If it's determined that your network isn't exempt, from a technical standpoint, what does that mean for your network? Essentially, when an intercept request is made by an LEA, the stream of VoIP traffic to and from a particular user is provided to law enforcement. Therefore, at minimum some sort of packet-capturing device is necessary.

Originally, some interpreted the expanded CALEA to require interception at every port within the network. FCC Commissioner Deborah Tate later clarified that edge interception -- that is, the connection between private and public networks -- was all that was necessary. Providing port monitoring capabilities at every uplink could have been costly and not trivial to implement.

The methodology for traffic interception at the edge could be the same as used by intrusion-detection and intrusion-prevention systems. Whether inline or via a mirrored port, a device capable of analyzing and recording selected traffic at the edge is needed. While the FCC won't specify technical requirements, one would think that adding a signature to a Snort IDS to trigger a tcpdump script to take a trace of all voice-related traffic on that IP address would be an acceptable solution. This trace may then be delivered to the LEA.

If CII is desired, the IP address would need to be associated with a particular machine, necessitating additional work. Static IP assignment records or Dynamic Host Configuration Protocol logs can be used to match an IP address to a computer. Those networks that rely on Network Address Translation would have to search the NAT logs, as well determine the correct internal IP address related to the voice traffic of interest.

There is also the option of contracting the services of a trusted third party. Such services, such as VeriSign's NetDiscovery services, handle the CALEA technical and reporting requirements. This may be a preferred route for those companies lacking technical expertise or manpower and desiring a turnkey solution.