[asterisk-biz] CALEA

Matthew Rubenstein email at mattruby.com
Tue Mar 6 07:38:19 MST 2007 

	If your business is, say, a NY corporation, but your servers are in,
say, Canada, are these CALEA requirements enforceable? What if your
business is an Ontario corp, or Yukon, or Iranian? Is there some combo
of foreign corp/servers that CALEA can't reach?


On Tue, 2007-03-06 at 13:15 +0000, Trixter aka Bret McDanel wrote:
> 
> 
> On 3/6/07, Matt <mhoppes at gmail.com> wrote:
>         
>                 CALEA support is generally more than just log files,
>                 thge government likes those log files in specific
>                 formats, they like the recordings done such that they
>                 can tell which leg of the call 
>         
>         To that I'd say touch noogies.. here's a comma delimited
>         version with headers :)
> 
> that may work, however in my experience if you upset the government
> they will spend years doing everything they can to 'get even'.  Often
> spanning more than a decade.  They also work it so that even if they
> lose in court they still win. 
> 
> If its not a problem to convert it and play nice, why not - and its
> unlikely that anyone on this list will ever receive a title III
> warrant anyway given how few are issued.
> 
> 
> 
>                 noise occured on (for background analysis), often they
>                 have a stereo recording where left channel is A leg,
>                 right channel is B leg, I have seen mp3 as well as
>                 regular CD audio for that.
>         
>         I still don't see why the system can't do this out of the box?
> 
> I never said it couldnt, I was addressing a specific persons comments
> with mine.
> 
> 
>                 CALEA support also means being able to record without
>                 alerting the user, since there is a
>         
>         Again.. by DEFAULT Asterisk doesn't alert the user when
>         recording begins.
> 
> reinviting the media off to the real provider (if you do that) except
> when recording is happening is a grey area, and that is what I was
> addressing.  It causes a change that can be observed by the person
> being recorded and the government can argue that is notification,
> whether or not its a valid interpretation.  I know that when the
> government decides something its generally very difficult to change
> their mind, and generally by the time you do they  already got what
> they wanted. 
> 
> 
> 
>                 provision against notification.  If you are a
>                 "interconnected VoIP provider" as defined in the CFR
>                 (ie 911, USF, etc apply to you) you have to be able to
>                 record all calls that go through you, not just the
>                 pstn ones - this means pc->pc if its through you.  I
>                 want to clarify before
>         
>         Again.. Asterisk already acomplishes this. 
> 
> Again, I was addressing a specific persons comments, I never once
> indicated whether or not asterisk was capable of anything in the
> original post.  Had you left those comments in it would have been
> easier to reference, but you omitted them so it requires someone going
> to the archives to see that I really was only addressing the persons
> comments who said 'here is a log file'. 
> 
> 
> 
>         We have a call center and we record every single call that
>         comes through there.... granted the caller DOES know.. but
>         only because we tell them in a message.
> 
> Many do, and with some of the mixing apps you can create a single wav
> with left/right channel representing the a/b legs of the calls.  I do
> not know that a/b leg seperation is reqired but it is desirable, and
> if you read transcripts of wiretaps (written by the agents typically
> littered with opinions of the agents written as fact) you will see
> that they do make notes of background voices that are audible
> corelating it with which side of the call it came from. 
> 
> 
> 
> 
>         On a side note..... am I expempt from CALEA if all I handle
>         are CDR records... and I issue re-invites for ALL traffic?
>         That is.. if someone from me makes an outbound call and I
>         terminate IP.. if I connect my terminator directly to my
>         client... does that absolve me? (I certainly don't intend to
>         do that.. but an interesting thought).
> 
> that is a grey area which I tried to address earlier.  Its unclear
> what the governments position will be and any position statement you
> get can change at will.  Further, changing from reinviting everything
> to not for recorded calls is grey as to whether or not it qualifies as
> notification to the end user.  The original laws were written in the
> 80s (1984 iirc) and as a result they didnt take into account anything
> but traditional phone systems where you had to handle the media as
> well as the signalling. 
> 
> The reason its grey on reinvites is that there is a provision in the
> calea statutes that exempts entities where its not technically
> feasable to record.  If you dont have the capacity to handle
> reinvites, or cant do it in a way that doesnt alert the customer you
> might qualify.  Then again the government can say  you arent in
> compliance and the fine is something like $10k/day/switch (which they
> would likely assess as per asterisk box).  IIRC you dont have to be
> served to be in violation and subject to the fine, although they
> shouldnt be able to know until you are and cant comply. 
> 
> There is also a bit of time you have to enable a warrant, but that is
> measured in days not weeks.  So if you are served, you dont want to
> scramble to write a bunch of CALEA hooks in and all, you should have a
> plan ahead of time just in case. 
> 
> Also note, calea generally doesnt cover stuff that isnt covered by a
> title III warrant (of which only about 3500 are issued annually anyway
> for 300M people and billions of minutes of calls).  But the patriot
> act changed it to allow for tapping a person not just a specific line.
> So 1 warrant can now cover multiple lines.  title III warrants have to
> go for judicial review regularly, I believe every month, and
> extensions have to be granted or it expires.  Common grounds for
> extensions are 'the suspect is aware of our tapping efforts', so
> tipping your hand just gives cause to prolong your recording, which if
> you dont generally do that does have an impact on your capacity since
> it is extra cycles running on your system. 
> 
> Stuff calea doesnt cover, nor do title III warrants are things like
> business records, which CDR data qualifies as.  Business records
> (according to the federal rules of criminal procedure as well as civil
> procedure) are generally anything the business uses in its day to day
> operations.  Subpoenas are all that are required on that, unless the
> company wants to voluntarially give them up, which it can do should it
> choose to. 
> 
> 
> 
> 
> 
> -- 
> Trixter http://www.0xdecafbad.com     Bret McDanel
> Belfast +44 28 9099 6461        US +1 516 687 5200
> http://www.trxtel.com the VoIP provider that pays you! 
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
> 
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz
-- 

(C) Matthew Rubenstein

More information about the asterisk-biz mailing list