[188398] in North American Network Operators' Group
Re: CALEA Requirements
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sun Mar 20 12:07:43 2016
X-Original-To: nanog@nanog.org
Date: Sun, 20 Mar 2016 12:04:15 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <CAOfVTCFogrfJzcXC5tprNadArLQrCUsmrGo_efpinugj461rmw@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
The FBI CALEA folks have always had a somewhat expansive interpretation of
their authorities.
For example, "dialed digit extraction." The court cases supporting pen
registers are based on business record exception, i.e. Smith v. Maryland
says dial numbers are disclosed to the telephone company so the phone
company can connect and bill the call do not have a reasonable
expectation of privacy. The FBI expanded its pen-register authority to
include all numbers dialed *DURING* the call because in the 1970's
pen-register technology didn't stop recording digits (i.e. the "clicks")
after a call was answered. Although modern pen-register technology can
distinguish between numbers dialed for the purpose of connecting the call,
and numbers dialed during the call (i.e. your online banking PIN), and
dialed digit extraction during VOIP calls is an extreme pain in the ass.
In the 1990's, the FBI convinced the FCC to order carriers under CALEA to
do dialed digit extraction because "that's what they've always done," not
because its what the law and court cases required. Even the FCC says in
its CALEA order, the FBI's justification was flimsy but the FCC wasn't
willing to oppose the FBI.
As several folks have pointed out, talk to your own legal counsel. The
FBI CALEA website is the FBI's interpretation of its authority, not
necessarily what your own counsel would advise.
