Re: Fw: [OpenCALEA] Capturing email headers from a users traffic?

[Bob Ross]

I was called first before they brought the order to let me know someone will 
be by,
and contacted our attorney about it because at first they were interested to 
know
how many users on the service had grade school kids and who they were. I was
told it must have a users name or the email address they want the 
information from
and what information they are looking for. Our attorney had kids in grade
school, and he said he would file so fast on that type of open ended order 
that they wouldn't
know what hit them.

When I received it I told the officer I would get back to him in an hour. I 
sent
a copy to the attorney and then he called me. It was ok'd by him, but to 
only feed
them that one users emails, and to identify the users real name. To not even 
offer
any other names or any other information what so ever that is not listed in 
the subpoena.

In the end, it turned out fine. They found it to be someone next door that 
connected threw
his open wireless router, that is now secure.

Bob


----- Original Message ----- 
From: "Jesse Norell" <jesse@kci.net>
To: "Bob Ross" <calea@kingmanaz.net>
Cc: <opencalea@merit.edu>
Sent: Friday, April 27, 2007 9:27 AM
Subject: Re: Fw: [OpenCALEA] Capturing email headers from a users traffic?


> > Our attorney has said that when our order came in for
> > "inbound/outbound
> > emails with headers for email-address@your-domain.///"
> >
> > It means just that. Nothing more, nothing less. They can not be vague
> > or
> > open ended, they must be precise to what they are looking for.
>  Right.  I meant the wording of the CALEA law itself was vague (or more
> properly, "technology agnostic"), not a  subpoena for specific info.
>
>  That is an interesting and very useful quote above, and I've wanted to
> see just that sort of thing.  We've only ever received subpoenas asking
> for the identity of a subscriber on a given (dialup) ip address.
>
> Does anyone else have actual subpoenas from which you can share exactly
> what data has been requested?
>
>
> > CALEA makes the feed standard between for law enforcement. That's a
> > good
> > thing in the long run.
>  The ATIS T1.IAS standard we're working on doesn't account for a
> subpoena such as what you quoted above, but only identifying the traffic
> of a subject and delivering either identifying information or full
> content.  With safe harbor, when OpenCALEA reaches full support of the
> ATIS standard, it sounds like you can rightfully claim full calea
> compliance, and still not be able to fulfill the orders of such a
> subpoena.
>
>  Does a subpoena identify a specific law under which it is authorized
> (ie. CALEA vs. something else)?  If so, I'd expect if it said it was a
> CALEA authorized subpoena, and you had safe harbor from T1.IAS, you are
> protected from the up to $10k/day fines and can explain that the
> standard doesn't support that?  I suspect we would simply see subpoenas
> change to something the standard does support (eg. all port 25, 110 and
> 143 traffic to/from user X) and/or the FCC declare the standard
> insufficient and to be updated.
>
>
> --
> Jesse Norell - jesse@kci.net
> Kentec Communications, Inc.