Question for all - please be civil and respectful if you want to discuss this. And there are many developers involved in supporting CALEA. But first, let's be honest, if you told your customers/users that their traffic is monitored, and can be monitored, without their knowledge, wouldn't that be a good thing?

REF: https://mum.mikrotik.com/presentations/ ... _CALEA.pdf

I am asking since in many countries, including the US, there is more than a hypothetical chance that many people are being targeted because they are different than those who have the authority to issue such instructions and have control of Law Enforcement.

From my history in router dev and engineering, I think it is time to have more discussion with users who should be aware of the reach of the CALEA package, given what is happening in the world, it's scary to think that most (99.9999%) people don't know about it as it was strictly a geek thing. But I am now choosing as a veteran of the industry to call for more awareness, and at least some discussion on how to "Watch the watchers", what data are the routers sharing that we don't know or notice - and how can we know if it is being done so at any time" ?

While I may not agree with every CALEA provision, I do say the law and it's provisions are not secret.
Anybody paying attention knows everybody is subject to traffic analysis and occasionally content inspection.
The implication is those that aren't aware they are vulnerable are just not paying attention which IMO is the common case.

In my 25 years in the industry, and 20 years of knowing of CALEA's existence, and being the guy in charge of the back end for most of that time, I can say, at least in the areas I've worked, I've had exactly 0 CALEA requests. Another ISP shared that he got a contact info update request from the FBI one time. He told them it was all on the CALEA paperwork they had to file annually. The FBI guy told him "Oh, we don't use that."

I have, on the other hand, processed dozens of subpoenas (some LEA's call them warrants) over the years where the LEO is asking for customer information tied to an IP address. Those were most often (unfortunately) CSAM-related, and they already had the incriminating evidence they needed.

As opposed to old-school telephony (the era in which CALEA was developed), with IP and now Internet portability, I think it's safe to say that, for the dark hats who really want to "get" someone, it's more effective for them to put something on the target's device(s) than to try to play whack-a-mole with all the possible networks they could be using.

Warrants require too much specificity. It's far easier to just force the biggest carriers to route/mirror all their traffic through the NSA's data centers...

Is CALEA global or US centric? If global, is the CALEA module configurable by region so policies and procedures don't migrate if the router is moved ?

CALEA is United States law, FCC and Wikipedia links follow, 3rd link is recent scope change.
https://www.fcc.gov/calea
https://en.wikipedia.org/wiki/Communica ... cement_Act
https://www.lermansenter.com/fcc-expand ... ligations/

Lawful Interception is a global legal concept, following Wikipedia can help:
https://en.wikipedia.org/wiki/Lawful_interception