Tuesday, April 10, 2007

CALEA Mediation

NOTE: I am NOT endorsing any company, simply passing along information as I get it. Do your own homework! (Use what you read as a guideline).

For broadband ISPs, check with your edge router manufacturer. ImageStream is CALEA compliant now. If worse comes to worse, buy the ImageStream box as your Edge router (the box that connects to your upstream). If you have a Cisco, use your CCO to call TAC to find out when your router model will have the updated IOS code to be compliant. If you own equipment, you are considered facilities-based (according to an ISP-Planet article). (I used to define it as anyone who buys bandwidth - if you are the IP supplier, you are facilities based).

For WISPs, after you read the WISPA FAQ, you need to look at your network to see where the edge points are. Your wireless WAN is usually on one side and your IP backbone is on another side. Where the two meet should be a compliant router.

For hotspots and various other wi-fi, to me anyway, it's the same: one side is a wireless LAN especially if NAT is in effect; the other side is the IP. Compliance will be at the connection point.

TDM Voice switches should be CALEA compliant, since most telco equipment has had to do wiretap for years.

VOIP Providers are going to need a Mediation box, in my opinion. SIP-based VOIP has too many hooks that are needed to collect the stream for the LEA. Check with your Gateway and Session Border Controller vendors.

I am trying to get an Attorney for a tele-conference for Q&A. Stay tuned.

Last resort: Mediation through a TTP (trusted third party), like SS8, Solera, Apogee or Intelliq.

More info at OPENCALEA.org, ASKCALEA.net, Baller law group's Key Legal and Technical Requirements and Options for CALEA , Google.

What format does the LEA want for BB data? Some tell me TCPDUMP. Some say "They want full raw PCAP dump for data or PEN data, with a hash mark." AskCALEA has standards here.

I know everyone is scared, confused, frustrated, angry. This is the law today. The FCC won the court case against ACE in 2006. Focus on Compliance. Bitching and moaning won't stop the feds from fining you $10,000 per day that you can not comply with a subpoena. (You might want to make sure that your business is incorporated and your personal assets are in a trust.) And next the FCC or any other F-Agency has an open Notice of Rule Making, perhaps you should add your two cents then - not after. And don't say

No comments: