ADA & CALEA

Jon, Jenny, & Kiana

Communication Assistance for Law
Enforcement Act(CALEA)
CALEA Background
Was passed by congress in 1994
In response to concerns that emerging technologies such as digital and
wireless communications were making it increasingly difficult for law
enforcement agencies to execute authorized surveillance
CALEA requires a "telecommunications carrier," as defined by the Act,
to ensure that equipment, facilities, or services that allow a customer or
subscriber to "originate, terminate, or direct communications," enable
law enforcement officials to conduct electronic surveillance pursuant to
court order or other lawful authorization.

Reference: http://www.fcc.gov/encyclopedia/communications-assistance-
law-enforcement-act#CCSBI
Telecommunications Carrier
Defined
All entities engaged in the transmission or switching of wire
or electronic communications as a common carrier for hire.


References: www.cybertelecom.org/security/calea.htm
CALEA in Basic Terms
Originally for telephone communications then expanded to
internet broadband access and voice over IPS (2005)
CALEA was in acted so that law enforcement can have
authorization to networks if necessary.
Networks need to be secured

CALEA & Higher Ed Institutions
According to Educause higher education institutions are
exempt from the CALEA Act if they can comply with the
following two criteria.
1. It has a network that qualifies as Private
2. It does not support the connection of the private network to
the internet
SO if your campus allows access to your networks to
specialized individuals (students, faculty, staff, administrators)
and if you rely on a third party commercial ISP/Regional
Network to transmit and route the traffic to the internet you
ARE EXEMPT

Example of Higher Ed Institution's
implementing CLEA on campus
Baldwin Wallace University IT
Campus-Wide Authentication:
Everyone using our wired network (all students in residence halls or anyone
using one of our computer labs or desktop computers) is required to
authenticate in order to access the campus network. Our wireless network
allows both authenticated access to the campus network and non-
authenticated access to just the Internet. Non-authenticated access is limited
to three hours/day before re-authentication is required.


Temporary Accounts:
While there are no direct references or opinions in the CALEA regulations that
state that casual users (such as visitors, conference attendees, or others
involved in campus life or the academic community) need to authenticate,
moving toward that goal through the use of temporary accounts could be
useful. It does not appear to be a requirement at this time, however from the
standpoint of assisting a LEA, the more information we could provide about
individual users who have accessed our network, the better.

Baldwin Wallace University IT
IP Address/MAC Address Tracking:

On the BW computer network, most IP (Internet protocol) addresses are
dynamic. If requested, we are able to match a particular MAC (media
access control) address to a particular IP address in order to assist a
LEA. For example, if John Doe is connecting his laptop at various locations
within the University, then his IP address will vary. However, by logging the
IP address and the associated MAC address, there is a much greater
probability of finding the IP sessions John Doe has initiated. This is not fool
proof as MAC addresses can be intentionally manipulated by someone with
the knowledge to do so.

The IT Department has also started to dynamically assign public IP
addresses to the students living in the residence halls. This will facilitate
easier identification of a particular student/user by simply knowing the IP
address.

Baldwin Wallace University IT
Flow Tracking:
We are able to log the destinations that an IP address goes out to
(off campus). However, retention of these log records is limited due
lack of disk space. As the CALEA guidelines are better defined and
the required amount (days, weeks or months) of logging information
is determined, we will have a better idea of how much disk space will
be needed.

Packet Duplication:
Another key element to any CALEA-related request may be the
ability to duplicate the packets from the IP address being
observed. We anticipate that (OSCnet) will be able to provide this
service to a LEA if requested.

Baldwin Wallace University IT
Time Stamping:
Any LEA requesting information will want accurate date and time information. The
BW network uses NTP (Network Time Protocol) to ensure that any log files or real
time captures reflect the correct time.

Physical Port Documentation:
When a LEA presents a request for information on a person or IP address, they may
also ask for the location of the device that person is using. By having the ability to
associate a user to an IP address, a MAC address, and to a physical port, providing
that information is possible.

For any CALEA-related inquiries at Baldwin Wallace University, the initial contact
person will be the CIO. If the CIO is unavailable, the Senior Vice President, should
be contacted. Once a subpoena has been validated, the appropriate IT staff
personnel will be assigned to assist the LEA. University personnel will make certain
that all requests are handled efficiently and with the utmost discretion and
confidentiality, involving the minimum number of people possible.

How to ensure your compliant
Check to see if your university has any CLEA protocol
Make sure your IT department/University Police are aware of
CLEA and requirements and have the proper protocol in
order should any Law Enforcement Agency (LEA) sends a
request to your campus.
IT should ensure that networks are secure and university
campus is aware on how to gain access to secure networks.
Americans with Disabilities Act
Americans With Disabilities Act
Passed by Congress in 1990, the Americans With Disabilities
Act (ADA) is one of the nations first civil rights laws addressing
the needs of people with disabilities, prohibiting discrimination
in employment, public services, public accommodations, and
telecommunications.

References: http://www.ada.gov/2010_regs.htm




References:http://www.ada.gov/2010_reg.
htm
Americans With Disabilities Act

Disability Defined Under ADA Regulations

A disability is defined as a physical or mental impairment that
substantially limits one or more major life activities. A person is
considered disabled if the person has such a physical or mental
impairment, has a record of such impairment, or is regarded as
having such an impairment. Disability covers a wide range of
conditions and includes mobility, vision, hearing or speech
impairments, learning disabilities, chronic health conditions,
emotional illnesses, AIDS, HIV positive, and a history of
alcoholism or prior substance abuse.

References: http://www.ada.gov/2010_regs.htm



Americans with Disabilities Act
Standards for Accessible Design
The Americans with Disabilities Act was amended in 2008, and
most recently in July of 2010, which is when Attorney General
Eric Holder signed final regulations revising the Departments
ADA regulations, including its ADA Standards for Accessible
Design, which were direct amendments to the 1991 Regulations
for Title II and Title III.
The 2010 Standards for Accessible Design set minimum
requirementsboth scoping and technical for newly designed
and constructed or altered State and local government facilities,
public accommodations, and commercial facilities to be readily
accessible to, and usable by individuals with disabilities.

References: http://www.ada.gov/regs2010/2010ADAstandards




Standards for Accessible Design
and IT
The Standards for Accessible Design explicitly states that all
electronic and information technology must be accessible to
people with disabilities.
Disregarding these regulations can result in legal action
initiated by the DOJ or lawsuits initiated by private citizens.
The ADA Standards of Accessible Design apply to
commercial and public entities that have places of public
accommodation, which includes the internet.

http://www.interactiveaccessibility.com/services/ada-compliance
Section 504 of the Rehabilitation
Act
Enacted in 1973, similar to the ADA, Section 504 of the
Rehabilitation Act is American legislation that guarantees certain
rights to people with disabilities. Section 504 is widely
recognized as the first civil-rights statute for persons with
disabilities. Because it was successful, it helped to pave the way
for similar legislation, such as Section 508 of Rehabilitation Act
and the ADA.
Section 504 covers any program or activity receiving Federal
financial assistance, which is inclusive of elementary,
secondary, and postsecondary schooling.

References:http://www.section504.gov/section504-laws


Section 508 of the Rehabilitation
Act: Opening Doors to IT
In 1998, Congress amended the Rehabilitation Act of 1973 to require
Federal agencies to make their electronic and information technology
(EIT) accessible to people with disabilities.
Section 508 was enacted to eliminate barriers in information technology,
open new opportunities for people with disabilities, and encourage
development of technologies that will help achieve these goals.
Section 508 applies to all Federal agencies when they develop,
procure, maintain, or use electronic and information technology.
Under Section 508, agencies must give disabled employees and
members of the public access to information that is comparable to
access available to others.

References:http://www.section508.gov/section508-laws
Section 504, Section 508, and ADA
Title II &III

Section 504
Prohibits recipients of federal
funds from discriminating on
the basis of disability.

Section 508
Applies to all information
technology, including
computer hardware,
software, and documentation.
Title II of ADA
Prohibits discrimination on the
basis of disability in state and
local government services by
state and local governmental
entities, regardless if they
receive federal funds or NOT.

Title III of ADA
Regulates private colleges and
vocational schools.

ADA, Higher Education and IT

Colleges and universities that receive federal funds must also
adhere ADA as well as Section 504 by providing qualified
students with the appropriate academic adjustments and
auxiliary aids and services that are necessary to afford the
individual an equal opportunity to participate in a schools
program.
Institutions are not required to make adjustments or provide
aids or services that would result in a fundamental alteration
of the program, or impose an undue burden on the institution.

References: www.LD.org
IT/Online Barriers:
Assistive Technology

Many people with disabilities have to rely on the use of assistive
Technology to enable them to use computers and access the internet.
Blind people who cannot see computer monitors may use screen
readers devices that speak the text that would normally appear on a
monitor.
People who have difficulty using a computer mouse can use voice
recognition software to control their computers with verbal commands
People with other types of disabilities may use other kinds of assistive
technology, with the advent of new and innovative assistive
technologies introduced on a continuous basis.

References: http://www.ada.gov.websites2htm

ADA Postsecondary Requirements
for Effective Communication and IT


At no additional cost to the student, as mandated by ADA and 504 regulations, colleges
must provide:
Qualified interpreters
Assistive listening systems
Captioning
TTYs
Qualified Readers
Audio Recordings
Taped Texts
Braille Materials
Large Print Materials
Materials on Computer Disk
Adapted Computer Services

References: www.Pacer.org




IT Advancements in ADA
Compliance

When the Americans with Disabilities Act was enacted in
1990, information technology, more specifically, web based
applications did not exist in the same capacity as reflected
today.
The role of IT will be critical in ensuring that all entities
remain in compliance while meeting the needs of those with
disabilities.
THANK YOU!!!