Date post: | 01-Jan-2016 |
Category: |
Documents |
Upload: | rosalyn-carroll |
View: | 216 times |
Download: | 1 times |
A brief history of wiretapping
1960’s : Wiretapping was easy; one phone company; basic technology
1980’s: Deregulation means multiple carriers; cell phones; analog to digital transition begins
1994: CALEA passed with several compromises; specifically no Internet; no private networks
2004: VoIP: Wiretapping isn’t getting any easier…
How many wiretaps are there?
Real Time Historical
ContentTitle III
“Wiretap Order”
Warrant/Subpoena
Other information: subscriber; transactional data
Warrant/Subpoena
Subpoena/Court Order
Federal, State, Local and FISA Wiretap Orders for 2004
1,712 regular court
1,754 under FISA
http://www.uscourts.gov/wiretap04/Table4-04.pdf http://www.epic.org/privacy/wiretap/stats/fisa_stats.html
What is CALEA?
CALEA is the Communications Assistance for Law Enforcement Act. It requires providers of commercial voice services to engineer their networks in such a way as to assist law enforcement agencies in executing wiretap orders.
Until August 5, 2005 that is…..
CALEA: New Report and Order
On August 5, 2005, in response to a request by law enforcement, the FCC voted to extend CALEA to include facilities-based Internet service providers.
Facilities-based Internet service providers are defined as: "entities that provide transmission or switching over their own facilities between the end user and the Internet Service Provider."
Private Networks are still exempt, but….
Private Networks are now defined as networks that do not allow access to the “public” Internet or the public switched telephone network (PSTN).
If your network provides access to the “public” Internet you are no longer exempt as a private network.
Arguments for/against extending CALEA to ISPs
Law EnforcementThe Internet is increasingly the communication of choice for criminal activityLegal intercepts need to be easier and less expensive for LEAn “exempt” system is a magnet for criminal activity
Education and LibrariesCongress should decide not the FCC or DoJLE has sufficient access nowCost to comply can’t be justifiedWill slow innovation
Legal Justification: Substantial Replacement Provision
The term “Telecommunications Carrier” includes a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest …..
(Section 102. 8B(ii) CALEA)
Substantial Replacements
1. Broadband Internet access substantially replaces Dial-up (a portion of the local exchange service)
2. Interconnected VoIP substantially replaces POTS
3. Therefore, Broadband and Interconnected VoIP providers are “Telecommunications Providers”.
Two Part Decision
Part #1: Decided: CALEA does apply to ISPs and all facilities-based Internet service providers are covered. Full compliance is required in 18 months..
Part #2: Still to be decided: What will be required (standards of compliance) and will there be an “special cases” allowed (i.e. small rural providers or education and research networks).
What is EDUCAUSE doing?
April 2004 in response to the original petition by LE, EDUCAUSE formed a coalition of 16 education and library associations and filed comments. EDUCAUSE has been actively engaged in talks with Congress, the FCC, and the DoJ ever since.We continue to hold out hope for a “special case” compromise that will mitigate the expense of changing our equipment.
Current Proposal: Some examples
Single point-of-contact on every campusStandard procedures established24x7 assistance available Personnel trained in procedural, legal and technical demands of assisting legal intercepts.Some gateway equipment would be replaced, but only under the normal replacement cycle
Prediction
Law enforcement will want more concessions
Our community will have to seriously consider the options
CALEA:A Campus Perspective
What do we know for sure?Not much!But sooner or later, some regulations requiring additional activity by universities in lawful surveillance seems likely
Cost to become CALEA compliant could be HUGE!!!
How might a request work
Lawful Authorization
Law Enforcement
Telecommunication Service ProviderService Provider Administration
(Turn on Lawful Intercept feature of switch)
Delivery Function
Collection Function
Access Function
Law Enforcement Administration
(Switch collects Lawful Intercept
data)
(Securely deliver information to LEA)
(Order generated)
Some Vocabulary (ref. TIA J-STD-025-B)
Access Function(s) (provided by campus)Provides unobtrusive intercept access points to intercept subject’s communications and passes to Delivery Function
Delivery Function (provided by campus)Responsible to delivering intercepted communications to the Law Enforcement Agency (LEA) Collection Function
Collection function (provided by LEA)Responsible for collecting lawfully authorizedcommunications
CALEA FAQThanks to Al Gidari and Wendy Wigen for
assistance!
Disclaimer: Current understanding – subject to change quickly
Who pays for what?
Campus must pay for equipment, systems and people to perform Service Provider Administration, Access Function and Delivery FunctionLaw Enforcement pays for leased lines (if necessary) to campus and Collection function
CALEA FAQ
What do I need to buy for my campus to be CALEA-compliant?
Don’t know - detailed specifications not yet availableCurrent CALEA regulations seem to require significant equipment upgrades or replacements
When will FCC clarify requirements so we can start upgrading network?
Not known
CALEA FAQ
Might CALEA regulations related to the Internet be declared invalid?
Yes, but universities will still need to support surveillance requests in the future
Is the university responsible for decrypting or decompressing message content?
No, not unless the university did the compressing/encrypting and has keys to decrypt
CALEA FAQ
Is more than just Voice over IP covered by CALEA?
Yes – all communications will need to be forwarded, and (as of now) the VoIP packets will need to be decoded if the university provides the VoIP service, otherwise decoding responsibility is unclear
CALEA FAQ
What might a LEA ask for?
All communications associated with an IP address or jack
All communications associated with a person!!!•Wired – specific location•Wired – any authenticated access!!!
•Wireless!!!
CALEA FAQ
Is surveillance of intra-campus traffic necessary (e.g., between two computers hooked to the same card on the same ethernet switch)?
Yes……if the switch has the potential of passing traffic forward to the public Internet
CALEA FAQDo the LEAs want to be able to turn on and perform surveillance remotely?
University personnel would be turning on, maintaining and turning off the wiretap, but the data would be sent to the designated LEA facility
It seems like some of the CALEA requirements will be very difficult (or impossible) to implement with commonly deployed systems and technology. Sound right?
Yes
CALEA FAQ
Do campuses need to do anything beyond network upgrades to satisfy CALEA?
Yes - universities will need do training and background checks, have 7/24 point of contact for LEAs, create and document processes for interfacing with LEAs and file documentation attesting to CALEA compliance
Any other impacts?Is E911 now extended to university VoIP systems?
CALEA:A Campus Perspective
Higher Ed. has, and will continue to, support
lawful surveillance, but effective, less costly
alternatives should be explored
CALEA FAQ
Where can I find out more?Educause
• http://www.educause.edu
AskCALEA• http://www.askcalea.net/
FCC• http://www.fcc.gov/calea/
Selected vendor information • “Cisco Service Independent Intercept
Architecture” (sign on required to access on Cisco web site)
• RFC 3924– http://www.apps.ietf.org/rfc/rfc3924.html