[c-nsp] What are other SPs doing about CALEA?

Wed Feb 7 12:23:01 EST 2007

> Justin Shore wrote:
> > Right, that what I was getting at.  All our telephony services are
> > either traditional POTS, voice over cable, or voice along side DSL and
> > punted to the class-4 switches using SIP.  Other voice traffic is not
> > our specific concern.  A CALEA request for the data would cover
> > everything but our telephony and a request for the voice wouldn't matter
> > in what we connect to the customer.  It still gets picked up on one of
> > our soft switches.
> 
> Your switch, no problem.  But if you're a facilities based broadband
> provider, even if you do not provide VoIP it's now your responsibility
> to intercept the voice at your expense for the government.  Thanks
> Vonage and the like! ;-)

If the request is for all the data from a subscriber, naturally, it would
include all the Vonage traffic, too, but it does not require us to decode
the voice and send the LEA the audio.

> > That's rather the point though.  CALEA will cover all data on May 14th. 
> > CALEA is no longer only voice.  That's why the mailing lists are buzzing
> > with CALEA discussions.
> 
> If thats true then all of the Cisco LI code is non-compliant as the last
> thing I read it was VoIP only and did not currently support data.
> Perhaps that's changed but that's what I just recently found right off
CCO.

You're right, most of the Cisco code is 'non-compliant', but that's what
probes are for.

> > As far as communication within a non-LI router, we're still trying to
> > figure out what to do.  We won't spend a couple hundred-thousand dollars
> > to replace everything that won't do LI.  Neither will anyone else.
> 
> Look on the bright side, if for some reason they make a request, and you
> can't fill it, the fine can be up to $10k a day until you do.

That sounds about right.

> > That seems to be ideal way of doing it.  The classic LI example is that
> > someone commands the MD to get Joe Blow's voice or data or both.  The MD
> > learns where Joe Blow is currently connect to the network via the AAA
> > server.  The MD issues the LI request to the edge device via SNMPv3 and
> > tell it to copy the MD on Joe Blow's traffic.  The MD then punts that
> > off to the appropriate LEA.  Of course few devices actually support LI
> > so this is in all practicality simple not possible.  It sure does sound
> > good on paper though.
> 
> Right.  I'm getting more info on this myself.  I believe the LEA will
> make the request, and in that request, they should probably have the
> connection/VPN info on where to send the data too. (one would think)  

It's my understanding that the LEA needs to request the provisioning and pay
for either a TDM circuit or IP path from the SP's location to their own
facility.

> I think overall there is just a lot of concern on the costs to become
> fully compliant... we're spending quite a bit of money for LI licenses
> and replacing network processors and such that will support it.

You can handle the CALEA requirements in one of several ways: upgrade your
gear to be LI-ready (probably not possible because not all the vendors have
products that can do that); purchase probes where necessary; or work with a
TTP so that you can use their probes and expertise.

Frank