Questions/thoughts around outsourcing guest wireless

["Perry, Jeff" <perry () KU EDU>]

I am writing to seek information from peer institutions regarding how you handle guest wireless access.

According to our read of CALEA, in order for a college or university to be considered exempt from CALEA our network 
must a.) qualify as a "private network" and b.) not "support" the connection of the private network to the internet.  
In that we, like many edu's, are gain external network access via a regional research/educational network provider and 
do not provide non "private" network access we currently operate under the understanding that we are CALEA exempt (i.e. 
our network provider is but we are not).

However we, like many of you, host many campus constituents on a daily basis at many locations on our campus.  These 
use cases can range from students/parents visiting but not yet enrolled, public events, athletic events, community 
functions, etc.  As such, we are seeking to improve the experience of users on our guest wireless network while 
understanding the calea impacts.

One of the easiest ways that we have considered to provide guest wireless access yet maintain calea exemption is to 
outsource guest wifi to a third party.  We've also looked at a myriad of technologies in this space to help us have 
better information about these users (such as sms based guest credential system and many of those discussed here in the 
past).  However in my mind, even though we may have good/better information about each particular guest, we'd still be 
providing services to the general public which may or may not (lawyers required) cause us to no longer be seen as a 
"private" network.  In other words, we'd be providing network services to people not directly affiliated with our 
institution in a clear way.

Thus we're back again to considering outsourcing for the guest network traffic and I wanted to get the thoughts of some 
of you regarding that.

If you've time (as school starts up around the country) could you answer a few questions for me

1.)    Do you currently provide guest wireless access to people on your campus that are not student, staff, faculty, 
affiliates?

2.)    If so how to you read the calea requirements re: public/private networks?  What access control/restrictions do 
you use?

3.)    Do you outsource wifi?  If so how has it gone?  Any particular thoughts/caveats?

4.)    Has anyone operated a hybrid style agreements where you host the SSID/AP's etc (as part of a larger system) and 
simply hand off the authentication and network traffic to a third party? (i.e. we don't want to have third party radios 
in our buildings due to spectrum management etc).

Thanks so much, I appreciate any discussion around this topic.

Take care,
Jeff Perry

--------------------------------------------
Jeff Perry, CISSP
Deputy Technology Officer
Information Technology
The University of Kansas
Direct +1 785-864-0489
Fax    +1 785-864-0485
Email perry () ku edu<mailto:perry () ku edu>
--------------------------------------------