[SECURITY]

[Tracy Beth Mitrano <tbm3 () CORNELL EDU>]

If you think you ring the bell of one of these conditions, Rosella, I would have legal counsel together with the CIO 
review the matter and then work with federal law enforcement (local technical arm of F.B.I. or federal prosecutor in 
your area, D.O.J.) to determine the specifications.

Feel free to write me separately if you think a chat would help more.

Thanks, Tracy


On Jun 13, 2015, at 3:46 PM, Rossella Mariotti-Jones <rossella.mariotti.jones () CHEMEKETA 
EDU<mailto:rossella.mariotti.jones () CHEMEKETA EDU>> wrote:


Hello Tracy,  one of these situations applies to us, so we already know we have to comply,  unless we change the 
situation which will take some time. We have our network designed in such a way that we can pretty easily identify 
where the feds would need to plug in to get the traffic they need, and in the very near future well roll out user ID 
for 90% of our internal users. What I'm trying to do is figure out if this is enough to say "yes we are compliant".

On Jun 13, 2015 00:26, "Tracy Beth Mitrano" <tbm3 () cornell edu<mailto:tbm3 () cornell edu>> wrote:
Rosella,

I agree with what Mark outlined and will add for more clarification that unless your network supplies the public with 
Internet service, as for example with a fee, or it connects directly to the Internet, instead of going through a 
commercial provider, the network is exempt from CALEA.

Best, Tracy


On Jun 12, 2015, at 6:31 AM, Berman, Mark <mberman () siena edu<mailto:mberman () siena edu>> wrote:

Rosella,

I think the articles you are reading are from when CALEA was first passed and interpretations had not been written. The 
commonly accepted reading of the law now is that it exempts "private networks" and most higher ed institutions define 
themselves as private networks. There has been some "forgetting" about CALEA in recent years and I've read postings on 
this list about colleges who allow open access to their networks; my take is that if you run some kind of Network 
Access Control (NAC) and only allow full access to people with accounts in your system, along with guest access where 
people register their names and reasons for being on campus, then you can in good faith define yourself as "private" 
and exempt from CALEA. I remember the ALA (libraries) issuing a legal opinion that libraries were exempt for other 
reasons and that opinion is available on the Educause site here: 
http://www.educause.edu/library/resources/libraries-are-exempt-calea-wiretap-obligations

Bottom line, it's a lot easier to declare yourself exempt than to spend money on hardware to try and comply. As far as 
I know this has never been litigated and until it is and a judge says I'm wrong, I'll stand on that opinion.

 - Mark
--
Mark Berman, Chief Information Officer
Siena College
515 Loudon Road
Loudonville, NY  12211
(518)782-6957,  Fax: (518)783-2590
Siena College is a learning community advancing the ideals of a liberal arts education, rooted in its identity as a 
Franciscan and Catholic institution.

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the sole use of the intended recipient(s) and 
may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is 
prohibited. If you received this e-mail and are not the intended recipient, please inform the sender by e-mail reply 
and destroy all copies of the original message.

On 6-11-15, Rossella Mariotti-Jones Wrote:
Hello all, I found the following FAQ on Educause and I have some questions about how the compliance technically works. 
At some point in the past when we were figuring out how to comply, someone suggested that as long as we can supply a 
span port on various key pieces of equipment we could be ok because the Feds will come in with their own boxes. Is this 
at all close to what happens in reality? and if not, what is the college required to provide?
TIA.
http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/issues-and-positions/networking-and-telecommunications/tfaq
rossella mariotti-jones | network analyst | information technology | chemeketa community college | p: 
503-589-7775<tel:503-589-7775> | e: rmariott () chemeketa 
edu<https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=rmariott () chemeketa edu>