CALEA Communications Assistance for Law Enforcement Act

1
CALEACommunications Assistance for Law
Enforcement Act

• Current Campus Perspective of Implementation
  Issues
• November 17, 2005
• Doug Carlson New York University

2
CALEAA Campus Perspective

• What do we know for sure?
• Not much!!!
• But sooner or later, some regulations requiring
  additional activity by universities in lawful
  surveillance seem very possible
• Cost to become CALEA compliant could be HUGE!!!

3
Some Vocabulary (ref. TIA J-STD-025-B)

• Access Function(s) (provided by campus)
• Provides unobtrusive intercept access points to
  intercept subjects communications and passes to
  Delivery Function
• Delivery Function (provided by campus)
• Responsible to delivering intercepted
  communications to the Law Enforcement Agency
  (LEA) Collection Function
• Collection function (provided by LEA)
• Responsible for collecting lawfully
  authorizedcommunications

4
How a request might work
Telecommunication Service Provider (Campus?)
Access Function
(Switch collects Lawful Intercept data)
Service Provider Administration (Turn on/off
Lawful Intercept feature of switch)
Delivery Function
Lawful Authorization
(Securely deliver information to LEA)
(Order generated)
Law Enforcement Administration
Collection Function
Law Enforcement
5
CALEA FAQ

• Thanks to Al Gidari (Perkins Coie LLP) and Wendy
  Wigen (Educause) for assistance!
• Disclaimer Current understanding subject
  to change quickly
• Who pays for what?
• Campus must pay for equipment, systems and people
  to perform Service Provider Administration,
  Access Function and Delivery Function
• Law Enforcement pays for leased lines (if
  necessary) to campus and Collection function

6
CALEA FAQ

• What do I need to buy for my campus to be
  CALEA-compliant?
• Dont know - detailed specifications not yet
  available
• Current CALEA regulations seem to require
  significant equipment upgrades or replacements
• When will FCC clarify requirements so we can
  start upgrading network?
• Not known

7
CALEA FAQ

• Might CALEA regulations related to the Internet
  be declared invalid?
• Yes, but universities will still need to support
  surveillance requests in the future
• Is the university responsible for decrypting or
  decompressing message content?
• No, not unless the university did the
  compressing/encrypting and has keys to decrypt

8
CALEA FAQ

• Is more than just Voice over IP covered by CALEA?
• Yes all communications will need to be
  forwarded, and (as of now) the VoIP packets will
  need to be decoded if the university provides the
  VoIP service, otherwise decoding responsibility
  is unclear

9
CALEA FAQ

• Is surveillance of intra-campus traffic necessary
  (e.g., between two computers hooked to the same
  card on the same ethernet switch)?
• Yesif the switch has the potential of passing
  traffic forward to the public Internet

10
CALEA FAQ

• What might a LEA ask for?
• All communications associated with an IP address
  or jack
• All communications associated with a person!!!
• Wired specific location
• Wired any authenticated access!!!
• Wireless!!!

11
CALEA FAQ

• Do the LEAs want to be able to turn on and
  perform surveillance remotely?
• University personnel would be turning on,
  maintaining and turning off the wiretap, but the
  data would be sent to the designated LEA facility
• It seems like some of the CALEA requirements will
  be very difficult (or impossible) to implement
  with commonly deployed systems and technology.
  Sound right?
• Yes

12
CALEA FAQ

• Do campuses need to do anything beyond network
  upgrades to satisfy CALEA?
• Yes - universities will need do training and
  background checks, have 7/24 point of contact for
  LEAs, create and document processes for
  interfacing with LEAs and file documentation
  attesting to CALEA compliance

13
CALEA FAQ

• Any other impacts?
• Is E911 now extended to university VoIP systems?
• If nothing changes with CALEA, when do we need to
  be compliant?
• 17 months Spring 2007
• Short timeframe is a real concern
• Major cost factor (cant use normal renewal
  cycle)
• Find funds, acquire equipment (when available)
  and install!!!

14
CALEAA Campus Perspective
Higher Ed. has, and will continue to, support
lawful surveillance, but effective, less costly
alternatives should be explored