[96489] in North American Network Operators' Group
Re: ISP CALEA compliance
daemon@ATHENA.MIT.EDU (Sean Donelan)
Fri May 11 16:40:19 2007
Date: Fri, 11 May 2007 16:26:24 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: North American Network Operators Group <nanog@merit.edu>
In-Reply-To: <20070511194352.A3302766698@berkshire.machshav.com>
Errors-To: owner-nanog@merit.edu
On Fri, 11 May 2007, Steven M. Bellovin wrote:
> As Bill Simpson has quite correctly pointed out, you're also not
> required to roll over and play dead when someone from the government
> asks you for some data. There are laws they're obligated to follow,
> too. Even if you want to look at it from a purely selfish position,
> you and/or your company may be liable if you co-operate with an
> improper or illegal request. Have a look at
> http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002520----000-.html
> which provides for civil liability for illegal wiretaps. You're clear,
> under that statute, if you have good reason to believe the request is
> legal under certain very specific sections of the wiretap law, but not
> otherwise.
An important thing to remember in this discussion is CALEA does not
expand, contract or otherwise change other laws concerning electronic
survellance. The government can not intercept anything under CALEA.
All interception orders must be authorized by some other statute
or some other lawful authority (e.g. claims of Executive Power).
You might never, ever receive an lawful interception order, but still
be in violation of CALEA. Likewise you might be 100% CALEA compliant,
and still decline or be unable to perform some intercept orders. CALEA
does enhance some monetary penalties for not being able to perform a
lawful intercept authorized by some other statute or authority; but CALEA
doesn't authorize the interception itself.
Despite attempts by some folks, CALEA compliance != Wiretap authority.
