Prior to CALEA, my plan for helping law enforcement consisted of the following... Introducing them to my upstream (they'd already know them anyway, because my netblocks belong to them) and having them use my provider's nice, secure NOC for tapping into my upstream traffic via a managed switch and mirroring.
I have no place to put a mediation box, no place to put any kind of physical tap. I have no physical point this can be done, WITHIN THE BOUNDARIES OF MY NETWORK. Physically, it has to be located at someone else's facility. This is not "compliant". And one says "why are you stressing"? Ok, how many of you have dealt with the IRS? How about electrical codes? Building codes? OSHA? Saying that the feds "just want the data" is just like saying the IRS "just wants some money". Wrong. They want absolute compliance, to the letter. When we had to dispose of solvents and cleaners, we went many rounds with the DEQ for Oregon. There was no "accomplish this goal", it was "obey the letter", period. Great solutions were not allowed, because they didn't fit the absolute letter. Welcome to the world of regulatory hell. Conversations with people in DC are one thing. They will present as a nice of face as possible to disarm you. The IRS people are pleasant... at first.. too. So was the DEQ. Oh, "we don't want to fine you, just get you into compliance", but the moment we talked to them, we had to immediately do what they demanded, or face fines. For instance, we had to clean some parts in something like carb cleaner. It is washed off with high pressure hot water. That means that it, and the water you wash it off with... is "hazardous waste". So, limits on the disposal of "hazardous waste"? Well, we had a "gallon" limit. So, we said, "we buy 20 gallons a year, does this mean we generate 20 gallons of waste?" The answer was "no". Every gallon of water used to rinse it off became another measured gallon. They told us that the preferred method of disposal was to evaporate the carb cleaner. So, we said great... we'll just rinse it off with water and evaporate the water and cleaner. Nope. if we rinse it with water, then that water counts toward hazardous waste gallons. Stupid, eh? No matter how much water we used, we were still evaporating 20 gallons of this solvent. But the evaporated water was 'hazardous waste" and if we mixed too much water in this, we went over the "gallon" limit. Read the document... They will read your filings, and then they will start on a process of bringing you into compliance. Tapping at your gateway? That's fine. That's "good faith" to start. Then you will have to demonstrate contined progress toward compliance. Dont' have 24 hour response? That's fine. You will only need to say WHEN you'll have it. You WILL eventually have to capture it at the client end, or at the AP if you're wireless. You WILL provide a date when this will happen. I hate to say it, but it sounds like some very gullible people talked to the feds. They're not the ones who will be reading the forms and assessing fines. They are there to put a nice face on things. But compliance, to the letter? That's what the name of the game is. Always will be. Always has been. What has to be gotten across, is that some technologies do not work this way. They will have to make a definitive statement ( the calea faq is woefully out of date - www.askcalea.net , with contradictory information published later) . I quote: "The primary goal of the Order is to ensure that Law Enforcement Agencies have all of the resources that CALEA authorizes with regard to facilities-based broadband Internet access providers (ISP) and interconnected voice over Internet protocol (VOIP) providers. " Not to "do what you can" but to get EVERYTHING they they are authorized to get. That's my opinion of how the future is going to play out, unless something changes between now and then. They make the statement that "we don't intend to alter the way networks work". But when you read the way enforcement works.. You will. Just witness how many people are talking about fundamentally altering network operations to be "compliant" now. But more importantly... from this day forward, you will not be able to start, or deploy a wireless or any other kind of internet providing network that doesn't have ALL aspects of CALEA compatibility built in. That pretty much rules out the vast majority of present equipment and methods of deployment. ----- Original Message ----- From: "Ross Cornett" <[EMAIL PROTECTED]> To: "WISPA General List" <[email protected]> Sent: Tuesday, May 01, 2007 7:40 AM Subject: Re: [WISPA] CALEA Compliance > I still would like to know the amount of incident that this CALEA will cause > for all of its costs to our industry. Did anyone ask the FBI, why they > cannot have several machines and deliver them as needed pre-configured then > we can install them when they are needed. It is highly unreasonable for the > FBI to ask everyone to have a utility and manage this utility when it will > never be used by a very large portion of our industry. It is far cheaper > for the government to sameday ship their device to us anywhere in the nation > then it is to have everyone else trying to scramble to satisfy a need that > will largely be an expensive dust collector in most businesses. > > > Anyone know if this has been posed to the FBI. > > > > ----- Original Message ----- > From: "Matt Liotta" <[EMAIL PROTECTED]> > To: "WISPA General List" <[email protected]> > Sent: Tuesday, May 01, 2007 7:54 AM > Subject: Re: [WISPA] CALEA Compliance > > > > John Scrivner wrote: > >> > >> We look forward to proving that this thinking is wrong. What part of > >> CALEA compliance is it that makes you think we cannot develop a low cost > >> and reasonable solution which will not break the bank? > > > > Even if you do come up with a way to handle LI in time for the deadline > > that is only going to solve one part of CALEA. We checked with Cisco in > > the beginning regarding CALEA. We were assured they were working on it and > > would have a solution in time (much the same way WISPA has). We now have > > Cisco's solution and understand it does exactly what they say it would do; > > namely LI. Unfortunately, LI isn't enough as I have outlined in other > > posts. We have had to develop the rest of the solution on our own. > > > > Reread my post on the practical requirements of dealing with ELSUR and > > check with your attorneys. I think you'll find no technical solution to > > those requirements. > > > > -Matt > > -- > > WISPA Wireless List: [email protected] > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > -- > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
