Forrest, let me get back to the very old conversation about why WISPA should organized at least 1500 filings to the FCC by every WISP they could get to act, to say "This cannot be done".
Before they even bothered to read half of them, the FCC would have been in the process of asking INDUSTRY how to do this, but no, WISPA folks had to play pussyfoot and now we're stuck with an enormous boondoggle, FOR NO BENEFIT TO ANYONE. In spite of people's best efforts at character asassination, I have never once objected to being required to help law enforcement do what it needs to do, so could we dispense with the silly nonsense already? (let me state, that this "no benefit to anyone" is based on the common sense notion that data interception has specific limitations, both technical and physical, but real, actual, help to law enforcment is not served well by CALEA mandates, and instead, needs a solution suited to data networks, not switched voice calls... thus, huge outlays could be required, for no real gain) You correctly state that there are interesting ways to intercept data traffic. Lots of them. But that's not the problem with CALEA. Believe me, I spent many hours reading the regulations and summaries, etc. Let's start off with a few interesting details, and see what a sticky wicket it REALLY is, because Telco mechanisms are applied to intelligent data networks. 1. No, you cannot just "intercept at your access point". Well, unless you own or lease or otherwise have sole access to the tower, building, and cabling it consists of. Did you forget that you are required to guarantee confidentiality, security, and validity of the data you intercept? This means a locked building, secured cable paths, and 0 packet loss. So, you better have a backup, or better yet, a mirroring RAID array on that intercept device. Any lawyer will tell you that you, or your designated non-security risk employee sworn to fidelity, must have sole access, and that ALL the mechanisms must be secured.. like, your building had better have locks not easily defeated, an alarm system and preferrably, live security. 2. Intercept may not change routing, latency, bandwidth, or availability to your customer. Custom routing changes for an individual client is expressly forbidden. Did you miss that? It was very specific. 3. Once your data is collected, it must be remain secure. You must have a safe or a vault in which to keep it, expressly and solely for the purpose of CALEA and cannot be shared with, say, your wife's jewelry. Or, a locked room where nobody enters except for the purpose of CALEA, OR, that person is part of the confidentail collection process. So, you can't collect at your provider, unless your provider is a TTP. Or, you lease lockable space, yadda yadda yadda. You can't collect 'In the field' unless your site is compliant. none of mine are, most of them are decidedly "insecure". I dunno who doesn't have shared hut space for a tower, or whatever... mabye some of you do, but that's like 1000 times beyond my budget. I have a lot of AP's in the field, and only ONE of them has a building that's "mine". None of the rest actually have "a building" dedicated to them. Now, I DO NOT HAVE AN OFFICE. I have a workshop, but my customer's data does not physicially pass through it. Nor do I have a NOC. Many of you have just a room or even some shelves around the corner where your stuff sits. Sorry. NOT CALEA COMPLIANT. It must be in a secure room while you intercept. Maybe you could make the case that a "secure box" would do. Can you stuff your main router and all traffic passing gear into it? Somehow I"ll bet not. Now, before you think I'm just running off at the mouth, I have many years of institutional (not school, organizational) education about what "security" and "confidentiality" and "risk management" means and implies. I've been around the block with a medical organization about HIPAA compliance. The poor guy had to remodel his office just to get his computer "compliant". These standards are pretty much driven by our legal system and don't in practice vary much from industry to industry. So, Forrest, when I'm talking about CALEA compliance, I'm not talking just about the intercept mechanism and "making something intercept". I had a plan for what to do long ago if I had to help out law enforcment. It's perfectly workable. But not CALEA compliant, because I simply cannot. It is simply physcially impossible to to have a wireless network that is fully and completely compliant, in the strict sense. I realize that some of these things have limitations.. like the packet loss issue... But, when they want it all, they mean it all, and lawyers - mostly prosecutors and defense attorneys, don't give a damn about you, only what vengeance they can exact on you if a weakness in your "compliance" can be found. You're only immune if you're "fully compliant". Now, telcos all have locked and secure switching facilities and lots of lawyers and the "standard" for collection at least gets data that the telco is used to dealing with. But within the WISP industry, the requirements change EVERY aspect of how many WISP's operate. How their network functions, how it routes, and could, in a strict interpretation, require single feeds to every AP, and the list goes on and on. I stated before that CALEA makes us give up the single biggest advantage that we have... And all but requires us to build out like a telco, duplicating the expensive infrastructure and facilities. In other words, we give up our huge "lite" facilities and infrastructure advantage, if we are strictly comply. It makes rural and low density deployments exhorbitantly expensive per client, and by now, I hope you can understand my comments. How or why nobody who went to DC looked at this and said "You're insane!!!" to the powers that be, I don't know. MAybe none of you look this far ahead? Or pay that much attention? I dunno. But I told you all before, I have a couple decades of small business experience and compliance with mandates is a matter of ego. They demand, you do. Is there a cheaper way to accomplish things? They don't care. Process and following rules is all that matters. Maybe you're all unable to comprehend how or why someone would nto ahve all their data routed through a building they own and lock up. Maybe you all have all this stuff and so you're lost as to why someone would say this is all insane. I just can't imagine it, though. I guarantee you that around this c ountry are HUNDREDS of small WISP's, from businesses to hobbyists to block size sharers, many of which have never hard of WISPA, nor CALEA. And none of them are compliant. I"ll bet just about none of you advocates of various solutions are actually anywhere near fully "compliant". Not just in the ability to intercept and sort and tag, but in all the other myriad requirements and the implications those requirements put in place. Nobody spoke for ANY of us. I stand by that statement, still. And, until the cranial-rectal impalement condition ceases, I cannot and will not waste my money on WISPA. They need to be responsive to and FIGHT FOR US, not play little boy in wonderland when they go to DC. So, here we are, and now the topic WAS "fcc to punish comcast over web blocking". So, what if a specific IP block routinely attempts a DOS attack, or other misbehavior, and you lock it out? And if there's a website buried in those IP's, you're NOT ALLWED by the FCC to defend yourself against it by blocking... Now, should that be law? I don't think so. And I think WISPA should be very active on defense against this overreaching nonsense. But, as I said, WISPA seems to have some kind of bent that says "objecting is verboten". Which is my whole complaint in the first place. ++++++++++++++++++++++++++++++++ <insert witty tagline here> ----- Original Message ----- From: "Forrest W Christian" <[EMAIL PROTECTED]> To: "WISPA General List" <[email protected]> Sent: Sunday, July 13, 2008 5:52 PM Subject: Re: [WISPA] Topic change - Trade Association Was:Report:FCCtoPunishComcast Over Web Blocking > [EMAIL PROTECTED] wrote: >> I can't imagine how this is true. Are you attempting to tell me that >> all >> of you operate with a single point of failure? >> > No, but all you have to do is to ensure that all of the traffic for the > customer passes by one of your collection points, which do not have to > be in place ahead of time. > > All that has to be able to be done on your end is to take one or more > packet sniffers and insert them in correct place(s) in your network to > get the customer data. And this only has to be done *after* you get a > court order - although you need to be able to put this in place in a > fairly short period of time. > > -forrest > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
