[96479] in North American Network Operators' Group
Re: ISP CALEA compliance
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Fri May 11 15:11:32 2007
Date: Fri, 11 May 2007 15:03:13 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Jason Frisvold" <xenophage0@gmail.com>
Cc: "Brandon Galbraith" <brandon.galbraith@gmail.com>,
"Chris L. Morrow" <christopher.morrow@verizonbusiness.com>,
"Jon Lewis" <jlewis@lewis.org>,
"William Allen Simpson" <william.allen.simpson@gmail.com>,
nanog@merit.edu
In-Reply-To: <924f29280705110742q52c8f9dq2156d09f10dab6da@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
On Fri, 11 May 2007 10:42:14 -0400
"Jason Frisvold" <xenophage0@gmail.com> wrote:
>
> On 5/11/07, Brandon Galbraith <brandon.galbraith@gmail.com> wrote:
> > My understanding was data you had needed to be turned over when
> > requested, but CALEA provides no specification/guidance on log
> > retention.
>
> Agreed. My understanding, to date, is that the data to be turned over
> is data collected from the beginning of the CALEA tap. Historical
> data can be requested, but I'm not aware of any official legal
> guidelines on retention time.
>
There are no legal requirements on proactive data retention in the
US. Gonzales has suggested that there should be one, but at this
point it's just that -- a suggestion. I think that at the moment,
the odds of Congress enacting a Gonzales proposal are rather low;
they'd much rather impeach him than listen to him... There is now an EU
requirement on retention, but the EU's jurisdiction rules are, shall we
say, complex.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
