1 / 22

CALEA General Session

CALEA General Session. NET@EDU February 6, 2007. CALEA. C ommunications A ssistance for L aw E nforcement A ct. Basic purpose: to provide an easier way for Law Enforcement to “wiretap” the Internet. Agenda. Status Highlights CALEA-Related Standards

ethan-young
Download Presentation

CALEA General Session

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CALEA General Session NET@EDU February 6, 2007

  2. CALEA Communications Assistance for Law Enforcement Act Basic purpose: to provide an easier way for Law Enforcement to “wiretap” the Internet

  3. Agenda • Status Highlights • CALEA-Related Standards • Short presentations and discussion • NPC position paper • The Exempt/Non-Exempt Decision Process • CALEA and the University of California • CALEA and State Networks • Related Issues • Use of CALEA vs. Title 18 • Potential for CALEA-like legislation • Data retention

  4. Status Highlights • Due dates for filings were set by the FCC for institutions which need to comply with CALEA • February 12th - Monitoring Report • March 12th - System Security Report

  5. Status Highlights • Many institutions continue to work to determine if they are covered by CALEA Note: Nice updates to the EDUCAUSE CALEA website!

  6. Status Highlights • FCC continues to strongly assert compliance required by May 14th • Network equipment vendors and Trusted Third Parties still developing their offerings based on emerging standards

  7. CALEA-Related Standards Craig Mulholland Cisco

  8. NPC Position Paper

  9. Exempt/Not Exempt • Institutions first evaluating if there is any possible need to comply • Different interpretations of vague terms • If yes, often doing risk analysis based on: • Possible fines • Possible bad PR (risk to reputation) • Cost to comply: the trade-offs

  10. David Walker Office of the President University of California David.Walker@ucop.edu CALEA at the University of California

  11. Background and Status • The University of California • Ten campuses, five medical centers • Intercampus connectivity provided by non-profit state R&E network • Legal analysis of the campuses' need to comply is nearly complete, based largely on the results of a survey of campus network managers.

  12. Issues Addressed • Is the campus network public or private? • Public access points on the campus • Network connections with research and other partners • How does the campus connect to the public Internet? • ISPs used • Responsibility for support of the campus connection • Does the campus provide “public” VoIP?

  13. State Networks and CALEA Shaun Abshere WiscNet

  14. Related Issues “Vacuum cleaner” approach utilized by LE “Call it the vacuum-cleaner approach. It's employed when police have obtained a court order and an Internet service provider can't "isolate the particular person or IP address" because of technical constraints, says Paul Ohm, a former trial attorney at the Justice Department's Computer Crime and Intellectual Property Section. (An Internet Protocol address is a series of digits that can identify an individual computer.)” From ZDNet News, 1/30/2007

  15. Related Issues • Will CALEA be used on campuses? • Or just Title 18, etc., so that better data can be collected closer to the source? • Potential for CALEA-like legislation • How likely? • What would we want it to say? • Data Retention

  16. Discussion

  17. EXTRA MATERIALS BELOW

  18. How might an Intercept work? Access Function Telecommunication Service Provider (Switch collects Lawful Intercept data) Service Provider Administration (Turn on Lawful Intercept feature of switch) Delivery Function Lawful Authorization (Securely deliver information to LEA) (Order generated) Law Enforcement Administration Collection Function Law Enforcement

  19. Compliance Options • Purchase equipment • Intercept capability • Upgrade existing network hardware, if Lawful Intercept (LI) features available, or • Acquire network probes to install in network • ALSO NEED MEDIATION DEVICE TO FORMAT AND SEND DATA TO LAW ENFORCEMENT (vendors such as SS8 and Verint)

  20. Compliance Options • Trusted Third Parties (TTP) • Vendors can provide full suite of services including: • Installing equipment to perform Lawful Intercept • Receiving and validating an intercept request from Law Enforcement • Performing the intercept and forwarding the data to Law Enforcement • Could be less costly option if need to comply

  21. Compliance Options • Trusted Third Parties (TTPs) (continued) • Mixed results in interacting with TTP vendors so far • Service offerings CALEA Tech Group has seen are very new (NeuStar, Apogee - soon to see VeriSign)

  22. Compliance Options • “Do it yourself” options • Example: Merit

More Related