[SECURITY]

[Rossella Mariotti-Jones <rossella.mariotti.jones () CHEMEKETA EDU>]

Hello Tracy,  one of these situations applies to us, so we already know we
have to comply,  unless we change the situation which will take some time.
We have our network designed in such a way that we can pretty easily
identify where the feds would need to plug in to get the traffic they need,
and in the very near future well roll out user ID for 90% of our internal
users. What I'm trying to do is figure out if this is enough to say "yes we
are compliant".
On Jun 13, 2015 00:26, "Tracy Beth Mitrano" <tbm3 () cornell edu> wrote:

>  Rosella,
>
>  I agree with what Mark outlined and will add for more clarification that
> unless your network supplies the public with Internet service, as for
> example with a fee, or it connects directly to the Internet, instead of
> going through a commercial provider, the network is exempt from CALEA.
>
>  Best, Tracy
>
>
>  On Jun 12, 2015, at 6:31 AM, Berman, Mark <mberman () siena edu> wrote:
>
>  Rosella,
>
>  I think the articles you are reading are from when CALEA was first
> passed and interpretations had not been written. The commonly accepted
> reading of the law now is that it exempts "private networks" and most
> higher ed institutions define themselves as private networks. There has
> been some "forgetting" about CALEA in recent years and I've read postings
> on this list about colleges who allow open access to their networks; my
> take is that if you run some kind of Network Access Control (NAC) and only
> allow full access to people with accounts in your system, along with guest
> access where people register their names and reasons for being on campus,
> then you can in good faith define yourself as "private" and exempt from
> CALEA. I remember the ALA (libraries) issuing a legal opinion that
> libraries were exempt for other reasons and that opinion is available on
> the Educause site here:
> http://www.educause.edu/library/resources/libraries-are-exempt-calea-wiretap-obligations
>
>  Bottom line, it's a lot easier to declare yourself exempt than to spend
> money on hardware to try and comply. As far as I know this has never been
> litigated and until it is and a judge says I'm wrong, I'll stand on that
> opinion.
>
>   - Mark
> --
> Mark Berman, Chief Information Officer
> Siena College
> 515 Loudon Road
> Loudonville, NY  12211
> (518)782-6957,  Fax: (518)783-2590
>
> *Siena College is a learning community advancing the ideals of a liberal
> arts education, rooted in its identity as a Franciscan and Catholic
> institution. *
> *CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure, or
> distribution is prohibited. If you received this e-mail and are not the
> intended recipient, please inform the sender by e-mail reply and destroy
> all copies of the original message.*
>
> On 6-11-15, Rossella Mariotti-Jones Wrote:
>
> > Hello all, I found the following FAQ on Educause and I have some
> > questions about how the compliance technically works. At some point in the
> > past when we were figuring out how to comply, someone suggested that as
> > long as we can supply a span port on various key pieces of equipment we
> > could be ok because the Feds will come in with their own boxes. Is this at
> > all close to what happens in reality? and if not, what is the college
> > required to provide?
> > TIA.
> >
> > http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/issues-and-positions/networking-and-telecommunications/tfaq
> > rossella mariotti-jones | network analyst | information technology |
> > chemeketa community college | p: 503-589-7775 | e: rmariott () chemeketa edu
> > <https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=rmariott () chemeketa edu>