Presentation is loading. Please wait.

Presentation is loading. Please wait.

CALEA Discussion Internet2 Joint Techs July 19, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University

Published byGillian Carr Modified over 8 years ago

Similar presentations

Presentation on theme: "CALEA Discussion Internet2 Joint Techs July 19, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University"— Presentation transcript:

1 CALEA Discussion Internet2 Joint Techs July 19, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University doug.carlson@nyu.edu

2 2 Caveats I’m not a Communications Lawyer! Opinions and interpretations – not undisputed facts Each institution/organization needs to evaluate if it is, or is not, exempt from CALEA

3 3 The Basics CALEA Communications Assistance for Law Enforcement Act Imposes specific obligations on “telecommunications carriers” to build certain "assistance capabilities" into their networks by May 14, 2007 Other reporting and actions required sooner Title 18 and associated regulations provide obligations to assist Law Enforcement Agencies with Lawful Intercepts

4 4 The Basics – Title 18 USC Title 18 provides the framework which requires colleges and universities to assist law enforcement with communications intercepts: “An order authorizing the interception of a wire, oral, or electronic communication under this chapter shall, upon request of the applicant, direct that a provider of wire or electronic communication service, landlord, custodian or other person shall furnish the applicant forthwith all information, facilities, and technical assistance necessary to accomplish the interception unobtrusively and with a minimum of interference with the services that such service provider, landlord, custodian, or person is according the person whose communications are to be intercepted.”

5 5 The Basics (continued) Via CALEA, the government would like in- place mechanisms to quickly initiate comprehensive intercepts of Internet communications (e.g., CALEA compliant equipment installed and operational) An initial interpretation of CALEA suggested that most of the network equipment in all colleges and universities might need to be replaced – no longer the prevailing opinion

6 6 Recent Events American Council on Education (ACE) takes the FCC to court FCC clarifies in court brief that CALEA at most applies to gateway equipment and cannot apply to the internal portions of private networks FCC issues the Second Report and Order http://www.educause.edu/ir/library/pdf/EPO0634.pdf Establishes actions and reporting requirements for “telecommunications carriers”

7 7 Recent Events (continued) Court rejects most ACE arguments, but there appear to be some positive clarifications from this action by ACE Court agreed that private networks cannot be required to comply with CALEA ACE issues memo on the “Application of CALEA to Higher Education Networks” – particularly focusing on colleges and universities http://www.educause.edu/ir/library/pdf/EPO0654.pdf

8 8 Court case results ( Current thinking on broadband ) Still not clear!!! Opinions Many colleges and universities are likely, at most, to need to make the “gateway” between the campus and the Internet CALEA compliant Two tests to determine if exempt Private network Institution doesn’t provide its own facilities to the Internet (Service Provider)

9 9 FCC First Report and Order - Footnote 100 “To the extent [that] private networks are interconnected with a public network, either the [public voice network] or the Internet, providers of the facilities that support the connection of the private network to a public network are subject to CALEA under the [Substantial Replacement Provision].”

10 10 Private Network Offer network access to a well-defined set of users (e.g., students, faculty and staff) Incidental other usage might be OK? Open (non-authenticated) wireless?

11 11 Providing access to the Internet Does the institution provide access to the Internet What does “provide” mean? One thought: Does the campus or the ISP own/provide connections between the campus network and the ISP’s Point of Presence (PoP)?

12 12 Other Issues Further appeals? Status of state/regional Research & Education networks? Same as universities? Not studied in detail by ACE. Congress may consider new regulations For example, draft legislation distributed recently by the FBI

13 13 What ACE has done recently Coordinated overall Higher Ed. actions on CALEA (with EDUCAUSE providing assistance) Analyzed the Court’s decision Created a document on the impact of the Court’s decision

14 14 What EDUCAUSE will do Continue dialog with Law Enforcement on guidelines for Title 18 compliance CALEA Technical Group and EDUCAUSE Security Task Force collaborating on the development of guidelines for handling Lawful Intercepts for campuses CALEA Technical Group will evaluate options for technical implementations of CALEA Equipment Trusted Third Parties (e.g., NeuStar, VeriSign) Will continue to engage in analysis and discussion with the higher education community

15 15 What should institutions do? Review the recent ACE memo http://www.educause.edu/ir/library/pdf/EPO0654.pdf Evaluate if the university appears to have a “private network” and is not responsible for providing the connection to the Internet If don’t have a private network, CALEA obligations could be daunting If do have responsibility for connection to your ISP, it could increase chances that gateway would need to be CALEA-compliant

16 16 What should institutions do? If the institution determines that it is subject to CALEA Begin to take the actions specified in the Second Report and Order (including preparing to file required paperwork – due >90 days out) Evaluate technical options for CALEA compliance (but see next slide)

17 17 CALEA compliance challenges As yet, no clear definition of what CALEA compliance means FCC is looking for industry, working with the Law Enforcement Agencies (LEAs), to develop standards Two ways to implement CALEA compliance Institution installs equipment, creates procedures, etc., but verified equipment solution not yet available Engage a Trusted Third Party to act as agent, but will need to define the service

18 18 How might a LI request work LawfulAuthorization Law Enforcement Telecommunication Service Provider Service Provider Administration (Turn on Lawful Intercept feature of switch) Delivery Function Collection Function Access Function Law Enforcement Administration (Switch collects Lawful Intercept data) (Securely deliver information to LEA) (Order generated)

19 19 Some Vocabulary (ref. TIA J-STD-025-B) Access Function(s) (provided by campus) Provides unobtrusive intercept access points to intercept subject’s communications and passes to Delivery Function Delivery Function (provided by campus) Responsible to delivering intercepted communications to the Law Enforcement Agency (LEA) Collection Function Collection function (provided by LEA) Responsible for collecting lawfully authorized communications

20 20 Related Issues Network authentication of terminals on campus (e.g., 802.1x) Data retention of logs and other records

21 21 Good information source http://www.educause.edu/calea

Download ppt "CALEA Discussion Internet2 Joint Techs July 19, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University"

Similar presentations

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.
The International Security Standard

The International Security Standard
The status of broadband FCC defines –High-speed lines that deliver services at speeds in excess of 200 kbps in at least one direction –Advanced services.

The status of broadband FCC defines –High-speed lines that deliver services at speeds in excess of 200 kbps in at least one direction –Advanced services.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Fiducianet, inc. tm 1 Presented by H. Michael Warren, President fiducianet, inc. VoIP Technology Perspectives Law Enforcement Concerns & CALEA Compliance.

Fiducianet, inc. tm 1 Presented by H. Michael Warren, President fiducianet, inc. VoIP Technology Perspectives Law Enforcement Concerns & CALEA Compliance.
CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.

CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.
CALEA Panel Internet2 Member Meeting December 6, 2006.

CALEA Panel Internet2 Member Meeting December 6, 2006.
1 © 2000, Cisco Systems, Inc. CALEA_NANOG_2000_0611.ppt Impact of CALEA on Network Operators What it is and what it ain’t Chip Sharp Cisco System, Inc.

1 © 2000, Cisco Systems, Inc. CALEA_NANOG_2000_0611.ppt Impact of CALEA on Network Operators What it is and what it ain’t Chip Sharp Cisco System, Inc.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
CALEA BoF: Some Introductory Comments Internet2/ESNet Joint Techs Minneapolis, 12:15, February 14, 2007 Joe St Sauver, Ph.D.

CALEA BoF: Some Introductory Comments Internet2/ESNet Joint Techs Minneapolis, 12:15, February 14, 2007 Joe St Sauver, Ph.D.
Latham & Watkins operates as a limited liability partnership worldwide with an affiliate in the United Kingdom and Italy, where the practice is conducted.

Latham & Watkins operates as a limited liability partnership worldwide with an affiliate in the United Kingdom and Italy, where the practice is conducted.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Europol’s tailor-made data protection framework

Europol’s tailor-made data protection framework
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Regulatory Body MODIFIED Day 8 – Lecture 3.

Regulatory Body MODIFIED Day 8 – Lecture 3.
CALEA: The Communications Assistance for Law Enforcement Act Doug Carlson, Executive Director, Communications and Computing Services, NYU Mark Luker, Vice.

CALEA: The Communications Assistance for Law Enforcement Act Doug Carlson, Executive Director, Communications and Computing Services, NYU Mark Luker, Vice.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Creative Support Solutions CDG User Group CABS Information.

Creative Support Solutions CDG User Group CABS Information.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Similar presentations

Ads by Google