Hello All,
My company is looking at updating our CALEA set up. Our network has
changed appreciably since our initial rollout and I am looking at utilizing
Cisco's Lawful Intercept. I'm wondering what people are using as "Mediator
Devices", aka what the Cisco routers are sending the Lawful Intercept
stream to.
Cisco's Lawful Intercept seems like a solid option since all it requires
for us is an IOS upgrade on our core routers and something to act as a
Mediator, but I'm also interested in solutions others are using.
Are you looking at a Mediation box because you are doing VOIP?
Other than Cisco I am familiar with DeepSweep.
I have heard of Verint, Utimaco, and Pine Digital. However, no 1st hand
knowledge or anything other than passing. 
Justin
We used Cisco for lawful intercept.. Their mibs are wanky and at the time only the 7206 was support for the LI functionality. Food for thought.
Hello All,
My company is looking at updating our CALEA set up. Our network has
changed appreciably since our initial rollout and I am looking at utilizing
Cisco's Lawful Intercept. I'm wondering what people are using as "Mediator
Devices", aka what the Cisco routers are sending the Lawful Intercept
stream to.
Cisco's Lawful Intercept seems like a solid option since all it requires
for us is an IOS upgrade on our core routers and something to act as a
Mediator, but I'm also interested in solutions others are using.
not that when I last looked there were some pretty serious speed/feed
problems with this solution. (like 15kpps max)
I believe packetforensics still ships boxes that do the intercept and
I believe send data off to LEA in the right format:
<http://packetforensics.com/products.safe>
it'd require these to be in place between PE and CE though, which is
'ok' if you have an all fiber type deployment.
I don't see any mention of CALEA. A traffic dump won't satisfy a CALEA
warrant.
Justin
Our Trusted Third Party (TTP) asked us to IP Traffic Export. As others
commented in this forum, the LEAs is not looking for SPs to replace their
entire networks to create an ideal CALEA-compliant environment. It's my
understanding that LEA will take a Cisco IP Traffic Export flow.
Frank
I agree with the TTP taking the IP traffic. They simply re-package it
for the LEA.
It's up to the LEA to take the traffic flow or not. If it's a true CALEA
warrant, not a normal wire tap, the defense could argue they did not
follow protocol.
Justin
I have yet to see a lot of networks in TRUE compliance with CALEA
requirements. Most of the time, it's some intermediate box that is doing a
netflow-esque imports from routers that net/j/xyzflow normally. The only
issue I/we ever ran into was how to in fact process the LEA request for an
actual CALEA intercept (as you pointed out, there are differences). At the
end of the day, I'm not totally convinced there is a completely tried and
true way to get it out. The burden is on the SP to show some level of
compliance, which I think is probably done pretty well at the end of the
day. The CALEA equipment is often very expensive, and often the expense is
just not feasible to many small to mid sized ISP's.
On another note, the CALEA for telephony is absolutely rock solid. They
can include Side A and Side B (to show a party was indeed talking on the
phone for evidence purposes), they can have the switch center
automatically call the LEA to listen in on the conversation in real time.
All said, the phone guys have been processing wire taps and LEA requests
for years, and do it on a fairly regular basis. I have never actually seen
a real life CALEA request for real time interception of data (not saying
they don't exist), so I have little experience in actually pressing the
button. I think as long as you're showing the local/state/feds that you
want to play ball, they take what you give with a smile. I would be
curious to see what would happen if a lawful intercept request came
through and the service provider refused to process it. I have been a
party to many discussions as to the application of CALEA and most people
believe (rightly or not) they are not required to comply.
[snip]
want to play ball, they take what you give with a smile. I would be
curious to see what would happen if a lawful intercept request came
through and the service provider refused to process it. I have been a
The LEAs might be flexible in how they are willing to take the data.
But it would be a very dangerous proposition indeed to outright
'refuse'; I am sure most organizations would be exhausting every
reasonable course to satisfy the requirements of the order.
Forget about FCC civil penalties: the LEA may start arresting
managers responsible for refusal, on the charges of obstruction, due
to interfering with an investigation.
People might talk about refusing to process a CALEA warrant.
IF/when they do receive such a lawful order: I am almost positive
they will respond in some way other than a refusal to attempt to
comply.
So that's probably why it's not likely we will hear of a refusal
occuring, at least for a long time
Yes, "constructive" refusal is much harder to prove.
Cheers,
-- jra