Alex Goldman, Managing Editor of ISP-Planet, posted on the isp-wireless list:
If you have not already read it, do take a look. ISP-Planet is pleased to publish WISPA's hard work here:
http://www.isp-planet.com/fixed_wireless/politics/2007/wispa_calea_faq.html
(end Goldman posting)
I was very impressed with the WISPA CALEA FAQ as presented by ISP-Planet. One suggestion is that it should include a version number or "last updated" because it will (need to) continually evolve. The authors of the WISPA CALEA FAQ - Michael Erskine of Kabellero.com (team leader), Brent Anderson of Great American Networks, Martha Huizenga of DC Access, Marty Dougherty of Road Star Internet, and Eric Plikuhu of ImageStream are to be commended.
I was most impressed that the WISPA CALEA FAQ did a good job of definitively laying out what WISPs are subject to CALEA requirements:
Any facilities based ISP must be CALEA compliant. The only exemption to CALEA is the private network exemption. A private network is a network which is not offering a service to the public whether for profit or not for profit. If the network is available to the public, it is not a private network. If you resell to your neighbor you are offering a public service. If you share a connection with your neighbor and he pays half the price, you are offering a public service.
One key point that I personally gleaned from the above is that the "dividing line" between being subject to CALEA requirements and not being subject to CALEA requirements is whether an organization offers Internet access to the public. An organization's status as a for-profit or a not-for-profit is irrelevant (I had the impression that not-for-profit entities were not subject to CALEA). Thus not-for-profit (defacto) ISPs and WISPs that provide Internet access such as public-access Wi-Fi HotSpots (open, or closed), low-income areas, and many other entities that have not previously viewed themselves as being an Internet Service Provider are, in fact, subject to CALEA requirements.
Although it would seem to me to be an inane question, whether WISPs are "facilities-based" or not has continually come up on the various WISP mailing lists. This point of the FAQ seems to answer that question pretty definitively:
6) What is the definition of "facilities based"?
The FCC has defined "facilities-based" providers as entities that provide transmission or switching over their own facilities between the end user and the ISP.
Based on the FCC's definition, we are facilities based in most cases. If your own hardware is being used to deliver the service and you provide a public service you are facilities based.
Open Wi-Fi access points are also addressed in the WISPA CALEA FAQ... and is that ever a relevant question! But, how "far down it goes" - to individuals choosing to freely share their Internet access via an open access point was surprising to me:
10) What about open access points?
If you have open access points and don't know the target then it is the LEA that should distinguish target and non-target. We just provide the full data. The LEA may work with you in identifying the target in preparation for obtaining and presenting the legal authorization (e.g., subpoena, intercept order, etc.) but there will always be some legal document requesting this information.
Who is responsible for tracking down a bad guy who is hijacking a connection on an open access point?
This is a joint effort between the LEA and the WISP to the best of the ability of the WISP.
and...
17) Are OPEN hotspots going to become illegal because the owners cannot become CALEA compliant?
No, they will not become illegal, but the LEAs may have to have you help them identify the target.
If you service customers that have an open hotspot and you can access it, then you can provide the required information. If the WISP does not have control of the Open AP, then you can only provide a full collection on this AP to meet the requirement. The AP owner may be asked to provide information under CALEA but this will be required under the intercept order.
For example, my wife has an open AP in her restaurant. Should I advise her to secure it and go to an authentication system so that she can ID the users of her open AP?
NO, but she should be aware the collection may be on the full AP stream if they are not able to get the data wirelessly.
I was glad to see that the WISPA CALEA FAQ addresses a very often-mentioned misconception about CALEA and upstream bandwidth and IP address providers:
7) If a provider gets his IP addresses from an upstream ISP and provides every customer a public IP address from that ISP's CIDR allocation, wouldn't that relieve that downstream provider of the requirement for compliance as the upstream ISP could do the intercept?
No. Each CALEA-covered provider remains covered regardless of whether someone else in the mix also has this information. The upstream provider may also have to show what they have but this does not release the downstream from providing what they have per the court order.
As I predicted some years ago in presentations I gave at various conferences, a WISP providing Voice Over Internet Protocol (VOIP) telephony service ultimately isn't a simple, or necessarily profitable line of business when regulatory issues are factored in. VOIP Service Providers are not only subject to the evolving CALEA requirements that the WISPA CALEA FAQ details, but also E911 requirements, and increasing scrutiny from large carriers over issues such as "interconnection" and "reciprocal compensation", and as we've seen from a recent patent suit by Verizon against Vonage, intellectual property is also an issue with VOIP telephony.
By Steve Stroh
You can learn more at Zero Retries Newsletters page.
Comments