The Impact of CALEA on Higher Ed
From - CALEA: What Could It Mean for Your Network?
Presented by:
Douglas Carlson, Executive Director, Communications and Computing Services, New York University
Wendy Wigen, Policy Analyst, EDUCAUSE
Requirements:
- Service provider would administer – turn on “lawful intercept” feature of switch, controls access function and delivery function – “securely deliver information to Law Enforcement Agency”
- Universities will turn on, maintain and turn off communications intercept at the request of law enforcement, and send all data to Law Enforcement Agency in real time over VPN or leased line.
- Training and background checks of involved employees
- Establishment of 24/7 contact
- Contact person needs to be a citizen so LEA can hold that person accountable in court if something goes wrong.
- Creation and documentation of processes
- Filing documentation and testifying as to CALEA compliance
- Campus would pay for all aspects included in above, with the possible exception of a leased line to LEA.
Other Considerations:
- University does not have to decrypt or decompress data.
- All communication needs to be forwarded, IM email etc. - Anything over IP
- Law Enforcement may ask for all communications from:
- an IP address
- AN INDIVIDUAL.
- Surveillance intra-campus – yes.
Other questions – is E 911 now extended to university networks?
Predictions:
CALEA will be challenged in court, pushing deadline out past 18 months, extension of original CALEA may be declared invalid, but need to prepare regardless.
Current Educause Proposal
- HE’s will establish
- Single point of contact on every campus
- Standard procedures
- 24 x 7 assistance
- Personnel trained in procedural, legal and technical aspects of wiretap requests
- A process to replace some gateway equipment as part of the normal replacement cycle
About the CALEA Revision
Applies to facilities based ISP = entities that provide switching between end user and public network. A private network does not the capacity to connect to public network at all.
I2, state and regional may be exempt.
Part 1 of the extension is in the federal registry, establishes an 18 month time limit for compliance and discusses who’s covered.
Part 2 will discuss standards of compliance and special cases will be determined. The standards have been voted on, adding 85 new standards to existing CALEA standards, and will be made available in a few weeks.
Arguments
Legal Justification
Original statement “telecom carrier” includes substantial portion clause – our network replaces a substantial portion of local network
Broadband replaces dial up
VoIP replaces POTS
We are telecom carrier for CALEA only, not other regulations
Law Enforcement
Law enforcement says – internet is increasingly communication vehicle of choice for criminal activity
Difficult to find someone at HE who knows how to perform tap
Legal intercepts need to be easier
An “exempt” system is magnet for criminal activity (may make a “special provision” but not an exemption)
Higher Education and Libraries
Ed and libraries say
Congress should decide, not FCC or DOJ
LE has sufficient access now
Cost to complete can’t be justified
Will slow innovation
History of wiretapping
60’s – easy, one phone company, basic technology – law enforcement was tapping phones but couldn’t use it as evidence
68 – Made it legal so law enforcement can use it as evidence in court.
80’s Deregulation = multiple companies, cell phones analog to digital transmissions
94 – Congress passed CALEA – required design networks to help law enforcement, stopped at PBX, did not include internet
2004 – VOIP wiretapping isn’t getting easier
# of wiretaps in 2004
Real time content = title II “wiretap order” – highest burden of proof, lots of paperwork
1712 regular court in
1754 under FISA secret court related to terrorism and most relevant re: impact on higher ed.
CALEA – 8/5 extended to include facilities based ISP, not just commercial voice provider
