CALEA Filings and Procedural Steps - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

CALEA Filings and Procedural Steps

Description:

... for a reasonable period of time as determined by entity ... time like changing batteries in the home smoke detector with daylight savings time changes ... – PowerPoint PPT presentation

Number of Views:119
Avg rating:3.0/5.0
Slides: 19
Provided by: memc
Category:

less

Transcript and Presenter's Notes

Title: CALEA Filings and Procedural Steps


1
CALEA Filings and Procedural Steps
  • Mary Eileen McLaughlin
  • Merit Director Technical Operations
  • January 31, 2006

2
Agenda
  • Key dates
  • Requirements
  • Review of forms to be filed
  • Resources for forms, explanations, examples,
    cover letters
  • Other recommended internal policies
  • DISCLAIMER
  • This presentation in no way should be considered
    legal advice. It is a review of Merits
    understanding of and plans for CALEA filings.

3
Three Key Dates
  • February 12, 2007
  • Entities that the FCC believes need to be CALEA
    compliant must file the FCC form 445
  • File with FCC and with FBI
  • March 12, 2007
  • Entities filing form 445 file a Systems Security
    and Integrity Plan
  • File with FCC and Homeland Security Bureau
  • May 14, 2007
  • Entities must have network compliance,
  • Unless on form 445 another date, and rationale
    was noted

4
Form 445 due February 12thPretty Simple
  • Name, state, contact info, parent company
    (e.g.,RE net that is part of a university)
  • FCC Registration number (FRN)
  • Must get one at www.fcc.gov, CORES link which is
    COmmission REgistration System
  • FCC Registration is required to conduct business
    with the FCC
  • Merit has FRN because of USF work
  • This number will be used to uniquely identify you
    in all transactions with the FCC
  • cont.

5
Form 445, cont.
  • Filers 499 ID
  • Form 499 is only required if a network
  • pays into Universal Service, Telecommunications
    Relay Service, Number Administration, Local
    Number Portability Support Mechanisms
  • Merit doesnt, and likely no RE nets do
    universities, libraries certainly dont
  • Filer checks whether it will be compliant by
    5/14/07 or not
  • cont.

6
Form 445, cont.
  • Compliance method is identified by a checkbox
  • Proprietary/Custom or 3rd party
  • Write the standard used (Draft Standard
    PTSC-LAES-2006-084R6)
  • Proprietary/custom solution
  • Merit will get legal advice, but the assumption
    is that our solution is neither
  • Check if DOJ has been consulted -- Merit has not
  • Check if Filer is using a Trusted Third Party,
    and if so, who

7
Form 445, cont.Trusted Third Parties (TTPs) Can
  • Assist in meeting filers CALEA obligations
  • Provide LEAs the electronic surveillance
    information those agencies require
  • In an acceptable format
  • Services include processing requests for
    intercepts, conducting electronic surveillance,
    and delivering relevant information to LEAs.
  • The entity (not the TTP) remains responsible for,
  • Ensuring the timely delivery of call-identifying
    information and call content
  • And for protecting subscriber privacy, as
    required by CALEA.
  • cont.

8
Form 445, cont.
  • If filer wont be compliant by 5/14, state why
  • Equipment identify equipment by model
    type/manufacturer that is responsible for the
    delay
  • Network installation brief description of
    circumstances contributing to delay
  • Manufacturer support -- brief description of
    circumstances contributing to delay
  • Other any other circumstances
  • Also describe Mediation actions what steps
    being taken to resolve the circumstances causing
    delay
  • cont.

9
Form 445, cont.
  • Note Lack of final standard isnt on the list
    of reasons for delay in compliance
  • FBI quote Their telecom standards
    organizations previous foot-dragging was one of
    the complaints of the Joint Law Enforcement
    Petition for Expedited Rulemaking that resulted
    in the FCC's Second Report and Order.
  • An entity does not need to know the exact
    specifics of a standard to comply with the FCC's
    SSI and Monitoring Report requirement. Solutions
    vendors know which standard they will build to
    and only minor Software changes will be
    required. (!)
  • Finally, a company officer of the Filer signs FCC
    Form 445 and its filed

10
System Security and Integrity PlanPurpose
  • Ensure that interception can be activated only in
    accordance with appropriate legal authorization
  • With affirmative intervention of an individual
    officer of the entity
  • In accordance with regulations prescribed by FCC
  • And to ensure LEAs get the information
  • Also, apparently not onerous

11
Very Different SSI Examples
  • Printouts in workshop binder
  • Blank templates at Educause website
  • Highly recommended because they take 2nd RO and
    incorporate terms into plan
  • 2-page plan by U.S. LEC
  • 4-page plan by Honeybee Networks
  • 15-page plan by MetroPCS
  • Merit plans to be brief
  • Will draft a plan by end of February and
    circulate to the community for comment/reference

12
SSI Components - General
  • Appoint a senior officer or employee to ensure
    that activation only in accordance with lawful
    authorization
  • Name and job function
  • 24/7 contact information
  • Merit plans to identify our CEO and an alternate,
    and have our NOC be the 24/7 contact point
  • Process to report any act of compromise of lawful
    intercept or unlawful surveillance

13
SSI Components Record Retention
  • Must maintain secure and accurate record of
    interception of communications
  • Legal or not
  • In the form of a Certification
  • Certification includes
  • Identifying number/address
  • Start date
  • Identify of LEA officer
  • Name of person signing the legal authorization
  • Type of interception
  • Name of employee overseeing
  • Signed by employee overseeing
  • Must maintain records for a reasonable period of
    time as determined by entity

14
SoRequired Forms Not Onerous
  • What may be more difficult is to actually act on
    a subpoena
  • Few and far between
  • People change jobs
  • CALEA and other laws differ
  • Merit recommends that every network organization
    have a network abuse policy
  • Recommend that it be reviewed annually, e.g., at
    budget time
  • Or pick a time like changing batteries in the
    home smoke detector with daylight savings time
    changes

15
Merits Network Abuse PolicyExample Topics
Included
  • Triaging abuse complaints Serious is
  • Life or physical well being is threatened
  • Data could be destroyed, or confidential data
    exposed
  • DDOS attack
  • Actions
  • Refer complainant to his ISP if not serious
    (e.g., spam)
  • Open incident report
  • Open NOC trouble ticket, escalate
  • Management approval for some action

16
Network Abuse Policy Being Revised
  • CALEA requires new procedures
  • Today, we only release information about
    individuals to the organization with which they
    are associated, not to third parties
  • Today, LEAs are always 3rd parties
  • If there is a CALEA request, this doesnt fit
  • In fact, we cant let the organization know
  • Today we have a management approval chain, and
    no one employee makes a decision or takes action
  • If there is a CALEA request, this doesnt fit
  • We will revise our internal network abuse
    policies and share with the community
  • Perhaps in parallel with the SSI draft

17
References www.fcc.gov
  • Public Notice - Compliance Monitoring Report
  • DA 06-2512, December 14, 2006
  • OMB Control Number 3060-0809
  • Public Notice - Systems Security and Integrity
    Filing Requirement
  • DA 06-2512, December 14, 2006
  • OMB Control Number 3060-0809
  • Systems Security and Integrity Plans components
  • CALEA of 1994 Pub.L. No. 103-414, 108 Stat.
    4279
  • FCC 64 FR 51469, Sept. 23, 1999
  • FCC 2nd Report and Order, May 12, 2006, Appendix
    B, page 44, for SSI (useful definitions)

18
References, cont.
  • Easiest source Educause CALEA resource page
  • http//www.educause.edu/Browse/645?PARENT_ID698
  • Includes FCC public notices, forms, example cover
    letter for SSI, other background
  • www.askcalea.gov (FBI site)
Write a Comment
User Comments (0)
About PowerShow.com