Re: Fw: [OpenCALEA] Capturing email headers from a users traffic?

[Bob Ross]

Our attorney has said that when our order came in for "inbound/outbound 
emails with headers for email-address@your-domain.///"

It means just that. Nothing more, nothing less. They can not be vague or 
open ended, they must be precise to what they are looking for.

They were looking for the user sending death threats to a local teacher. 
There was only 12 broadband customers that had kids in grade school. They 
were not able to ask for all traffic of those with kids in grade school. 
That would be to vague and with out cause for all that.

If they send an order for VOIP phone tap to intercept traffic, it's only for 
the phone traffic, not the rest of the house or their internet
use.

If the order is to intercept "Any and all traffic to user" Then you send 
them the full feed with everything.

One thing I have noticed that CALEA seems to be pointed mostly to the VOIP 
traffic that right now they can't tap.

They know how to get the emails keywords and monitor internet traffic or 
they would not have been catching
all the stuff they do now.

CALEA makes the feed standard between for law enforcement. That's a good 
thing in the long run.

I had talked with the CALEA implementation unit about opencalea some time 
ago. They had not heard about it
at the time. They are very interested to see this project make it and have 
been watching the progress.

Good work.
Bob

----- Original Message ----- 
From: "Kevin Wormington" <kworm@sofnet.com>
To: "Bob Ross" <calea@kingmanaz.net>
Sent: Friday, April 27, 2007 8:29 AM
Subject: Re: Fw: [OpenCALEA] Capturing email headers from a users traffic?


> All,
>
> I have attached a document that is an e-mail exchange between myself and
> Norm Wright at the FBI askcalea.com site.  He makes it pretty clear that
> T1.IAS compliance gives you "safe harbor".  I'm not an attorney, but I
> don't believe that LEA would be entitled to any information above L3
> (source/dest ip's, port numbers, protocol with timestamp) unless they
> have a title 3 full content warrant.  If they have full content then
> they won't need just headers.
>
> Kevin
> Missouri Telecom, Inc.
>
> Bob Ross wrote:
> > They have always wanted the complete message with headers. Headers don't
> > tell them anymore than where it came from, but they would want the
> > chatter in the message.
> >
> > Before CALEA all we did was send a copy of all in and outbound for that
> > user directly to an account
> > they had, and they got it live.
> >
> > But someone that might know better with CALEA.
> >
> > Norm Wright - CALEA Tech 703-632-6218
> >
> > Rick Kursh - CALEA implementation unit 703-632-6163
> >
> > David Ward - FCC 202.418.2336
> >
> > ----- Original Message ----- From: "Jesse Norell" <jesse@kci.net>
> > To: "Compton, Rich" <richard.compton@chartercom.com>
> > Cc: <opencalea@merit.edu>
> > Sent: Friday, April 27, 2007 7:55 AM
> > Subject: Re: [OpenCALEA] Capturing email headers from a users traffic?
> >
> >
> >
> > CALEA is intentionally very vague - you could interpret it a lot of
> > ways, and I could sure see how email headers could come in there, though
> > offhand I've not seen that particular topic mentioned before (in my
> > limited searching/reading).  Going that route would seem to open up
> > quite a can of worms - you could arguably need to provide header type
> > info from any identifiable application.
> >
> > Another option for CALEA compliance is to go with an industry adopted
> > standard that provides safe harbor under CALEA (I think section 107,
> > from memory).  That's the route we're taking with OpenCALEA,
> > implementing the ATIS T1.IAS (pre-published draft) standard.  There is
> > no mention of email headers or any other application data therein; short
> > of full content delivery, as far up the protocol stack it gets is layer
> > 3, including tcp/udp port numbers in content associated identifying
> > information.
> >
> >
> > On Fri, 2007-04-27 at 09:29 -0500, Compton, Rich wrote:
> > > I’m being told by our legal group that we will need to pick out the
> > > email header info (all L7 info on port 25 except subject and body)
> > > from a customer to comply w/ CALEA.  Anybody else run into this as
> > > well and can you share what you are using to solve this issue.  We are
> > > looking at writing something similar to opencalea that would pick out
> > > this info from a data stream w/ libpcap but it looks pretty difficult.
> > >
> > >
> > >
> > > Any experience that you guys have with this would be appreciated.