Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: voip calea interfaces

  • From: Fred Baker
  • Date: Tue Jun 20 13:35:01 2006
  • Authentication-results: sj-dkim-1.cisco.com; header.From=fred@cisco.com; dkim=pass (sig from cisco.com verified; );
  • Dkim-signature: a=rsa-sha1; q=dns; l=4141; t=1150824830; x=1151688830;c=relaxed/simple; s=sjdkim1001; h=From:Subject;d=cisco.com; i=fred@cisco.com; z=From:Fred=20Baker=20<fred@cisco.com>|Subject:Re=3A=20voip=20calea=20interfaces;X=v=3Dcisco.com=3B=20h=3Dn8rvUlGJTL6LEPcFULQbMT41O9c=3D; b=oEUDD+YM+TNlKpOyPczXdmXCeq0RRBoExXGiCu/r9D+IUnL2aDPMzELEvqQpNP248VRZkQv2VQKNQoOkeL9GgmLNtY2o1uH4tfYK7O9QOERArszQ/TgNFTS76QCs3buJ;


I'm willing to reply on-list, but obviously any business or legal contacts have to be off-list. For those, I can point you to the product manager for the technology, but it would frankly be better for one to go through one's account team, for scaling reasons.

Yes, the vendors are aware of this. Our legal people track it pretty closely, and we have been dealing with the issues in Europe, Australia, and a number of other places for quite a while. We talk directly with legislators, regulators, and various police entities. Before you ask whether we speak with China, I'll point out that we deliver a common technology that people using it configure to the applicable laws and warrants, and the laws we looked at in designing it were the laws and regulations of the various countries that signed the CyberCrime treaty. We designed it the way we did to meet the laws and regulations of western democracies like the US and EU.

RFC 2804 requested that anyone that designed a Lawful Intercept technology please publish it so that it could have open review. We did so:

http://www.ietf.org/rfc/rfc3924.txt
3924 Cisco Architecture for Lawful Intercept in IP Networks. F. Baker,
B. Foster, C. Sharp. October 2004. (Format: TXT=40826 bytes) (Status:
INFORMATIONAL)

This has also been submitted to ETSI, as an alternative to the model initially proposed there, which was "why don't we just split every fiber and run one instance under the appropriate agency's door?". I am not personally involved in that effort, but someone from my company is and I understand that ETSI is considering the model.

What this describes is the interface from a router or switch, or from a control application like a SIP proxy, to a third party mediation device. The interface from the mediation device to the law enforcement agency is different, and differs by country. The fundamental principle that we are trying to design to is "give the LEA what the warrant says they should get, no more and no less"; in some cases, that means that the mediation device will get a superset of the warranted data and have to edit it appropriately. There are various technologies for lawful intercept that exist that require a site visit to the POP to respond to the warrant or deployment of a stack of equipment in each POP in case an LEA ever asks; we try to make this a feature of the router or switch that can be configured the same way anything else is, but the information regarding the intercept kept appropriately private.

You might also take a look at http://www.cisco.com/pcgi-bin/search/ search.pl?searchPhrase=lawful+intercept

On Jun 20, 2006, at 9:48 AM, Eric A. Hall wrote:
I'm looking into the FCC ruling to require CALEA support for certain classes of VoIP providers, as upheld by the DC circuit court a couple of weeks ago [1]. The portion of VoIP that is covered by this order is pretty narrow (ie, you provide telephony- like voip services for $$ [read the specs for the real definition]), and the FCC is looking at narrowing it down further but has not done so yet. Meanwhile, the deadline for implementation -- May 14, 2007 -- is starting to get pretty close.

The operational part of this subject, and the reason for this mail, is the implementation of the wiretap interface. Obviously there are going to be a range of implementation approaches, given that there are a wide variety of providers. I mean, big-switch users probably just enable a feature, but small providers that rely on IP PBX gear with FXO cards will have to do something specific. Are vendors stepping up to the plate? Did you even know about this?

Off-list is fine, and I'll summarize if there's interest.

Thanks

[1] http://pacer.cadc.uscourts.gov/docs/common/opinions/ 200606/05-1404a.pdf

--
Eric A. Hall http:// www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/ coreprot/








Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.