nanog mailing list archives
Re: What are y'all doing for CALEA compliance?
From: Joshua Goldbard <j () 2600hz com>
Date: Fri, 15 Mar 2013 15:32:26 +0000
God I want one of those PA firewalls just to play with in the lab. I can't justify the expense, but as far as firewalls go they're gorgeous. From the chassis to the UI, PA is just doing it right. If anyone has a different experience, I'd love to hear it. Sent from my iPad On Mar 15, 2013, at 8:29 AM, "Warren Bailey" <wbailey () satelliteintelligencegroup com<mailto:wbailey () satelliteintelligencegroup com>> wrote: We used 7206vxr with the lawful intercept mib, and some DPI jazz from Palo Alto. Worked okay, never did have to execute a warrant or anything.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: Joshua Goldbard <j () 2600hz com<mailto:j () 2600hz com>> Date: 03/15/2013 8:25 AM (GMT-08:00) To: Christopher Morrow <morrowc.lists () gmail com<mailto:morrowc.lists () gmail com>> Cc: NANOG <nanog () nanog org<mailto:nanog () nanog org>> Subject: Re: What are y'all doing for CALEA compliance? I am not a lawyer, this is not legal advice. If you make decisions about what you should be doing in your business based solely on emails from strangers you won't do well. Get a second opinion from a lawyer. This comes up about once every 6 months on the voice ops mailing list. If you are a CLEC and you are not CALEA compliant, you are in for a world of hurt. If you're a non-facilities based reseller this is open for interpretation, but many folks believe that if you don't have gear inside the carrier pops, you aren't subject to CALEA. In practice, who is and who isn't effected by CALEA is directly proportional to the number of CALEA requests to your network (ergo, if you don't have any CALEA requests no one cares if you're out of compliance). That being said, there are further problems underfoot. CALEA does not specify what technologies should be used when presenting the data to law enforcement, I forget the exact wording but its something like "a reasonable format". CDRs are not sufficient as CALEA requires the ability to tap sessions, but in the past we've seen most legal requests placated with an excel sheet. As far as monitoring your connection, if your 10gig is coming in over fiber you should just buy a vampire tap and be done with it. I hope this helps, but CALEA is inherently messy. Cheers, Joshua Sent from my iPad On Mar 15, 2013, at 8:07 AM, "Christopher Morrow" <morrowc.lists () gmail com<mailto:morrowc.lists () gmail com>> wrote:
On Fri, Mar 15, 2013 at 9:38 AM, Ben Bartsch <uwcableguy () gmail com<mailto:uwcableguy () gmail com>> wrote:What are you RENs out there doing for CALEA compliance? Is there actuallybeing happy we solved it 6 yrs ago?any teeth to the law? Our systems guys have tried a product called 'Openteeth as in the 100k/day fine?CALEA' but the router and the server simply can't keep up with mirroring from a 10Gbps connection into a 1Gbps link. I'm no legal expertthat seems like a suboptimal design ... why would you mirror 10lbs of poo into a 1lb bag? that seems like it's bound to fail from the get-go.either....any lawyers on this list?you should find a lawyer... srsly.Thanks for all the great advice. This is a great community!-chris
Current thread:
- What are y'all doing for CALEA compliance? Ben Bartsch (Mar 15)
- Re: What are y'all doing for CALEA compliance? Christopher Morrow (Mar 15)
- Re: What are y'all doing for CALEA compliance? Joshua Goldbard (Mar 15)
- Re: What are y'all doing for CALEA compliance? Warren Bailey (Mar 15)
- Re: What are y'all doing for CALEA compliance? Joshua Goldbard (Mar 15)
- Re: What are y'all doing for CALEA compliance? Christopher Morrow (Mar 15)
- Re: What are y'all doing for CALEA compliance? Warren Bailey (Mar 15)
- Re: What are y'all doing for CALEA compliance? Ben Bartsch (Mar 15)
- Re: What are y'all doing for CALEA compliance? Joshua Goldbard (Mar 15)
- Re: What are y'all doing for CALEA compliance? Christopher Morrow (Mar 15)