CALEA - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

CALEA

Description:

CALEA is the Communications Assistance for Law Enforcement Act. ... Yes all communications will need to be forwarded, and (as of now) the VoIP ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 31
Provided by: wendy90
Learn more at: https://people.ucsc.edu
Category:

less

Transcript and Presenter's Notes

Title: CALEA


1
CALEA
  • Communications Assistance for Law Enforcement Act
  • October 20, 2005

2
A brief history of wiretapping
  • 1960s Wiretapping was easy one phone company
    basic technology
  • 1980s Deregulation means multiple carriers
    cell phones analog to digital transition begins
  • 1994 CALEA passed with several compromises
    specifically no Internet no private networks
  • 2004 VoIP Wiretapping isnt getting any easier

3
How many wiretaps are there?
Real Time Historical
Content Title III Wiretap Order Warrant/Subpoena
Other information subscriber transactional data Warrant/Subpoena Subpoena/Court Order
4
Federal, State, Local and FISA Wiretap Orders for
2004
  • 1,712 regular court
  • 1,754 under FISA
  • http//www.uscourts.gov/wiretap04/Table4-04.pdf
    http//www.epic.org/privacy/wiretap/stats/fisa_sta
    ts.html

5
What is CALEA?
  • CALEA is the Communications Assistance for Law
    Enforcement Act. It requires providers of
    commercial voice services to engineer their
    networks in such a way as to assist law
    enforcement agencies in executing wiretap orders.
  • Until August 5, 2005 that is..

6
CALEA New Report and Order
  • On August 5, 2005, in response to a request by
    law enforcement, the FCC voted to extend CALEA to
    include facilities-based Internet service
    providers.
  • Facilities-based Internet service providers are
    defined as "entities that provide transmission
    or switching over their own facilities between
    the end user and the Internet Service Provider."

7
Private Networks are still exempt, but.
  • Private Networks are now defined as networks that
    do not allow access to the public Internet or
    the public switched telephone network (PSTN).
  • If your network provides access to the public
    Internet you are no longer exempt as a private
    network.

8
Arguments for/against extending CALEA to ISPs
  • Law Enforcement
  • The Internet is increasingly the communication of
    choice for criminal activity
  • Legal intercepts need to be easier and less
    expensive for LE
  • An exempt system is a magnet for criminal
    activity
  • Education and Libraries
  • Congress should decide not the FCC or DoJ
  • LE has sufficient access now
  • Cost to comply cant be justified
  • Will slow innovation

9
Legal Justification Substantial Replacement
Provision
  • The term Telecommunications Carrier includes a
    person or entity engaged in providing wire or
    electronic communication switching or
    transmission service to the extent that the
    Commission finds that such service is a
    replacement for a substantial portion of the
    local telephone exchange service and that it is
    in the public interest ..
  • (Section 102. 8B(ii) CALEA)

10
Substantial Replacements
  • 1. Broadband Internet access substantially
    replaces Dial-up (a portion of the local exchange
    service)
  • 2. Interconnected VoIP substantially replaces
    POTS
  • 3. Therefore, Broadband and Interconnected VoIP
    providers are Telecommunications Providers.

11
Two Part Decision
  • Part 1 Decided CALEA does apply to ISPs and
    all facilities-based Internet service providers
    are covered. Full compliance is required in 18
    months..
  • Part 2 Still to be decided What will be
    required (standards of compliance) and will there
    be an special cases allowed (i.e. small rural
    providers or education and research networks).

12
What is EDUCAUSE doing?
  • April 2004 in response to the original petition
    by LE, EDUCAUSE formed a coalition of 16
    education and library associations and filed
    comments.
  • EDUCAUSE has been actively engaged in talks with
    Congress, the FCC, and the DoJ ever since.
  • We continue to hold out hope for a special case
    compromise that will mitigate the expense of
    changing our equipment.

13
Current Proposal Some examples
  • Single point-of-contact on every campus
  • Standard procedures established
  • 24x7 assistance available
  • Personnel trained in procedural, legal and
    technical demands of assisting legal intercepts.
  • Some gateway equipment would be replaced, but
    only under the normal replacement cycle

14
Prediction
  • Law enforcement will want more concessions
  • Our community will have to seriously consider the
    options

15
CALEAA Campus Perspective
  • What do we know for sure?
  • Not much!
  • But sooner or later, some regulations requiring
    additional activity by universities in lawful
    surveillance seems likely
  • Cost to become CALEA compliant could be HUGE!!!

16
How might a request work
Access Function
Telecommunication Service Provider
(Switch collects Lawful Intercept data)
Service Provider Administration (Turn on Lawful
Intercept feature of switch)
Delivery Function
Lawful Authorization
(Securely deliver information to LEA)
(Order generated)
Law Enforcement Administration
Collection Function
Law Enforcement
17
Some Vocabulary (ref. TIA J-STD-025-B)
  • Access Function(s) (provided by campus)
  • Provides unobtrusive intercept access points to
    intercept subjects communications and passes to
    Delivery Function
  • Delivery Function (provided by campus)
  • Responsible to delivering intercepted
    communications to the Law Enforcement Agency
    (LEA) Collection Function
  • Collection function (provided by LEA)
  • Responsible for collecting lawfully
    authorizedcommunications

18
CALEA FAQ
  • Thanks to Al Gidari and Wendy Wigen for
    assistance!
  • Disclaimer Current understanding subject
    to change quickly
  • Who pays for what?
  • Campus must pay for equipment, systems and people
    to perform Service Provider Administration,
    Access Function and Delivery Function
  • Law Enforcement pays for leased lines (if
    necessary) to campus and Collection function

19
CALEA FAQ
  • What do I need to buy for my campus to be
    CALEA-compliant?
  • Dont know - detailed specifications not yet
    available
  • Current CALEA regulations seem to require
    significant equipment upgrades or replacements
  • When will FCC clarify requirements so we can
    start upgrading network?
  • Not known

20
CALEA FAQ
  • Might CALEA regulations related to the Internet
    be declared invalid?
  • Yes, but universities will still need to support
    surveillance requests in the future
  • Is the university responsible for decrypting or
    decompressing message content?
  • No, not unless the university did the
    compressing/encrypting and has keys to decrypt

21
CALEA FAQ
  • Is more than just Voice over IP covered by CALEA?
  • Yes all communications will need to be
    forwarded, and (as of now) the VoIP packets will
    need to be decoded if the university provides the
    VoIP service, otherwise decoding responsibility
    is unclear

22
CALEA FAQ
  • What might a LEA ask for?
  • All communications associated with an IP address
    or jack
  • All communications associated with a person!!!
  • Wired specific location
  • Wired any authenticated access!!!
  • Wireless!!!

23
CALEA FAQ
  • Is surveillance of intra-campus traffic necessary
    (e.g., between two computers hooked to the same
    card on the same ethernet switch)?
  • Yesif the switch has the potential of passing
    traffic forward to the public Internet

24
CALEA FAQ
  • Do the LEAs want to be able to turn on and
    perform surveillance remotely?
  • University personnel would be turning on,
    maintaining and turning off the wiretap, but the
    data would be sent to the designated LEA facility
  • It seems like some of the CALEA requirements will
    be very difficult (or impossible) to implement
    with commonly deployed systems and technology.
    Sound right?
  • Yes

25
CALEA FAQ
  • Do campuses need to do anything beyond network
    upgrades to satisfy CALEA?
  • Yes - universities will need do training and
    background checks, have 7/24 point of contact for
    LEAs, create and document processes for
    interfacing with LEAs and file documentation
    attesting to CALEA compliance
  • Any other impacts?
  • Is E911 now extended to university VoIP systems?

26
CALEAA Campus Perspective
Higher Ed. has, and will continue to, support
lawful surveillance, but effective, less costly
alternatives should be explored
27
CALEA FAQ
  • Where can I find out more?
  • Educause
  • http//www.educause.edu
  • AskCALEA
  • http//www.askcalea.net/
  • FCC
  • http//www.fcc.gov/calea/
  • Selected vendor information
  • Cisco Service Independent Intercept
    Architecture (sign on required to access on
    Cisco web site)
  • RFC 3924
  • http//www.apps.ietf.org/rfc/rfc3924.html

28
Discussion
  • Questions
  • or
  • Discussion?

29
Call Content Channels and Call Data Channels
Delivery
CCCs
CDCs
Collection
30
Some More Vocabulary (ref. TIA J-STD-025-B)
  • Call Content Channel
  • Logical link to LEA Delivery Function carrying
    call content
  • Call Detail Channel
  • Logical link to LEA Delivery Function carrying
    call-identifying information
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "CALEA" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!