CALEA Panel - PowerPoint PPT Presentation

About This Presentation

Title:

CALEA Panel

Description:

The FCC recently extended CALEA to apply to broadband Internet access and ... reasonable for the FCC to construe the term 'information services' differently ... – PowerPoint PPT presentation

Number of Views:20

Avg rating:3.0/5.0

Slides: 41

Provided by: dougca6

Category:

more less

Transcript and Presenter's Notes

Title: CALEA Panel

1
CALEA Panel

Internet2 Member Meeting
December 6, 2006

2
Panel Members

Eric Boyd (moderator) - Internet2
Email eboyd_at_internet2.edu
Matt Brill - Latham Watkins
Email Matthew.Brill_at_lw.com
Doug Carlson - New York University
Email doug.carlson_at_nyu.edu
Shaun Abshere WiscNet
Email sabshere_at_mail.wiscnet.net
Steve Wallace - Internet2
Email ssw_at_anml.iu.edu

3
CALEA

Communications Assistance for Law Enforcement Act
(CALEA)
The FCC recently extended CALEA to apply to
broadband Internet access and interconnected
Voice over IP
Deals with the manner in which assistance must be
provided to Law Enforcement - not whether
assistance must be provided

4
Early Concerns

Concern within the higher education community
about its impact on campuses on higher education
networks
Who is covered?
What constitutes CALEA compliance?
What are the risks (legal and technical)?
What are the costs (financial and philosophical)?

5
CALEA

Cost to universities was initially thought to be
enormous
American Council on Education (ACE) led a
coalition to challenge the FCC over the
application of CALEA to higher ed.
Latham Watkins (especially Matt Brill) were
engaged to assist

6
Agenda

Introductions - Eric Boyd
Legal Issues - Matt Brill
Campus perspective - Doug Carlson
State and regional networks perspective - Shaun
Abshere
Internet2 perspective - Steve Wallace
QA and prepared questions

7
CALEA and Higher Education Networks

Presented to Internet2 Fall Member Meeting
Matthew A. Brill
Partner, Latham Watkins, LLP

8
The FCCs August 2005 Order

In response to a petition filed by DOJ and the
FBI, the FCC adopted an order extending the scope
of CALEA to include all facilities-based
providers of broadband Internet access and
interconnected VoIP services.
The FCC relied on the Substantial Replacement
Provision to subject providers of
facilities-based broadband and interconnected
VoIP services to the assistance-capability
requirements in CALEA.
The FCC established a compliance deadline of May
2007.

9
Applicability of CALEA to Private Networks

The FCCs Order recognized that private
broadband networks or intranets that enable
members to communicate with one another and/or to
receive information from shared data libraries
not available to the general public . . . appear
to be private networks for purposes of CALEA,
and thus exempt.
At the same time, however, the Order suggested
that the exemption could be lost if such private
networks connect to the Internet, as virtually
all higher education networks do. The Order
stated To the extent that . . . private
networks are interconnected with a public
network, either the PSTN or the Internet,
providers of the facilities that support the
connection of the private network to the public
network are subject to CALEA under the SRP.
In subsequent meetings and press statements, the
FCC declined to elaborate on the meaning of this
statement.

10
Court Appeal

A coalition of parties representing higher
education as well as providers of broadband and
VoIP services, privacy groups, and other public
interest organizations appealed the FCC Order.
The appeal contended that the FCCs Order
violated CALEAs exemption of information
services and private networks.
In response to our opening brief, the Government
briefs acknowledged a key limitation on the
application of CALEA to higher education
networks. In particular, the FCC clarified that
its Order applies to private network operators
that provide their own connection to the
Internet, which are subject to CALEA with
respect to that connection, but does not apply to
those that contract with an ISP for that
connection. The Department of Justice agreed
that CALEA applies at most to Internet gateway
facilities, rather than to the internal portions
of private networks.

11
Court Decision

On June 9, the court of appeals issued an opinion
upholding the FCC Order. (A petition for
rehearing filed by certain petitioners was later
denied.)
The court ruled that differences in the
structures and purposes of CALEA and the
Communications Act made it reasonable for the FCC
to construe the term information services
differently under the two statutes.
More favorably, the court made clear that CALEA
expressly excludes private networks from its
reach. The court also found that the FCC had
not yet attempted to apply CALEA obligations to
the internal portions of private networks. But
the court did not address the circumstances under
which Internet gateways are subject to CALEA.

12
What Does This Mean for Higher Education?

There are still unanswered questions, but the
Order, the Government briefs, and the court
decision taken together suggest two factors that
will determine whether colleges and universities
have any obligations under CALEA.
These factors are (1) whether the campus
network supports the connection to the
Internet, and (2) whether the campus network
qualifies as a private network.

13
Does the Campus Network Support the Connection
to the Internet?

While the language in the FCC Order is cryptic,
the FCCs court brief sets forth a more workable
test Colleges and universities that provide
their own connection to the Internet are subject
to CALEA (at least with respect to those Internet
connection facilities), while institutions that
rely on a third party for this connection are
exempt.
This still leaves some gray areas, but the FCC
most likely would conclude that an institution
provides its own Internet connection when it
constructs, purchases, leases, or otherwise
operates fiber optic or other transmission
facilities and associated switching equipment
that link the campus network to an ISPs point of
presence.
In contrast, the FCC most likely would conclude
that an institution is exempt if it obtains
access to the Internet by (1) contracting with an
ISP or regional network to pick up Internet
traffic from a campus border router, (2)
purchasing a private line or other transmission
service from a telecommunications carrier on a
contractual or tariffed basis (as opposed to
leasing dark fiber or other facilities), or (3)
relying on some combination of these approaches.

14
Is the Campus Network a Private Network?

If a campus network is closed (i.e., does not
connect to the Internet), it is clearly exempt
from CALEA under the private network exemption.
Interconnected networks that support their own
Internet connection appear to enjoy a limited
exemption if they otherwise qualify as private.
Specifically, only the gateway equipment itself
is subject to CALEA the Internet portions of a
private network remain exempt.
The FCC did not expressly define private
network, but the touchstone appears to be
limited availability to specific members or
constituents of an organization. Thus, a campus
network that is available only to students,
faculty, and administrators should be considered
a private network, which means CALEA applies at
most to the Internet gateway equipment.
In contrast, networks that provide general public
access and support a connection to the Internet
may well be subject to CALEA obligations
throughout the network, rather than only at the
gateway.

15
Compliance Obligations Under the Second Report
and Order

For entities that appear to be covered by CALEA,
the next steps under the Second Report and Order
are
Must submit report to FCC on system security
requirements which concern employee
supervision and recordkeeping at a date TBD
(likely in March 2007).
Also must submit compliance status form to FCC at
a date TBD.
Must be in full compliance by May 14, 2007. This
will require (1) installing new CALEA-compliant
gateway equipment, (2) contracting with a
trusted third party to provide the requisite
surveillance capabilities, or (3) developing a
customized network solution.

16
CALEA PanelUniversity Perspective

Internet2 Member Meeting
December 6, 2006

17
Ambiguity and CALEA
It is the mark of an instructed mind to rest
satisfied with the degree of precision which the
nature of the subject admits and not to seek
exactness when only an approximation of the truth
is possible. -
Aristotle
18
Whats the status?

Uncertainty about which networks and institutions
are exempt from CALEA
Uncertainty about exactly what compliance means
Uncertainty about systems and services available
to implement compliance

19
Existing Obligation Title 18

USC Title 18 provides the framework which
requires colleges and universities to assist law
enforcement with communications intercepts
An order authorizing the interception of a
wire, oral, or electronic communication under
this chapter shall, upon request of the
applicant, direct that a provider of wire or
electronic communication service, landlord,
custodian or other person shall furnish the
applicant forthwith all information, facilities,
and technical assistance necessary to accomplish
the interception unobtrusively and with a minimum
of interference with the services that such
service provider, landlord, custodian, or person
is according the person whose communications are
to be intercepted.

20
(No Transcript)
21
Exempt/Non-Exempt Tests(as Matt mentioned)

Does the organization support the connection to
the Internet?
Support is undefined
What is meant by Internet is unclear
Is it a private network?
Private network is not well-defined

22
What is compliance?

Not yet completely defined
FCC/DOJ looking to industry and Law Enforcement
to work together to develop safe harbor
standards

23
Recent News
Alliance for Telecommunications Industry
Solutions (ATIS) Working Document for Lawfully
Authorized Electronic Surveillance (LAES)for
Internet Access and Services Abstract Personal
communications has traditionally been carried via
wireline circuits pursuant to an arrangement with
a LEC. Recent advances in technology have
increased the variety and prevalence of more
flexible access arrangements. Internet Access and
Services can be obtained by establishing a
subscription based arrangement. This standard
provides capabilities to lawfully intercept
communications of subscription-based Internet
Access and Services arrangements. http//contribu
tions.atis.org/UPLOAD/PTSC/LAES/PTSC-LAES-2006-084
R6.doc
24
Options for Compliance

Institution complies using own equipment
Intercept capabilities (routers, probes)
Format and send to Law Enforcement Agencies
(mediation device)
Trusted Third Parties (e.g., Apogee, NeuStar,
VeriSign, etc.) handle as a service
EDUCAUSE CALEA Tech. group gathering information
on what is available and/or planned by vendors

25
Recent News

Oct. 19thOffice of Management and Budget seeking
comments by November 20th on information
collection associated with CALEA system security
requirements
The FCC is expected to announce soon a new filing
date for institutions and organizations which
need to comply with CALEA expected to be in
late February

26
Suggestions for actions

As Matt mentioned, meet with your legal
department and come to agreement on
exempt/non-exempt status
If not exempt, follow-up on compliance
requirements and options when available
Filing - date TBD
Complete technical and procedural compliance
activities by May 2007
Watch EDUCAUSE web site for best practices for
complying with existing Title 18 requirements and
consider implementing

27
Good information source

http//www.educause.edu/calea

28
State Research Education Network Perspective on
CALEA

Shaun Abshere
WiscNet

29
Law Enforcement StateNets

Subpoenas are most common (by far)lawful orders
served on StateNets
Wiretap and search warrants, national security
letters, FISA court orders are very, very rare
Handling almost always leads to delegationto
member institution

30
Private Network Test

K-20, library, government health institutions
are primary customers/members of StateNets
Institutions authenticate users
Very few StateNets support accessby general
public subscribers
Most StateNets pass private network test

31
Connection Test

Does a StateNet support the connection to the
Internet at its gateway facilities?
Both within and among StateNets,the answer to
this ambiguous test will vary by gateway
location and commodity I1 provider(multiple
gateway facilities gt ambiguity)
If a StateNet supports even one
connection,must it CALEA-comply at all gateway
facilities?
Failing connection test still leaves ambiguity

32
Diverse Opinion on Compliance

Legal opinion on connection support private
network varies among StateNets
CENIC (California) Assert exemption
UEN (Utah) Expect to comply at gateway
facilities (GF)
MOREnet (Missouri) Expect to comply at GF TTP?
ENA (IN TN K-12) Expect GF-compliance maybe
site
Merit (Michigan) Custom compliance at GF
WiscNet (Wisconsin) Expect to comply at GF

33
StateNets as Trusted 3d Parties

FCC Broadband CALEA Order permitstrusted 3d
party intercept providers
Much discussion in StateNet communityabout this
business opportunity,either based on custom
solutionor in partnership with for-profit vendors

34
CALEA PanelInternet2 Perspective

Internet2 Member Meeting
December 6, 2006

35
Internet2 Perspective

Goals
Comply as required
Support Membership
Current thinking
Internet2 not last mile provider, so not covered
by CALEA
Forming ideas about how to best support
membership. Ideas?

36
CALEA PanelQuestions

Internet2 Member Meeting
December 6, 2006

37
Question
How can you get the most out of your campus
legal team? - Legal opinion on CALEA
applicability what legal and technical
elements must an adequate legal opinion
address? - Handling lawful electronic
surveillance orders what are basic
considerations that determine an order's
validity and accuracy, and what confidentiality-
level is required?
38
Question
What are your "cultural" norms and practices that
make internally-managed CALEA-compliance
difficult? That make CALEA-compliance via a
trusted third party vendor difficult?
39
Question