North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: ISP CALEA compliance
Jared Mauch wrote:
You need to have a router or some appliances that will assist you in the required lawful-intercept capabilities that are necessary.
But anything whatsoever is OK. Since you don't know of the capabilities required in advance, there's no reason that it be a fast router or switch. An old slow hub is fine....
Remember, you don't actually have to do anything until *after* you receive the payment -- that is required up front!
Take the time to read the 2nd order and report, and review FCC form 445. The filing date for that form passed, but that was a form to be filed to capture a "snapshot" of the current state of compliance.
Speaking from experience, that's very likely -- a lot of negotiation trouble. No matter what happens, you'll pay some attorney fees.
Also, the gag order was ruled unconstitutional, so always inform your customer! They may be willing to work out attorney fees, and/or join you in a suppression hearing.
You probably should remember to call your congresscritters to complain each and every time it happens.
Most important: call your state ACLU, as they are trying to keep track, and might be of some help. ;-)
Follow the usual best practices, and you may save time and money.
1. Ensure that your DHCP, RADIUS, SMTP, and other logs are always, ALWAYS, *ALWAYS* rolled over and deleted within 7 days without backup. I'd recommend 3 days, but operational requirements vary.
2. Insist that you receive payment *in advance* before doing anything! And wait until the check clears.
3. Remind the requesting agency that everything must be signed by a judge. Call the issuing court to confirm. Don't accept "exigent" administrative requests. The recent inspector general report showed that most administrative requests were never followed up by actual judicially approved requests, and virtually none of them warranted exigent status -- they were illegal shortcuts.
4. Never, NEVER, *NEVER* speak to a federal agent of any kind. Do not allow them into the building. Require them to speak to your attorney. Require everything in writing. No exceptions!
We returned the first request as inadequate -- since it misspelled the name of the company and the address, and wasn't accompanied by a check.
Our problem was that we weren't rigorous about #1 (some staff had been keeping some backups sometimes), and the resulting time and expense for extracting "lawful" information from all the rest was painful. Learn from our mistake.