calea status overview common solutions group september 20, 2006 doug carlson executive director,...
TRANSCRIPT
CALEA Status Overview
Common Solutions GroupSeptember 20, 2006
Doug CarlsonExecutive Director, Communications & Computing
ServicesNew York University
2
What’s the status? Legal challenges to the FCC expansion of
CALEA to broadband were not won – but there were some benefits
Court agreed that internal portions of private networks cannot be required to comply with CALEA – at most, compliance required only at gateway
Value of gateway intercept
May 14, 2007, remains the date for CALEA compliance
Title 18 obligations to assist Law Enforcement with intercepts has not changed
3
What’s the status? (continued) Uncertainty about which networks and
institutions are exempt from CALEA
Uncertainty about what “compliance” means
Uncertainty about systems and services available to implement compliance
4
Exempt/Non-Exempt Tests(per ACE perspective)
Does the organization “support” the connection to the Internet? “Support” is undefined What is meant by Internet is unclear
Is it a “private network”? “Private network” is undefined
5
What is compliance?
Not yet defined
FCC/DOJ looking to industry and Law Enforcement to work together to develop “safe harbor” standards Completed by end of year?
6
Systems and services for compliance Institution complies using own equipment
Intercept capabilities (routers, probes) Format data and send to Law Enforcement Agencies
(mediation device)
Trusted Third Parties (NeuStar, VeriSign, etc.) handle as a service
EDUCAUSE CALEA Tech. group gathering information on what is available and/or planned by vendors
7
Suggestions for actions Meet with your legal department and come
to agreement on exempt/non-exempt status If not exempt, follow-up on compliance
requirements and options when available
Watch EDUCAUSE web site for best practices for complying with existing Title 18 requirements and consider implementing
8
Related issues
Possible new legislation
Network authentication of terminals on campus (e.g., 802.1x)
Data retention of logs and other records
9
Discussion