ISP CALEA compliance

We're getting off-topic here, but I'll respond.

First -- the context of the conversation is wiretap law, including the
stored communications and customer records provisions. This covers
what communications providers do for their customers, not internal


  (a) The judge's order was for a civil lawsuit, under
  discovery procedures;

  (b) The order was for records that they apparently had.
  If Microsoft had had and enforced a policy, prior to that
  lawsuit, of not retaining internal email older than 30
  days, they'd have been in the clear. Microsoft got in
  trouble because the judge believed they were not complying
  with his order to turn over data he believed they had,
  either deliberately or by not exerting sufficient effort;

  (c) you may have business reasons to retain certain records
  for longer, including the requirements of external auditors.
  For example, if you do usage-sensitive billing, you may
  need to retain certain records for a while so that your
  accounting firm can verify that your financial records
  accurately reflect actual customer behavior.

  (d) What doesn't exist can't be subpoenaed; what does exist,
  in general, can be, subject to other specialized exceptions
  (i.e., attorney work product)

Third -- that isn't what I'm talking about. Please see, among others,

Note especially that last one, since it's only 3 months old and provides
for jail time for "employees of any Internet provider who fail to store
that information", and not just fines for the company.

I've tried hard to keep this discussion factual, with copious
references. But I think I've run out of things to say that are even
vaguely on-topic, so I'll shut up.

    --Steve Bellovin,