Communication Assistance for Law Enforcement Act(CALEA) CALEA Background Was passed by congress in 1994 In response to concerns that emerging technologies such as digital and wireless communications were making it increasingly difficult for law enforcement agencies to execute authorized surveillance CALEA requires a "telecommunications carrier," as defined by the Act, to ensure that equipment, facilities, or services that allow a customer or subscriber to "originate, terminate, or direct communications," enable law enforcement officials to conduct electronic surveillance pursuant to court order or other lawful authorization.
Reference: http://www.fcc.gov/encyclopedia/communications-assistance- law-enforcement-act#CCSBI Telecommunications Carrier Defined All entities engaged in the transmission or switching of wire or electronic communications as a common carrier for hire.
References: www.cybertelecom.org/security/calea.htm CALEA in Basic Terms Originally for telephone communications then expanded to internet broadband access and voice over IPS (2005) CALEA was in acted so that law enforcement can have authorization to networks if necessary. Networks need to be secured
CALEA & Higher Ed Institutions According to Educause higher education institutions are exempt from the CALEA Act if they can comply with the following two criteria. 1. It has a network that qualifies as Private 2. It does not support the connection of the private network to the internet SO if your campus allows access to your networks to specialized individuals (students, faculty, staff, administrators) and if you rely on a third party commercial ISP/Regional Network to transmit and route the traffic to the internet you ARE EXEMPT
Example of Higher Ed Institution's implementing CLEA on campus Baldwin Wallace University IT Campus-Wide Authentication: Everyone using our wired network (all students in residence halls or anyone using one of our computer labs or desktop computers) is required to authenticate in order to access the campus network. Our wireless network allows both authenticated access to the campus network and non- authenticated access to just the Internet. Non-authenticated access is limited to three hours/day before re-authentication is required.
Temporary Accounts: While there are no direct references or opinions in the CALEA regulations that state that casual users (such as visitors, conference attendees, or others involved in campus life or the academic community) need to authenticate, moving toward that goal through the use of temporary accounts could be useful. It does not appear to be a requirement at this time, however from the standpoint of assisting a LEA, the more information we could provide about individual users who have accessed our network, the better.
Baldwin Wallace University IT IP Address/MAC Address Tracking:
On the BW computer network, most IP (Internet protocol) addresses are dynamic. If requested, we are able to match a particular MAC (media access control) address to a particular IP address in order to assist a LEA. For example, if John Doe is connecting his laptop at various locations within the University, then his IP address will vary. However, by logging the IP address and the associated MAC address, there is a much greater probability of finding the IP sessions John Doe has initiated. This is not fool proof as MAC addresses can be intentionally manipulated by someone with the knowledge to do so.
The IT Department has also started to dynamically assign public IP addresses to the students living in the residence halls. This will facilitate easier identification of a particular student/user by simply knowing the IP address.
Baldwin Wallace University IT Flow Tracking: We are able to log the destinations that an IP address goes out to (off campus). However, retention of these log records is limited due lack of disk space. As the CALEA guidelines are better defined and the required amount (days, weeks or months) of logging information is determined, we will have a better idea of how much disk space will be needed.
Packet Duplication: Another key element to any CALEA-related request may be the ability to duplicate the packets from the IP address being observed. We anticipate that (OSCnet) will be able to provide this service to a LEA if requested.
Baldwin Wallace University IT Time Stamping: Any LEA requesting information will want accurate date and time information. The BW network uses NTP (Network Time Protocol) to ensure that any log files or real time captures reflect the correct time.
Physical Port Documentation: When a LEA presents a request for information on a person or IP address, they may also ask for the location of the device that person is using. By having the ability to associate a user to an IP address, a MAC address, and to a physical port, providing that information is possible.
For any CALEA-related inquiries at Baldwin Wallace University, the initial contact person will be the CIO. If the CIO is unavailable, the Senior Vice President, should be contacted. Once a subpoena has been validated, the appropriate IT staff personnel will be assigned to assist the LEA. University personnel will make certain that all requests are handled efficiently and with the utmost discretion and confidentiality, involving the minimum number of people possible.
How to ensure your compliant Check to see if your university has any CLEA protocol Make sure your IT department/University Police are aware of CLEA and requirements and have the proper protocol in order should any Law Enforcement Agency (LEA) sends a request to your campus. IT should ensure that networks are secure and university campus is aware on how to gain access to secure networks. Americans with Disabilities Act Americans With Disabilities Act Passed by Congress in 1990, the Americans With Disabilities Act (ADA) is one of the nations first civil rights laws addressing the needs of people with disabilities, prohibiting discrimination in employment, public services, public accommodations, and telecommunications.
References: http://www.ada.gov/2010_regs.htm
References:http://www.ada.gov/2010_reg. htm Americans With Disabilities Act
Disability Defined Under ADA Regulations
A disability is defined as a physical or mental impairment that substantially limits one or more major life activities. A person is considered disabled if the person has such a physical or mental impairment, has a record of such impairment, or is regarded as having such an impairment. Disability covers a wide range of conditions and includes mobility, vision, hearing or speech impairments, learning disabilities, chronic health conditions, emotional illnesses, AIDS, HIV positive, and a history of alcoholism or prior substance abuse.
References: http://www.ada.gov/2010_regs.htm
Americans with Disabilities Act Standards for Accessible Design The Americans with Disabilities Act was amended in 2008, and most recently in July of 2010, which is when Attorney General Eric Holder signed final regulations revising the Departments ADA regulations, including its ADA Standards for Accessible Design, which were direct amendments to the 1991 Regulations for Title II and Title III. The 2010 Standards for Accessible Design set minimum requirementsboth scoping and technical for newly designed and constructed or altered State and local government facilities, public accommodations, and commercial facilities to be readily accessible to, and usable by individuals with disabilities.
Standards for Accessible Design and IT The Standards for Accessible Design explicitly states that all electronic and information technology must be accessible to people with disabilities. Disregarding these regulations can result in legal action initiated by the DOJ or lawsuits initiated by private citizens. The ADA Standards of Accessible Design apply to commercial and public entities that have places of public accommodation, which includes the internet.
http://www.interactiveaccessibility.com/services/ada-compliance Section 504 of the Rehabilitation Act Enacted in 1973, similar to the ADA, Section 504 of the Rehabilitation Act is American legislation that guarantees certain rights to people with disabilities. Section 504 is widely recognized as the first civil-rights statute for persons with disabilities. Because it was successful, it helped to pave the way for similar legislation, such as Section 508 of Rehabilitation Act and the ADA. Section 504 covers any program or activity receiving Federal financial assistance, which is inclusive of elementary, secondary, and postsecondary schooling.
Section 508 of the Rehabilitation Act: Opening Doors to IT In 1998, Congress amended the Rehabilitation Act of 1973 to require Federal agencies to make their electronic and information technology (EIT) accessible to people with disabilities. Section 508 was enacted to eliminate barriers in information technology, open new opportunities for people with disabilities, and encourage development of technologies that will help achieve these goals. Section 508 applies to all Federal agencies when they develop, procure, maintain, or use electronic and information technology. Under Section 508, agencies must give disabled employees and members of the public access to information that is comparable to access available to others.
References:http://www.section508.gov/section508-laws Section 504, Section 508, and ADA Title II &III
Section 504 Prohibits recipients of federal funds from discriminating on the basis of disability.
Section 508 Applies to all information technology, including computer hardware, software, and documentation. Title II of ADA Prohibits discrimination on the basis of disability in state and local government services by state and local governmental entities, regardless if they receive federal funds or NOT.
Title III of ADA Regulates private colleges and vocational schools.
ADA, Higher Education and IT
Colleges and universities that receive federal funds must also adhere ADA as well as Section 504 by providing qualified students with the appropriate academic adjustments and auxiliary aids and services that are necessary to afford the individual an equal opportunity to participate in a schools program. Institutions are not required to make adjustments or provide aids or services that would result in a fundamental alteration of the program, or impose an undue burden on the institution.
Many people with disabilities have to rely on the use of assistive Technology to enable them to use computers and access the internet. Blind people who cannot see computer monitors may use screen readers devices that speak the text that would normally appear on a monitor. People who have difficulty using a computer mouse can use voice recognition software to control their computers with verbal commands People with other types of disabilities may use other kinds of assistive technology, with the advent of new and innovative assistive technologies introduced on a continuous basis.
References: http://www.ada.gov.websites2htm
ADA Postsecondary Requirements for Effective Communication and IT
At no additional cost to the student, as mandated by ADA and 504 regulations, colleges must provide: Qualified interpreters Assistive listening systems Captioning TTYs Qualified Readers Audio Recordings Taped Texts Braille Materials Large Print Materials Materials on Computer Disk Adapted Computer Services
References: www.Pacer.org
IT Advancements in ADA Compliance
When the Americans with Disabilities Act was enacted in 1990, information technology, more specifically, web based applications did not exist in the same capacity as reflected today. The role of IT will be critical in ensuring that all entities remain in compliance while meeting the needs of those with disabilities. THANK YOU!!!