CALEA Requirements

Mailman List Mirror (Read Only)
1

Can someone point me to the current CALEA requirements?

As an ISP, should I be recording all internet traffic that passes my
routers? Or do I only have to record when and if I receive a court order?

I'm not under any court order now, I just want to be sure that I am
compliant going forward in my capabilities.

2

While we're at it, can somebody point me on the right path for E911. I'm not looking for a managed service but rather an in-house solution.

Todd Crane

3

Todd,

Could you pick a more problematic venture in telecom? :wink:
I have done a couple of these.
(I just joined the list and have no idea how much you know on the subject)

My clients are wholesale customers of different local LECs (Local Exchange Carrier).
These are the guys that own the wire centers in your location (e.g. CenturyLink, Verizon, etc.)
I do not know how they work with non-wholesale customers with regards to E911 services.

The specifics of what will be required differ from LEC to LEC and also depend on the PSAP (E911 center) you will connect to.
Most people use a consultant to get this done since there will be many technical details related to the circuits and technical meetings with the LEC and PSAP.
The LECs and PSAPs are not in the business of building your network... so they typically don't offer much assistance.
(If you have ever submitted an ASR to a LEC, you will know what I mean).

Your first step is to get in touch with your LEC and find out what services they can provide.
You could also contact your PSAP and find out their interconnection requirements.
Then you will have some scope on the project.

If you go the wholesale route you really will need someone to guide you through the process.
On the other hand, if you are already a wholesale customer of a LEC, experienced with placing ASRs for DS0s, DS1s and multiplexors, then you probably can get this done in-house.

Sincerely,
Dan

4

If you are a wireline ISP, start with the ATIS-1000013* docs, you will see
from the FBI link below, different services and carrier types (e.g. voice
or cable) have additional needs on top of this.

As Scott said, your legal/regulatory team needs to guide you to exactly
which in the listMAY apply in your situation, but from a technical point of
view you can at least get an idea about what you might have to do by
starting with the ATIS specs:

https://askcalea.fbi.gov/standards.html

Rob

5

The FBI CALEA folks have always had a somewhat expansive interpretation of their authorities.

For example, "dialed digit extraction." The court cases supporting pen registers are based on business record exception, i.e. Smith v. Maryland says dial numbers are disclosed to the telephone company so the phone company can connect and bill the call do not have a reasonable expectation of privacy. The FBI expanded its pen-register authority to include all numbers dialed *DURING* the call because in the 1970's pen-register technology didn't stop recording digits (i.e. the "clicks") after a call was answered. Although modern pen-register technology can distinguish between numbers dialed for the purpose of connecting the call, and numbers dialed during the call (i.e. your online banking PIN), and dialed digit extraction during VOIP calls is an extreme pain in the ass.

In the 1990's, the FBI convinced the FCC to order carriers under CALEA to do dialed digit extraction because "that's what they've always done," not because its what the law and court cases required. Even the FCC says in its CALEA order, the FBI's justification was flimsy but the FCC wasn't willing to oppose the FBI.

As several folks have pointed out, talk to your own legal counsel. The
FBI CALEA website is the FBI's interpretation of its authority, not necessarily what your own counsel would advise.