Thanks to everyone who replied on and off list today. I found a wide range of opinions on CALEA. I did have one person give me a very specific example of a vendor that can ensure compliance, which is really what I was after.
See y'all on Bourbon Street in June! -ben On Fri, Mar 15, 2013 at 10:36 AM, Warren Bailey < wbai...@satelliteintelligencegroup.com> wrote: > Seemed legit to me. I'm a satellite guy, so the Palo Alto gear was really > for me to look at the traffic profiles. They did a killer job classifying > traffic though, and I guess they update the rules every couple days? > > > From my Android phone on T-Mobile. The first nationwide 4G network. > > > > -------- Original message -------- > From: Joshua Goldbard <j...@2600hz.com> > Date: 03/15/2013 8:33 AM (GMT-08:00) > To: Warren Bailey <wbai...@satelliteintelligencegroup.com> > Cc: Christopher Morrow <morrowc.li...@gmail.com>,NANOG <nanog@nanog.org> > Subject: Re: What are y'all doing for CALEA compliance? > > > God I want one of those PA firewalls just to play with in the lab. I can't > justify the expense, but as far as firewalls go they're gorgeous. From the > chassis to the UI, PA is just doing it right. > > If anyone has a different experience, I'd love to hear it. > > Sent from my iPad > > On Mar 15, 2013, at 8:29 AM, "Warren Bailey" < > wbai...@satelliteintelligencegroup.com<mailto: > wbai...@satelliteintelligencegroup.com>> wrote: > > We used 7206vxr with the lawful intercept mib, and some DPI jazz from Palo > Alto. Worked okay, never did have to execute a warrant or anything. > > > From my Android phone on T-Mobile. The first nationwide 4G network. > > > > -------- Original message -------- > From: Joshua Goldbard <j...@2600hz.com<mailto:j...@2600hz.com>> > Date: 03/15/2013 8:25 AM (GMT-08:00) > To: Christopher Morrow <morrowc.li...@gmail.com<mailto: > morrowc.li...@gmail.com>> > Cc: NANOG <nanog@nanog.org<mailto:nanog@nanog.org>> > Subject: Re: What are y'all doing for CALEA compliance? > > > I am not a lawyer, this is not legal advice. If you make decisions about > what you should be doing in your business based solely on emails from > strangers you won't do well. Get a second opinion from a lawyer. > > This comes up about once every 6 months on the voice ops mailing list. If > you are a CLEC and you are not CALEA compliant, you are in for a world of > hurt. > > If you're a non-facilities based reseller this is open for interpretation, > but many folks believe that if you don't have gear inside the carrier pops, > you aren't subject to CALEA. In practice, who is and who isn't effected by > CALEA is directly proportional to the number of CALEA requests to your > network (ergo, if you don't have any CALEA requests no one cares if you're > out of compliance). > > That being said, there are further problems underfoot. CALEA does not > specify what technologies should be used when presenting the data to law > enforcement, I forget the exact wording but its something like "a > reasonable format". CDRs are not sufficient as CALEA requires the ability > to tap sessions, but in the past we've seen most legal requests placated > with an excel sheet. > > As far as monitoring your connection, if your 10gig is coming in over > fiber you should just buy a vampire tap and be done with it. > > I hope this helps, but CALEA is inherently messy. > > Cheers, > Joshua > > Sent from my iPad > > On Mar 15, 2013, at 8:07 AM, "Christopher Morrow" <morrowc.li...@gmail.com > <mailto:morrowc.li...@gmail.com>> wrote: > > > On Fri, Mar 15, 2013 at 9:38 AM, Ben Bartsch <uwcable...@gmail.com > <mailto:uwcable...@gmail.com>> wrote: > >> What are you RENs out there doing for CALEA compliance? Is there > actually > > > > being happy we solved it 6 yrs ago? > > > >> any teeth to the law? Our systems guys have tried a product called > 'Open > > > > teeth as in the 100k/day fine? > > > >> CALEA' but the router and the server simply can't keep up with mirroring > >> from a 10Gbps connection into a 1Gbps link. I'm no legal expert > > > > that seems like a suboptimal design ... why would you mirror 10lbs of > > poo into a 1lb bag? that seems like it's bound to fail from the > > get-go. > > > >> either....any lawyers on this list? > > > > you should find a lawyer... srsly. > > > >> Thanks for all the great advice. This is a great community! > > > > -chris > > > > >
