Educause Security Discussion mailing list archives
[SECURITY]
From: "Berman, Mark" <mberman () SIENA EDU>
Date: Fri, 12 Jun 2015 06:31:28 -0400
Rosella, I think the articles you are reading are from when CALEA was first passed and interpretations had not been written. The commonly accepted reading of the law now is that it exempts "private networks" and most higher ed institutions define themselves as private networks. There has been some "forgetting" about CALEA in recent years and I've read postings on this list about colleges who allow open access to their networks; my take is that if you run some kind of Network Access Control (NAC) and only allow full access to people with accounts in your system, along with guest access where people register their names and reasons for being on campus, then you can in good faith define yourself as "private" and exempt from CALEA. I remember the ALA (libraries) issuing a legal opinion that libraries were exempt for other reasons and that opinion is available on the Educause site here: http://www.educause.edu/library/resources/libraries-are-exempt-calea-wiretap-obligations Bottom line, it's a lot easier to declare yourself exempt than to spend money on hardware to try and comply. As far as I know this has never been litigated and until it is and a judge says I'm wrong, I'll stand on that opinion. - Mark -- Mark Berman, Chief Information Officer Siena College 515 Loudon Road Loudonville, NY 12211 (518)782-6957, Fax: (518)783-2590 *Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a Franciscan and Catholic institution. * *CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply and destroy all copies of the original message.* On 6-11-15, Rossella Mariotti-Jones Wrote:
Hello all, I found the following FAQ on Educause and I have some questions about how the compliance technically works. At some point in the past when we were figuring out how to comply, someone suggested that as long as we can supply a span port on various key pieces of equipment we could be ok because the Feds will come in with their own boxes. Is this at all close to what happens in reality? and if not, what is the college required to provide? TIA. http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/issues-and-positions/networking-and-telecommunications/tfaq rossella mariotti-jones | network analyst | information technology | chemeketa community college | p: 503-589-7775 | e: rmariott () chemeketa edu <https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=rmariott () chemeketa edu>
Current thread:
- [SECURITY] Berman, Mark (Jun 12)
- [SECURITY] Kevin Wilcox (Jun 12)
- [SECURITY] Ben Marsden (Jun 12)
- [SECURITY] Persad, Nadira (Jun 12)
- [SECURITY] Ben Marsden (Jun 12)
- [SECURITY] Tracy Beth Mitrano (Jun 13)
- [SECURITY] Rossella Mariotti-Jones (Jun 13)
- [SECURITY] Tracy Beth Mitrano (Jun 13)
- [SECURITY] Rossella Mariotti-Jones (Jun 13)
- [SECURITY] Kevin Wilcox (Jun 12)