[96427] in North American Network Operators' Group
Re: ISP CALEA compliance
daemon@ATHENA.MIT.EDU (Patrick Muldoon)
Thu May 10 14:37:40 2007
In-Reply-To: <924f29280705101103g1744ecebkfd68b9ff3e5bad9e@mail.gmail.com>
Cc: "Jared Mauch" <jared@puck.nether.net>,
"Nikos Mouat" <nikm@cyberflunk.com>, nanog@merit.edu
From: Patrick Muldoon <doon@inoc.net>
Date: Thu, 10 May 2007 14:36:45 -0400
To: Jason Frisvold <xenophage0@gmail.com>
Errors-To: owner-nanog@merit.edu
On May 10, 2007, at 2:03 PM, Jason Frisvold wrote:
> Here's a question that's come up around here. Does a CALEA intercept
> include "hairpining" or is it *only* traffic leaving your network?
> I'm of the opinion that a CALEA intercept request includes every bit
> of traffic being sent or received by the targeted individual, but
> there is strong opposition here that thinks only internet-related
> traffic counts.
IANAL and I don't even play on the net, but...
We've been under the impression that is *all* data. So for us,
things like PPPoE Sessions, just putting a tap/span port upstream of
the aggregation router will not work as you would miss any traffic
going from USER A <-> USER B, if they where on the same aggregation
device. Since the Intercept has to be invisible to the parties
being tapped, you can't route their traffic back out and then in
either, since the tap would change the flow. In that regard, we've
been upgrading our older NPE's to newer ones in order to support
SII, All the while I keep having something a co-worker said stuck in
my head. "CALEA - Consultant And Lawyer Enrichment Act" :)
-Patrick
--
Patrick Muldoon
Network/Software Engineer
INOC (http://www.inoc.net)
PGPKEY (http://www.inoc.net/~doon)
Key ID: 0x370D752C
Sure it's user-friendly...if you know what you're doing.
