Re: CALEA

[Christopher Morrow]

"Encryption

The number of state wiretaps in which encryption was encountered decreased
from 41 in 2013 to 22 in 2014. In two of these wiretaps, officials were
unable to decipher the plain text of the messages. Three federal wiretaps
were reported as being encrypted in 2014, of which two could not be
decrypted. Encryption was also reported for five federal wiretaps that were
conducted during previous years, but reported to the AO for the first time
in 2014. Officials were able to decipher the plain text of the
communications in four of the five intercepts."

that's certainly interesting...

On Tue, May 31, 2016 at 3:12 AM, Martin Hannigan  wrote:

> Misfire. Sorry, early in the AM. The URL I intended to send is here:
>
> http://www.uscourts.gov/statistics-reports/wiretap-report-2014
>
>
> Best,
>
> -M<
>
> On Tue, May 31, 2016 at 9:10 AM, Martin Hannigan 
> wrote:
> > CALEA isn't a type of request, it's a law that enabled par function
> > access for LEO's e.g. "the ladder" pin register, trap+trace, DTMF
> > translation, three-way/off hook ops and the call content (not
> > necessarily in that order).
> >
> > You can see the non national security activity here:
> >
> >
> > On Sat, May 28, 2016 at 5:37 AM, Mike Joseph  wrote:
> >> I can say via firsthand knowledge that CALEA requests are definitely
> >> happening and are not even that rare, proportional to a reasonably sized
> >> subscriber-base.  It would be unlawful for me to comment specifically on
> >> any actual CALEA requests, however.  But if you have general questions
> >> about my observations, feel free to reach out directly.
> >>
> >> -MJ
> >>
> >> On Thu, May 12, 2016 at 11:28 AM, Brian Mengel 
> wrote:
> >>
> >>> My comments were strictly limited to my understanding of CALEA as it
> >>> applied to ISPs, not telcos.  A request for a lawful intercept can
> entail
> >>> mirroring a real time stream of all data sent to/from a customer's
> Internet
> >>> connection (cable modem/DSL/dedicated Ethernet) to a LEA.  AFAIK this
> >>> requires mediation before being sent to the LEA and it is the mediation
> >>> server itself that initiates the intercept when so configured by the
> ISP.
> >>> Perhaps some LEAs have undertaken the mediation function so as to
> >>> facilitate these intercepts where the neither the ISP nor a third
> party can
> >>> do so.  If that were the case then very little would be needed on the
> part
> >>> of the ISP in order to comply with a request for lawful intercept.  I
> can
> >>> say with certainty that these types of requests are being made of
> broadband
> >>> ISPs though I agree that they are very rare.
> >>>
> >>> On Wed, May 11, 2016 at 2:58 PM, Ricky Beam  wrote:
> >>>
> >>> > On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel 
> >>> > wrote:
> >>> >
> >>> > AFAIK being able to do a lawful intercept on a specific, named,
> >>> >> individual's service has been a requirement for providers since
> 2007.
> >>> >>
> >>> >
> >>> > It's been required for longer than that. The telco I worked for over
> a
> >>> > decade ago didn't build the infrastructure until the FCC said they
> were
> >>> > going to stop funding upgrades. That really got 'em movin'. (suddenly
> >>> "data
> >>> > services" people -- i.e. ME -- weren't redheaded stepchildren.)
> >>> >
> >>> > have never heard of a provider, big or small, being called out for
> being
> >>> >> unable to provide this service when requested.
> >>> >>
> >>> >
> >>> > Where existing infrastructure is not already in place (read:
> >>> T1/BRI/etc.),
> >>> > the telco can take up to 60 days to get that setup. I know more than
> one
> >>> > telco that used that grace period to actually setup CALEA in the
> first
> >>> > place.
> >>> >
> >>> > did not perform intercepts routinely.
> >>> >>
> >>> >
> >>> > The historic published figures (i've not looked in years) suggest
> CALEA
> >>> > requests are statistically rare. The NC based telco I worked for had
> >>> never
> >>> > received an order in the then ~40yr life of the company.
> >>> >
> >>> > The mediation server needed to "mediate" between your customer
> >>> aggregation
> >>> >> box and the LEA is not inexpensive.
> >>> >>
> >>> >
> >>> > And also is not the telco's problem. Mediation is done by the LEA or
> 3rd
> >>> > party under contract to any number of agencies. For example, a telco
> tap
> >>> > order would mirror the control and voice traffic of a POTS line
> (T1/PRI
> >>> > channel, etc.) into a BRI or specific T1 channel. (dialup was later
> >>> added,
> >>> > but wasn't required in my era, so we didn't support it.) We used to
> test
> >>> > that by tapping a tech's phone. Not having any mediation software,
> all I
> >>> > could do is "yeap, it's sending data" and listen to the voice
> channels
> >>> on a
> >>> > t-berd.
> >>> >
> >>> > --Ricky
> >>> >
> >>>
> >>>
>

Re: CALEA

[Martin Hannigan]

Misfire. Sorry, early in the AM. The URL I intended to send is here:

http://www.uscourts.gov/statistics-reports/wiretap-report-2014


Best,

-M<

On Tue, May 31, 2016 at 9:10 AM, Martin Hannigan  wrote:
> CALEA isn't a type of request, it's a law that enabled par function
> access for LEO's e.g. "the ladder" pin register, trap+trace, DTMF
> translation, three-way/off hook ops and the call content (not
> necessarily in that order).
>
> You can see the non national security activity here:
>
>
> On Sat, May 28, 2016 at 5:37 AM, Mike Joseph  wrote:
>> I can say via firsthand knowledge that CALEA requests are definitely
>> happening and are not even that rare, proportional to a reasonably sized
>> subscriber-base.  It would be unlawful for me to comment specifically on
>> any actual CALEA requests, however.  But if you have general questions
>> about my observations, feel free to reach out directly.
>>
>> -MJ
>>
>> On Thu, May 12, 2016 at 11:28 AM, Brian Mengel  wrote:
>>
>>> My comments were strictly limited to my understanding of CALEA as it
>>> applied to ISPs, not telcos.  A request for a lawful intercept can entail
>>> mirroring a real time stream of all data sent to/from a customer's Internet
>>> connection (cable modem/DSL/dedicated Ethernet) to a LEA.  AFAIK this
>>> requires mediation before being sent to the LEA and it is the mediation
>>> server itself that initiates the intercept when so configured by the ISP.
>>> Perhaps some LEAs have undertaken the mediation function so as to
>>> facilitate these intercepts where the neither the ISP nor a third party can
>>> do so.  If that were the case then very little would be needed on the part
>>> of the ISP in order to comply with a request for lawful intercept.  I can
>>> say with certainty that these types of requests are being made of broadband
>>> ISPs though I agree that they are very rare.
>>>
>>> On Wed, May 11, 2016 at 2:58 PM, Ricky Beam  wrote:
>>>
>>> > On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel 
>>> > wrote:
>>> >
>>> > AFAIK being able to do a lawful intercept on a specific, named,
>>> >> individual's service has been a requirement for providers since 2007.
>>> >>
>>> >
>>> > It's been required for longer than that. The telco I worked for over a
>>> > decade ago didn't build the infrastructure until the FCC said they were
>>> > going to stop funding upgrades. That really got 'em movin'. (suddenly
>>> "data
>>> > services" people -- i.e. ME -- weren't redheaded stepchildren.)
>>> >
>>> > have never heard of a provider, big or small, being called out for being
>>> >> unable to provide this service when requested.
>>> >>
>>> >
>>> > Where existing infrastructure is not already in place (read:
>>> T1/BRI/etc.),
>>> > the telco can take up to 60 days to get that setup. I know more than one
>>> > telco that used that grace period to actually setup CALEA in the first
>>> > place.
>>> >
>>> > did not perform intercepts routinely.
>>> >>
>>> >
>>> > The historic published figures (i've not looked in years) suggest CALEA
>>> > requests are statistically rare. The NC based telco I worked for had
>>> never
>>> > received an order in the then ~40yr life of the company.
>>> >
>>> > The mediation server needed to "mediate" between your customer
>>> aggregation
>>> >> box and the LEA is not inexpensive.
>>> >>
>>> >
>>> > And also is not the telco's problem. Mediation is done by the LEA or 3rd
>>> > party under contract to any number of agencies. For example, a telco tap
>>> > order would mirror the control and voice traffic of a POTS line (T1/PRI
>>> > channel, etc.) into a BRI or specific T1 channel. (dialup was later
>>> added,
>>> > but wasn't required in my era, so we didn't support it.) We used to test
>>> > that by tapping a tech's phone. Not having any mediation software, all I
>>> > could do is "yeap, it's sending data" and listen to the voice channels
>>> on a
>>> > t-berd.
>>> >
>>> > --Ricky
>>> >
>>>
>>>

Re: CALEA

[Martin Hannigan]

CALEA isn't a type of request, it's a law that enabled par function
access for LEO's e.g. "the ladder" pin register, trap+trace, DTMF
translation, three-way/off hook ops and the call content (not
necessarily in that order).

You can see the non national security activity here:


On Sat, May 28, 2016 at 5:37 AM, Mike Joseph  wrote:
> I can say via firsthand knowledge that CALEA requests are definitely
> happening and are not even that rare, proportional to a reasonably sized
> subscriber-base.  It would be unlawful for me to comment specifically on
> any actual CALEA requests, however.  But if you have general questions
> about my observations, feel free to reach out directly.
>
> -MJ
>
> On Thu, May 12, 2016 at 11:28 AM, Brian Mengel  wrote:
>
>> My comments were strictly limited to my understanding of CALEA as it
>> applied to ISPs, not telcos.  A request for a lawful intercept can entail
>> mirroring a real time stream of all data sent to/from a customer's Internet
>> connection (cable modem/DSL/dedicated Ethernet) to a LEA.  AFAIK this
>> requires mediation before being sent to the LEA and it is the mediation
>> server itself that initiates the intercept when so configured by the ISP.
>> Perhaps some LEAs have undertaken the mediation function so as to
>> facilitate these intercepts where the neither the ISP nor a third party can
>> do so.  If that were the case then very little would be needed on the part
>> of the ISP in order to comply with a request for lawful intercept.  I can
>> say with certainty that these types of requests are being made of broadband
>> ISPs though I agree that they are very rare.
>>
>> On Wed, May 11, 2016 at 2:58 PM, Ricky Beam  wrote:
>>
>> > On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel 
>> > wrote:
>> >
>> > AFAIK being able to do a lawful intercept on a specific, named,
>> >> individual's service has been a requirement for providers since 2007.
>> >>
>> >
>> > It's been required for longer than that. The telco I worked for over a
>> > decade ago didn't build the infrastructure until the FCC said they were
>> > going to stop funding upgrades. That really got 'em movin'. (suddenly
>> "data
>> > services" people -- i.e. ME -- weren't redheaded stepchildren.)
>> >
>> > have never heard of a provider, big or small, being called out for being
>> >> unable to provide this service when requested.
>> >>
>> >
>> > Where existing infrastructure is not already in place (read:
>> T1/BRI/etc.),
>> > the telco can take up to 60 days to get that setup. I know more than one
>> > telco that used that grace period to actually setup CALEA in the first
>> > place.
>> >
>> > did not perform intercepts routinely.
>> >>
>> >
>> > The historic published figures (i've not looked in years) suggest CALEA
>> > requests are statistically rare. The NC based telco I worked for had
>> never
>> > received an order in the then ~40yr life of the company.
>> >
>> > The mediation server needed to "mediate" between your customer
>> aggregation
>> >> box and the LEA is not inexpensive.
>> >>
>> >
>> > And also is not the telco's problem. Mediation is done by the LEA or 3rd
>> > party under contract to any number of agencies. For example, a telco tap
>> > order would mirror the control and voice traffic of a POTS line (T1/PRI
>> > channel, etc.) into a BRI or specific T1 channel. (dialup was later
>> added,
>> > but wasn't required in my era, so we didn't support it.) We used to test
>> > that by tapping a tech's phone. Not having any mediation software, all I
>> > could do is "yeap, it's sending data" and listen to the voice channels
>> on a
>> > t-berd.
>> >
>> > --Ricky
>> >
>>
>>

Re: CALEA

[Josh Luthman]

How many requests per 1k or 10k customers?  Is primarily residential a safe
assumption?


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Fri, May 27, 2016 at 11:37 PM, Mike Joseph  wrote:

> I can say via firsthand knowledge that CALEA requests are definitely
> happening and are not even that rare, proportional to a reasonably sized
> subscriber-base.  It would be unlawful for me to comment specifically on
> any actual CALEA requests, however.  But if you have general questions
> about my observations, feel free to reach out directly.
>
> -MJ
>
> On Thu, May 12, 2016 at 11:28 AM, Brian Mengel  wrote:
>
> > My comments were strictly limited to my understanding of CALEA as it
> > applied to ISPs, not telcos.  A request for a lawful intercept can entail
> > mirroring a real time stream of all data sent to/from a customer's
> Internet
> > connection (cable modem/DSL/dedicated Ethernet) to a LEA.  AFAIK this
> > requires mediation before being sent to the LEA and it is the mediation
> > server itself that initiates the intercept when so configured by the ISP.
> > Perhaps some LEAs have undertaken the mediation function so as to
> > facilitate these intercepts where the neither the ISP nor a third party
> can
> > do so.  If that were the case then very little would be needed on the
> part
> > of the ISP in order to comply with a request for lawful intercept.  I can
> > say with certainty that these types of requests are being made of
> broadband
> > ISPs though I agree that they are very rare.
> >
> > On Wed, May 11, 2016 at 2:58 PM, Ricky Beam  wrote:
> >
> > > On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel 
> > > wrote:
> > >
> > > AFAIK being able to do a lawful intercept on a specific, named,
> > >> individual's service has been a requirement for providers since 2007.
> > >>
> > >
> > > It's been required for longer than that. The telco I worked for over a
> > > decade ago didn't build the infrastructure until the FCC said they were
> > > going to stop funding upgrades. That really got 'em movin'. (suddenly
> > "data
> > > services" people -- i.e. ME -- weren't redheaded stepchildren.)
> > >
> > > have never heard of a provider, big or small, being called out for
> being
> > >> unable to provide this service when requested.
> > >>
> > >
> > > Where existing infrastructure is not already in place (read:
> > T1/BRI/etc.),
> > > the telco can take up to 60 days to get that setup. I know more than
> one
> > > telco that used that grace period to actually setup CALEA in the first
> > > place.
> > >
> > > did not perform intercepts routinely.
> > >>
> > >
> > > The historic published figures (i've not looked in years) suggest CALEA
> > > requests are statistically rare. The NC based telco I worked for had
> > never
> > > received an order in the then ~40yr life of the company.
> > >
> > > The mediation server needed to "mediate" between your customer
> > aggregation
> > >> box and the LEA is not inexpensive.
> > >>
> > >
> > > And also is not the telco's problem. Mediation is done by the LEA or
> 3rd
> > > party under contract to any number of agencies. For example, a telco
> tap
> > > order would mirror the control and voice traffic of a POTS line (T1/PRI
> > > channel, etc.) into a BRI or specific T1 channel. (dialup was later
> > added,
> > > but wasn't required in my era, so we didn't support it.) We used to
> test
> > > that by tapping a tech's phone. Not having any mediation software, all
> I
> > > could do is "yeap, it's sending data" and listen to the voice channels
> > on a
> > > t-berd.
> > >
> > > --Ricky
> > >
> >
> >
>

Re: CALEA

[Mike Joseph]

I can say via firsthand knowledge that CALEA requests are definitely
happening and are not even that rare, proportional to a reasonably sized
subscriber-base.  It would be unlawful for me to comment specifically on
any actual CALEA requests, however.  But if you have general questions
about my observations, feel free to reach out directly.

-MJ

On Thu, May 12, 2016 at 11:28 AM, Brian Mengel  wrote:

> My comments were strictly limited to my understanding of CALEA as it
> applied to ISPs, not telcos.  A request for a lawful intercept can entail
> mirroring a real time stream of all data sent to/from a customer's Internet
> connection (cable modem/DSL/dedicated Ethernet) to a LEA.  AFAIK this
> requires mediation before being sent to the LEA and it is the mediation
> server itself that initiates the intercept when so configured by the ISP.
> Perhaps some LEAs have undertaken the mediation function so as to
> facilitate these intercepts where the neither the ISP nor a third party can
> do so.  If that were the case then very little would be needed on the part
> of the ISP in order to comply with a request for lawful intercept.  I can
> say with certainty that these types of requests are being made of broadband
> ISPs though I agree that they are very rare.
>
> On Wed, May 11, 2016 at 2:58 PM, Ricky Beam  wrote:
>
> > On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel 
> > wrote:
> >
> > AFAIK being able to do a lawful intercept on a specific, named,
> >> individual's service has been a requirement for providers since 2007.
> >>
> >
> > It's been required for longer than that. The telco I worked for over a
> > decade ago didn't build the infrastructure until the FCC said they were
> > going to stop funding upgrades. That really got 'em movin'. (suddenly
> "data
> > services" people -- i.e. ME -- weren't redheaded stepchildren.)
> >
> > have never heard of a provider, big or small, being called out for being
> >> unable to provide this service when requested.
> >>
> >
> > Where existing infrastructure is not already in place (read:
> T1/BRI/etc.),
> > the telco can take up to 60 days to get that setup. I know more than one
> > telco that used that grace period to actually setup CALEA in the first
> > place.
> >
> > did not perform intercepts routinely.
> >>
> >
> > The historic published figures (i've not looked in years) suggest CALEA
> > requests are statistically rare. The NC based telco I worked for had
> never
> > received an order in the then ~40yr life of the company.
> >
> > The mediation server needed to "mediate" between your customer
> aggregation
> >> box and the LEA is not inexpensive.
> >>
> >
> > And also is not the telco's problem. Mediation is done by the LEA or 3rd
> > party under contract to any number of agencies. For example, a telco tap
> > order would mirror the control and voice traffic of a POTS line (T1/PRI
> > channel, etc.) into a BRI or specific T1 channel. (dialup was later
> added,
> > but wasn't required in my era, so we didn't support it.) We used to test
> > that by tapping a tech's phone. Not having any mediation software, all I
> > could do is "yeap, it's sending data" and listen to the voice channels
> on a
> > t-berd.
> >
> > --Ricky
> >
>
>

Re: CALEA

[Brian Mengel]

My comments were strictly limited to my understanding of CALEA as it
applied to ISPs, not telcos.  A request for a lawful intercept can entail
mirroring a real time stream of all data sent to/from a customer's Internet
connection (cable modem/DSL/dedicated Ethernet) to a LEA.  AFAIK this
requires mediation before being sent to the LEA and it is the mediation
server itself that initiates the intercept when so configured by the ISP.
Perhaps some LEAs have undertaken the mediation function so as to
facilitate these intercepts where the neither the ISP nor a third party can
do so.  If that were the case then very little would be needed on the part
of the ISP in order to comply with a request for lawful intercept.  I can
say with certainty that these types of requests are being made of broadband
ISPs though I agree that they are very rare.

On Wed, May 11, 2016 at 2:58 PM, Ricky Beam  wrote:

> On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel 
> wrote:
>
> AFAIK being able to do a lawful intercept on a specific, named,
>> individual's service has been a requirement for providers since 2007.
>>
>
> It's been required for longer than that. The telco I worked for over a
> decade ago didn't build the infrastructure until the FCC said they were
> going to stop funding upgrades. That really got 'em movin'. (suddenly "data
> services" people -- i.e. ME -- weren't redheaded stepchildren.)
>
> have never heard of a provider, big or small, being called out for being
>> unable to provide this service when requested.
>>
>
> Where existing infrastructure is not already in place (read: T1/BRI/etc.),
> the telco can take up to 60 days to get that setup. I know more than one
> telco that used that grace period to actually setup CALEA in the first
> place.
>
> did not perform intercepts routinely.
>>
>
> The historic published figures (i've not looked in years) suggest CALEA
> requests are statistically rare. The NC based telco I worked for had never
> received an order in the then ~40yr life of the company.
>
> The mediation server needed to "mediate" between your customer aggregation
>> box and the LEA is not inexpensive.
>>
>
> And also is not the telco's problem. Mediation is done by the LEA or 3rd
> party under contract to any number of agencies. For example, a telco tap
> order would mirror the control and voice traffic of a POTS line (T1/PRI
> channel, etc.) into a BRI or specific T1 channel. (dialup was later added,
> but wasn't required in my era, so we didn't support it.) We used to test
> that by tapping a tech's phone. Not having any mediation software, all I
> could do is "yeap, it's sending data" and listen to the voice channels on a
> t-berd.
>
> --Ricky
>

Re: CALEA

[Ricky Beam]

On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel  wrote:


AFAIK being able to do a lawful intercept on a specific, named,
individual's service has been a requirement for providers since 2007.


It's been required for longer than that. The telco I worked for over a  
decade ago didn't build the infrastructure until the FCC said they were  
going to stop funding upgrades. That really got 'em movin'. (suddenly  
"data services" people -- i.e. ME -- weren't redheaded stepchildren.)



have never heard of a provider, big or small, being called out for being
unable to provide this service when requested.


Where existing infrastructure is not already in place (read: T1/BRI/etc.),  
the telco can take up to 60 days to get that setup. I know more than one  
telco that used that grace period to actually setup CALEA in the first  
place.



did not perform intercepts routinely.


The historic published figures (i've not looked in years) suggest CALEA  
requests are statistically rare. The NC based telco I worked for had never  
received an order in the then ~40yr life of the company.


The mediation server needed to "mediate" between your customer  
aggregation box and the LEA is not inexpensive.


And also is not the telco's problem. Mediation is done by the LEA or 3rd  
party under contract to any number of agencies. For example, a telco tap  
order would mirror the control and voice traffic of a POTS line (T1/PRI  
channel, etc.) into a BRI or specific T1 channel. (dialup was later added,  
but wasn't required in my era, so we didn't support it.) We used to test  
that by tapping a tech's phone. Not having any mediation software, all I  
could do is "yeap, it's sending data" and listen to the voice channels on  
a t-berd.


--Ricky

Re: CALEA

[Leo Bicknell]

In a message written on Tue, May 10, 2016 at 03:00:59PM -0500, Josh Reynolds 
wrote:
> This is a large list that includes many Tier 1 network operators,
> government agencies,  and Fortune 500 network operators.
> 
> The silence should be telling.

NANOG has a strong self-selection for people who run core routing
devices and do things like BGP and peering negotiations with other
providers.

By contrast, CALEA requirements are generally all met by features
deployed at the customer-edge.  These groups are often a separate
silo from the backbone folks at the largest providers.

This is likely the wrong list for asking such questions, and the few
who do answer is likely to be smaller providers where people wear
multiple hats.

-- 
Leo Bicknell - bickn...@ufp.org
PGP keys at http://www.ufp.org/~bicknell/


pgpWM43j2G20q.pgp
Description: PGP signature

Re: CALEA

[Brian Mengel]

AFAIK being able to do a lawful intercept on a specific, named,
individual's service has been a requirement for providers since 2007.  I
have never heard of a provider, big or small, being called out for being
unable to provide this service when requested.  I would be surprised if a
national broadband ISP with millions of subs did not have this ability and
did not perform intercepts routinely.  I would be surprised if a small town
providing it's own Internet access or small WISP serving a few hundred
customers went through the trouble and expense of being able to provide
this service.

The mediation server needed to "mediate" between your customer aggregation
box and the LEA is not inexpensive.  I believe there was talk about
"trusted third parties" providing mediation-as-a-service but I do not know
if any such entities exist.  The logistics of running a mediation server in
the cloud and being able to signal from the cloud to the aggregation box to
begin a mediation and ensuring that the data exported from the ISP to the
cloud to the LEA remained private would seem to be significant but not
insurmountable.



On Tue, May 10, 2016 at 4:11 PM, Josh Reynolds  wrote:

> The first rule of prism is...
>
>
> *silence*
>
>
> :)
>
> On Tue, May 10, 2016 at 3:04 PM, Christopher Morrow
>  wrote:
> >
> >
> > On Tue, May 10, 2016 at 4:00 PM, Josh Reynolds 
> wrote:
> >>
> >> This is a large list that includes many Tier 1 network operators,
> >> government agencies,  and Fortune 500 network operators
> >
> >
> > no one gets calea requests because prism gets all requests?
> >
>

Re: CALEA

[Josh Reynolds]

The first rule of prism is...


*silence*


:)

On Tue, May 10, 2016 at 3:04 PM, Christopher Morrow
 wrote:
>
>
> On Tue, May 10, 2016 at 4:00 PM, Josh Reynolds  wrote:
>>
>> This is a large list that includes many Tier 1 network operators,
>> government agencies,  and Fortune 500 network operators
>
>
> no one gets calea requests because prism gets all requests?
>

Re: CALEA

[Christopher Morrow]

On Tue, May 10, 2016 at 4:00 PM, Josh Reynolds  wrote:

> This is a large list that includes many Tier 1 network operators,
> government agencies,  and Fortune 500 network operators
>

​no one gets calea requests because prism gets all requests?​

Re: CALEA

[Josh Reynolds]

This is a large list that includes many Tier 1 network operators,
government agencies,  and Fortune 500 network operators.

The silence should be telling.
On May 10, 2016 2:52 PM, "Matt Hoppes" 
wrote:

> Perhaps the silence is an indication no one is doing CALEA or knows
> anything about it?
>
> Personally, I can't say I've heard anything about CALEA, seen people
> trying to sell CALEA appliances, or received a CALEA request in maybe 8
> years?
>
> On 5/10/16 12:34 AM, Josh Reynolds wrote:
>
>> Hrm?
>> On May 9, 2016 11:04 PM, "shawn wilson"  wrote:
>>
>> The OP is also asking someone to register a throwaway email, subscribe,
>>> and
>>> respond "yes" so that the owner can't be tracked to their employer.
>>> That's
>>> kind of a steep ask for something that's almost moot.
>>> On May 9, 2016 23:16, "Greg Sowell"  wrote:
>>>
>>> I haven't had a request in ages...back then all of the links worked.
>>> On May 9, 2016 3:02 PM, "Jeremy Austin"  wrote:
>>>
>>> On Thu, May 5, 2016 at 4:43 PM, Justin Wilson  wrote:

  What is the community hearing about CALEA?
>
>
 Crickets?


 --
 Jeremy Austin

 (907) 895-2311
 (907) 803-5422
 jhaus...@gmail.com

 Heritage NetWorks
 Whitestone Power & Communications
 Vertical Broadband, LLC

 Schedule a meeting: http://doodle.com/jermudgeon


>>>

Re: CALEA

[Matt Hoppes]

Perhaps the silence is an indication no one is doing CALEA or knows 
anything about it?


Personally, I can't say I've heard anything about CALEA, seen people 
trying to sell CALEA appliances, or received a CALEA request in maybe 8 
years?


On 5/10/16 12:34 AM, Josh Reynolds wrote:

Hrm?
On May 9, 2016 11:04 PM, "shawn wilson"  wrote:


The OP is also asking someone to register a throwaway email, subscribe, and
respond "yes" so that the owner can't be tracked to their employer. That's
kind of a steep ask for something that's almost moot.
On May 9, 2016 23:16, "Greg Sowell"  wrote:

I haven't had a request in ages...back then all of the links worked.
On May 9, 2016 3:02 PM, "Jeremy Austin"  wrote:


On Thu, May 5, 2016 at 4:43 PM, Justin Wilson  wrote:


 What is the community hearing about CALEA?



Crickets?


--
Jeremy Austin

(907) 895-2311
(907) 803-5422
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Schedule a meeting: http://doodle.com/jermudgeon

Re: CALEA

[Josh Reynolds]

Hrm?
On May 9, 2016 11:04 PM, "shawn wilson"  wrote:

> The OP is also asking someone to register a throwaway email, subscribe, and
> respond "yes" so that the owner can't be tracked to their employer. That's
> kind of a steep ask for something that's almost moot.
> On May 9, 2016 23:16, "Greg Sowell"  wrote:
>
> I haven't had a request in ages...back then all of the links worked.
> On May 9, 2016 3:02 PM, "Jeremy Austin"  wrote:
>
> > On Thu, May 5, 2016 at 4:43 PM, Justin Wilson  wrote:
> >
> > > What is the community hearing about CALEA?
> > >
> >
> > Crickets?
> >
> >
> > --
> > Jeremy Austin
> >
> > (907) 895-2311
> > (907) 803-5422
> > jhaus...@gmail.com
> >
> > Heritage NetWorks
> > Whitestone Power & Communications
> > Vertical Broadband, LLC
> >
> > Schedule a meeting: http://doodle.com/jermudgeon
> >
>

Re: CALEA

[shawn wilson]

The OP is also asking someone to register a throwaway email, subscribe, and
respond "yes" so that the owner can't be tracked to their employer. That's
kind of a steep ask for something that's almost moot.
On May 9, 2016 23:16, "Greg Sowell"  wrote:

I haven't had a request in ages...back then all of the links worked.
On May 9, 2016 3:02 PM, "Jeremy Austin"  wrote:

> On Thu, May 5, 2016 at 4:43 PM, Justin Wilson  wrote:
>
> > What is the community hearing about CALEA?
> >
>
> Crickets?
>
>
> --
> Jeremy Austin
>
> (907) 895-2311
> (907) 803-5422
> jhaus...@gmail.com
>
> Heritage NetWorks
> Whitestone Power & Communications
> Vertical Broadband, LLC
>
> Schedule a meeting: http://doodle.com/jermudgeon
>

Re: CALEA

[Greg Sowell]

I haven't had a request in ages...back then all of the links worked.
On May 9, 2016 3:02 PM, "Jeremy Austin"  wrote:

> On Thu, May 5, 2016 at 4:43 PM, Justin Wilson  wrote:
>
> > What is the community hearing about CALEA?
> >
>
> Crickets?
>
>
> --
> Jeremy Austin
>
> (907) 895-2311
> (907) 803-5422
> jhaus...@gmail.com
>
> Heritage NetWorks
> Whitestone Power & Communications
> Vertical Broadband, LLC
>
> Schedule a meeting: http://doodle.com/jermudgeon
>

Re: CALEA

[Jeremy Austin]

On Thu, May 5, 2016 at 4:43 PM, Justin Wilson  wrote:

> What is the community hearing about CALEA?
>

Crickets?


-- 
Jeremy Austin

(907) 895-2311
(907) 803-5422
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Schedule a meeting: http://doodle.com/jermudgeon

Re: CALEA Requirements

[Sean Donelan]

The FBI CALEA folks have always had a somewhat expansive interpretation of 
their authorities.


For example, "dialed digit extraction."  The court cases supporting pen 
registers are based on business record exception, i.e. Smith v. Maryland 
says dial numbers are disclosed to the telephone company so the phone 
company can connect and bill the call do not have a reasonable 
expectation of privacy. The FBI expanded its pen-register authority to 
include all numbers dialed *DURING* the call because in the 1970's 
pen-register technology didn't stop recording digits (i.e. the "clicks") 
after a call was answered.  Although modern pen-register technology can 
distinguish between numbers dialed for the purpose of connecting the call, 
and numbers dialed during the call (i.e. your online banking PIN), and 
dialed digit extraction during VOIP calls is an extreme pain in the ass.


In the 1990's, the FBI convinced the FCC to order carriers under CALEA to 
do dialed digit extraction because "that's what they've always done," not 
because its what the law and court cases required.  Even the FCC says in 
its CALEA order, the FBI's justification was flimsy but the FCC wasn't 
willing to oppose the FBI.


As several folks have pointed out, talk to your own legal counsel.  The
FBI CALEA website is the FBI's interpretation of its authority, not 
necessarily what your own counsel would advise.

Re: CALEA Requirements

[Robert Haylock]

If you are a wireline ISP, start with the ATIS-113* docs, you will see
from the FBI link below, different services and carrier types (e.g. voice
or cable) have additional needs on top of this.

As Scott said, your legal/regulatory team needs to guide you to exactly
which in the listMAY apply in your situation, but from a technical point of
view you can at least get an idea about what you might have to do by
starting with the ATIS specs:

https://askcalea.fbi.gov/standards.html

Rob

On 14 March 2016 at 13:57, Scott Weeks  wrote:

>
>
> --- lor...@hathcock.org wrote:
> From: "Lorell Hathcock" 
>
> Can someone point me to the current CALEA requirements?
>
> As an ISP, should I be recording all internet traffic that passes my
> routers?  Or do I only have to record when and if I receive a court order?
>
> I'm not under any court order now, I just want to be sure that I am
> compliant going forward in my capabilities.
> -
>
>
> This is something your company's lawyers should hash out.
> That said, you shouldn't record anything unless forced to
> do so.  It'll just make pervasive surveillance easier.
>
> scott
>

Re: CALEA Requirements

[Lorell Hathcock]

Thanks for the tips. All good info. 

Sent from my iPhone

> On Mar 18, 2016, at 3:31 PM, Kraig Beahn  wrote:
> 
> I believe Scott, just hit the nail on the head...
> "but keep in mind that it's normal for people who have
> had to fulfill a request *to be disallowed from talking about it* which
> makes
> them seem even more rare than they actually are."
> 
>> On Fri, Mar 18, 2016 at 4:28 PM, Scott Helms  wrote:
>> 
>> Kevin,
>> 
>> That's largely true, but keep in mind that it's normal for people who have
>> had to fulfill a request to be disallowed from talking about it which makes
>> them seem even more rare than they actually are.  I'm also not familiar
>> with any laws that prevent state or local agencies from leveraging CALEA
>> and I've certainly seen it used on the voice side by state level law
>> enforcement.
>> 
>> 
>> Scott Helms
>> Chief Technology Officer
>> ZCorum
>> (678) 507-5000
>> 
>> http://twitter.com/kscotthelms
>> 
>> 
>> On Fri, Mar 18, 2016 at 4:19 PM, Kevin Burke > wrote:
>> 
>>> Ignore it until you get the paperwork.  The local law enforcement can not
>>> get a warrant for the real time, full data capture.  Only FBI or other
>>> national agencies can get those subpeona's.  We went through this with
>> our
>>> local police department.  They wanted to make sure we were prepared and
>>> wanted a test for the real time number capture on phone calls.  They
>> didn't
>>> mention they don't have any equipment on their side to connect the T1.
>>> 
>>> Ask your local neighbors.  Some area's have a number of local federal
>>> investigations.  If you get the deer in the headlights look from your
>>> competition then you may never get one of these.
>>> 
>>> The full data captures are rare.
>>> 
>>> Kevin Burke
>>> 802-540-0979
>>> Burlington Telecom - City of Burlington
>>> 200 Church St, Burlington, VT 05401
>>> 
>>> -Original Message-
>>> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Lorell
>> Hathcock
>>> Sent: Monday, March 14, 2016 4:47 PM
>>> To: 'NANOG list' 
>>> Subject: CALEA Requirements
>>> 
>>> NANOG:
>>> 
>>> 
>>> 
>>> Can someone point me to the current CALEA requirements?
>>> 
>>> 
>>> 
>>> As an ISP, should I be recording all internet traffic that passes my
>>> routers?  Or do I only have to record when and if I receive a court
>> order?
>>> 
>>> 
>>> 
>>> I'm not under any court order now, I just want to be sure that I am
>>> compliant going forward in my capabilities.
>>> 
>>> 
>>> 
>>> Thanks!
>>> 
>>> 
>>> 
>>> Lorell Hathcock
>> 

Re: CALEA Requirements

[Scott Helms]

Kevin,

That's largely true, but keep in mind that it's normal for people who have
had to fulfill a request to be disallowed from talking about it which makes
them seem even more rare than they actually are.  I'm also not familiar
with any laws that prevent state or local agencies from leveraging CALEA
and I've certainly seen it used on the voice side by state level law
enforcement.


Scott Helms
Chief Technology Officer
ZCorum
(678) 507-5000

http://twitter.com/kscotthelms


On Fri, Mar 18, 2016 at 4:19 PM, Kevin Burke 
wrote:

> Ignore it until you get the paperwork.  The local law enforcement can not
> get a warrant for the real time, full data capture.  Only FBI or other
> national agencies can get those subpeona's.  We went through this with our
> local police department.  They wanted to make sure we were prepared and
> wanted a test for the real time number capture on phone calls.  They didn't
> mention they don't have any equipment on their side to connect the T1.
>
> Ask your local neighbors.  Some area's have a number of local federal
> investigations.  If you get the deer in the headlights look from your
> competition then you may never get one of these.
>
> The full data captures are rare.
>
> Kevin Burke
> 802-540-0979
> Burlington Telecom - City of Burlington
> 200 Church St, Burlington, VT 05401
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Lorell Hathcock
> Sent: Monday, March 14, 2016 4:47 PM
> To: 'NANOG list' 
> Subject: CALEA Requirements
>
> NANOG:
>
>
>
> Can someone point me to the current CALEA requirements?
>
>
>
> As an ISP, should I be recording all internet traffic that passes my
> routers?  Or do I only have to record when and if I receive a court order?
>
>
>
> I'm not under any court order now, I just want to be sure that I am
> compliant going forward in my capabilities.
>
>
>
> Thanks!
>
>
>
> Lorell Hathcock
>
>

Re: CALEA Requirements

[Kraig Beahn]

I believe Scott, just hit the nail on the head...
"but keep in mind that it's normal for people who have
had to fulfill a request *to be disallowed from talking about it* which
makes
them seem even more rare than they actually are."

On Fri, Mar 18, 2016 at 4:28 PM, Scott Helms  wrote:

> Kevin,
>
> That's largely true, but keep in mind that it's normal for people who have
> had to fulfill a request to be disallowed from talking about it which makes
> them seem even more rare than they actually are.  I'm also not familiar
> with any laws that prevent state or local agencies from leveraging CALEA
> and I've certainly seen it used on the voice side by state level law
> enforcement.
>
>
> Scott Helms
> Chief Technology Officer
> ZCorum
> (678) 507-5000
> 
> http://twitter.com/kscotthelms
> 
>
> On Fri, Mar 18, 2016 at 4:19 PM, Kevin Burke  >
> wrote:
>
> > Ignore it until you get the paperwork.  The local law enforcement can not
> > get a warrant for the real time, full data capture.  Only FBI or other
> > national agencies can get those subpeona's.  We went through this with
> our
> > local police department.  They wanted to make sure we were prepared and
> > wanted a test for the real time number capture on phone calls.  They
> didn't
> > mention they don't have any equipment on their side to connect the T1.
> >
> > Ask your local neighbors.  Some area's have a number of local federal
> > investigations.  If you get the deer in the headlights look from your
> > competition then you may never get one of these.
> >
> > The full data captures are rare.
> >
> > Kevin Burke
> > 802-540-0979
> > Burlington Telecom - City of Burlington
> > 200 Church St, Burlington, VT 05401
> >
> > -Original Message-
> > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Lorell
> Hathcock
> > Sent: Monday, March 14, 2016 4:47 PM
> > To: 'NANOG list' 
> > Subject: CALEA Requirements
> >
> > NANOG:
> >
> >
> >
> > Can someone point me to the current CALEA requirements?
> >
> >
> >
> > As an ISP, should I be recording all internet traffic that passes my
> > routers?  Or do I only have to record when and if I receive a court
> order?
> >
> >
> >
> > I'm not under any court order now, I just want to be sure that I am
> > compliant going forward in my capabilities.
> >
> >
> >
> > Thanks!
> >
> >
> >
> > Lorell Hathcock
> >
> >
>

RE: CALEA Requirements

[Kevin Burke]

Ignore it until you get the paperwork.  The local law enforcement can not get a 
warrant for the real time, full data capture.  Only FBI or other national 
agencies can get those subpeona's.  We went through this with our local police 
department.  They wanted to make sure we were prepared and wanted a test for 
the real time number capture on phone calls.  They didn't mention they don't 
have any equipment on their side to connect the T1.  

Ask your local neighbors.  Some area's have a number of local federal 
investigations.  If you get the deer in the headlights look from your 
competition then you may never get one of these.

The full data captures are rare.

Kevin Burke
802-540-0979
Burlington Telecom - City of Burlington
200 Church St, Burlington, VT 05401

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Lorell Hathcock
Sent: Monday, March 14, 2016 4:47 PM
To: 'NANOG list' 
Subject: CALEA Requirements

NANOG:

 

Can someone point me to the current CALEA requirements?

 

As an ISP, should I be recording all internet traffic that passes my routers?  
Or do I only have to record when and if I receive a court order?

 

I'm not under any court order now, I just want to be sure that I am compliant 
going forward in my capabilities.

 

Thanks!

 

Lorell Hathcock

Re: CALEA Requirements

[Scott Weeks]

--- lor...@hathcock.org wrote:
From: "Lorell Hathcock" 

Can someone point me to the current CALEA requirements?

As an ISP, should I be recording all internet traffic that passes my
routers?  Or do I only have to record when and if I receive a court order?

I'm not under any court order now, I just want to be sure that I am
compliant going forward in my capabilities.
-


This is something your company's lawyers should hash out.  
That said, you shouldn't record anything unless forced to 
do so.  It'll just make pervasive surveillance easier.

scott

Re: CALEA options for small/midsize ISPs

[Jay Ashworth]

- Original Message -
> From: "Jimmy Hess" 

> Forget about FCC civil penalties: the LEA may start arresting
> managers responsible for refusal, on the charges of obstruction, due
> to interfering with an investigation.
> 
> People might talk about refusing to process a CALEA warrant.
> 
> IF/when they do receive such a lawful order: I am almost positive
> they will respond in some way other than a refusal to attempt to
> comply.
> 
> So that's probably why it's not likely we will hear of a refusal
> occuring, at least for a long time

Yes, "constructive" refusal is much harder to prove.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

Re: CALEA options for small/midsize ISPs

[Jimmy Hess]

On 1/20/13, Warren Bailey  wrote:
[snip]
> want to play ball, they take what you give with a smile. I would be
> curious to see what would happen if a lawful intercept request came
> through and the service provider refused to process it. I have been a

The LEAs might be flexible in how they are willing to take the data.
But it would be a very dangerous proposition indeed to outright
'refuse';   I am sure most organizations would be exhausting   every
reasonable course to satisfy the requirements of the order.

Forget about FCC civil  penalties:  the LEA may start arresting
managers responsible for refusal,  on the charges of obstruction,  due
to interfering with an investigation.

People might talk about refusing to process  a CALEA warrant.

IF/when they do receive such a lawful order:   I am almost positive
they  will respond in some way other  than a refusal to attempt to
comply.


So that's probably why it's not likely we will hear of a refusal
occuring, at least for a long time

> On 1/20/13 8:10 PM, "Justin Wilson"  wrote:
[snip]
--
-JH

Re: CALEA options for small/midsize ISPs

[Warren Bailey]

I have yet to see a lot of networks in TRUE compliance with CALEA
requirements. Most of the time, it's some intermediate box that is doing a
netflow-esque imports from routers that net/j/xyzflow normally. The only
issue I/we ever ran into was how to in fact process the LEA request for an
actual CALEA intercept (as you pointed out, there are differences). At the
end of the day, I'm not totally convinced there is a completely tried and
true way to get it out. The burden is on the SP to show some level of
compliance, which I think is probably done pretty well at the end of the
day. The CALEA equipment is often very expensive, and often the expense is
just not feasible to many small to mid sized ISP's.

On another note, the CALEA for telephony is absolutely rock solid. They
can include Side A and Side B (to show a party was indeed talking on the
phone for evidence purposes), they can have the switch center
automatically call the LEA to listen in on the conversation in real time.
All said, the phone guys have been processing wire taps and LEA requests
for years, and do it on a fairly regular basis. I have never actually seen
a real life CALEA request for real time interception of data (not saying
they don't exist), so I have little experience in actually pressing the
button. I think as long as you're showing the local/state/feds that you
want to play ball, they take what you give with a smile. I would be
curious to see what would happen if a lawful intercept request came
through and the service provider refused to process it. I have been a
party to many discussions as to the application of CALEA and most people
believe (rightly or not) they are not required to comply.

On 1/20/13 8:10 PM, "Justin Wilson"  wrote:

>   I agree with the TTP taking the IP traffic.  They simply re-package it
>for the LEA.
>
>   It's up to the LEA to take the traffic flow or not. If it's a true CALEA
>warrant, not a normal wire tap, the defense could argue they did not
>follow protocol.
>
>   Justin
>
>
>-Original Message-
>From: Frank Bulk 
>Date: Sunday, January 20, 2013 11:03 PM
>To: Justin Wilson , 
>Subject: RE: CALEA options for small/midsize ISPs
>
>>Our Trusted Third Party (TTP) asked us to IP Traffic Export.  As others
>>commented in this forum, the LEAs is not looking for SPs to replace their
>>entire networks to create an ideal CALEA-compliant environment.  It's my
>>understanding that LEA will take a Cisco IP Traffic Export flow.
>>
>>Frank
>>
>>-----Original Message-
>>From: Justin Wilson [mailto:li...@mtin.net]
>>Sent: Sunday, January 20, 2013 9:54 PM
>>To: nanog@nanog.org
>>Subject: Re: CALEA options for small/midsize ISPs
>>
>>  I don't see any mention of CALEA. A traffic dump won't satisfy a
>>CALEA
>>warrant.
>>
>>  Justin
>>
>>
>>-Original Message-
>>From: Frank Bulk 
>>Date: Sunday, January 20, 2013 10:31 PM
>>To: 'Warren Bailey' , Byron
>>Hooper
>>, 
>>Subject: RE: CALEA options for small/midsize ISPs
>>
>>>Another option is the IP traffic export option.
>>>http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.
>>>h
>>>t
>>>ml
>>>
>>>Frank
>>>
>>>-Original Message-
>>>From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com]
>>>Sent: Sunday, January 20, 2013 6:34 PM
>>>To: Byron Hooper; nanog@nanog.org
>>>Subject: RE: CALEA options for small/midsize ISPs
>>>
>>>We used Cisco for lawful intercept.. Their mibs are wanky and at the
>>>time
>>>only the 7206 was support for the LI functionality. Food for thought.
>>>
>>>
>>>From my Android phone on T-Mobile. The first nationwide 4G network.
>>>
>>>
>>>
>>> Original message 
>>>From: Byron Hooper 
>>>Date: 01/20/2013 3:00 PM (GMT-08:00)
>>>To: nanog@nanog.org
>>>Subject: CALEA options for small/midsize ISPs
>>>
>>>
>>>Hello All,
>>>
>>>My company is looking at updating our CALEA set up.  Our network has
>>>changed appreciably since our initial rollout and I am looking at
>>>utilizing
>>>Cisco's Lawful Intercept.  I'm wondering what people are using as
>>>"Mediator
>>>Devices", aka what the Cisco routers are sending the Lawful Intercept
>>>stream to.
>>>
>>>Cisco's Lawful Intercept seems like a solid option since all it requires
>>>for us is an IOS upgrade on our core routers and something to act as a
>>>Mediator, but I'm also interested in solutions others are using.
>>>
>>>
>>>
>>>--
>>>Byron Hooper
>>>Network Engineer
>>>GWI
>>>8 Pomerleau Street
>>>Biddeford, ME 04005
>>>Office & Cell: (207) 602-1215
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
>
>

Re: CALEA options for small/midsize ISPs

[Justin Wilson]

I agree with the TTP taking the IP traffic.  They simply re-package it
for the LEA.

It's up to the LEA to take the traffic flow or not. If it's a true CALEA
warrant, not a normal wire tap, the defense could argue they did not
follow protocol.

Justin


-Original Message-
From: Frank Bulk 
Date: Sunday, January 20, 2013 11:03 PM
To: Justin Wilson , 
Subject: RE: CALEA options for small/midsize ISPs

>Our Trusted Third Party (TTP) asked us to IP Traffic Export.  As others
>commented in this forum, the LEAs is not looking for SPs to replace their
>entire networks to create an ideal CALEA-compliant environment.  It's my
>understanding that LEA will take a Cisco IP Traffic Export flow.
>
>Frank
>
>-Original Message-
>From: Justin Wilson [mailto:li...@mtin.net]
>Sent: Sunday, January 20, 2013 9:54 PM
>To: nanog@nanog.org
>Subject: Re: CALEA options for small/midsize ISPs
>
>   I don't see any mention of CALEA. A traffic dump won't satisfy a
>CALEA
>warrant.
>
>   Justin
>
>
>-Original Message-
>From: Frank Bulk 
>Date: Sunday, January 20, 2013 10:31 PM
>To: 'Warren Bailey' , Byron Hooper
>, 
>Subject: RE: CALEA options for small/midsize ISPs
>
>>Another option is the IP traffic export option.
>>http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.h
>>t
>>ml
>>
>>Frank
>>
>>-Original Message-----
>>From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com]
>>Sent: Sunday, January 20, 2013 6:34 PM
>>To: Byron Hooper; nanog@nanog.org
>>Subject: RE: CALEA options for small/midsize ISPs
>>
>>We used Cisco for lawful intercept.. Their mibs are wanky and at the time
>>only the 7206 was support for the LI functionality. Food for thought.
>>
>>
>>From my Android phone on T-Mobile. The first nationwide 4G network.
>>
>>
>>
>> Original message 
>>From: Byron Hooper 
>>Date: 01/20/2013 3:00 PM (GMT-08:00)
>>To: nanog@nanog.org
>>Subject: CALEA options for small/midsize ISPs
>>
>>
>>Hello All,
>>
>>My company is looking at updating our CALEA set up.  Our network has
>>changed appreciably since our initial rollout and I am looking at
>>utilizing
>>Cisco's Lawful Intercept.  I'm wondering what people are using as
>>"Mediator
>>Devices", aka what the Cisco routers are sending the Lawful Intercept
>>stream to.
>>
>>Cisco's Lawful Intercept seems like a solid option since all it requires
>>for us is an IOS upgrade on our core routers and something to act as a
>>Mediator, but I'm also interested in solutions others are using.
>>
>>
>>
>>--
>>Byron Hooper
>>Network Engineer
>>GWI
>>8 Pomerleau Street
>>Biddeford, ME 04005
>>Office & Cell: (207) 602-1215
>>
>>
>>
>>
>
>
>
>
>

RE: CALEA options for small/midsize ISPs

[Frank Bulk]

Our Trusted Third Party (TTP) asked us to IP Traffic Export.  As others
commented in this forum, the LEAs is not looking for SPs to replace their
entire networks to create an ideal CALEA-compliant environment.  It's my
understanding that LEA will take a Cisco IP Traffic Export flow.

Frank

-Original Message-
From: Justin Wilson [mailto:li...@mtin.net] 
Sent: Sunday, January 20, 2013 9:54 PM
To: nanog@nanog.org
Subject: Re: CALEA options for small/midsize ISPs

I don't see any mention of CALEA. A traffic dump won't satisfy a
CALEA
warrant.

Justin


-Original Message-
From: Frank Bulk 
Date: Sunday, January 20, 2013 10:31 PM
To: 'Warren Bailey' , Byron Hooper
, 
Subject: RE: CALEA options for small/midsize ISPs

>Another option is the IP traffic export option.
>http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.ht
>ml
>
>Frank
>
>-Original Message-
>From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com]
>Sent: Sunday, January 20, 2013 6:34 PM
>To: Byron Hooper; nanog@nanog.org
>Subject: RE: CALEA options for small/midsize ISPs
>
>We used Cisco for lawful intercept.. Their mibs are wanky and at the time
>only the 7206 was support for the LI functionality. Food for thought.
>
>
>From my Android phone on T-Mobile. The first nationwide 4G network.
>
>
>
> Original message 
>From: Byron Hooper 
>Date: 01/20/2013 3:00 PM (GMT-08:00)
>To: nanog@nanog.org
>Subject: CALEA options for small/midsize ISPs
>
>
>Hello All,
>
>My company is looking at updating our CALEA set up.  Our network has
>changed appreciably since our initial rollout and I am looking at
>utilizing
>Cisco's Lawful Intercept.  I'm wondering what people are using as
>"Mediator
>Devices", aka what the Cisco routers are sending the Lawful Intercept
>stream to.
>
>Cisco's Lawful Intercept seems like a solid option since all it requires
>for us is an IOS upgrade on our core routers and something to act as a
>Mediator, but I'm also interested in solutions others are using.
>
>
>
>--
>Byron Hooper
>Network Engineer
>GWI
>8 Pomerleau Street
>Biddeford, ME 04005
>Office & Cell: (207) 602-1215
>
>
>
>

Re: CALEA options for small/midsize ISPs

[Justin Wilson]

I don't see any mention of CALEA. A traffic dump won't satisfy a CALEA
warrant.

Justin


-Original Message-
From: Frank Bulk 
Date: Sunday, January 20, 2013 10:31 PM
To: 'Warren Bailey' , Byron Hooper
, 
Subject: RE: CALEA options for small/midsize ISPs

>Another option is the IP traffic export option.
>http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.ht
>ml
>
>Frank
>
>-Original Message-
>From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com]
>Sent: Sunday, January 20, 2013 6:34 PM
>To: Byron Hooper; nanog@nanog.org
>Subject: RE: CALEA options for small/midsize ISPs
>
>We used Cisco for lawful intercept.. Their mibs are wanky and at the time
>only the 7206 was support for the LI functionality. Food for thought.
>
>
>From my Android phone on T-Mobile. The first nationwide 4G network.
>
>
>
> Original message 
>From: Byron Hooper 
>Date: 01/20/2013 3:00 PM (GMT-08:00)
>To: nanog@nanog.org
>Subject: CALEA options for small/midsize ISPs
>
>
>Hello All,
>
>My company is looking at updating our CALEA set up.  Our network has
>changed appreciably since our initial rollout and I am looking at
>utilizing
>Cisco's Lawful Intercept.  I'm wondering what people are using as
>"Mediator
>Devices", aka what the Cisco routers are sending the Lawful Intercept
>stream to.
>
>Cisco's Lawful Intercept seems like a solid option since all it requires
>for us is an IOS upgrade on our core routers and something to act as a
>Mediator, but I'm also interested in solutions others are using.
>
>
>
>--
>Byron Hooper
>Network Engineer
>GWI
>8 Pomerleau Street
>Biddeford, ME 04005
>Office & Cell: (207) 602-1215
>
>
>
>

RE: CALEA options for small/midsize ISPs

[Frank Bulk]

Another option is the IP traffic export option.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.html

Frank

-Original Message-
From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] 
Sent: Sunday, January 20, 2013 6:34 PM
To: Byron Hooper; nanog@nanog.org
Subject: RE: CALEA options for small/midsize ISPs

We used Cisco for lawful intercept.. Their mibs are wanky and at the time
only the 7206 was support for the LI functionality. Food for thought.


>From my Android phone on T-Mobile. The first nationwide 4G network.



 Original message 
From: Byron Hooper 
Date: 01/20/2013 3:00 PM (GMT-08:00)
To: nanog@nanog.org
Subject: CALEA options for small/midsize ISPs


Hello All,

My company is looking at updating our CALEA set up.  Our network has
changed appreciably since our initial rollout and I am looking at utilizing
Cisco's Lawful Intercept.  I'm wondering what people are using as "Mediator
Devices", aka what the Cisco routers are sending the Lawful Intercept
stream to.

Cisco's Lawful Intercept seems like a solid option since all it requires
for us is an IOS upgrade on our core routers and something to act as a
Mediator, but I'm also interested in solutions others are using.



--
Byron Hooper
Network Engineer
GWI
8 Pomerleau Street
Biddeford, ME 04005
Office & Cell: (207) 602-1215

Re: CALEA options for small/midsize ISPs

[Christopher Morrow]

On Fri, Jan 18, 2013 at 4:52 PM, Byron Hooper  wrote:
> Hello All,
>
> My company is looking at updating our CALEA set up.  Our network has
> changed appreciably since our initial rollout and I am looking at utilizing
> Cisco's Lawful Intercept.  I'm wondering what people are using as "Mediator
> Devices", aka what the Cisco routers are sending the Lawful Intercept
> stream to.
>
> Cisco's Lawful Intercept seems like a solid option since all it requires
> for us is an IOS upgrade on our core routers and something to act as a
> Mediator, but I'm also interested in solutions others are using.

not that when I last looked there were some pretty serious speed/feed
problems with this solution. (like 15kpps max)

I believe packetforensics still ships boxes that do the intercept and
I believe send data off to LEA in the right format:
  

it'd require these to be in place between PE and CE though, which is
'ok' if you have an all fiber type deployment.

>
>
>
> --
> Byron Hooper
> Network Engineer
> GWI
> 8 Pomerleau Street
> Biddeford, ME 04005
> Office & Cell: (207) 602-1215

RE: CALEA options for small/midsize ISPs

[Warren Bailey]

We used Cisco for lawful intercept.. Their mibs are wanky and at the time only 
the 7206 was support for the LI functionality. Food for thought.


>From my Android phone on T-Mobile. The first nationwide 4G network.



 Original message 
From: Byron Hooper 
Date: 01/20/2013 3:00 PM (GMT-08:00)
To: nanog@nanog.org
Subject: CALEA options for small/midsize ISPs


Hello All,

My company is looking at updating our CALEA set up.  Our network has
changed appreciably since our initial rollout and I am looking at utilizing
Cisco's Lawful Intercept.  I'm wondering what people are using as "Mediator
Devices", aka what the Cisco routers are sending the Lawful Intercept
stream to.

Cisco's Lawful Intercept seems like a solid option since all it requires
for us is an IOS upgrade on our core routers and something to act as a
Mediator, but I'm also interested in solutions others are using.



--
Byron Hooper
Network Engineer
GWI
8 Pomerleau Street
Biddeford, ME 04005
Office & Cell: (207) 602-1215

Re: CALEA options for small/midsize ISPs

[Justin Wilson]

Are you looking at a Mediation box because you are doing VOIP?

Other than Cisco I am familiar with DeepSweep.

I have heard of Verint, Utimaco, and Pine Digital.  However, no 1st hand
knowledge or anything other than passing. :-)

Justin

--
Justin Wilson 
Aol & Yahoo IM: j2sw
http://www.mtin.net/blog ­ xISP News
http://www.twitter.com/j2sw ­ Follow me on Twitter
http://www.thebrotherswisp.com/ - The Brothers WISP podcast





-Original Message-
From: Byron Hooper 
Date: Friday, January 18, 2013 4:52 PM
To: 
Subject: CALEA options for small/midsize ISPs

>Hello All,
>
>My company is looking at updating our CALEA set up.  Our network has
>changed appreciably since our initial rollout and I am looking at
>utilizing
>Cisco's Lawful Intercept.  I'm wondering what people are using as
>"Mediator
>Devices", aka what the Cisco routers are sending the Lawful Intercept
>stream to.
>
>Cisco's Lawful Intercept seems like a solid option since all it requires
>for us is an IOS upgrade on our core routers and something to act as a
>Mediator, but I'm also interested in solutions others are using.
>
>
>
>-- 
>Byron Hooper
>Network Engineer
>GWI
>8 Pomerleau Street
>Biddeford, ME 04005
>Office & Cell: (207) 602-1215
>

Re: CALEA options for a small ISP/ITSP

[Larry Smith]

On Mon November 26 2012 09:38, Matthew Crocker wrote:
> I have a CALEA appliance from BearHill that I 'rent'.  It has been in my
> network for years.  I'm looking for other alternative solutions for CALEA
> compliance with a small ISP.   It looks like OpenCalea is a dead project.  
>  What is everyone else using?
>
> My current solution is $1k/month and I rarely get subpoenas, I've never had
> a wiretap one.
>
> My ISP network is a mix of Cisco and Juniper gear.   I have a couple GigE
> connections to my upstreams and push 300-400mbps through the network.
>
> I would think that wireshark pcap files would be enough :(
>

Believe Mikrotik boxes support CALEA, you might check www.mikrotik.com

-- 
Larry Smith
lesm...@ecsis.net