Customers sometimes ask whether they can comply with local telecommunications laws when using a Meraki system.
The short answer: Meraki Enterprise WLAN solutions allow customers to fully comply with CALEA by using bridge-mode to assign IP addresses from the customer's own DHCP server. Meraki's solution is, from the CALEA point of view, identical to any other wireless LAN provider, including Cisco and Aruba.
The long answer: While requirements vary significantly from country to country, they typically fall into one of two buckets: wire tapping and historical logging. In the U.S., the set of laws governing wire taps is known as CALEA.
The Meraki Carrier Lawful Intercept was discontinued with the introduction of Enterprise Edition.
In this scenario, a law enforcement agency asks a service provider to record all data that a specific user sends and receives for some duration of time in the future. The ability to comply with such a request is what is generally referred to as “CALEA Compliance.”
By using their own DHCP server, the customer can correlate IP addressees with specific customers, which is the key to being able to perform a wire tap.
Note that the service provider still needs to have their own wire tapping hardware, sold by companies like SS8. This hardware is often quite expensive.In practice, this solution is really only suitable for large telcos. Smaller telcos, or those using distributed backhaul, cannot easily comply.
In this scenario, the FBI might want a service provider to tell them who was downloading illegal content from a specific URL for some time in the past. The FBI gives the service provider an IP address and a time, and wants to know who it was.
Service Providers have been receiving subpoenas like this for many years. In general, compliance has not been too difficult - the service provider just looks at his DHCP logs. Even small service providers ($10M/year) get several subpoenas like this per month.
The service provider uses their own logs to provide information to the law enforcement agency.