Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

calea.ppt

advertisement 
CALEA
Communications Assistance for Law
Enforcement Act
October 20, 2005
A brief history of wiretapping
1960’s : Wiretapping was easy; one phone company;
basic technology
1980’s: Deregulation means multiple carriers; cell
phones; analog to digital transition begins
1994: CALEA passed with several compromises;
specifically no Internet; no private networks
2004:VoIP: Wiretapping isn’t getting any easier…
How many wiretaps are there?
Content
Other
information:
subscriber;
transactional data
Real Time
Historical
Title III “Wiretap
Order”
Warrant/Subpoena
Warrant/Subpoena
Subpoena/Court
Order
Federal, State, Local and FISA
Wiretap Orders for 2004
1,712 regular court
1,754 under FISA
http://www.uscourts.gov/wiretap04/Table404.pdf
http://www.epic.org/privacy/wiretap/stats/fisa_
stats.html
What is CALEA?
CALEA is the Communications Assistance for
Law Enforcement Act. It requires providers of
commercial voice services to engineer their
networks in such a way as to assist law
enforcement agencies in executing wiretap
orders.
Until August 5, 2005 that is…..
CALEA: New Report and Order
On August 5, 2005, in response to a request by
law enforcement, the FCC voted to extend
CALEA to include facilities-based Internet
service providers.
Facilities-based Internet service providers are
defined as: "entities that provide transmission or
switching over their own facilities between the end
user and the Internet Service Provider."
Private Networks are still
exempt, but….
Private Networks are now defined as networks
that do not allow access to the “public”
Internet or the public switched telephone
network (PSTN).
If your network provides access to the “public”
Internet you are no longer exempt as a private
network.
Arguments for/against extending
CALEA to ISPs
Law Enforcement
The Internet is
increasingly the
communication of choice
for criminal activity
Legal intercepts need to
be easier and less
expensive for LE
An “exempt” system is a
magnet for criminal
activity
Education and Libraries
Congress should decide
not the FCC or DoJ
LE has sufficient access
now
Cost to comply can’t be
justified
Will slow innovation
Legal Justification:
Substantial Replacement Provision
The term “Telecommunications Carrier”
includes a person or entity engaged in
providing wire or electronic communication
switching or transmission service to the
extent that the Commission finds that such
service is a replacement for a substantial
portion of the local telephone exchange
service and that it is in the public interest …..
(Section 102. 8B(ii) CALEA)
Substantial Replacements
1. Broadband Internet access substantially replaces Dialup (a portion of the local exchange service)
2. Interconnected VoIP substantially replaces POTS
3. Therefore, Broadband and Interconnected VoIP
providers are “Telecommunications Providers”.
Two Part Decision
Part #1: Decided: CALEA does apply to ISPs
and all facilities-based Internet service
providers are covered. Full compliance is
required in 18 months..
Part #2: Still to be decided: What will be
required (standards of compliance) and will
there be an “special cases” allowed (i.e. small
rural providers or education and research
networks).
What is EDUCAUSE doing?
April 2004 in response to the original petition
by LE, EDUCAUSE formed a coalition of 16
education and library associations and filed
comments.
EDUCAUSE has been actively engaged in talks
with Congress, the FCC, and the DoJ ever
since.
We continue to hold out hope for a “special
case” compromise that will mitigate the
expense of changing our equipment.
Current Proposal:
Some examples
Single point-of-contact on every campus
Standard procedures established
24x7 assistance available
Personnel trained in procedural, legal and
technical demands of assisting legal intercepts.
Some gateway equipment would be replaced,
but only under the normal replacement cycle
Prediction
Law enforcement will want more concessions
Our community will have to seriously
consider the options
CALEA:
A Campus Perspective
What do we know for sure?
Not much!
But sooner or later, some regulations
requiring additional activity by universities
in lawful surveillance seems likely
Cost to become CALEA compliant
could be HUGE!!!
How might a request work
Telecommunication
Service Provider
Service Provider
Administration
(Turn on Lawful Intercept
feature of switch)
Lawful
Authorization
(Order
generated)
Law
Enforcement
Administration
Access
Function
(Switch collects Lawful
Intercept data)
Delivery
Function
(Securely deliver
information to LEA)
Collection
Function
Law Enforcement
Some Vocabulary
(ref. TIA J-STD-025-B)
Access Function(s) (provided by campus)
Provides unobtrusive intercept access points to
intercept subject’s communications and passes to
Delivery Function
Delivery Function (provided by campus)
Responsible to delivering intercepted
communications to the Law Enforcement Agency
(LEA) Collection Function
Collection function (provided by LEA)
Responsible for collecting lawfully authorized
communications
CALEA FAQ
Thanks to Al Gidari and Wendy Wigen for assistance!
Disclaimer: Current understanding – subject
to change quickly
Who pays for what?
Campus must pay for equipment, systems and
people to perform Service Provider
Administration, Access Function and Delivery
Function
Law Enforcement pays for leased lines (if
necessary) to campus and Collection function
CALEA FAQ
What do I need to buy for my campus
to be CALEA-compliant?
Don’t know - detailed specifications not yet
available
Current CALEA regulations seem to
require significant equipment upgrades or
replacements
When will FCC clarify requirements so
we can start upgrading network?
Not known
CALEA FAQ
Might CALEA regulations related to the
Internet be declared invalid?
Yes, but universities will still need to
support surveillance requests in the future
Is the university responsible for
decrypting or decompressing message
content?
No, not unless the university did the
compressing/encrypting and has keys to
decrypt
CALEA FAQ
Is more than just Voice over IP covered
by CALEA?
Yes – all communications will need to be
forwarded, and (as of now) the VoIP packets
will need to be decoded if the university
provides the VoIP service, otherwise
decoding responsibility
is unclear
CALEA FAQ
What might a LEA ask for?
All communications associated with
an IP address or jack
All communications associated with a
person!!!
• Wired – specific location
• Wired – any authenticated access!!!
• Wireless!!!
CALEA FAQ
Is surveillance of intra-campus traffic
necessary (e.g., between two computers
hooked to the same card on the same
ethernet switch)?
Yes…
…if the switch has the potential of passing
traffic forward to the public Internet
CALEA FAQ
Do the LEAs want to be able to turn on and
perform surveillance remotely?
University personnel would be turning on,
maintaining and turning off the wiretap, but the
data would be sent to the designated LEA facility
It seems like some of the CALEA
requirements will be very difficult (or
impossible) to implement with commonly
deployed systems and technology. Sound
right?
Yes
CALEA FAQ
Do campuses need to do anything beyond
network upgrades to satisfy CALEA?
Yes - universities will need do training and
background checks, have 7/24 point of contact for
LEAs, create and document processes for
interfacing with LEAs and file documentation
attesting to CALEA compliance
Any other impacts?
Is E911 now extended to university VoIP systems?
CALEA:
A Campus Perspective
Higher Ed. has, and will
continue to, support
lawful surveillance, but
effective, less costly
alternatives should be
explored
CALEA FAQ
Where can I find out more?
Educause
• http://www.educause.edu
AskCALEA
• http://www.askcalea.net/
FCC
• http://www.fcc.gov/calea/
Selected vendor information
• “Cisco Service Independent Intercept Architecture”
(sign on required to access on Cisco web site)
• RFC 3924
– http://www.apps.ietf.org/rfc/rfc3924.html
Discussion
Questions
or
Discussion?
Call Content Channels and Call
Data Channels
Delivery
CCCs
CDCs
Collection
Some More Vocabulary
(ref. TIA J-STD-025-B)
Call Content Channel:
Logical link to LEA Delivery Function
carrying call content
Call Detail Channel
Logical link to LEA Delivery Function
carrying call-identifying information
Related documents
1-Time Sensitive Training updated 11-17-2014
1-Time Sensitive Training updated 11-17-2014
TR41.1-05-02-007-TIA-Comments-FCC
TR41.1-05-02-007-TIA-Comments-FCC
02a TR-45 LAES Scope Wording
02a TR-45 LAES Scope Wording
Policy 109 - Pine Bluff Police Department
Policy 109 - Pine Bluff Police Department
Chapter 14
Chapter 14
CALEA_Accreditation_Award
CALEA_Accreditation_Award
Minutes
Minutes
Minutes - University of North Florida
Minutes - University of North Florida
Privacy
Privacy
Charlotte-Mecklenburg Police Department Law Enforcement Code of Ethics 1 of 1
Charlotte-Mecklenburg Police Department Law Enforcement Code of Ethics 1 of 1
Download
advertisement