I actually have zero hands-on experience, but from what I've seen posted in the past, they don't expect you to do the impossible. And LEA is more interested in catching the bad guys than hanging you out to dry on a technicality, so they will work with what you can give them. Something that seems to come up in discussions however is only turning over traffic captured from the target customer, not sure how that applies in the case of something like public WiFi at a park.
My limited personal experience with law enforcement is they want information not wiretaps. Occasionally might be in real-time (sting operation, hostage crisis, etc.), but more typically something in the past. Usually they have an IP address and date/time, and want the name and address and sometimes everything you've got about the corresponding customer. Fraud, theft, domestic disputes, kiddy porn, that kind of stuff. Lately it seems we don't find out why they want the information, and they often forbid us to alert the customer, at least for several months (presumably to allow for a grand jury or court date). Just blue-skying, I guess if we did WiFi for public spaces, we would have to worry more about stuff like mass shootings or terrorist attacks. Although I would imagine the cellphone providers would be their most important source of information. From: AF <[email protected]> On Behalf Of [email protected] Sent: Monday, March 18, 2024 5:29 AM To: 'AnimalFarm Microwave Users Group' <[email protected]> Subject: [AFMUG] CALEA and WiFi CALEA hasn't been on my radar much, so this is probably an old topic, but it's one I don't know much about. If you provide WiFi in a public space how do you handle compliance? We have parks, airports, and other public spaces with managed WiFi. There are also MDU's with WiFi in a public area like a courtyard, lounge, lobby, etc. My understanding is you have to be able to capture traffic if you're ordered to do so. Do you also have to be able to identify the individual? If they ever asked me to capture all traffic from the park WiFi..sure no problem. If they gave me a particular IP, port, and time, and they wanted me to start capturing traffic AND identify who it was, then I would only be able to tell them it was someone at the park. At best I could give them a MAC address and hostname. If I have to identify the customer that's easy: the municipal parks department, but I'm guessing that's not what they will want to know. Will this stuff get us in trouble? -Adam
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
