CALEA Discussion Internet2 Joint Techs July 19, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University

Slides:

Advertisements

Similar presentations

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.

Advertisements

The International Security Standard

The status of broadband FCC defines –High-speed lines that deliver services at speeds in excess of 200 kbps in at least one direction –Advanced services.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Fiducianet, inc. tm 1 Presented by H. Michael Warren, President fiducianet, inc. VoIP Technology Perspectives Law Enforcement Concerns & CALEA Compliance.

CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.

CALEA Panel Internet2 Member Meeting December 6, 2006.

1 © 2000, Cisco Systems, Inc. CALEA_NANOG_2000_0611.ppt Impact of CALEA on Network Operators What it is and what it ain’t Chip Sharp Cisco System, Inc.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

CALEA BoF: Some Introductory Comments Internet2/ESNet Joint Techs Minneapolis, 12:15, February 14, 2007 Joe St Sauver, Ph.D.

Latham & Watkins operates as a limited liability partnership worldwide with an affiliate in the United Kingdom and Italy, where the practice is conducted.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Europol’s tailor-made data protection framework

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

Regulatory Body MODIFIED Day 8 – Lecture 3.

CALEA: The Communications Assistance for Law Enforcement Act Doug Carlson, Executive Director, Communications and Computing Services, NYU Mark Luker, Vice.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Creative Support Solutions CDG User Group CABS Information.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Network security policy: best practices

VoIP Voice over Internet Protocol or “It is not Voice over IP; it is Everything over IP…” Bob Pepper, FCC.

April 2, 2013 Longitudinal Data system Governance: Status Report Alan Phillips Deputy Director, Fiscal Affairs, Budgeting and IT Illinois Board of Higher.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

CALEA Discussion EDUCAUSE MARC Conference Wilson Dillaway, Tufts University Doug Carlson, New York University January 18th, 2007.

CALEA Discussion Network Policy Council February 4, 2007.

DECISION Group Inc.. Decision Group Mediation Device for Internet Access Provider.

B O N N E V I L L E P O W E R A D M I N I S T R A T I O N 1 Network Operating Committee (NOC) June 12 th, 2014.

Latham & Watkins operates as a limited liability partnership worldwide with an affiliate in the United Kingdom and Italy, where the practice is conducted.

Online infringement of copyright - the Digital Economy Act June 2010 Robin Fry.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Other Laws (Primarily for E-Government) COEN 351.

Headquarters U. S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Section 508 of the Rehabilitation Act of 1973 Mr. Wayman I. Braxton.

Questions about broadband What do we do about broadband services? –Why didn’t the ILECs deploy DSL faster? Could regulation be to blame? –How do we get.

Taking privacy cases through the Human Rights Review Tribunal Some observations on process and the roles of the Privacy Commissioner and the Director of.

Working Effectively with Law Enforcement: How to Protect the Privacy of Your University Community Without Going to Jail Michael Corn Director, Security.

Agenda Welcome – Don Welch Introduction to CALEA – Mary McLaughlin Non-CALEA Assistance Obligations – Beth Cate CALEA Update – Matt Brill Making the Compliance.

CALEA Market Overview Robert Golden Chief Research Officer Merit Network CALEA and Beyond January 31, 2007.

Documenting the Participation of Fishing Vessel Crew Members in Alaska’s Commercial Fisheries Documenting the Participation of Fishing Vessel Crew Members.

Imposing access obligations under the new framework Karen Hardy.

February 24, 2004 TR-45 Lawfully Authorized Electronic Surveillance (LAES) Activity FCC/TIA Status Meeting on LAES Terri L. Brooks Chair TR-45 LAES Ad.

Federal Communications Commission (FCC). The FCC is a United States government agency and was established by the Communications Act of The FCC is.

CALEA Communications Assistance for Law Enforcement Act October 20, 2005.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

CALEA Status Overview Common Solutions Group September 20, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University.

Environmental Management System Definitions

CALEA Communications Assistance for Law Enforcement Act Current Campus Perspective of Implementation Issues November 17, 2005 Doug Carlson – New York University.

CALEA Discussion Institute for Computer Policy and Law June 28, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University.

Communications Assistance for Law Enforcement Act & Higher Education: or How I Learned to Stop Worrying and Love Wiretaps Terry Hartle American Council.

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Regulatory Authority.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Permitting and Inspection. 1. When is decentralization effective? Delegate most permit writing and inspection functions to lowest possible level to effectively.

CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.

Directive on the Authorisation of electronic communications networks & Services Directive (2002/20/EC) Authorisation Directive Presented by: Nelisa Gwele.

GDJ Consultancy Ltd Gareth Jones –Director Telephone: Jan Hoskins- Procurement Manager Telephone:

Richard Gurdak International Development Blue Ridge Networks Service Providers and Lawful Intercept.

CALEA General Session February 6, CALEA Communications Assistance for Law Enforcement Act Basic purpose: to provide an easier way for Law.

IEEE & Expansion of 1994's Communications Assistance for Law Enforcement Act (CALEA) & Security Services Information Technology Department 2 December.

CALEA: The Big Picture for Higher Education ICPL June 28, 2006 Steve Worona EDUCAUSE

Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.

By Marlon Aldridge, Sr.. Regulation D (Used to Clarify Section 4(2) of the Securities Act, referred to as Safe Harbor) Used for Private Placement Offerings.

Twenty-First Century Communications and Video Accessibility Act of 2010 (CVAA) Public Law and Public Law Wireless RERC and CTIA Accessibility.

Nassau Association of School Technologists

The E-Rate Program CIPA Update Fall 2011 Applicant Trainings.

What is Policy? Julie M. Slavens Indiana School Boards Association

Institutional changes The role of Bilateral Oversight Boards

 The Executive President shall represent

Presentation transcript:

CALEA Discussion Internet2 Joint Techs July 19, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University

2 Caveats I’m not a Communications Lawyer! Opinions and interpretations – not undisputed facts Each institution/organization needs to evaluate if it is, or is not, exempt from CALEA

3 The Basics CALEA Communications Assistance for Law Enforcement Act Imposes specific obligations on “telecommunications carriers” to build certain "assistance capabilities" into their networks by May 14, 2007 Other reporting and actions required sooner Title 18 and associated regulations provide obligations to assist Law Enforcement Agencies with Lawful Intercepts

4 The Basics – Title 18 USC Title 18 provides the framework which requires colleges and universities to assist law enforcement with communications intercepts: “An order authorizing the interception of a wire, oral, or electronic communication under this chapter shall, upon request of the applicant, direct that a provider of wire or electronic communication service, landlord, custodian or other person shall furnish the applicant forthwith all information, facilities, and technical assistance necessary to accomplish the interception unobtrusively and with a minimum of interference with the services that such service provider, landlord, custodian, or person is according the person whose communications are to be intercepted.”

5 The Basics (continued) Via CALEA, the government would like in- place mechanisms to quickly initiate comprehensive intercepts of Internet communications (e.g., CALEA compliant equipment installed and operational) An initial interpretation of CALEA suggested that most of the network equipment in all colleges and universities might need to be replaced – no longer the prevailing opinion

6 Recent Events American Council on Education (ACE) takes the FCC to court FCC clarifies in court brief that CALEA at most applies to gateway equipment and cannot apply to the internal portions of private networks FCC issues the Second Report and Order Establishes actions and reporting requirements for “telecommunications carriers”

7 Recent Events (continued) Court rejects most ACE arguments, but there appear to be some positive clarifications from this action by ACE Court agreed that private networks cannot be required to comply with CALEA ACE issues memo on the “Application of CALEA to Higher Education Networks” – particularly focusing on colleges and universities

8 Court case results ( Current thinking on broadband ) Still not clear!!! Opinions Many colleges and universities are likely, at most, to need to make the “gateway” between the campus and the Internet CALEA compliant Two tests to determine if exempt Private network Institution doesn’t provide its own facilities to the Internet (Service Provider)

9 FCC First Report and Order - Footnote 100 “To the extent [that] private networks are interconnected with a public network, either the [public voice network] or the Internet, providers of the facilities that support the connection of the private network to a public network are subject to CALEA under the [Substantial Replacement Provision].”

10 Private Network Offer network access to a well-defined set of users (e.g., students, faculty and staff) Incidental other usage might be OK? Open (non-authenticated) wireless?

11 Providing access to the Internet Does the institution provide access to the Internet What does “provide” mean? One thought: Does the campus or the ISP own/provide connections between the campus network and the ISP’s Point of Presence (PoP)?

12 Other Issues Further appeals? Status of state/regional Research & Education networks? Same as universities? Not studied in detail by ACE. Congress may consider new regulations For example, draft legislation distributed recently by the FBI

13 What ACE has done recently Coordinated overall Higher Ed. actions on CALEA (with EDUCAUSE providing assistance) Analyzed the Court’s decision Created a document on the impact of the Court’s decision

14 What EDUCAUSE will do Continue dialog with Law Enforcement on guidelines for Title 18 compliance CALEA Technical Group and EDUCAUSE Security Task Force collaborating on the development of guidelines for handling Lawful Intercepts for campuses CALEA Technical Group will evaluate options for technical implementations of CALEA Equipment Trusted Third Parties (e.g., NeuStar, VeriSign) Will continue to engage in analysis and discussion with the higher education community

15 What should institutions do? Review the recent ACE memo Evaluate if the university appears to have a “private network” and is not responsible for providing the connection to the Internet If don’t have a private network, CALEA obligations could be daunting If do have responsibility for connection to your ISP, it could increase chances that gateway would need to be CALEA-compliant

16 What should institutions do? If the institution determines that it is subject to CALEA Begin to take the actions specified in the Second Report and Order (including preparing to file required paperwork – due >90 days out) Evaluate technical options for CALEA compliance (but see next slide)

17 CALEA compliance challenges As yet, no clear definition of what CALEA compliance means FCC is looking for industry, working with the Law Enforcement Agencies (LEAs), to develop standards Two ways to implement CALEA compliance Institution installs equipment, creates procedures, etc., but verified equipment solution not yet available Engage a Trusted Third Party to act as agent, but will need to define the service

18 How might a LI request work LawfulAuthorization Law Enforcement Telecommunication Service Provider Service Provider Administration (Turn on Lawful Intercept feature of switch) Delivery Function Collection Function Access Function Law Enforcement Administration (Switch collects Lawful Intercept data) (Securely deliver information to LEA) (Order generated)

19 Some Vocabulary (ref. TIA J-STD-025-B) Access Function(s) (provided by campus) Provides unobtrusive intercept access points to intercept subject’s communications and passes to Delivery Function Delivery Function (provided by campus) Responsible to delivering intercepted communications to the Law Enforcement Agency (LEA) Collection Function Collection function (provided by LEA) Responsible for collecting lawfully authorized communications

20 Related Issues Network authentication of terminals on campus (e.g., 802.1x) Data retention of logs and other records

21 Good information source