New rules go into effect, with consequences for the internet industry that are entirely unpredictable.

by Alex Goldman ISP-Planet Managing Editor [May 14, 2007]

There are government security initiatives that were more poorly planned. There's the REAL ID Act (see Bruce Schneier's comments), implemented by the Department of Homeland Security which this year finally got a passing grade on its own security: a D+.

As CALEA goes into effect today, law enforcement agencies (LEAs) nationwide will have the right to access an ISP's network if they have an appropriate warrant. The law was intended to make this process relatively painless for both the LEA and the ISP, but the government refused to make any tough decisions and asked "the industry" to explain how it would make CALEA possible.

The result is that the biggest companies in the U.S. are CALEA compliant and most of the rest don't even know what to do. The tech-savvy local ISPs are capable of duplicating traffic flows and sending copies of log data or VoIP streams to the LEAs. But the LEAs are not necessarily able to handle the data.

Instead, a bewildering array of standards has been developed. Many, such as the ATIS standard, are not free to read. They're copyrighted. Most of the standards cover networks not relevant to this discussion, such as wireless and cable network. The national standard for ISP data, finalized only in March of this year, is the ATIS LAES standard. For ISPs outside the U.S., the European Telecommunications Standards Institute (ETSI) has published standards 102.232, 102.233, and 102.234.

So ISPs want to know what happens when the government knocks on the data center door with a warrant? We don't know what to expect.

We believe that the government does not intend to shut down ISPs. We base this on the fact that the Part 15 wireless rules were for a time written so as to make any WISP illegal. But the government did not shut down the WISPs. It did prohibit building in certain areas, such as near airports and military installations (including secret military installations that we're not supposed to know about). But it did not close down every WISP in the nation.

ISPs know the LEAs
For many ISPs, this will not be their first interaction with law enforcement. Many already handle subpoenas. If you do not already know local law enforcement, today would be a good day to make a phone call and introduce yourself, perhaps to the local high tech crime task force (if there is one).

Many ISPs have not only worked with LEAs but helped in innovative ways to handle Amber Alerts and other technology emergencies. Some have unwired the local police department (see, for example, Every WISP Can Help the Sheriff).

So the issue for the local ISPs is not whether or not they will help LEAs, or want to help LEAs. The issue is whether they can.

If the rules were clearer, if law enforcement had written standards instead of ATIS (which represents the telcos and equipment makers), perhaps the LEAs would be finding it easier to work with regular ISPs.

The future will be better tomorrow
People are working on the problem. WISPA has a process working on using either OpenCALEA or even basic Linux (see WISPA's CALEA FAQ). ImageStream, popular with WISPs, is working on a software update based on OpenCALEA (see ImageStream's CALEA Solution).

But OpenCALEA at press time was at version 0.5. ImageStream reports, "ImageStream had planned to test its intercept tools with the FBI before this release, however the FBI engineering team was too backlogged to perform the required testing."

In the long term, these problems will be solved and the industry will be in compliance because it wants to comply.

In the short term, it's just more regulatory uncertainty in an industry constantly harmed by capricious government.

— End