ISP CALEA compliance

Speaking on Deep Background, the Press Secretary whispered:

You work so hard to defend people that exploit children? Interesting. We are
talking LEA here and not the latest in piracy law suits. The #1 request from a
LEA in my experience concerns child exploitation.

I think you'll find most intercept orders are drug cases.

And no matter what, we still have a Constitution....sort of...
Which brings up my point.... be sure and let your Hill Critters
know what shit you are going though

David Lesher wrote:

Speaking on Deep Background, the Press Secretary whispered:

You work so hard to defend people that exploit children? Interesting. We are talking LEA here and not the latest in piracy law suits. The #1 request from a LEA in my experience concerns child exploitation.

I think you'll find most intercept orders are drug cases.

And no matter what, we still have a Constitution....sort of...
Which brings up my point.... be sure and let your Hill Critters
know what shit you are going though

So far, my involvement with law enforcement has been split evenly between illegal gambling and income tax evasion. Nothing else.

Of course, I'm based in Nevada; if I were elsewhere the gambling ("gaming" as it's called here) would most likely drop off the map.

David Lesher wrote:

Speaking on Deep Background, the Press Secretary whispered:

You work so hard to defend people that exploit children? Interesting. We are talking LEA here and not the latest in piracy law suits. The #1 request from a LEA in my experience concerns child exploitation.

That's nonsense, or his (press secretary's) experience consists of watching
/Law & Order/ and /Without a Trace/.

No official statistics backs that up. Where in the world does he operate?

I think you'll find most intercept orders are drug cases.

So I've heard, but my experience was the Ashcroft 'net p0rn crackdown.
What a waste of time and resources for a perfectly legal activity!

Of course, CALEA (and PATRIOT) were supposed to be about tracking
terrorists, not common criminals. That was never the real purpose; it was
just a wish list.

Also, with so many college students, we *are* talking about piracy lawsuits.
But that's civil law, not CALEA or PATRIOT. Hopefully, they haven't tried
to expand into that, too?

And no matter what, we still have a Constitution....sort of...
Which brings up my point.... be sure and let your Hill Critters
know what shit you are going though

Thanks! I said that a bit more politely, but it should be emphasized:
report each and every request to your Congress critters. Remind them how
much it's costing business, and an utter waste of effort.

The latest revisions to copyright law did provide for more criminal

Let me toss in a few more factual URLs.

First, on this topic: Federal wiretap warrants can only be issued for
specific crimes. That list is in 18 USC 2516; see
The list is long, but it doesn't seem to include the RIAA's least
favorite activities – at least, not yet… (The list has also been
expanded significantly in recent years. I haven't bothered to check
the details, but I think that most of the expansion was via the PATRIOT
Act. Much of the PATRIOT Act, I might add, was a long set of DoJ/FBI
wish list amendments, things they'd wanted for years but couldn't get
through Congress until after 9/11. My source for that, btw, is
conversations with people in DoJ.)

For CALEA deployment status, see
Note in particular how much more expensive CALEA taps are...

For the latest wiretap report, just out last week, see
Pay particular attention to Table 3. The highlight: 80% of all
wiretaps were for narcotics offenses. There is *no* separate category
for pornography, child or otherwise, which caps the percentage at the
3.5% for "Other". To be sure, the report notes that sensitive ongoing
cases are not counted; this may reflect ongoing sting operations or
national security wiretaps, There are no national security or
terrorism wiretaps listed, possibly because those fell under FISA (50
USC 1801 – ).

For those who remember the Crypto Wars of the 1990s, it's interesting
to note this section of the wiretap report:

  Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that
  reporting should reflect the number of wiretap applications
  granted for which encryption was encountered and whether such
  encryption prevented law enforcement officials from obtaining
  the plain text of communications intercepted pursuant to the
  court orders. In 2006, no instances were reported of encryption
  encountered during any federal or state wiretap.

The situation may be different for national security wiretaps, but of
course that's where compliance with any US anti-crypto laws are least

Folks, the factual and legal data is out there, and it's not that hard
to find. Interpreting it is harder, and frequently does require a
lawyer who really knows the field. (My favorite example there is 18
USC 2072(c)(6), which *permits* communications providers to disclose
customer records (except for content) to "any person other than a
governmental entity". I was surprised enough when I first read that
that I went and looked up the legislative history, and it means exactly
what it says. *But* -- such activity is no longer legal. Why? The
Telecom Reform Act of 1996 bars telcos, at least, from certain forms
of information sharing internally, to promote competition in the
telephony market. They weren't trying to fix the privacy flaw in the
older statute; fortunately, they did -- by accident...)

As Bill Simpson has quite correctly pointed out, you're also not
required to roll over and play dead when someone from the government
asks you for some data. There are laws they're obligated to follow,
too. Even if you want to look at it from a purely selfish position,
you and/or your company may be liable if you co-operate with an
improper or illegal request. Have a look at
which provides for civil liability for illegal wiretaps. You're clear,
under that statute, if you have good reason to believe the request is
legal under certain very specific sections of the wiretap law, but not

    --Steve Bellovin,

An important thing to remember in this discussion is CALEA does not expand, contract or otherwise change other laws concerning electronic survellance. The government can not intercept anything under CALEA.
All interception orders must be authorized by some other statute
or some other lawful authority (e.g. claims of Executive Power).

You might never, ever receive an lawful interception order, but still
be in violation of CALEA. Likewise you might be 100% CALEA compliant,
and still decline or be unable to perform some intercept orders. CALEA
does enhance some monetary penalties for not being able to perform a lawful intercept authorized by some other statute or authority; but CALEA doesn't authorize the interception itself.

Despite attempts by some folks, CALEA compliance != Wiretap authority.