http://www.dailynebraskan.com/vnews/display.v/ART/2005/10/28/4361b2d9d7b13 JOHNNY PEREZ October 28, 2005 University of Nebraska-Lincoln officials are cautiously preparing to comply with a controversial federal law that may require colleges and universities to overhaul their computer networks to make it easier for law enforcement agencies to monitor electronic communications. The mandate is an expansion of the 11-year-old Communications Assistance for Law Enforcement Act (CALEA), which requires telephone service providers to fund updates of their systems in order to assist law enforcement with electronic surveillance. The FCC began implementing the act in 1997 but has since made several orders concerning CALEA's rules. The FCC's most recent changes, which will go into effect Nov. 14, included conclusions that expanded the original definition of a ``telecommunications carrier'' and suggested that facilities-based providers of broadband Internet access - including universities - were subject to CALEA's rules, a prospect that has many university officials worried. ``The fear is that CALEA somehow is going to require colleges and universities to redesign their entire computer networks ... and telephone networks to accommodate law enforcement,'' said Michael Carr, information security officer for the University of Nebraska. The FCC has yet to announce specific changes that universities must make to their networks, although all changes must be implemented by June 2007.But these future changes could raise concerns among university officials about invasion of privacy. Colleges and universities already hand over information to law enforcement concerning network traffic - such as e-mails sent by faculty and students and Internet searches - to comply with court-ordered subpoenas or warrants. The FCC's changes will aim to speed up this process by providing easier access to the information. Because universities and colleges already partially comply with this regulation, Carr said some officials are questioning their inclusion in the new changes. But Carr said criminals are using Internet networks to communicate in new ways, increasing the need for government action. ``We have an obligation to make sure digital resources aren't being used for bad things,'' he said. ``You have to change the way you do business if you're an investigative agency.'' But many organizations representing universities are expressing concerns about the possibility that such updates could cost educational institutions billions of dollars. But Rick Haugerud, assistant director for Information Services at the University of Nebraska-Lincoln, said these potential costs could be inflated because the federal government has yet to specify what changes universities need to have in place by 2007. The changes came in response to a March 2004 petition by the Department of Justice, FBI and Drug Enforcement Administration to the FCC to include broadband Internet access services and voice-over-Internet providers, which allow phone calls to be made over the Internet. The American Council on Education, a coordinating body for educational institutions around the country, filed a lawsuit Monday challenging the new requirements. EDUCAUSE, a nonprofit educational information technology organization, also has filed comments with the FCC requesting that the proposed changes be modified. ``Our posture has been to kind of sit back and communicate with our user groups,'' Haugerud said. ``They're putting up the money to fight this thing, and we'll see where it goes.'' With current discussion generated by the issue, Haugerud said UNL is looking into ways they could comply with new mandates. ``We don't want to do anything that would inhibit our ability to do this down the road,'' he said. ``We're looking at if this were to happen, what would we do. ... We're not making fixed decisions, we're just having conversations.'' As educational institutions wait on detailed instructions from the federal government, Carr said it is still early to become too worried since the FCC has only said something needs to be done - not what must be done. ``But it's not bad to think about it,'' he said. _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Oct 27 2005 - 23:58:45 PDT