ... Adam - Original Message - From: Ralph [EMAIL PROTECTED] To: 'WISPA General List' wireless@wispa.org Sent: Tuesday, March 27, 2007 6:22 PM Subject: RE: [WISPA] CALEA compliance methods- For Clint Hello Clint. You are confusing me. When I mention MT, I said routers, not CPE. We don't use non type accepted CPE and therefore don't have MT in any form at the customer end. However our site routers and even the edge router ARE MT- even the edge router. Those are what I am talking about. I didn't say anything about putting any certain number of units in. And I really don't see how that would turn into hundreds of monitoring nodes. I'd just as soon only have to mess with it at one or two places. Our network is fed from two different points, but from the same provider. This provider told another WISP in the area (that he also upstreams) that he would not be able to do CALEA capture for us, but has now publicly said that he can. We'll have to see how that goes as it develops. If he will, then that makes him an even more valuable provider. Cisco's CALEA solution is at the router level. This seems to be the most logical place to do the tap- especially if the equipment/license/whatever is costly. The fewer costly licenses that need to be bought, the better it is for the small guy. We are very small (make that tiny). We all know that a decent switch can mirror a port. We also know how to sniff packets. What we don't know is how to package this data up with a nice pretty red bow the way Joe Law wants it. As far as I understand it, this is what Cisco is saying they will do (although I'm sure it will not be free). Imagestream is promising something as well. Those of us who don't use Cisco or Imagestream have to hope that our hardware provider will come up with a way, too. Aren't we really on the same page, here? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clint Ricker Sent: Tuesday, March 27, 2007 3:31 PM To: WISPA General List Subject: Re: [WISPA] CALEA compliance methods Just as a general rule, CALEA monitoring is not something that you need to--or want to--do at each individual CPE or router. Likewise, although assistance from manufacturors is nice, it is not requisite and in some ways may complicate matters since you can end up with hundreds of different monitoring nodes and several different interfaces unless you have complete uniformity across your network. Generally, the easiest and most cost effective approach is to place taps at key points in your network that give you access to traffic. If you backhaul all of your wireless traffic to a central points, a single tap at the central point can monitor all of the traffic from the wireless cells. The tapping process itself does not need to be expensive or complicated. Any decent switch (if it doesn't, you probably shouldn't be using it to begin with) has some sort
Re: [WISPA] CALEA compliance methods
Blair, Two months ago, we were ready to join WISPA. At the time, I felt that WISPA had proven its longevity and was becoming a mature voice for the WISP's. But, after the form 477 issue, FCC sticker issue, and now the CALEA issue, I'm pretty sure that I disagree with the majority of the members on what stance should be taken on these issues. Another case of Doth protest too much. Regards, Dawn DiPietro -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
Blair Davis wrote: Because at WISPA, we don't have to all think the same and have the same opinions all in step. We're not clones. We're individuals who each have our own beliefs and run our operation individually, sometimes uniquely And fortunately WISPA is an organization made up of individuals who do NOT want to make you think a certain way. WISPA doesn't want to run your business or tell you how to run your business. We're just working for the common ground that will benefit all wisps, not just some wisps. Another good thing is, with such as small membership, those who decide to participate can have an impact or effect. And as I understand it there is many openings on various committees. As for 477, CALEA, and certified equipment, that all came out of the FCC's horses mouths. All we can do is help people comply. But you don't see WISPA wanting to deny membership to those that does NOT comply. I Believe if WISPA was to go down the path of dictating what a wispa member was required to do, it would be wrong. We would loose our individualism and that won't teach us anything new. I've fought this thinking in the board room. We are not here to alienate each other but to find a common ground. If you have a real difference of opinion, rather than hold it against anyone or keep it to yourself, you should express your self and not hold it against anyone for disagreeing or having a different opinion. I think most people here are not going to loose their respect for each other over a difference of opinion. Anyways WISPA is an opportunity to participate. Two months ago, we were ready to join WISPA. At the time, I felt that WISPA had proven its longevity and was becoming a mature voice for the WISP's. But, after the form 477 issue, FCC sticker issue, and now the CALEA issue, I'm pretty sure that I disagree with the majority of the members on what stance should be taken on these issues. That being the case, why should I still join? -- Blair Davis West Michigan Wireless ISP 269-686-8648 -- George Rogato Welcome to WISPA www.wispa.org http://signup.wispa.org/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
On Tue, 27 Mar 2007 19:20:15 -0400, Blair Davis wrote I've been watching this discussion for a bit. Up front, I have to say I agree with Mark. Say the FBI and DOJ wanted a way to track any automobile in the country in real time, (so the bad guys can't hide their movements). They go to the DOT and the the DOT decides that the way to do this is to require every auto in the country to have a GPS and cellular modem in it. So the DOT mandates this, but doesn't provide any funding for it. Instead, they expect the auto owners to pay for the equipment and the cellular company's to provide the service for free. Just how many of you will go for this? Do you think the cellular company's will go for it? The example above is EXACTLY the same as the CALEA requirements being applied to us. Pretty good analogy, except that it would be more like having the cellular providers provide BOTH the equipment and service, but that's just quibbling around the edges. If they want to pay for it, fine. For my network, they can expect to pay about $40K to replace my MESH based AP's for me And, I don't know how much it will cost to fix my automated sign-up system for mobile and hot-spot users, (because it works with the MESH AP's only). I'm not even sure that hot-spots can EVER be made compliant. What about my 30min per day free stuff for tourists to check their e- mail? Right now, I can locate a person to a tower. Not to an individual CPE. And I see no way to do so without wholesale equipment replacement. I'll bet there are others in the same spot. I know that at least 10 to 20% of my customers have wireless AP's in their home. No way can I gaurantee that traffic I intercept is actually from or to the individual in question. I don't think we're being asked to do this, mind you, but it leads to the question of whether LEA should be attempting to bend network operations to their notion of what surveillance is, or should they change what they see as serveillance to how the services work. Again, this whole mess is a result of the FCC applying a PHONE SERVICE INTERCEPT law to a service that is NOT analogous and doesn't work the same way. On another subject Two months ago, we were ready to join WISPA. At the time, I felt that WISPA had proven its longevity and was becoming a mature voice for the WISP's. But, after the form 477 issue, FCC sticker issue, and now the CALEA issue, I'm pretty sure that I disagree with the majority of the members on what stance should be taken on these issues. That being the case, why should I still join? Let me state up front, that I argued for the formation of WISPA. I still believe in the idea of a trade organization for the industry I am in. I don't believe that was a mistake. WISPA will have regular elections to choose leadership. However, the leadership in place is in place, and will be a for a while yet. Unless we're arguing to remove leadership, which I think would be a terrible blow, an extremely divisive action, the idea is that we have to work with the leadership that exists as of right now. Some time ago, I formally cancelled my membership, and made it clear that when I believe that the leadership will make some effort to represent what I consider the interests of their myriad small members, I will again at least financially support WISPA. Does the stated leadership's stand on this reflect the the majority / minority of the member's views? I don't know. I don't really know WHAT the WISPA membership in general thinks. I don't know what the WISP industry in general thinks. Unfortunately, I really don't think that the volunteer leadership has the time or energy or resources to dig deep, engage in informed debate, and make sure that all views and ideas are well heard, and then get some kind of consensus of the views of the industry or membership. That's just the nature of the beast, for a startup organization that's small and driven by volunteers. Thus, WISPA has represented in DC what the views of the individuals are that both can and have gone to DC in our behalf. Being a volunteer driven organization, the only people who can serve are those who have the time, the money, and the drive, to become leadership. That leaves the vast majority of us out - me included. Peter suggested that people run for leadership of WISPA with contrarian views. I'm not really sure that's the solution. With the way it operates now, we'd just end up with a leadership bitterly divided within itself, and still probably not understanding or knowing the real guts of the industry itself, and still not really representting the industry. I do not see leadership of WISPA as being a tool for activism or agendas. For the most part, the WISPA leadership has asked the membership for input on much of what it has done. Sometimes, even important stuff doesn't get more than a
Re: [WISPA] CALEA compliance methods
George As to form 477 and CALEA, no, no one has spoken of making membership contingent on their position on these issues. But, I do recall a discussion, on this list, 'Dealing with bad players', starting on Feb 8, that basically proposed requiring the use of stickered equipment to be a member. Not sure what became of it. George Rogato wrote: Blair Davis wrote: Because at WISPA, we don't have to all think the same and have the same opinions all in step. We're not clones. We're individuals who each have our own beliefs and run our operation individually, sometimes uniquely And fortunately WISPA is an organization made up of individuals who do NOT want to make you think a certain way. WISPA doesn't want to run your business or tell you how to run your business. We're just working for the common ground that will benefit all wisps, not just some wisps. Another good thing is, with such as small membership, those who decide to participate can have an impact or effect. And as I understand it there is many openings on various committees. As for 477, CALEA, and certified equipment, that all came out of the FCC's horses mouths. All we can do is help people comply. But you don't see WISPA wanting to deny membership to those that does NOT comply. I Believe if WISPA was to go down the path of dictating what a wispa member was required to do, it would be wrong. We would loose our individualism and that won't teach us anything new. I've fought this thinking in the board room. We are not here to alienate each other but to find a common ground. If you have a real difference of opinion, rather than hold it against anyone or keep it to yourself, you should express your self and not hold it against anyone for disagreeing or having a different opinion. I think most people here are not going to loose their respect for each other over a difference of opinion. Anyways WISPA is an opportunity to participate. Two months ago, we were ready to join WISPA. At the time, I felt that WISPA had proven its longevity and was becoming a mature voice for the WISP's. But, after the form 477 issue, FCC sticker issue, and now the CALEA issue, I'm pretty sure that I disagree with the majority of the members on what stance should be taken on these issues. That being the case, why should I still join? -- Blair Davis West Michigan Wireless ISP 269-686-8648 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
Sounds vagely familiar, Like I said, from my opinion, wispa would not be an industry association Remember once had a guy selling jock straps with the wispa logo thinking that was a good idea too. Blair Davis wrote: George As to form 477 and CALEA, no, no one has spoken of making membership contingent on their position on these issues. But, I do recall a discussion, on this list, 'Dealing with bad players', starting on Feb 8, that basically proposed requiring the use of stickered equipment to be a member. Not sure what became of it. George Rogato wrote: Blair Davis wrote: Because at WISPA, we don't have to all think the same and have the same opinions all in step. We're not clones. We're individuals who each have our own beliefs and run our operation individually, sometimes uniquely And fortunately WISPA is an organization made up of individuals who do NOT want to make you think a certain way. WISPA doesn't want to run your business or tell you how to run your business. We're just working for the common ground that will benefit all wisps, not just some wisps. Another good thing is, with such as small membership, those who decide to participate can have an impact or effect. And as I understand it there is many openings on various committees. As for 477, CALEA, and certified equipment, that all came out of the FCC's horses mouths. All we can do is help people comply. But you don't see WISPA wanting to deny membership to those that does NOT comply. I Believe if WISPA was to go down the path of dictating what a wispa member was required to do, it would be wrong. We would loose our individualism and that won't teach us anything new. I've fought this thinking in the board room. We are not here to alienate each other but to find a common ground. If you have a real difference of opinion, rather than hold it against anyone or keep it to yourself, you should express your self and not hold it against anyone for disagreeing or having a different opinion. I think most people here are not going to loose their respect for each other over a difference of opinion. Anyways WISPA is an opportunity to participate. Two months ago, we were ready to join WISPA. At the time, I felt that WISPA had proven its longevity and was becoming a mature voice for the WISP's. But, after the form 477 issue, FCC sticker issue, and now the CALEA issue, I'm pretty sure that I disagree with the majority of the members on what stance should be taken on these issues. That being the case, why should I still join? -- Blair Davis West Michigan Wireless ISP 269-686-8648 -- George Rogato Welcome to WISPA www.wispa.org http://signup.wispa.org/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
Inline wispa wrote: On Tue, 27 Mar 2007 19:20:15 -0400, Blair Davis wrote I've been watching this discussion for a bit. Up front, I have to say I agree with Mark. Say the FBI and DOJ wanted a way to track any automobile in the country in real time, (so the bad guys can't hide their movements). They go to the DOT and the the DOT decides that the way to do this is to require every auto in the country to have a GPS and cellular modem in it. So the DOT mandates this, but doesn't provide any funding for it. Instead, they expect the auto owners to pay for the equipment and the cellular company's to provide the service for free. Just how many of you will go for this? Do you think the cellular company's will go for it? The example above is EXACTLY the same as the CALEA requirements being applied to us. Pretty good analogy, except that it would be more like having the cellular providers provide BOTH the equipment and service, but that's just quibbling around the edges. If they want to pay for it, fine. For my network, they can expect to pay about $40K to replace my MESH based AP's for me And, I don't know how much it will cost to fix my automated sign-up system for mobile and hot-spot users, (because it works with the MESH AP's only). I'm not even sure that hot-spots can EVER be made compliant. What about my 30min per day free stuff for tourists to check their e- mail? Right now, I can locate a person to a tower. Not to an individual CPE. And I see no way to do so without wholesale equipment replacement. I'll bet there are others in the same spot. I know that at least 10 to 20% of my customers have wireless AP's in their home. over 50% for me. We set them up for free if they buy them from us or if they have it there at the time of the install. No way can I gaurantee that traffic I intercept is actually from or to the individual in question. I don't think we're being asked to do this, mind you, My reply to this is Yet. but it leads to the question of whether LEA should be attempting to bend network operations to their notion of what surveillance is, or should they change what they see as serveillance to how the services work. Again, this whole mess is a result of the FCC applying a PHONE SERVICE INTERCEPT law to a service that is NOT analogous and doesn't work the same way. Again, not directed at you, Mark, but to all what about hot spots? On another subject Two months ago, we were ready to join WISPA. At the time, I felt that WISPA had proven its longevity and was becoming a mature voice for the WISP's. But, after the form 477 issue, FCC sticker issue, and now the CALEA issue, I'm pretty sure that I disagree with the majority of the members on what stance should be taken on these issues. That being the case, why should I still join? Let me state up front, that I argued for the formation of WISPA. I still believe in the idea of a trade organization for the industry I am in. I don't believe that was a mistake. WISPA will have regular elections to choose leadership. However, the leadership in place is in place, and will be a for a while yet. Unless we're arguing to remove leadership, which I think would be a terrible blow, an extremely divisive action, the idea is that we have to work with the leadership that exists as of right now. I agree. And, I'm not advocating anything like that. Some time ago, I formally cancelled my membership, and made it clear that when I believe that the leadership will make some effort to represent what I consider the interests of their myriad small members, I will again at least financially support WISPA. I was planning on joining. I'd discussed it with my partner, and he had agreed. But, now, I'm not sure that WISPA is for the small WISP. Does the stated leadership's stand on this reflect the the majority / minority of the member's views? I don't know. I don't really know WHAT the WISPA membership in general thinks. I don't know what the WISP industry in general thinks. Neither do I know this. I'd like to. Unfortunately, I really don't think that the volunteer leadership has the time or energy or resources to dig deep, engage in informed debate, and make sure that all views and ideas are well heard, and then get some kind of consensus of the views of the industry or membership. But, if I'm going to support WISPA with my $$, I will have to know that they represent MY best interests when they speak to the gov. Don't really worry about anything else they do, but want to be sure that they don't mis-represent me to the gov. That's just the nature of the beast, for a startup organization that's small and driven by volunteers. Thus, WISPA has represented in DC what the views of the individuals are that both can and have gone to DC in our behalf. Being a volunteer
Re: [WISPA] CALEA compliance methods
Mark, Right in time. WISPA will be having elections in the very near future. Now is the time to join WISPA and be eligible to cast your vote or run for a board seat. Membership is a very low 250.00 per year. And you get to vote! Try the new automated sign up: http://signup.wispa.org/wispa-newacct.html :) wispa wrote: . WISPA will have regular elections to choose leadership. However, the leadership in place is in place, and will be a for a while yet. Unless we're arguing to remove leadership, which I think would be a terrible blow, an extremely divisive action, the idea is that we have to work with the leadership that exists as of right now. Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 -- George Rogato Welcome to WISPA www.wispa.org http://signup.wispa.org/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
We're close guys. Just waiting to get a doc fine tuned and double checked. marlon - Original Message - From: George Rogato [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Tuesday, March 27, 2007 11:14 AM Subject: Re: [WISPA] CALEA compliance methods I bet the technical aspects of how to comply will be emerging soon. I understand the wispa calea meeting went very well. So there must be some good news. Adam Greene wrote: Hi, While I appreciate Mark's comments and point of view, I for one would like to also start looking for ways to possibly comply with CALEA in a cost-effective way. I'm afraid that if the conversation here is limited to whether we should comply or not, we might lose the opportunity to share with each other about technical implementation. Don't get me wrong, I'm not suggesting that the conversation about whether to comply should be halted, just that some room be given to those of us who also want to speak about implementation. I'm still interested if anyone has any point of view about any of the compliance methods that I discussed in my original post, from a technical standpoint. Thanks, Adam - Original Message - From: wispa [EMAIL PROTECTED] To: [EMAIL PROTECTED]; WISPA General List wireless@wispa.org Sent: Tuesday, March 27, 2007 1:16 PM Subject: Re: [WISPA] CALEA compliance methods On Tue, 27 Mar 2007 08:21:53 -0400, Peter R. wrote Mark, CALEA IS LAW. There are interpretations of that law, but they have been upheld by courts. YOu're arguing against things I'm not saying. CALEA is not the opinion of the DOJ or FCC. It is not far-reaching (like say the Patriot Act) or secret and possibly illegal like the NSA-ATT wiretapping / surveillance. The whole idea that WE are covered under CALEA is just FCC opinion, which is as changeable and variable as the wind. The ruling is capricious and founded on VAPOR, not substance. I just cannot believe you approve of unfunded federal mandates for public purposes. CALEA was not. Misapplying CALEA is. This is not OSHA mandates. This is not the same as requiring that a tower service company require their climbers to use a safety system. Not even close. If the federal government is justified with making us provide, AT OUR EXPENSE, law enforcement services, then we're one little itty bitty non- existent step from from being mandated to do ANYTHING they happen to wish for, and the wish lists from the swamp on the Potomac are so large they boggle the mind. And don't give me the we play dead for regulatory favors in the future crap. Nothing we do will buy us one MOMENT's worth of consideration, in EITHER direction. Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- George Rogato Welcome to WISPA www.wispa.org http://signup.wispa.org/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods- For Clint
to hope that our hardware provider will come up with a way, too. Aren't we really on the same page, here? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clint Ricker Sent: Tuesday, March 27, 2007 3:31 PM To: WISPA General List Subject: Re: [WISPA] CALEA compliance methods Just as a general rule, CALEA monitoring is not something that you need to--or want to--do at each individual CPE or router. Likewise, although assistance from manufacturors is nice, it is not requisite and in some ways may complicate matters since you can end up with hundreds of different monitoring nodes and several different interfaces unless you have complete uniformity across your network. Generally, the easiest and most cost effective approach is to place taps at key points in your network that give you access to traffic. If you backhaul all of your wireless traffic to a central points, a single tap at the central point can monitor all of the traffic from the wireless cells. The tapping process itself does not need to be expensive or complicated. Any decent switch (if it doesn't, you probably shouldn't be using it to begin with) has some sort of port mirroring built in that can easily function as a tap. If not, ethernet and fiber taps are fairly cheap ($100-$200 or so on the second hand market). The tap can be hooked into a server running tcpdump or similiar software or various commercially available. This provides complete compliance for a fairly reasonable cost. Having a tap on each wireless access point, etc...needlessly complicates the whole affair and increases cost drastically. If you are doing backhaul via an Internet T1 or similiar, the upstream carrier may be doing some of this for you. However, you do have to analyze carefully to ensure that you are compliant in this situation. Note that this actually is a good idea to have even without CALEA as you can get a good idea as to what traffic is actually running on your network and can better track down virus/hackers/other malicious traffic. - I have posted a couple of messages over on the Mikrotik forum over the last month or so. Mikrotik first basically said why should we care- we are in Latvia. After a little pressure from users, they began to ask for more information about the subject. I'm not at all knowledgeable enough to discuss the technical specs of the format, but I'm sure there are some folks around that are. Let's get MT users and prospective users rallied and do what we can to ebcourage MT to comply. It can only help us more and should also create a yardstick for other manufacturers. Here is a link to the threads http://forum.mikrotik.com/search.php?mode=resultssid=723d81c229563812d900d2 0b3a31a900 Ralph -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Greene Sent: Tuesday, March 27, 2007 1:08 PM To: WISPA General List Subject: Re: [WISPA] CALEA compliance methods Hi, While I appreciate Mark's comments and point of view, I for one would like to also start looking for ways to possibly comply with CALEA in a cost-effective way. I'm afraid that if the conversation here is limited to whether we should comply or not, we might lose the opportunity to share with each other about technical implementation. Don't get me wrong, I'm not suggesting that the conversation about whether to comply should be halted, just that some room be given to those of us who also want to speak about implementation. I'm still interested if anyone has any point of view about any of the compliance methods that I discussed in my original post, from a technical standpoint. Thanks, Adam - Original Message - From: wispa [EMAIL PROTECTED] To: [EMAIL PROTECTED]; WISPA General List wireless@wispa.org Sent: Tuesday, March 27, 2007 1:16 PM Subject: Re: [WISPA] CALEA compliance methods On Tue, 27 Mar 2007 08:21:53 -0400, Peter R. wrote Mark, CALEA IS LAW. There are interpretations of that law, but they have been upheld by courts. YOu're arguing against things I'm not saying. CALEA is not the opinion of the DOJ or FCC. It is not far-reaching (like say the Patriot Act) or secret and possibly illegal like the NSA-ATT wiretapping / surveillance. The whole idea that WE are covered under CALEA is just FCC opinion, which is as changeable and variable as the wind. The ruling is capricious and founded on VAPOR, not substance. I just cannot believe you approve of unfunded federal mandates for public purposes. CALEA was not. Misapplying CALEA is. This is not OSHA mandates. This is not the same as requiring that a tower service company require their climbers to use a safety system. Not even close. If the federal government is justified with making us provide, AT OUR EXPENSE, law enforcement services, then we're one little itty bitty non- existent step from from being mandated to do ANYTHING
Re: [WISPA] CALEA compliance methods
Adam, Regarding tapping at the edge between my upstream provider and me, I'm of the understanding that I need to be able to capture all of my customer's data, even that which passes between one customer and another, or between my customer and my mail server, or my customer and one of my other customers' colocated servers, etc. From that standpoint, the way I have been looking at it is to mirror the packets as close to the core of my network as possible, but no later than the first juncture where my customer's traffic can be routed or bridged to another customer or server. Since almost all of our customers have dedicated VLANs which terminate on a core layer 3 switch, for most of them I can just SPAN the corresponding layer 3 switch port. Some of them share a VLAN with other customers, though, so I will need to mirror a layer 2 switchport closer to the edge of my network for those. This definitely seems true, and I'm not certain how you even deal with traffic between two clients on the same AP other than not allow that scenario (without coming through a central router). There are many advantages to running a session-based approach to subscriber management; CALEA, I think, will just add another reason to take that approach. Regarding putting in a tap, is that something you put inline on the fiber / copper cable? If so, I wonder if that could be considered a completely compliant solution, as I was under the impression that the packet capture is not supposed to be noticeable to the customer at all. A tiny blip of downtime while I'm putting in the tap could theoretically be noticed Yes, they do go inline. Usually, they have one in and two outputs and have a failsafe mechanism where, if they lose power or otherwise fail, will still function. For inline taps, they would have to be setup from the get-go; this is best done in a maintenance window, in any case, since the ideal tapping point would have all of your customers traffic flowing through it, meaning that a tap insertion will momentarily cause a major disruption. Using port mirroring on a switch bypasses this, but isn't always an option. I also have the impression (maybe wrongly) that we may need to be able to establish a VPN between the device capturing the traffic and the law enforcement agency, to pipe the data to them Yes, this seems to be the case, although some places stated this as preferred. This is the only aspect, however, that I've not been able to find specifics of. On the good side, I've not seen anything official in the sense that it is in the actual law or the spec, meaning, in a legal sense, it may not be a requirement. I agree it's really tough to know how to comply when the data format standards are simply not clear. That's why I'm really interested to hear from anyone who says they have a compliant solution already, to know what standard they are using Take a look at the opencalea project (opencalea.org). Their application, although crude, does the packet captures and dumps to the basic format that is specified. -- Clint Ricker Kentnis Technologies 800.783.5753 I agree with those of us who are hoping that an open-source solution will be developed (for *nix or Windows) ... ... and here's an interesting document I found linked to from the Mikrotik threads: http://contributions.atis.org/UPLOAD/PTSC/LAES/PTSC-LAES-2006-084R8.doc ... Adam - Original Message - From: Ralph [EMAIL PROTECTED] To: 'WISPA General List' wireless@wispa.org Sent: Tuesday, March 27, 2007 6:22 PM Subject: RE: [WISPA] CALEA compliance methods- For Clint Hello Clint. You are confusing me. When I mention MT, I said routers, not CPE. We don't use non type accepted CPE and therefore don't have MT in any form at the customer end. However our site routers and even the edge router ARE MT- even the edge router. Those are what I am talking about. I didn't say anything about putting any certain number of units in. And I really don't see how that would turn into hundreds of monitoring nodes. I'd just as soon only have to mess with it at one or two places. Our network is fed from two different points, but from the same provider. This provider told another WISP in the area (that he also upstreams) that he would not be able to do CALEA capture for us, but has now publicly said that he can. We'll have to see how that goes as it develops. If he will, then that makes him an even more valuable provider. Cisco's CALEA solution is at the router level. This seems to be the most logical place to do the tap- especially if the equipment/license/whatever is costly. The fewer costly licenses that need to be bought, the better it is for the small guy. We are very small (make that tiny). We all know that a decent switch can mirror a port. We also know how to sniff packets. What we don't know is how to package this data up with a nice pretty red bow the way Joe Law wants it. As far as I
Re: [WISPA] CALEA compliance methods
On Mon, 26 Mar 2007 19:49:43 -0400, Adam Greene wrote Hi, As a new member of WISPA I am reading with interest all of the postings about CALEA from the past few weeks. Thankfully, we have designed our network in such a way that all customer IP traffic passes through at least one Cisco switch before it can be bridged to any other customer or routed to the Internet, so I think we'll be able to SPAN all customer traffic and from there manipulate the data streams and hand them off to law enforcement. The only exception to this case might be our Waverider CCU's, which are routing packets between various end-users. I am going to contact them to see what their take is on implementing LI -- we might need to stop using the CCU's as routers. The main questions I have for the forum are ... assuming we can at least make a copy of a given customer's traffic without the customer realizing it (i.e. non-intrusively), how are we going to be able to format the data to be able to hand it off to law enforcement? We obviously want to do this in the most cost-effective way possible (read: open source solution). http://www.opencalea.org/ definitely looks promising, but it is just getting off the ground as far as I can tell. I wonder if there are any other groups out there working on this. As far as compliance standards go, as far as I can tell, the one that most fits us might be ATIS -T1.IPNA -ISP data, but I'm still confused about that. When I visit http://www.askcalea.net/standards.html, I see a link for Wireline: PTSC T1.IAS which takes me to https://www.atis.org/docstore/product.aspx?id=22665. Is this all the same as ATIS -T1.IPNA -ISP? Somehow I don't have the feeling that paying $164.00 for this standard is going to help get me in the right direction We do have a couple savvy Linux guru-types in house that could deploy a good open-source solution and keep it updated, I think. But I don't think we're up to developing such a solution ourselves from scratch. I did find a device made by a company called Solera (http://www.voip-news.com/feature/solera-calea-voip-packet-capture- 031907/) which looks like it could be cost-effective (read: ~$7000.00) for a small ISP (read: ~1,000 customers) like us. Obviously we would prefer open source, but at least it was a relief to see that we might be able to avoid the $40,000 - $100,000 solutions I've been hearing about from TTP's and other (larger) ISPs. Matt Liotta, you mentioned that you have the ability to provide lawful intercept in compliance with CALEA for our single-homed downstream ISP customers assuming there is no NAT involved. Would you be willing to share some details about the solution you've been able to come up with? I do see the opportunity that this whole CALEA thing could provide to some ISP's who figure out a way to develop a cost-effective solution and then offer consulting services or **affordable** TTP services to other companies ... I also read with interest the Baller law group's Key Legal and Technical Requirements and Options for CALEA (http://www.baller.com/pdfs/BHLG-CTC_CALEA_Memo.pdf) that Peter Radizeski forwarded to the list. I had not taken seriously the possibility of filing a section 109(b) petition, but if we do due diligence and really do not find an affordable solution to deploy on our network, I think we may have to seriously consider that (for example, the part about asking to be considered compliant as long as we can meet most of LI's requirements, if not all of them). Please excuse the long and rambling post ... I'm just having a hard time finding out how to grab a hold of this CALEA beast. Hi, let me quote from www.askcalea.com On March 17, 2004, we published a press release regarding our joint petition. Q: Does the petition for CALEA rulemaking propose to apply CALEA to all types of online communication, including instant messaging and visits to websites? A: No. The petition proposes CALEA coverage of only broadband Internet access service and broadband telephony service. Other Internet-based services, including those classified as information services such as email and visits to websites, would not be covered. Q: Does the petition propose extensive retooling of existing broadband networks that could impose significant costs? A: No. The petition contends that CALEA should apply to certain broadband services but does not address the issue of what technical capabilities those broadband providers should deliver to law enforcement. CALEA already permits those service providers to fashion their own technical standards as they see fit. If law enforcement considers an industry technical standard deficient, it can seek to change the standard only by filing a special deficiency petition before the Commission. It is the FCC, not law enforcement, that decides whether any capabilities should be added to the
Re: [WISPA] CALEA compliance methods
On Mon, 26 Mar 2007 19:49:43 -0400, Adam Greene wrote extracting a snippet from Adam's interesting prose A: No. The petition proposes CALEA coverage of only broadband Internet access service and broadband telephony service. Other Internet-based services, including those classified as information services such as email and visits to websites, would not be covered. /snip On Mon, 26 Mar 2007 wispa wrote in reply: extracting a relevant portion of the reply Read this carefully, it says that website visits, IM, etc, are NOT included in the information you must capture. Yeah, yeah, it says the companies that provide those services need not be compliant - if that's the case, then that data is not included in the required types. Only specific types of information, mostly being VIOP calls are detailed. Since VOIP calls are tapped at the provider's end, it appears that really IS NO INCLUDED DATA that needs to be tapped at the ISP's end, unless somehow we're supposed to find peer to peer voice data buried in the packet flow or something. Of course, this conflicts to some degree with other information published elsewhere... and here, too. I'm not sure it doesn't conflict with the FCC's and FBI's recent comments, too. /snip Mark Koskenmaki Neofast, Inc Broadband for the Walla Walla Valley and Blue Mountains 541-969-8200 I think the assertion that website visits, IM, etc, are not included actually is a statement that those subject to the provisions of CALEA are not defined by whether or not they offer visits to websites or IM capability, but rather whether or not they offer broadband internet access. Such as an Internet access provider who does not qualify as a broadband provider (dial-up?) is not subject to the provisions of CALEA, even though they may enable the public to utilize email over their networks, whereas a provider of broadband internet access is subject to those provisions, simply because they offer broadband, but not because their users have email capability. It is then up to the LEA's and courts to determine what they want to sniff, which may or may not include the email, IM, web site visits, etc... Of course, IANAL. John Vogel -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] CALEA compliance methods
Mark, your info is 3 years old We have to be ready to tap our lines. Even IMs. marlon - Original Message - From: wispa [EMAIL PROTECTED] To: WISPA General List wireless@wispa.org Sent: Monday, March 26, 2007 8:54 PM Subject: Re: [WISPA] CALEA compliance methods On Mon, 26 Mar 2007 19:49:43 -0400, Adam Greene wrote Hi, As a new member of WISPA I am reading with interest all of the postings about CALEA from the past few weeks. Thankfully, we have designed our network in such a way that all customer IP traffic passes through at least one Cisco switch before it can be bridged to any other customer or routed to the Internet, so I think we'll be able to SPAN all customer traffic and from there manipulate the data streams and hand them off to law enforcement. The only exception to this case might be our Waverider CCU's, which are routing packets between various end-users. I am going to contact them to see what their take is on implementing LI -- we might need to stop using the CCU's as routers. The main questions I have for the forum are ... assuming we can at least make a copy of a given customer's traffic without the customer realizing it (i.e. non-intrusively), how are we going to be able to format the data to be able to hand it off to law enforcement? We obviously want to do this in the most cost-effective way possible (read: open source solution). http://www.opencalea.org/ definitely looks promising, but it is just getting off the ground as far as I can tell. I wonder if there are any other groups out there working on this. As far as compliance standards go, as far as I can tell, the one that most fits us might be ATIS -T1.IPNA -ISP data, but I'm still confused about that. When I visit http://www.askcalea.net/standards.html, I see a link for Wireline: PTSC T1.IAS which takes me to https://www.atis.org/docstore/product.aspx?id=22665. Is this all the same as ATIS -T1.IPNA -ISP? Somehow I don't have the feeling that paying $164.00 for this standard is going to help get me in the right direction We do have a couple savvy Linux guru-types in house that could deploy a good open-source solution and keep it updated, I think. But I don't think we're up to developing such a solution ourselves from scratch. I did find a device made by a company called Solera (http://www.voip-news.com/feature/solera-calea-voip-packet-capture- 031907/) which looks like it could be cost-effective (read: ~$7000.00) for a small ISP (read: ~1,000 customers) like us. Obviously we would prefer open source, but at least it was a relief to see that we might be able to avoid the $40,000 - $100,000 solutions I've been hearing about from TTP's and other (larger) ISPs. Matt Liotta, you mentioned that you have the ability to provide lawful intercept in compliance with CALEA for our single-homed downstream ISP customers assuming there is no NAT involved. Would you be willing to share some details about the solution you've been able to come up with? I do see the opportunity that this whole CALEA thing could provide to some ISP's who figure out a way to develop a cost-effective solution and then offer consulting services or **affordable** TTP services to other companies ... I also read with interest the Baller law group's Key Legal and Technical Requirements and Options for CALEA (http://www.baller.com/pdfs/BHLG-CTC_CALEA_Memo.pdf) that Peter Radizeski forwarded to the list. I had not taken seriously the possibility of filing a section 109(b) petition, but if we do due diligence and really do not find an affordable solution to deploy on our network, I think we may have to seriously consider that (for example, the part about asking to be considered compliant as long as we can meet most of LI's requirements, if not all of them). Please excuse the long and rambling post ... I'm just having a hard time finding out how to grab a hold of this CALEA beast. Hi, let me quote from www.askcalea.com On March 17, 2004, we published a press release regarding our joint petition. Q: Does the petition for CALEA rulemaking propose to apply CALEA to all types of online communication, including instant messaging and visits to websites? A: No. The petition proposes CALEA coverage of only broadband Internet access service and broadband telephony service. Other Internet-based services, including those classified as information services such as email and visits to websites, would not be covered. Q: Does the petition propose extensive retooling of existing broadband networks that could impose significant costs? A: No. The petition contends that CALEA should apply to certain broadband services but does not address the issue of what technical capabilities those broadband providers should deliver to law enforcement. CALEA already permits those service providers to fashion their own technical standards as they see fit. If law enforcement considers an industry technical standard deficient, it can seek to change
