In October 1994, Congress took action to protect public safety and national security by enacting
CALEA. The law further defined the existing statutory obligation of telecommunications carriers to assist law enforcement in executing electronic surveillance under court order or other lawful authorization.
Prior to CALEA, advances in communication services were clearly outpacing law enforcement's ability to integrate and interface with all of the emerging technologies.
CALEA, and more specifically the standard(s) it created, allowed law enforcement to focus on its role of investigating criminal activity rather than becoming experts on every new technology introduced in the marketplace.
The first groups to work with law enforcement agencies (LEAs) to develop a standardized interface were wireless and wireline operators, network equipment providers and the suppliers that develop the equipment used to execute lawful intercept requests. In 1994 the vast majority of all communications was done over wireline phones and a growing number of wireless phones. The original focus of the law was placed on both modes of communication.
The standard that came out of this collaborative effort was called J-STD-025 and it enabled telephone operators to pass intercepted voice traffic and call data to LEAs. In 1994, keeping tabs on the switch associated with a telephone number was sufficient to monitor that number. While simpler than today's network capabilities, this first effort allowed LEAs to gather new information (call forwarding, 3-way calls, call waiting), in real-time, with minimal delay between executing the court order and receiving the call information. This was extremely useful in time-critical situations such as kidnappings.
Also in 1994, the Internet was just a shadow of what it is today. For this reason, CALEA's rules did not cover the collection of Internet data traffic, traffic transported across broadband networks, voice over Internet protocol (VoIP) and other IP-based services. Needless to say, during the past 12 years wired and wireless networks have evolved from using mainly circuit-switched technology to incorporating IP-based gear for transporting the bulk of today's communications traffic.
Realizing that criminal suspects are exploiting this loophole in the original CALEA ruling, the FCC passed a second ruling in 2005. The new CALEA ruling expands the scope of the original ruling to include:
All providers that meet the definitions above must comply with the ruling by March 2007 and provide LEAs with access to any IP-based broadband networks. Because communications networks will continue to evolve and become more complex, it is logical to assume that the recent amendment will not be the last. This fact and the recent ruling has led carriers to seek lawful intercept solutions that meet today's requirements and also are capable of evolving to meet anticipated future CALEA rulings.
CALEA requirements
One of the challenges connected to the second CALEA ruling is that, like the first ruling, it is open to interpretation and does not tell vendors exactly which applications are covered or where they are to do lawful intercept in the broadband/IP environment. For example, lawful intercept solutions vendors do not know if their solutions need to monitor only those services delivered by the carrier that is providing connectivity (phone companies and cable companies) or if they also extend to third-party services providers (Yahoo, Vonage, AOL etc.) that are providing pure services like Internet Access, E-mail, VoIP, chat and instant messaging. The prevailing school of thought assumes that regardless of the service provided, whoever "owns" the subscriber is responsible for supporting lawful intercept.
Perhaps the most critical area of concern is addressing the exponential increase in network complexity. In broadband and IP-based networks, many service providers and many network elements are likely to take control of a call as it is set-up and transmitted to its destination. For example, the copper plant connected to a suspect's premises could be provided by an ILEC; Internet access could be provided by an ISP; and voice traffic could be handled by a third-party VoIP provider. And the traffic generated by any of those three could be transported by one of several backhaul transmission providers.
Because calls placed in this situation could be handled and controlled by any of the providers at any given point in time, and because multiple network elements are involved at different times, law enforcement officials are having to consider more closely which service provider(s) they will need to work with to execute their warrants.
Performing lawful intercept today requires a sophisticated infrastructure that is able to survey the edge of service providers' networks and coordinate with different network elements to accurately and efficiently identify and isolate the appropriate traffic before delivering it to the LEA for recording and analysis. This complexity also reinforces the benefits and advantages of having one application controlling all lawful intercept activity across multiple applications, services and types of equipment within a carrier's environment.
While LEAs understand these challenges, they are not willing to delay implementation of the new rules. They are desperate for help because the bad guys they seek to catch are getting smarter by the minute and they need to be able to identify them and keep up with communications traffic of any type.
Choices for CALEA compliance
Countries around the world are in different stages of passing lawful intercept laws and the standards are still evolving to meet new network needs. However, there are many countries where solutions are already being implemented. In these areas lawful intercept solution vendors are working closely with network equipment vendors, service providers and law enforcement to develop interfaces to elements in the access network and deliver the information to law enforcement.
Carriers have three paths forward to meet the lawful intercept requirements of today and the future:
1.Work with individual network equipment providers to come up with a solution for each piece of equipment.
2.Utilize a mediation/delivery function solution specifically designed to work with all network elements and provide compliance for lawful intercept
3.Engage a hosted provider and develop a solution with them
Solution 1 is the least likely to be attractive to carriers. It is virtually impossible and very impractical for carriers to try to work with all of their equipment vendors. Given the diverse nature of the problem, the process would be too cumbersome and too complex to come up with a solution in time to meet current lawful intercept requirements. And the complexity is certain to increase as modern networks evolve and new requirements are mandated.
Solution 2, working with companies that design and manufacture lawful intercept mediation platforms to meet lawful intercept requirements, is a more practical solution. These vendors are constantly keeping themselves abreast of the requirements, standards and technologies needed to keep carriers compliant with nationally mandated lawful intercept requirements. They typically work with all network element vendors to create lawful intercept compliant solutions for carriers.
Solution 3, outsourcing lawful intercept compliance requirements to a hosted lawful intercept solution provider is a choice that can reduce the effort needed to find/implement a solution and also reduce a carrier's operational burden once that solution is in place. However, some carriers may not wish to give a third-party provider such high-level access to, and control of, their networks and their subscribers' passwords, authentication mechanisms, profiles and accounting information. A hosted service is likely the best solution for small providers that will not have to execute many warrants and therefore cannot justify investment in both expertise and equipment to deal with law enforcement
requirements.
Network Components
Once a solution is chosen and carriers begin constructing a lawful intercept solution , carriers must consider the role of three key elements that combine to deliver a complete solution:
1.The access function (within the carriers' network)
2.The mediation/delivery function for warrant provisioning
3.The collection function for session analysis
The access function of a lawful intercept solution can be any network element (Class 5 switch, MSC, DSLAM, Session Border Controller) that has reasonable access to the target's traffic and can act as the intercept access point (IAP). This is the place where a target identifier (name, phone number, IP address, email address etc.) is used to identify, isolate and replicate the target's traffic. The access function has a very finite role. It provides a provisioning interface by which the target identifier can be entered. It Accesses the target's communication traffic. And it replicates it and sends it to the delivery function.
The access function doesn't need to know about warrants, LEAs, delivery protocols, country variants etc.
The delivery function is where the process of executing an intercept begins. The warrant is entered into the delivery function and provides critical information about what information needs to be gathered and which LEA(s) to send that information to. In most cases, there is no standard for the interface between the delivery function and the access functions in the network. Because of this, some lawful intercept solution vendors are making platforms that support multiple protocols and multiple elements simultaneously. This capability enables carriers to support requests to track calls made by specific individuals across each network element.
Use of a delivery function, allows carriers to have centralized control of the lawful intercept process as well as clean delineation between network elements. The delivery function automatically coordinates the collection of information from all the network elements in the call. This is extremely important when monitoring calls today. For example, a call made from a cell phone is very rarely limited to the area covered by the originating MSC. The delivery function is able to coordinate and track all of the MSCs used during the call.
The problem becomes even more complex when broadband is added to the mix, because in addition to the MSCs, there are many more elements involved in the process. For example, in either a VoIP or IMS domain, SIP signaling comes from one place while RTP voice packets might come from another.
In addition to coordinating multiple network elements, a delivery function is often required to coordinate the dissemination of information to multiple law enforcement agencies. For the carrier, the mediation platform is indispensable in this situation, because privacy laws do not allow one agency to know that another agency is involved in the process.
The collection function employed at the LEA contains recording, playback and analytics software. The collection function receives the data and turns it into useable information such as where the suspect was when he or she made the call, who they were calling and call content.
Summary
The requirements for meeting CALEA compliance have continued to evolve over the last 12 years. As network technologies update, and criminal minds choose ever diversifying communication services, both legislators and operators are forced to move with the times. Fortunately, vendors on the cutting edge of lawful intercept solution design, continue to enhance products that now communicate with a broad array of network elements and facilitate the provisioning of information to the investigating LEA.
About
the Author
|
|
Scott Coleman is currently
Director of Marketing for Lawful Intercept at SS8 Networks, with over 17
years experience working in the Telecommunications industry, with 7 of
those years focused on the lawful intercept and recording markets. Scott
has focused on industry wide activities including emerging standards,
industry forums and law enforcement seminars for both local and national
agencies domestically and internationally. His speaking engagements
include industry forums for carriers and law enforcement agencies,
specifically Pennsylvania Telecommunications Carriers, NY State Police,
FBI, RCMP, Greek Security Services, Taiwanese Security Services,
Canadian Telecommunications Forum, Association of Public Safety
Communications, Internet Telephony Conference, Public Safety and
Emergency Preparedness Canada and media outlets like Yankee Group,
Gartner Group, IDG and the Wall Street Journal.
|
About SS8
Networks
|
|
SS8
Networks provides a complete
range of messaging, lawful intercept, and signaling solutions that
enable network operators to optimize their investment in traditional,
legacy networks while smoothing the transition to 21st century
architectures. Through a series of extended relationships, lawful
intercept solutions are now also available for government and law
enforcement agencies worldwide. SS8 Networks' solutions are
installed in global tier one wireless, wireline, VoIP and cable networks
and are also available through a channel of major international switch
vendors. SS8 Networks has been
recognized and named a Red Herring 100 and AlwaysOn company in
North America
in 2005, for its innovation, quality of management, execution of
strategy, and dedication to research and development. SS8 Networks is
headquartered in
San Jose
,
Calif.
, with offices worldwide.
|
