Shortly all broaband providers in the USA will be required to become compliant as I understand. Has anyone looked into this? Mikrotik?
http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-06-56A1.pdf
Matt
Or US based commercial users will not be able to use their software. The discussion below talks about the ramifications of this on innovation:
http://www.eff.org/Privacy/Surveillance/CALEA/?f=faq.html
Subcommittee TR-45.2 of the Telecommunications Industry Association (TIA), along with Committee T1 of the Alliance for Telecommunications Industry Solutions, developed interim standard J-STD-025 to serve as a CALEA standard for wireline, cellular, and broadband PCS carriers and manufacturers. It defines how these carriers can assist with lawfully authorized electronic surveillance, and specifies interfaces necessary to deliver intercepted communications and call-identifying information. However, this standard has been under revision for some time and law enforcement has made numerous efforts to significantly modify this industry-led, standard-setting effort. The recent CALEA petition is simply their latest effort to do this.
Mikrotik would certainly be a strong contender if they included a software based CALEA module that could be activated or deactivated depending on country (or usage - a dumb AP MT unit may not need CALEA where an edge router would).
I’m never giving the government ‘keys to the castle’. If they deliver me a subpoena, I’ll give them tcpdump logs and they can figure it out. The entire idea that a telecom needs to have an alternate unsecured unmanaged backdoor only accessible to the government, when they get hacked more than I do… is preposterous.
What exactly does CALEA cover?
there is mixed information about what is coverd and what it not…
Then in a FCC document
In one description CALEA specifically applies only to voice calls, and not to other data traffic, It is also referenced as to only applying to a Facilities-Based digital telephone company.
Definition:
Facilities-Based > – A telecommunications company provides its services over wire and cable that they own (opposite of resale).
so one could argue that as a WISP, we are not required to comply with any CALEA regulations as we do not deliver out services over a wire or cable, even if we provide VoIP Services…
BUT
aside from all that, doesn’t the packet sniffer streaming option already fufill the requirements?
SO…
if you receive a court order, ask them what IP you want the traffic streamed to, set a filter for the IP of the customer in question, and hit start…
Not so easy. Just because you are a WISP does not mean you are free. You are still facilities based.
The issue I have is the long term of backups and their ability to look at anything they want. I am 100% AGAINST all of this crap. I have prided myself in protecting my users and clients against all of this stuff and now will be forced to go against the costitution and what I believe and turn my back on my users privacy. Not going to happen here. I will shut down before I give anyone my users data.
just like all other things in the US, i think this will get way too bogged down in legislation. Plus when the big guy’s lobbyists step in it will be even harder…
the only issue with you providing the tcpdumps is they COULD say that you tampered with them, as opposed to a live capture through what ever terrible back door method they want to use.
i’m very against this trash too…what good is this if the client uses encrypted protocols over ur connection…
do you guys think the U.S. government has a back door to PPTP since msft developed it? no conspiracy theorists plase 
More info can be found at:
http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-06-56A1.pdf
THis link deals more with the VOIP end. Price tags are scary and comments like “thats just the price of doing business” by the powers that be are really scary.
I beleive how this works is first we must develope a CALEA compliant solution that the FCC agrees is compliant. Mikrotik, you working on that? Please? Next, by the deadline each broadband ISP must file a form with the FCC stating they are CALEA compliant, what solution they have used, details on how it works and in the event of a need how to utilize it. This is just my best guess and like most things with the government likely much more complicated.
I am hoping some refinements to the Mikrotik sniffer may be a workable solution. Such as a streaming protocol that we can be sure they(CALEA) support. The abillity to run more then one instance of the sniffer so one can sniff and stream more then one IP to different destinations. Reason being is what if the user has a home and business account or you get hit by more then one request at once. Also, if they only want email it would be nice to say only sniff ports 25,110,587, etc IF they request that.
I am really concerned about this. This could be a devastating blow to small ISP’s already operating on very thing margins. I doubt this will affect the big ISP’s narly as much being they can spread the upgrade expense accross many many users.
Matt
LOL 
exactly
I was just saying that you could argue that you’re not, and make them wait to get a court order saying that you are, because the definition they give specifically says over “wires or cable”…
this sounds to me like nearly all ISP’s are going to be exempt, unless you are also a (I/C)LEC providing VoIP…
If you read here:
http://www.askcalea.net/docs/20060503_2nd-memorandum.pdf
It states:
“The primary goal of the Order is to ensure that Law Enforcement Agencies (LEAs) have all of the resources that CALEA authorizes to combat crime and support homeland security, particularly with regard to facilities-based broadband Internet access providers and interconnected voice over Internet protocol (VOIP) providers.”
Matt