Slide Presentation

Download Report

Transcript Slide Presentation 

Lawful Intercept Case Study
Harvard Law School
November 12, 2003
Session Number
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
1
Outline
• Brief Summary of the “Case” and Your
Role
• Overview of Relevant Technologies
• Your Guidance to the Company
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
2
Summary
• In-house counsel for an IP-based network
equipment manufacturer
• Responsible for the company’s legal strategy on
lawful intercept
• Company is looking for guidance (legal, PR,
regulatory) regarding the best approach to LI in
the post 9/11 world
• Need to respond to customer requests for
information and contractual protection
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
3
Traditional Local Exchange Carrier (LEC)
Architecture
SS7
Tandem
Switches
Central
Office
Switches
Presentation_ID
…
…
© 2002, Cisco Systems, Inc. All rights reserved.
…
…
4
Voice over IP (VoIP)
• Voice is carried as a digital signal to an Aggregation
Device over a common ‘pipe’
– Information is carried as packets
– Resources are shared between data types and other
subscribers.
– Packets to same address may follow different routes
– Eliminates the need for separate networks and infrastructure
for different forms of communication (voice, data, video)
 Convergence!
• Information is routed
based on its final
destination.
– Voice and signaling
follow separate paths
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
5
Typical VoIP Architecture
Customer
Premise
Internet
SS7
IAD
Local
Exchange
Carrier (LEC)
Aggregation
Router
PBX
Call Control
Entity
IAD
Internet Gateway
Router
IntereXchange
Carrier (IXC)
IP Switch
Trunking
Gateway
IAD
Aggregation
Router
Core
Router
Trunking
Gateway
911
PBX
IAD
Operator
Services
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
6
General Questions—1/3
•
Do we see more similarities or
differences among the three country’s
approaches to lawful intercept?
•
What might be some reasons for these
differences and/or similarities?
•
What are some of the ways that these
differences and/or similarities might
impact your company’s legal and
technical approach?
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
7
General Questions—2/3
•
What are some of the risks for your
company under these laws (e.g. fines,
lawsuits)?
•
What steps can and should you take to
protect your company from them?
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
8
General Questions—3/3
•
How should your company engage with
relevant government agencies? Actively
and openly? Equally across all
countries or just the most strident?
•
Should you let your customers do it
instead of you? What factors you should
consider in making this determination?
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
9
“Managed Services” Scenario
•
Your company has one product that can be used
both by private enterprises for their corporate voice
network and by public service providers to deliver
managed voice services.
•
In the latter case, the product can either sit on the
customer’s premise or the on the service provider’s
site in their central office.
•
The team developing this product within your
company wants to know whether they are “legally
required” to build LI functionality into this product,
and if not, whether there are some other (non-legal)
reasons that they should.
What advice do you give them?
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
10
Managed Services Scenario
Things to consider:
1. Does this qualify as a “public” or “private” network service?
Or both?
Is the answer the same for all countries?
Is this a relevant question in all countries?
2. Is this functionality “legally required” in any country?
Is that even a relevant question?
If not, what are the risks, if any, of not building this
functionality into the product?
3. How would you communicate with your customers on this
issue?
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
11
Contract Negotiations
• During negotiations on a sales contract with one of
your global service provider customers they demand
that you include a guarantee that all of your products
are “LI-compliant” on a world-wide basis.
• They suggest that breach of this guarantee would
result in liquidated damages.
• They also ask you to indemnify them for any penalties
they might suffer for non-compliance with a particular
country’s LI laws.
How would you handle this?
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
12
Contract Negotiations
Things to Consider:
1. Do you have any legal obligation to make this promise?
2. How do you analyze their request for liquidated damages?
What should the amount be, if any? Is money the
customer’s “sole remedy”?
3. What about other vendors’ products in the network? Do
you have complete control over the network design?
4. What is the “true” risk to your company of a breach?
5. Is there anything you should try to get in return for this
promise?
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
13
Questions?
Feel free to email me at:
[email protected]
Presentation_ID
© 2002, Cisco Systems, Inc. All rights reserved.
14