[SECURITY]

[Tracy Beth Mitrano <tbm3 () CORNELL EDU>]

Rosella,

I agree with what Mark outlined and will add for more clarification that unless your network supplies the public with 
Internet service, as for example with a fee, or it connects directly to the Internet, instead of going through a 
commercial provider, the network is exempt from CALEA.

Best, Tracy


On Jun 12, 2015, at 6:31 AM, Berman, Mark <mberman () siena edu<mailto:mberman () siena edu>> wrote:

Rosella,

I think the articles you are reading are from when CALEA was first passed and interpretations had not been written. The 
commonly accepted reading of the law now is that it exempts "private networks" and most higher ed institutions define 
themselves as private networks. There has been some "forgetting" about CALEA in recent years and I've read postings on 
this list about colleges who allow open access to their networks; my take is that if you run some kind of Network 
Access Control (NAC) and only allow full access to people with accounts in your system, along with guest access where 
people register their names and reasons for being on campus, then you can in good faith define yourself as "private" 
and exempt from CALEA. I remember the ALA (libraries) issuing a legal opinion that libraries were exempt for other 
reasons and that opinion is available on the Educause site here: 
http://www.educause.edu/library/resources/libraries-are-exempt-calea-wiretap-obligations

Bottom line, it's a lot easier to declare yourself exempt than to spend money on hardware to try and comply. As far as 
I know this has never been litigated and until it is and a judge says I'm wrong, I'll stand on that opinion.

 - Mark
--
Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590
Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a 
Franciscan and Catholic institution.

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and 
may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is 
prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply 
and destroy all copies of the original message.

On 6-11-15, Rossella Mariotti-Jones Wrote:
Hello all, I found the following FAQ on Educause and I have some questions about how the compliance technically works. 
At some point in the past when we were figuring out how to comply, someone suggested that as long as we can supply a 
span port on various key pieces of equipment we could be ok because the Feds will come in with their own boxes. Is this 
at all close to what happens in reality? and if not, what is the college required to provide?
TIA.
http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/issues-and-positions/networking-and-telecommunications/tfaq
rossella mariotti-jones | network analyst | information technology | chemeketa community college | p: 503-589-7775 | e: 
rmariott () chemeketa edu<https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=rmariott () chemeketa edu>