On May 10, 2011, at 3:51 32PM, Michael Holstein wrote:
>
>> In the US, I believe that CALEA requires you to have those records for 7
>> years.
>>
>
> No, it doesn't (records *of the requests* are required, but no
> obligation to create subscriber records exists).
>
> Even if it did .. academic institutions are exempt (to CALEA) as private
> networks.*
>
> There are various legislative attempts afoot to create one here in the
> US .. but none have passed.
>
> Regards,
>
> Michael Holstein
> Information Security Administrator
> Cleveland State Unviersity
>
> (*): US Court of Appeals, District of Columbia, 50-1504.
>
>
If I've found the right case, it was 05-1404, and published as 451 F.3d 226
(2006);
see http://law.justia.com/cases/federal/appellate-courts/F3/451/226/627290/
I have no idea if it's still good law.
>
--Steve Bellovin, https://www.cs.columbia.edu/~smb
