Educause Security Discussion mailing list archives

Re: CALEA

From: Luke Sheppard <lshep () TCPIPLAB COM>
Date: Fri, 7 Oct 2005 13:53:34 -0700

Randy,
    Thanks. I'm at a private univ. so I don't have access to that stuff.
I might be able to find a contact that could give it to me. But you know
how it goes: my boss wants the paper today in about an hour. What I was
able to find out is that everyone is just waiting for that final
"order" to come down from the FCC. A couple of vendors (Cisco &
Enterasys) have features in their network hardware/software that can do
the intercept piece but we'd have to get some 3rd party software to make
sense of the captured packets and reformat it for presentation to law
enforcement. Another option is to hand the whole problem over to a
"trusted 3rd party" that will, for a fee, take care of everything from
receiving court orders to intercept, presentaiton, etc. Verisign offers
"NetDiscovery" for this. ANother option is Fiducianet, a small outfit
started by a former CALEA guy from the FBI. Let me know if you find
anything else out.

Luke Sheppard, CISSP
lshep () tcpiplab com

<<<Randy's reply omitted>>>

-----Original Message-----
From: Luke Sheppard [mailto:lshep () TCPIPLAB COM]
Sent: Tuesday, October 04, 2005 4:08 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] CALEA

Many appologies if this has already been discussed recently.
But I did not see any way to search the archives of this
forum from the ISC2 website.

I'm the security director for the IT/ISP department at the
University of Southern California, so I very much need to be
able to guide the university's compliance with CALEA. I've
read much of the law itself as well as the FBI's 4th version
of their FlexGuide. So I have an idea of what CALEA might
require in the future. But what I really need to know is what
will USC  be required to do in 18 months, when the CALEA
deadline for broadband/ISPs/universities goes into effect.
I've also read the little bit that Educause has but it's more
of legal stance than any actual technical guideline.

So does anyone on this forum know any more about what to do
about CALEA than I do? If so, please let me know. There's not
much on google. Thank you.

--
Luke Sheppard, CISSP
Director of Information Security
ISD, University of Southern California
lshep () tcpiplab com
(not using my usc.edu email because I want to use this
address just for listservs & fora).

Current thread:

CALEA Luke Sheppard (Oct 04)
- <Possible follow-ups>
- Re: CALEA Luke Sheppard (Oct 04)
- Re: CALEA Melissa Guenther (Oct 04)
- Re: CALEA Luke Sheppard (Oct 07)