[SECURITY]

["Berman, Mark" <mberman () SIENA EDU>]

Rosella,

I think the articles you are reading are from when CALEA was first passed
and interpretations had not been written. The commonly accepted reading of
the law now is that it exempts "private networks" and most higher ed
institutions define themselves as private networks. There has been some
"forgetting" about CALEA in recent years and I've read postings on this
list about colleges who allow open access to their networks; my take is
that if you run some kind of Network Access Control (NAC) and only allow
full access to people with accounts in your system, along with guest access
where people register their names and reasons for being on campus, then you
can in good faith define yourself as "private" and exempt from CALEA. I
remember the ALA (libraries) issuing a legal opinion that libraries were
exempt for other reasons and that opinion is available on the Educause site
here:
http://www.educause.edu/library/resources/libraries-are-exempt-calea-wiretap-obligations

Bottom line, it's a lot easier to declare yourself exempt than to spend
money on hardware to try and comply. As far as I know this has never been
litigated and until it is and a judge says I'm wrong, I'll stand on that
opinion.

 - Mark
--
Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590

*Siena College is a learning community advancing the ideals of a liberal
arts education, rooted in its identity as a Franciscan and Catholic
institution. *
*CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the
sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure, or
distribution is prohibited. If you received this e-mail and are not the
intended recipient, please inform the sender by e-mail reply and destroy
all copies of the original message.*

On 6-11-15, Rossella Mariotti-Jones Wrote:

> Hello all, I found the following FAQ on Educause and I have some questions
> about how the compliance technically works. At some point in the past when
> we were figuring out how to comply, someone suggested that as long as we
> can supply a span port on various key pieces of equipment we could be ok
> because the Feds will come in with their own boxes. Is this at all close to
> what happens in reality? and if not, what is the college required to
> provide?
> TIA.
>
> http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/issues-and-positions/networking-and-telecommunications/tfaq
> rossella mariotti-jones | network analyst | information technology |
> chemeketa community college | p: 503-589-7775 | e: rmariott () chemeketa edu
> <https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=rmariott () chemeketa edu>