[VoiceOps] CALEA for the small fry operator
Nathan Anderson
nathana at fsr.com
Fri Jan 18 18:47:39 EST 2013
(Given how you opened your e-mail, I'll assume that you actually meant to send your reply to the list instead of only to me, so I'm putting the VoiceOps address back on the recipients list. Apologies if this is not what you wanted.)
So it would seem that the concensus so far is that you simply have to be prepared to offer a LEA some kind of recording or live stream in a format that can be reasonably thought of as being a standard (or widely understood/decodeable). If that is the case, who can explain to me what exactly the purpose of this ANSI T1.678 document is, and who is expected to use it?
--
Nathan Anderson
First Step Internet, LLC
nathana at fsr.com
-----Original Message-----
From: Faisal Imtiaz [mailto:faisal at snappydsl.net]
Sent: Friday, January 18, 2013 3:01 PM
To: Nathan Anderson
Subject: Re: [VoiceOps] CALEA for the small fry operator
I would love to hear comments and discussion on this topic, from others
who may be more knowledgeable and or had experience in providing the
info requested in a CALEA Warrant.
My Comments are in-line below:-
Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, Fl 33155
Tel: 305 663 5518 x 232
Helpdesk: 305 663 5518 option 2 Email: Support at Snappydsl.net
On 1/18/2013 4:54 PM, Nathan Anderson wrote:
> We are a small-ish, regional broadband ISP in the U.S. (inland Washington and Idaho) that has also rolled out an interconnected VoIP product over the past year. I'm trying to wrestle through and understand what our responsibilities and obligations are with regards to CALEA compliance at both the legal and technical levels.
Great, you are in the same boat as a lot of us here.
> Confession time: we did not purchase a commercial softswitch product. We built our own solution on top of Asterisk. (I can already hear the groans and feel the tangible disapproval.) We went this route for cost reasons, yes, but more importantly we did it because with a custom-engineered solution, we were able to seamlessly integrate our new voice offering with our other existing products when it comes to both provisioning and billing, and this (I believe) leads to a better and more uniform experience for our customers. For better or worse, we are an ISP first and foremost, and an ITSP second, and provisioning for the new product needed to conform to existing practices rather than be an island unto itself, as so many "turn-key" offerings are.
Don't beat yourself up too bad for having done this, there is nothing
wrong with it, and you are neither alone nor the first one to do so. The
key test from business side is , if it works and you can make $ with it
.. then just keep doing it ... you must be doing something right.
> But I recognize that going down this path has brought with it a distinct disadvantage when it comes to solving the CALEA complaince problem. Notably, there are no known CALEA solutions for Asterisk of any stripe that I have been able to find, and any discussion about Asterisk and CALEA seems to have peaked around the time (2006-2007) that the feds announced VoIP providers were going to have to bring themselves into compliance, and then quickly faded after that.
There is no disadvantage here.... just a lack of open discussion and a
lot of phoo-phooing from folks who had spent a lot of $ on their
switches, and found out that others were getting similar results on the
Telephony side of things.
> Sure, I could easily come up with something that would allow for live or recorded call interception and/or delivery of CDR/CPNI to law enforcement using existing tools already available to me. What is unclear to me, though, is whether there is any particular format or delivery mechanism for this data that the law stipulates we follow. I know that there is an ANSI standard, T1.678v2 (and the subsequent supplements), but of course I have no access to that (200+ page) document without paying the publisher hundreds of dollars for a copy. And even if we got our hands on a copy, it sounds like it would be prohibitively difficult to implement by ourselves.
All of my research todate shows that there is no CALEA standard. The Law
requires cooperation and delivery of the Data Stream to the Law
Enforcement Agency requesting it, but it does not specify any particular
standard.
The impression I get is that, a number of formats may be acceptable by
different agencies. The actual format gets to be agreed upon with the
agency requesting the the info.
> Does the law actually stipulate that T1.678 be followed, and are you not in compliance with CALEA regulations unless you specifically use a solution that is T1.678-compatible? Or is the T1.678 standard simply recommended and preferred by LEAs? I have seen discussion threads where other people have talked about their "creative" solutions to CALEA compliance, which include things such as proxying the RTP stream and having a bank of E&M channels at the ready to mirror the audio to (http://fonality.com/trixbox/forums/trixbox-forums/open-discussion/what-i-need-start-ip-phone-service-provider-business). Do these people actually know if their solution gets a passing grade, or are they taking a gamble?
Since the Law does not specify what is acceptable, as such it also does
not specify what is not acceptable, thus making all of the above very
viable methods of delivering the data.
I believe the passing grade is in having the ability to send them the
data stream, and not necessarily in what format it is in. After-all they
have Computer Folks on their side too who can just as easily assemble
the real time data stream back into a Voice Recording, which is what
they are trying to get.
> Thanks,
>
More information about the VoiceOps
mailing list