CALEA – It is finally here
Feb. 5, 2007 by ravishan
Since I already wrote about what CALEA is all about and referred you to other relevant links, I won’t bore you with the details here… Recently, FCC announced deadlines for filing for CALEA. The most important ones are Feb 12 and May 14 as far as we are concerned. Feb 12 is the date for filing for CALEA compliance if we believe that we need to file it. May 14 is the date by which we need to have implemented all controls required to be CALEA compliant.
There has been considerable confusion and debate about whether educational institutions such as ours should file for CALEA compliance or not. EDUCAUSE and ACE have a position on this and have given a two point test to determine this:
- Do you own the hardware that connects your institution to the internet?
- Is your network “private network”?
If the answer to the first question is No and the answer to the second one is Yes, then we are exempt. One would think this is a simple test… But CALEA is such a confusing issue to start with, that the second question is mroe complicated than it appears. “Private Network” definitions have been interpreted differently by different groups. In simple terms, it is to be interpreted as a network where all access to the internet is identifiable – or that all access is controlled by some form of authentication.
So you say, what more clarity do you want? Well, we have several alumni, spouses/partners, and a few other misc. guest accounts on our system with username and password. Are they allowed to use our network? Some say yes, some say no. How do we handle the case when a visitor or vendor needs to connect to the network while doing a presentation? Again, some say yes, you can allow them and others say no. To add to the confusion, some say you can allow these visitors with temporary passwords and others say this will be allowed under the so-called “incidental use” exemption of the private network definition…
So, what do you do when you are confused by the legalities of such important issues? You go to a lawyer… and that is what we did. BTW, we were waiting for the state attorney general to help us out on this because we are all good citizens of the state funded high speed network – CEN. But he refused and suggested that we each contact our legal counsel for opinions.
Joe Fortner from Halloran and Sage was our contact, so we provided all the information he asked us to provide (network diagrams, how we connect to the internet, woodframe house networking etc. etc.) I should be honest that I was very annoyed initially by all the information that I was being asked to furnish. What does a lawyer know about network diagram, anyway… It turns out that Joe was very familiar with the issue and he has been really good in advising us in an objective way. One day it dawned on me how frustrated we get in IT when not all facts related to a problem are provided but are expected to offer a solution to the problem (no e-mail headers are sent, but we still need to figure out why something was tagged a SPAM). I drew a parallel here and sais, well, we are asking Joe and his partners to advise on a topic and it is only fair that we provide everything they need to be able to get a more informed recommendation back…
And the recommendation was predictable, coming from a lawyer – tighten down the network as much as possible to be safe. The penalty for non-compliance is $10,000 a day. So I was wondering “How would anyone find out?”, but I don’t want to take that chance either… So, the plan was to look at all the different open access on campus and plan to close them down.
We identified the wireless access points where now we allow guest access, kiosks and a some open access machines in the library as the places where we needed to work. Joe also strongly suggested that we get it in writing from Comcast that they are CALEA compliant as they are the ISP for woodframe houses. I called our CALEA rep and she asked me “What is CALEA?”, so you can imagine how that is going to go…
Barbara Jones, from the library, raised serious objections to closing down the network based on the EDUCAUSE interpretation of the CALEA ruling. This is because, the American Library Association lawyers interpreted the FCC ruling very differently. You can read about it here. The library has obligations to allow public access to government documents, which directly contradicts with the private network requirements. We all agreed that resolution to this has to come directly from FCC…
In the meantime, we have agreed on the following plan:
- We will not provide guest access from our wireless network. Everyone needs to log in.
- We have an EP application through which a user can request a temporary guest account (for which they will be directly responsible). This account and the password will be used by visitors or vendors who need to get access to the network. By pushing this to the end users, we are simplifying this task and they don’t have to call into operations to get this account. The accounts will be valid for 24 hours and cannot be reused.
- We plan to also require logins on the kiosks.
- In the library, we will reduce the number of open access computers, place them on a restricted VLAN and provide a kiosk like function with which the users can only access the government documents and the CTW catalog.
This will be painful, no doubt. And I am not particularly happy with what FCC has done. But, personal feelings don’t matter when it comes to obeying the law…
Our plan is to let the community know about this and proceed to implement it by May. We will get started soon and probably work on each of them cautiously and learn the problems and find solutions.