|
"What is CALEA?
CALEA, or the Communications Assistance for Law Enforcement Act, is the law that oversees telecommunication security which has now been expanded to Internet security. The FBI has been working to specify what is expected of wired and wireless ISPs, which has yet to be released in final form. There are some fairly harsh federal penalties for noncompliance that become effective in May 2007 (the stick). In the spirit of protecting our nation, the mission is not to make life miserable and expensive for operators and thwart communications, but rather to give the FBI and homeland security tools to wire tap (if I can borrow the term) Internet conversation on a moment's notice. I suspect it would be a rare occurrence for a small WISP to receive a warrant to comply, but it would be potentially devastating to security should the means to monitor conversation not be available.
In the words of a consultant working for CALEA and the FBI, here is the verbatim minimal requirement as we obtained via e-mail in order to determine our obligations as a Network Tool supplier.
Norm wrote:
"Basically, an interception warrant would need to isolate and capture all communications to or from the subject of the warrant. The warrant could specify that only header information is to be provided (i.e., a Pen Register/Trap and Trace) or that header information and communications content should both be provided.
"The Packet Technologies and Services Committee (PTSC) has developed standard ATIS-1000013.2007 for CALEA compliance for landline ISPs (including WiFi and WiMAX). Unfortunately, ATIS has not yet posted the standard on its web site (www.atis.org)."
Our promise to our customers will be to provide a minimal compliance utility on our NetEqualizer CALEA compliance module be available?
We will have a "best effort" unit available for trial as of May 1. We caveat this as best effort because there may be some lag time to comply exactly with the requirement once the requirement is finalized and posted. However, there is enough information right now to get close to compliance, which is what we plan to do.
Will there be any additional cost?
At this time all customers with current NSS (software upgrade licenses) will not be charged. The NSS license for one year runs approximately 10 percent of the purchase cost of a new unit. Typically this would be in the $200 to $300 range.
Will the CALEA module ship with newly purchased units?
Yes, in fact any units purchased after March 20 will be eligible to receive the upgrade at no extra cost.
Will the upgrade cost for the CALEA module always remain the same?
We cannot promise a fixed price for future upgrades. If the complexity of this feature gets "out of hand," we may have to label a "nonstandard" upgrade and charge, essentially making it a new product rather than an upgrade and charge accordingly.
At this time our plans are to keep it as a standard upgrade.
The following Q&A will address NetEqualizer's capabilities in reference to CALEA compliance.
1. Functionally, what does the Netequalizer CALEA release provide?
We provide a network probe with the following capabilities:
- It will allow an ISP or other operator to comply with a basic warrant for information about a user by capturing and sending IP communications in real time to a third party.
- Communication may be captured by headers or headers and content.
2. In what format is the data portion sent to a law enforcement agency?
We will provide basic descriptive tags identifying headers, data, and time stamps, along with HEX or ASCII representation of content data.
3. Do you meet the standards of the receiving law enforcement agency?
The law and specifications on "how" to deliver to a law enforcement agency are somewhat ambiguous. The FBI has created some detailed specifications, but the reality is that there are some 40,000 law enforcement agencies and they are given autonomy on how they receive data. We do provide samples on how to receive NetEqualizer-captured data on a third party server, but are unable to guarantee definite compliance with any specific agency.
4. Does the NetEqualizer do any analysis of the data?No. We are only providing a probe function.
5. Is the NetEqualizer release fully CALEA compliant?Although the law (see CALEA sections 103 and 107(a)(2)) is fairly specific on what needs to be done, the how is not addressed to any level of detail to which we can engineer our solution. Many people are following the ATIS specification which was put forth by the FBI, and we have read and attempted to comply with the probe portion of that specification. But, the reality is that there is no one agency given the authority to test a solution and bless it as compliant. So, if faced with a warrant for information, the law enforcement agency in charge may indeed want something in slightly different formats. If this is the case, there may be additional consulting.
As best we can tell at this time, there is no one government agency that can fully declare our technology CALEA compliant. However, we do pledge to work with our customers should they be faced with a warrant for information to adjust and even customize our solution; however additional fees may apply.
Additional information on CALEA itself can be found at http://www.askcalea.org.
Let us also mention that this is not going to be a remotely automated process that will turn on or off without your knowledge. You will be in charge of setting it up with information such as MAC address or IP address to track and what information to get and where to send the information.
...
|
