It looks like the FCC making us be CALEA compliant was a total waste of time & effort (on both parties sides) and only made a atmosphere of fear. It also sounds like while they filed for information that has classically been available pre-calea, has anyone had to comply with the real time streaming section or the remote data logging and can share the experience?
On 11/30/07, Butch Evans <[EMAIL PROTECTED]> wrote: > I just wanted to make a brief post relating a few experiences > relating to the CALEA "scare" that was recently the "talk of the > town" (so to speak). I should preface this post with a bit of > information that will give some insight into how common (or not) law > enforcement will or will not use CALEA to get information from > you/us. I have about 225 customers in my database. I work on a > regular basis for about 15-20 of those each week. Since April, I > have worked 4 cases with my customers (actually, it was 6, but 3 > were related) that were filed as CALEA actions. > > Of these cases, 3 of my customers were using Mikrotik and 1 was > using ImageStream. I can't reveal anything related to the cases, > but I wanted to help people understand what kind of information we > are being asked for under CALEA, and what that translates to in > terms of capability requirements. > > 1. The first subpeona wanted to know who had a specific IP at a > certain time and date. That was all that was requested. This > particular WISP has about 450 customers, and about 225 of those are > using private IPs that are natted at the border. It so happened > that the IP we were requested information about was the NAT IP. I > called the officer who had requested the data and explained the > situation to him. After an hour or so, he understood that there is > nothing we could do without more information. The case was an > ongoing thing, and he was tracking contact to a specific website, so > we were able to determine a specific customer who was using that > website. We did not tell the officer who it was, but we DID explain > how he needed to word his subpoena so that we COULD get him what he > wanted. After he got the legal jargon to match the technical > requirements of our capabilities, we were able to capture and > provide him with the communications he was needing. > > 2. The next 3 were related to one another (sort of). In this case, > the subpeona asked for customer billing records and login > information for the past year for 3 IP addresses. We had part of > this information (this WISP used public IP addresses for all his > customers). Since the subpeona requested historical information, we > were somewhat limited in what we could provide, but we did get the > required information and LEA was happy. > > 3. The other 2 were not related but were similar. They asked for > telephone information that the targets made between a couple of > dates in the past. Since the WISPs in both cases were not the > provider of the VoIP (they were just the transport) service, we > explained to the LEA that the information they are seeking would not > be available at the WISP, eventually they went elsewhere for their > information (I guess), but the WISPs, in the end, did not provide > ANY customer data to the LEA. > > The point I am making here is that all of the information requested > in all 3 cases, was easily obtainable using equipment available > within the WISP networks already. We used information that the > Mikrotik and/or Imagestream enabled us to gather, log files and > RADIUS logs to gather login information and capturing of data along > with their business records to answer all 6 subpeonas (7 if you > count the one that had to be re-done). > > In all cases, the law enforcement officer who was our first contact > was not technically capable of understanding what they > wanted/needed, but without fail, there WERE people at the agencies > involved who were. Of these subpeonas, 3 were from the FBI, 2 were > local LE and 1 was homeland security. > > Incidentally, none of these WISPs spent any extra money to be > compliant (other than some legal work that had to be done). Billing > for my time cost less than $350 (much less in some cases) to help > gather necessary information. All of these (I think) ended up > billing these costs to the LEA and as far as I know, they got their > direct expenses back. > > I got another call today to assist with a subpoena and it got me > thinking about the others. I just thought this information may be > useful/educational to some on this list. > > -- > Butch Evans > Network Engineering and Security Consulting > 573-276-2879 > http://www.butchevans.com/ > My calendar: http://tinyurl.com/y24ad6 > Training Partners: http://tinyurl.com/smfkf > Mikrotik Certified Consultant > http://www.mikrotik.com/consultants.html > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
