Page 1 of 1

CALEA Requirements Mandatory in USA

Posted: Thu Sep 21, 2006 12:58 am
by m80
Shortly all broaband providers in the USA will be required to become compliant as I understand. Has anyone looked into this? Mikrotik? ... 6-56A1.pdf


Mikrotik needs to have J-STD-025 compliance.

Posted: Thu Sep 21, 2006 3:32 am
by npyoung
Or US based commercial users will not be able to use their software. The discussion below talks about the ramifications of this on innovation: ... f=faq.html

Subcommittee TR-45.2 of the Telecommunications Industry Association (TIA), along with Committee T1 of the Alliance for Telecommunications Industry Solutions, developed interim standard J-STD-025 to serve as a CALEA standard for wireline, cellular, and broadband PCS carriers and manufacturers. It defines how these carriers can assist with lawfully authorized electronic surveillance, and specifies interfaces necessary to deliver intercepted communications and call-identifying information. However, this standard has been under revision for some time and law enforcement has made numerous efforts to significantly modify this industry-led, standard-setting effort. The recent CALEA petition is simply their latest effort to do this.

Posted: Thu Sep 21, 2006 6:29 pm
by DirectWireless
Mikrotik would certainly be a strong contender if they included a software based CALEA module that could be activated or deactivated depending on country (or usage - a dumb AP MT unit may not need CALEA where an edge router would).

Posted: Thu Sep 21, 2006 7:14 pm
by Dryanta
I'm never giving the government 'keys to the castle'. If they deliver me a subpoena, I'll give them tcpdump logs and they can figure it out. The entire idea that a telecom needs to have an alternate unsecured unmanaged backdoor only accessible to the government, when they get hacked more than I do.... is preposterous.

Posted: Sat Sep 23, 2006 5:09 am
by BrianHiggins
What exactly does CALEA cover?

there is mixed information about what is coverd and what it not...
The U.S. Congress passed the Communications Assistance for Law Enforcement Act (CALEA) in 1994 to aid law enforcement in its effort to conduct surveillance of digital telephone networks. CALEA forced telephone companies to redesign their network architectures to make such surveillance easier. It expressly excluded the regulation of data traveling over the Internet.
Does the FCC propose to apply CALEA to all types of online communication, including instant messaging and visits to websites?

Not yet. The NPRM proposes CALEA coverage of "only" broadband Internet access services and managed VoIP services, and excludes instant messaging and email. However, the FCC's broad understanding of the substantial replacement clause will create a stifling regulatory environment in which law enforcement will undoubtedly contend that other emerging communications technologies fall under CALEA. And industry could add surveillance-ready equipment, services, and network capability as an attempt to appease law enforcement given the current national focus on homeland security (and indeed some already have — see Cisco's CALEA architecture, which is expected to become a more formal RFC at some point). Given product-development cycles that can take two years or more, industry may hedge its bets by building in surveillance-friendly features now rather than waiting for government mandates. Inevitably, law enforcement will seek over time to bring more and more communications services under the CALEA umbrella.
Then in a FCC document
In the Second Report and Order (Second R&O), we address several issues regarding
CALEA implementation raised in the Notice of Proposed Rulemaking (Notice) in this proceeding. In
particular, the Second R&O addresses the assistance capabilities required, pursuant to section 103 of the
Communications Assistance for Law Enforcement Act (CALEA),1 for facilities-based broadband Internet
access providers
and providers of interconnected Voice over Internet Protocol (VoIP).
In one description CALEA specifically applies only to voice calls, and not to other data traffic, It is also referenced as to only applying to a Facilities-Based digital telephone company.

Facilities-Based – A telecommunications company provides its services over wire and cable that they own (opposite of resale).
so one could argue that as a WISP, we are not required to comply with any CALEA regulations as we do not deliver out services over a wire or cable, even if we provide VoIP Services...


aside from all that, doesn't the packet sniffer streaming option already fufill the requirements?


if you receive a court order, ask them what IP you want the traffic streamed to, set a filter for the IP of the customer in question, and hit start...

Posted: Sat Sep 23, 2006 8:58 am
by Stryker777
Not so easy. Just because you are a WISP does not mean you are free. You are still facilities based.

The issue I have is the long term of backups and their ability to look at anything they want. I am 100% AGAINST all of this crap. I have prided myself in protecting my users and clients against all of this stuff and now will be forced to go against the costitution and what I believe and turn my back on my users privacy. Not going to happen here. I will shut down before I give anyone my users data.

Posted: Sat Sep 23, 2006 4:03 pm
by jo2jo
just like all other things in the US, i think this will get way too bogged down in legislation. Plus when the big guy's lobbyists step in it will be even harder.......

the only issue with you providing the tcpdumps is they COULD say that you tampered with them, as opposed to a live capture through what ever terrible back door method they want to use.

i'm very against this trash too......what good is this if the client uses encrypted protocols over ur connection...

do you guys think the U.S. government has a back door to PPTP since msft developed it? no conspiracy theorists plase :)

Posted: Sat Sep 23, 2006 6:55 pm
by m80
More info can be found at: ... 6-56A1.pdf

THis link deals more with the VOIP end. Price tags are scary and comments like "thats just the price of doing business" by the powers that be are really scary. ... e-voip.htm

I beleive how this works is first we must develope a CALEA compliant solution that the FCC agrees is compliant. Mikrotik, you working on that? Please? Next, by the deadline each broadband ISP must file a form with the FCC stating they are CALEA compliant, what solution they have used, details on how it works and in the event of a need how to utilize it. This is just my best guess and like most things with the government likely much more complicated.

I am hoping some refinements to the Mikrotik sniffer may be a workable solution. Such as a streaming protocol that we can be sure they(CALEA) support. The abillity to run more then one instance of the sniffer so one can sniff and stream more then one IP to different destinations. Reason being is what if the user has a home and business account or you get hit by more then one request at once. Also, if they only want email it would be nice to say only sniff ports 25,110,587, etc IF they request that.

I am really concerned about this. This could be a devastating blow to small ISP's already operating on very thing margins. I doubt this will affect the big ISP's narly as much being they can spread the upgrade expense accross many many users.


Posted: Sat Sep 23, 2006 8:35 pm
by papwalker
...The entire idea that a telecom needs to have an alternate unsecured unmanaged backdoor only accessible to the government, when they get hacked more than I do.... is preposterous.
LOL :lol:

Posted: Sun Sep 24, 2006 2:50 am
by BrianHiggins
Not so easy. Just because you are a WISP does not mean you are free. You are still facilities based.
I was just saying that you could argue that you're not, and make them wait to get a court order saying that you are, because the definition they give specifically says over "wires or cable"...

Posted: Sun Sep 24, 2006 3:29 am
by BrianHiggins
Sec 102 (8 ) The term `Telecommunications carrier'--

(A) means a person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire; and

(B) includes--

(i) a person or entity engaged in providing commercial mobile service (as defined in section 332(d) of the Communications Act of 1934 (47 U.S.C. 332(d))); or
(ii) a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such a person or entity to be a telecommunications carrier for purposes of this title; but

(C) does not include--

(i) persons or entities insofar as they are engaged in providing information services; and
(ii) any class or category of telecommunications carriers that the Commission exempts by rule after consultation with the Attorney General.
this sounds to me like nearly all ISP's are going to be exempt, unless you are also a (I/C)LEC providing VoIP.....

Posted: Sun Sep 24, 2006 6:25 pm
by m80
If you read here: ... randum.pdf

It states:

"The primary goal of the Order is to ensure that Law Enforcement Agencies (LEAs) have all of the resources that CALEA authorizes to combat crime and support homeland security, particularly with regard to facilities-based broadband Internet access providers and interconnected voice over Internet protocol (VOIP) providers."