Asterisk's CALEA Compliance


#1

Now that the FCC has ruled that VoIP providers need to be CALEA compliant by early 2007, do you think Digium or some developers will implement something to easily make Asterisk CALEA compliant?

I’m not fully sure what’s required for CALEA compliance, but it’d really be great if there was something that didn’t require lots of $$$.

And I’m assuming that ChanSpy alone is not enough to make Asterisk CALEA compliant.


#2

Calea is an interesting project. I worked for a cell phone company and implemented the router that would attach to verisign (a calea clearing house).

Would it not be enough to have wiretap ready switches and routers?


#3

This is probably a naive view…

canreinvite=no
Monitor()
/var/log/asterisk/cdr-csv/Master.csv
should be building blocks enough to satisfy BIG BROTHER-like surveillance ambitions?
Lots of additional horse power required for that, running voice through the boxes especially. Activating Monitor() on demand should not be an issue if it’s isolated.


#4

CALEA (Communications Assistance for Law Enforcement Act) has a specific technical interface for US law enforcement agencies.

Here is website for everything CALEA:
askcalea.net/

Here is FCC’s CALEA website:
fcc.gov/calea/

Primary tech document is:
ANSI J-STD-25-A

Here is a link (or just google it):
gliif.org/LI_standards/ANSI-J-STD-025-A.pdf

I would love to help in any way I can - short of writing code which is not my core competency - to make Asterisk extensions for CALEA interfaces.


#5

FYI, i don’t think that the approval has gone through yet:

voip-news.com/news/judgement-calea-050806/

i’m sure at some point there will be some sort of CALEA or similar type of functionality required, but until the law is made crystal clear, i’m not going to worry.


#6

Interesting, I searched around for the appeals court document and it has the below excerpt on their page:

cadc.uscourts.gov/bin/script … -1442a.txt

Id. s 1002(a)(1)-(2). Carriers must also “facilitat[e] autho-
rized communications interceptions and access to call-
identifying information … in a manner that protects … the
privacy and security of communications and call-identifying
information not authorized to be intercepted.” Id.
s 1002(a)(4)(A). Because Congress intended CALEA to
"preserve the status quo," the Act does not alter the existing
legal framework for obtaining wiretap and pen register autho-
rization, “provid[ing] law enforcement no more and no less
access to information than it had in the past.” [b]H.R. Rep. No.
103-827, pt. 1, at 22. CALEA does not cover “information services” such as e-mail and internet access. 47 U.S.C.
ss 1001(8)©(i), 1002(b)(2)(A).

What I gather from this is its not the FCC’s job to change the jurisdiction of CALEA covers because it expressly prohibits internet/information services at this point?

[/b]


#7

A question to the people who want this sort of thing implemented for Asterisk, would you want the intercepted calls to be sent to the LEA’s via a T1/E1 card in the asterisk box or via a Media gateway? Either way it should be doable.
I am seriously considering developing this beast.


#8

I think the important thing is to make sure what ever work is done will provide the “punch list” of items that is going to be required. It seems like this list is not quite finalized.