CALEA Communications Assistance for Law Enforcement Act - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

CALEA Communications Assistance for Law Enforcement Act

Description:

But sooner or later, some regulations requiring additional activity by ... decoded if the university provides the VoIP service, otherwise decoding responsibility ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Slides: 15
Provided by: wend121
Learn more at: http://net.educause.edu
Category:

less

Transcript and Presenter's Notes

Title: CALEA Communications Assistance for Law Enforcement Act


1
CALEACommunications Assistance for Law
Enforcement Act
  • Current Campus Perspective of Implementation
    Issues
  • November 17, 2005
  • Doug Carlson New York University

2
CALEAA Campus Perspective
  • What do we know for sure?
  • Not much!!!
  • But sooner or later, some regulations requiring
    additional activity by universities in lawful
    surveillance seem very possible
  • Cost to become CALEA compliant could be HUGE!!!

3
Some Vocabulary (ref. TIA J-STD-025-B)
  • Access Function(s) (provided by campus)
  • Provides unobtrusive intercept access points to
    intercept subjects communications and passes to
    Delivery Function
  • Delivery Function (provided by campus)
  • Responsible to delivering intercepted
    communications to the Law Enforcement Agency
    (LEA) Collection Function
  • Collection function (provided by LEA)
  • Responsible for collecting lawfully
    authorizedcommunications

4
How a request might work
Telecommunication Service Provider (Campus?)
Access Function
(Switch collects Lawful Intercept data)
Service Provider Administration (Turn on/off
Lawful Intercept feature of switch)
Delivery Function
Lawful Authorization
(Securely deliver information to LEA)
(Order generated)
Law Enforcement Administration
Collection Function
Law Enforcement
5
CALEA FAQ
  • Thanks to Al Gidari (Perkins Coie LLP) and Wendy
    Wigen (Educause) for assistance!
  • Disclaimer Current understanding subject
    to change quickly
  • Who pays for what?
  • Campus must pay for equipment, systems and people
    to perform Service Provider Administration,
    Access Function and Delivery Function
  • Law Enforcement pays for leased lines (if
    necessary) to campus and Collection function

6
CALEA FAQ
  • What do I need to buy for my campus to be
    CALEA-compliant?
  • Dont know - detailed specifications not yet
    available
  • Current CALEA regulations seem to require
    significant equipment upgrades or replacements
  • When will FCC clarify requirements so we can
    start upgrading network?
  • Not known

7
CALEA FAQ
  • Might CALEA regulations related to the Internet
    be declared invalid?
  • Yes, but universities will still need to support
    surveillance requests in the future
  • Is the university responsible for decrypting or
    decompressing message content?
  • No, not unless the university did the
    compressing/encrypting and has keys to decrypt

8
CALEA FAQ
  • Is more than just Voice over IP covered by CALEA?
  • Yes all communications will need to be
    forwarded, and (as of now) the VoIP packets will
    need to be decoded if the university provides the
    VoIP service, otherwise decoding responsibility
    is unclear

9
CALEA FAQ
  • Is surveillance of intra-campus traffic necessary
    (e.g., between two computers hooked to the same
    card on the same ethernet switch)?
  • Yesif the switch has the potential of passing
    traffic forward to the public Internet

10
CALEA FAQ
  • What might a LEA ask for?
  • All communications associated with an IP address
    or jack
  • All communications associated with a person!!!
  • Wired specific location
  • Wired any authenticated access!!!
  • Wireless!!!

11
CALEA FAQ
  • Do the LEAs want to be able to turn on and
    perform surveillance remotely?
  • University personnel would be turning on,
    maintaining and turning off the wiretap, but the
    data would be sent to the designated LEA facility
  • It seems like some of the CALEA requirements will
    be very difficult (or impossible) to implement
    with commonly deployed systems and technology.
    Sound right?
  • Yes

12
CALEA FAQ
  • Do campuses need to do anything beyond network
    upgrades to satisfy CALEA?
  • Yes - universities will need do training and
    background checks, have 7/24 point of contact for
    LEAs, create and document processes for
    interfacing with LEAs and file documentation
    attesting to CALEA compliance

13
CALEA FAQ
  • Any other impacts?
  • Is E911 now extended to university VoIP systems?
  • If nothing changes with CALEA, when do we need to
    be compliant?
  • 17 months Spring 2007
  • Short timeframe is a real concern
  • Major cost factor (cant use normal renewal
    cycle)
  • Find funds, acquire equipment (when available)
    and install!!!

14
CALEAA Campus Perspective
Higher Ed. has, and will continue to, support
lawful surveillance, but effective, less costly
alternatives should be explored
Write a Comment
User Comments (0)
About PowerShow.com