1 / 14

Navigating CALEA Compliance at the University of Washington: Challenges and Impacts

In this presentation, Terry Gray discusses the complexities of complying with CALEA in the unique context of the University of Washington, a $2B/year enterprise with decentralized IT operations, classified research, and a diverse user base. Key issues addressed include the potential real-time wiretapping of university traffic, the challenges posed by encrypted communications, and the associated costs of compliance. Gray emphasizes the balance between ensuring safety and the technical and ethical implications of increased surveillance on users and network performance.

aderyn
Download Presentation

Navigating CALEA Compliance at the University of Washington: Challenges and Impacts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CALEA: one university view Terry Gray University of Washington Agora Meeting 2 December 2005

  2. Important Safety Tip #1 • I'm just a techie. But… • Here we are at the intersection of “IT” and “policy”

  3. University Environment • Like any $2B/yr enterprise, except we have hospitals, classified research, students… • Aggressively decentralized • Trickle-down technology • Extreme net/computing diversity • Approx 100K devices on net • Multiple high-speed research nets • Global initiatives, e.g. ResearchChannel

  4. Status Quo • Subpoenas received • Subpoenas complied with • Fairly rare • What’s the problem?

  5. CALEA Issues • Who will be affected? • What will be required? • Will it work? • Cost? • Impact on operations? • Impact on users? • Does it make sense?

  6. Worst Case Scenario • Real-time wiretap of any UW traffic • Even if it doesn’t go thru a router • Even if carried on >10Gbps link • Wiretap by user identity, not just IP address • HUGE impact on users • HUGE impact on network managers • Wiretrap trigger by application behavior • As per wireline rules, e.g. notify when “phone rings” • Immense performance and Ops issues

  7. Reality Check: will it work? • For dumb criminals, but not even all of them • 62% of outbound dorm traffic = Skype • All encrypted • Is it file sharing, voice, video, or ???

  8. Technical Limitations on Wiretapping • Encryption • Technology is always a 2-edged sword • Very high-speed networks • Consider SC05 scenario • VOIP • Lots of flavors; can be hard to identify • Wireless • Anonymous hot-spot access

  9. Cost • Depends totally on final rules! • Potentially huge… (millions of $$) • Replacement of all switches/routers • Network admission control SW/ops • 40G/s routers with dynamic port mirroring? • Significant non-economic costs • Inconvenience of additional network login • Impact on innovation e.g. ultra-high-speed comm

  10. Winners • Equipment vendors: Cisco, Juniper, ... • Common carriers: shift/share burden • LE: Easier to catch dumb criminals

  11. Losers • Users (NAC inconvenience and indirect costs) • Institutions (cost of unfunded mandate) • LE • less effective than hoped • risk of changing criminal behavior -badly • risk of backlash from public against LE

  12. Important Safety Tip #2 • Fear trumps reason • People don’t always make best decisions when they feel threatened • This goes doubly for policy makers • NB: this is not an official UW observation 

  13. Summary • We all want to be safe • LE has a really tough job • Balancing societal needs is hard, esp. post 9/11 • Cost-benefit of proposed rules is dubious • Impact unknowable until details decided

  14. Postscript: notes from the panel • NB: UW does support/cooperate with LE! • NB: CALEA doesn’t change when LE can tap • Distinguish CALEA from PATRIOT issues • At issue: reasonableness of implementation requirements --cost/benefit • “Timeliness” is a key factor in cost: • Do we need to pre-provision for instant response to any possible request? Or is on-demand provisioning satisfactory?

More Related