RE: [Raven] Technology to support legal intercept

[Chris Savage <chris.savage@crblaw.com>]

Rob Lockhart wrote:

> If I were a US carrier, I would tend to think that this would 
> not be a 'good thing'.  US carriers *must* (strong word intended since 
> there's no choice in the matter) be CALEA-compliant by 30 June 2000.

The FCC set a different, 9/01 deadline for "packet mode communication"
compliance.  This would seem to apply to pretty much anything the IETF would
be worried about, wouldn't it?  Anybody involved in the FCC's process on
that issue on this list?  If so, do you have a different view?

> Failure to 
> have implemented whatever 'safe harbor' standard exists for the industry
in 
> question will result in a 'US$10K/day/failed wiretap' fine for the
carrier. 
> Making it more costly just means that the carrier will have to fork over 
> more money to be compliant by the 30 June date.  Granted the US Congress 
> allocated some funds for this, but those funds won't last long .. assuming
there's 
> still any left.

This seems to me to be one possible reason for IETF to get involved: if it
can set a "standard" or "technical requirements" for "compliance" (note that
it need not give the LEAs everything they want, since the standard/tech req
also considers reasonable cost), then those who comply with the standard
comply with CALEA.

What I wonder is, what proportion of what the Internet writ large (IETF's
field of play, so to speak) is inherently involved with the functions of
telecommunications carriers (the only entities subject to CALEA)?  Hence my
earlier question about whether tin can and string manufacturers should adopt
a CALEA standard, since their products can, in theory, be used by entities
subject to CALEA to provide telecommunications services that LEAs might want
to wiretap.

> Now perhaps 'US$10K/day/failed wiretap' doesn't seem like 
> much when viewed from the standpoint of a mega-carrier, but CALEA also
affects small
> 'mom-n-pop' carriers such as those supplying simple paging 
> services for, say, less than a thousand customers.  Is such a carrier the 
> responsibility of the IETF, probably not, considering the nature of the
carrier, 
> but there are also small 'mom-n-pop' ISPs.  The definition of what falls
under 
> the umbrella of 'information services' has changed a number of times since

> CALEA first came to light.  It's not out of the realm of possibilities to 
> consider that ISPs may not always have their exemptions (if indeed they
still do 
> have them) ...

ISPs are still considered "information service providers" by the FCC AFAIK,
and are therefore not subject to CALEA.  That is not to say that any
particular ISP couldn't do things in addition to "normal" ISP
functionalities that push that individual ISP over the line into being a
"telecommunications carrier" subject to the law.

>  and the IETF's entry into this 'game' could have a significant 
> impact in this arena even to the point of determining who will stay in the

> business and who will not.

Maybe I'm confused here.  Suppose that the IETF does generate some
"standard" that allows IPvN to be "CALEA compliant."  Then everybody who
implements IPvN on their systems would have a CALEA safe harbor.  So except
for the "mom-n-pop" ISPs who are so marginal they can't afford to upgrade
their equipment, "compliance" would come naturally over time.  And the
tiniest folks who can't afford to upgrade are unlikely to be doing the stuff
that makes one look like a carrier anyway.

Chris S.

Views/comments are mine, not those of my firm or my clients.

_______________________________________________
raven mailing list
raven@ietf.org
http://www.ietf.org/mailman/listinfo/raven