[96430] in North American Network Operators' Group
Re: ISP CALEA compliance
daemon@ATHENA.MIT.EDU (Sean Donelan)
Thu May 10 15:26:14 2007
Date: Thu, 10 May 2007 15:23:26 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <3FA5EDF9-279F-445E-980B-7034A3FD8CD1@inoc.net>
Errors-To: owner-nanog@merit.edu
On Thu, 10 May 2007, Patrick Muldoon wrote:
> We've been under the impression that is *all* data. So for us, things like
> PPPoE Sessions, just putting a tap/span port upstream of the aggregation
> router will not work as you would miss any traffic going from USER A <-> USER
> B, if they where on the same aggregation device. Since the Intercept has to
> be invisible to the parties being tapped, you can't route their traffic back
> out and then in either, since the tap would change the flow. In that
> regard, we've been upgrading our older NPE's to newer ones in order to
> support SII, All the while I keep having something a co-worker said stuck in
> my head. "CALEA - Consultant And Lawyer Enrichment Act" :)
If you are doing PPPOE over another carrier's ATM network, are you really
a "facilities-based" provider? Or is the CALEA compliance the
responsibility of the underlying ATM network provider to give LEA access
to the ATM VC of the subscriber under surviellance?
