Hi Dawn,
Please let me preface this by saying that there are not always easy answers.
And we can't always come up with a pre-made solution for every situation
that may arise. We've talked with the FBI about all of these issues. We
all know what the law says, and we all know what's actually possible. They
aren't always lined up in nice little rows with all of the i's dotted and
t's crossed.
More below.
Marlon
(509) 982-2181
(408) 907-6910 (Vonage) Consulting services
42846865 (icq) WISP Operator since 1999!
[EMAIL PROTECTED]
www.odessaoffice.com/wireless
www.odessaoffice.com/marlon/cam
----- Original Message -----
From: "Dawn DiPietro" <[EMAIL PROTECTED]>
To: "WISPA General List" <[email protected]>
Sent: Thursday, May 10, 2007 6:37 AM
Subject: [WISPA] CALEA FAQ Questions
Marlon,
I have been reading the WISPA CALEA FAQ and was a little concerned about
question #10. If the LEA does not know who the suspect is using an open
access point does this mean that everyone that has used that access point
will have their data handed over to the LEA? It would seem that if the LEA
is only allowed to receive the data requested in the subpoena this would
be a violation.
We've talked about this a lot. *I've* personally talked with the head of
the FBI CALEA division about this issue both via email and phone. It's one
of the very first issues we talked about and why the WISPA standards effort
is so important. If we can clear it, things like this will fall under the
safe harbor.
They (the FBI) know that some things just won't be possible/practical. Lets
use my office as an example (I've done this with them so don't go hollering
from the mountains about how I'm being a fool, too late). I have a FREE
OPEN Linksys wireless router set up as a hotspot. Anyone that comes to town
can sit in my office, in their car out front, or soon on a picinic table
that I'll provide, and get all the free internet that they need while they
are in the area. No charge. No tracking, heck, I won't even know it's
happened.
What happens when that IP addy shows up on a wire tap order? I can't change
the ap so that we can insert an MT unit or some other box that would allow
an individual's tap. Doing so would tip off the suspect. There are only
two ways to get the data. One, tap the wireless transmissions and sort it
all out on that side. Not something I have the ability, expertise, tools
etc. to do. OR, we can just grab all of the data going to/from that device
on the ethernet side. The LEA will have to sort out the data streams on
their own. WE can't do it because we're not going to know exactly what data
they are looking for.
It's not a perfect solution but it's all there is. They'll have to do the
same thing if the local Starbucks has a user that shows up somewhere.
As far as I can tell question #15 does not get answered in the paragraph
following the question. It talks more about acceptable billing and the
fact that WISPA might have a solution in the future.
The FAQ is only a starting point. We took the major questions people had,
condenced them and got the best answers we could.
We're also hanstrung a little bit because there are some things that we're
not allowed to tell publicly. Much more of that coming. Might as well get
ready to be even more frustrated by those of us on the committee telling you
things that you can't verify other ways and we won't be able to tell you
exactly what we're basing our statements on due to NDA's signed with the
FBI.
One of the questions in section 23 asks "Does the FBI speak for other
LEA's?". Unless I am mistaken this question does not get answered.
They do and they don't. They are the ones to approve a standard. If they
clear it, all other LEAs are bound by it. But there may be things we are
asked to do etc. that are not up to the FBI.
Also the document says over and over again that the LEA's will work with
WISP's, which sounds like there is no easy way this can always be done
transparently with the current broadband equipment deployed by WISP's. So
the workaround is the WISP should give them the all the data from the
device in question and the LEA's will sort it out and separate it.
There are likely going to be times when this is true. The reason for CALEA
is to make sure that the LEA can't get to things that they've not been
specifically cleared to get. I believe that sometimes they get things that
they weren't looking for in physical searches too. If they raid a house
looking for stolen property and run into a meth lab, that doesn't mean that
they shouldn't have gone into the house in the first place. OR, if on their
way to a bust they see a stolen car in your driveway, they just happened to
be in the right place at the right time.
As I said before, we can all come up with more situations that don't fit the
law than the law can possibly deal with in advance. Most of us here have
worked with the cops in one way or another in the past. They are, by and
large, good people who are as worried about privacy etc. as we are. They
still want to get the bad guys though. Anyone here ever get a ticket while
speeding to the hospital with your wife who's in labor? Sure a jerk cop
might do it but most won't.
If I am out of line please let me know but if I have questions about the
FAQ then I am guessing there are others that do too.
Nope, you are fine here. We have questions too. We just don't always have
answers yet. And some of the answers that we do have will require
uncomphortable levels of trust. The alternative is to take on this issue as
the committee has, put in the HUNDREDS of hours, Work with the lawyers,
FBI, developers and such that we have.
I know that there are some out there that are saying that the committee
doesn't have people with enough expertise to render valid opinions. I guess
my counter to that is, follow the money. That is political advice I was
given a long time ago. That point of view has opened my eyes to some
amazing things I wish I didn't understand. People I used to respect now
get, and deserve, none.
I'd like to touch on some of the fearmogering too. I grew up on a family
farm. I've spent most of my adult life working closely with business owners
or as a business owner. I've seen a LOT of reasons why we'll never ever
make it. We don't have enough money, we don't have enough tallent, we don't
have a name, the big boys are gonna roll over us, the government is gonna
tax us out of business, labor costs are too high. Certification isn't
possible on my scale. Compliance isn't possible on my scale. Gawd, I could
go on for PAGES.
And yet, something like 90% of all business in this country is STILL done by
small business. I'm still growing at 4x last year's growth and it was
already a reccord year for us. Almost every good operator, vendor, or
manufacturer in this industry is going great guns right now. Things are
looking very good for this industry not bad.
CALEA is certainly something to be aware of. You need to follow the rules
and get your paperwork filed. And you need to be working with your tech
guys or, as in my case, your consultants to make sure that you can deliver
the data if you're ever asked to. So far, not a single law enforcement type
has said "Be compliant or we're gonna toss your butt in jail or fine you out
of existance!!!" Quite the contrary. They've said, "We know this is a
difficult and complicated matter. We'll do the best we can with the tools
available. We'll also help you develop better hardware and proceedures so
that you can do a better job too."
laters,
marlon
Regards,
Dawn DiPietro
--
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
