[VoiceOps] CALEA for the small fry operator

[Faisal Imtiaz]

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, Fl 33155
Tel: 305 663 5518 x 232
Helpdesk: 305 663 5518 option 2 Email: Support at Snappydsl.net

On 1/18/2013 6:47 PM, Nathan Anderson wrote:
> (Given how you opened your e-mail, I'll assume that you actually meant to send your reply to the list instead of only to me, so I'm putting the VoiceOps address back on the recipients list.  Apologies if this is not what you wanted.)
Thanks. I did not pay attention to the reply to , and yes it was meant 
to be on-list.

>
> So it would seem that the concensus so far is that you simply have to be prepared to offer a LEA some kind of recording or live stream in a format that can be reasonably thought of as being a standard (or widely understood/decodeable).  If that is the case, who can explain to me what exactly the purpose of this ANSI T1.678 document is, and who is expected to use it?
So up to now,  it has been my understanding that multiple groups./ 
vendors etc have been working with LEA on trying to develop some 
standards, but to date I don't believe that there is any ONE particular 
agreed upon standard.

keep in mind that CALEA was put on to two groups,  the Phone Companies 
and the Broadband (IP Providers), and as you can guess that things get 
more complicated when phone calls become packets.

While I have note seen the ANSI T1.678 doc, but my impression is that it 
is defining what is transmitted, not how or in what format.

Regards


> --
> Nathan Anderson
> First Step Internet, LLC
> nathana at fsr.com
>
> -----Original Message-----
> From: Faisal Imtiaz [mailto:faisal at snappydsl.net]
> Sent: Friday, January 18, 2013 3:01 PM
> To: Nathan Anderson
> Subject: Re: [VoiceOps] CALEA for the small fry operator
>
> I would love to hear comments and discussion on this topic, from others
> who may be more knowledgeable and or had experience in providing the
> info requested in a CALEA Warrant.
>
> My Comments are in-line below:-
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, Fl 33155
> Tel: 305 663 5518 x 232
> Helpdesk: 305 663 5518 option 2 Email: Support at Snappydsl.net
>
> On 1/18/2013 4:54 PM, Nathan Anderson wrote:
>> We are a small-ish, regional broadband ISP in the U.S. (inland Washington and Idaho) that has also rolled out an interconnected VoIP product over the past year.  I'm trying to wrestle through and understand what our responsibilities and obligations are with regards to CALEA compliance at both the legal and technical levels.
> Great, you are in the same boat as a lot of us here.
>> Confession time: we did not purchase a commercial softswitch product.  We built our own solution on top of Asterisk.  (I can already hear the groans and feel the tangible disapproval.)  We went this route for cost reasons, yes, but more importantly we did it because with a custom-engineered solution, we were able to seamlessly integrate our new voice offering with our other existing products when it comes to both provisioning and billing, and this (I believe) leads to a better and more uniform experience for our customers.  For better or worse, we are an ISP first and foremost, and an ITSP second, and provisioning for the new product needed to conform to existing practices rather than be an island unto itself, as so many "turn-key" offerings are.
> Don't beat yourself up too bad for having done this, there is nothing
> wrong with it, and you are neither alone nor the first one to do so. The
> key test from business side is , if it works and you can make $ with it
> .. then just keep doing it ... you must be doing something right.
>> But I recognize that going down this path has brought with it a distinct disadvantage when it comes to solving the CALEA complaince problem.  Notably, there are no known CALEA solutions for Asterisk of any stripe that I have been able to find, and any discussion about Asterisk and CALEA seems to have peaked around the time (2006-2007) that the feds announced VoIP providers were going to have to bring themselves into compliance, and then quickly faded after that.
> There is no disadvantage here.... just a lack of open discussion and a
> lot of phoo-phooing from folks who had spent a lot of $ on their
> switches, and found out that others were getting similar results on the
> Telephony side of things.
>> Sure, I could easily come up with something that would allow for live or recorded call interception and/or delivery of CDR/CPNI to law enforcement using existing tools already available to me.  What is unclear to me, though, is whether there is any particular format or delivery mechanism for this data that the law stipulates we follow.  I know that there is an ANSI standard, T1.678v2 (and the subsequent supplements), but of course I have no access to that (200+ page) document without paying the publisher hundreds of dollars for a copy.  And even if we got our hands on a copy, it sounds like it would be prohibitively difficult to implement by ourselves.
> All of my research todate shows that there is no CALEA standard. The Law
> requires cooperation and delivery of the Data Stream to the Law
> Enforcement Agency requesting it, but it does not specify any particular
> standard.
>
> The impression I get is that, a number of formats may be acceptable by
> different agencies.  The actual format gets to be agreed upon with the
> agency requesting the the info.
>
>> Does the law actually stipulate that T1.678 be followed, and are you not in compliance with CALEA regulations unless you specifically use a solution that is T1.678-compatible?  Or is the T1.678 standard simply recommended and preferred by LEAs?  I have seen discussion threads where other people have talked about their "creative" solutions to CALEA compliance, which include things such as proxying the RTP stream and having a bank of E&M channels at the ready to mirror the audio to (http://fonality.com/trixbox/forums/trixbox-forums/open-discussion/what-i-need-start-ip-phone-service-provider-business).  Do these people actually know if their solution gets a passing grade, or are they taking a gamble?
> Since the Law does not specify what is acceptable, as such it also does
> not specify what is not acceptable, thus making all of the above very
> viable methods of delivering the data.
>
> I believe the passing grade is in having the ability to send them the
> data stream, and not necessarily in what format it is in. After-all they
> have Computer Folks on their side too who can just as easily assemble
> the real time data stream back into a Voice Recording, which is what
> they are trying to get.
>> Thanks,
>>
>
>