Telecom Informer

    

by The Prophet

Hello, and greetings from the Central Office!

It's summer, although there aren't any windows here so I have to rely on "service monitoring" of my subscribers' phone calls to find out what it's like outside.  I understand that the rain here in the Pacific Northwest has gotten a little warmer.  And if I hear one more teeny-bopper gushing about American Idol, I'm gonna barf!

Surveillance is a hot topic these days now that the NSA has admitted to illegally spying on virtually everyone in the U.S.  It seems that they're heavily scrutinizing anyone who makes outgoing domestic calls after receiving a call from Pakistan.  I'm sure they're finding out about all sorts of births, deaths, and weddings in Pakistan because these are the sorts of things that generate flurries of phone calls.  I bet they're finding out about all sorts of things that have nothing to do with terrorism.

Unfortunately, what they're doing with the information is all a secret and I don't have security clearance to go into the special room that the NSA has set up here.  All I know is that they've spliced into every fiber connection in the place and they have their own secure trunk out of here to Fort Meade, so you can probably draw your own conclusions.

Notwithstanding the whiz-bang new stuff that the NSA has installed, surveillance has been built into the telecommunications system for over a decade, and was mandated by a law called CALEA in 1994.  I last wrote about the topic in 2002 and surveillance has only gotten more pervasive since then.

Wiretaps are an increasingly large part of the law enforcement arsenal in the War on Drugs (there are so many wars I'm beginning to lose track, but this one is apparently still on), and drug investigations account for the vast majority of them. Last year, 1433 wiretaps were authorized as part of drug investigations.  There were only 340 wiretaps conducted for everything else (clearly pot smoking hippies are more important to stop than terrorism).  The number of wiretaps conducted illegally is unknown, and in fact, CALEA software is often designed such that it cannot ever be determined.

Prior to the mid-1990s it used to be pretty tough for the police to conduct a wiretap, or even to install a pen register (which records every digit you dial).  The police had to go to court and get a warrant (tough for them to do since there is a donut shop between the police station and the courthouse).  If they managed to do that, they'd have to drive down to my central office (even tougher since there are three donut shops between the police station and here).

After all that, I'd invite them to leave if the warrant wasn't specific about who they wanted to wiretap, how they intended to do it, or for how long the wiretap was to take place.  And I'd always be ready with directions to the courthouse (instead of my central office) if the police showed up without a warrant.

Despite it all, I usually saw the local police a couple of times a year.  They were usually investigating organized crime and they tracked down a murderer with a wiretap once.  They were also really interested in a guy named Bernie S.  However, I almost never saw the feds.  There are an awful lot of donut shops between the federal building in downtown Seattle and here.

While they'd sometimes get within one or two of them, most federal agents would either suffer congestive heart failure or stain their ties with maple glaze before arriving at my doorstep.  Thank goodness for those dress codes because otherwise I would probably never have gotten any real work done.

These days I never see the police at all and they conduct a lot more wiretaps than they used to.  They stay downtown in the police station and I never even know when they're listening to someone's phone calls.  The fairly inconspicuous software running on telecommunications switches has gotten heavy use.  All told, 1630 wiretaps were conducted in the U.S. last year, not counting unreported illegal wiretaps (although I'm sure that the police never break the law) and wiretaps that began in 2005 but hadn't ended in 2006 (to avoid tipping off the targets, wiretaps are reported after they're completed, not initiated).

Wiretaps have increased in number and frequency every year since 1995, the first year that CALEA was implemented, and have roughly doubled in that time frame.  This trend seems to validate the concerns of civil libertarians who argued that the easier it is for law enforcement to conduct wiretaps, the more frequently they would seek to do so.  Still, at a cost of roughly $45,000 per court-authorized wiretap, it's not an inexpensive proposition, which explains why the federal government (with unlimited time and an unlimited budget) is the heaviest user of wiretaps.

In 2006, virtually no way of communicating is safe from CALEA.  Whether you're using a mobile phone (88 percent of wiretaps in 2005 involved a mobile phone or pager), wired phone, pager, teleconference facility, or even a VoIP device, CALEA mandates that the government have the ability to wiretap your calls remotely.

The following types of communications services are subject to CALEA:

• Any entity that holds itself out to serve the public indiscriminately in the provision of any telecommunications service.
• Entities previously identified as common carriers for purposes of the Communications Act, including local exchange carriers, inter-exchange carriers, competitive access providers, and satellite-based service providers.
• Cable operators, electric, and other utilities to the extent that they offer telecommunications services for hire to the public.
• Commercial Mobile Radio Service (CMRS) providers.
• Specialized Mobile Radio (SMR) providers (such as Nextel) when their systems interconnect to the public switched telephone network.
• Resellers of telecommunications services to the extent they own equipment with which services are provided.
• Providers of calling features such as call forwarding, call waiting, three-way calling, speed dialing, and the call redirection portion of voice mail.
• Facilities used by carriers to provide both telecommunications and information services are subject to CALEA in order to ensure the ability to conduct lawfully-authorized electronic surveillance of the telecommunications services.

The FCC's requirement that Internet Service Providers (ISP) implement CALEA surveillance infrastructure for the interception of email messages and similar communications is a controversial matter and is currently under court review.

The FCC's reading of the CALEA law, which exists nowhere in the plain language of the statute, is that Congress intended to cover services that were functionally equivalent to land-line telephones.

The U.S. Circuit Court for the District of Columbia, which heard the case on May 5, 2006, was openly skeptical of this argument, although we ruling has not been made as of this writing.  Nonetheless, nearly all telecommunications hardware sold today, whether circuit- or packet-switched, has built-in CALEA surveillance capabilities.

The following types of communications services are (for the time being) exempt from CALEA:

• Private Mobile Radio Service (PMRS) providers.
• Pay telephone providers.
• Information service providers, to the extent they do not provide telecommunications services.

The first two of the above exemptions aren't especially meaningful because PMRS providers generally provide public safety communications services.

Presumably the FBI isn't interested in wiretapping itself.  And payphone providers don't need to provide any special CALEA services because CALEA is already built into the telephone system.

However, information service providers are an interesting exemption.  The Skype service, for example, may legally be considered exempt from CALEA under this classification (although being exempt doesn't necessarily mean that they don't allow law enforcement surveillance).

The CALEA law doesn't mandate any particular method for law enforcement to conduct surveillance or any particular method for telecommunications carriers to provide surveillance capabilities.

No business processes are mandated for providing access to law enforcement either.  This makes balancing compliance with privacy a difficult problem for carriers, because while there are no penalties under CALEA for giving too much access to law enforcement, there are penalties for giving too little.

Notwithstanding the murkiness, the FCC does explicitly require six types of information to be available to Law Enforcement Agencies (LEAs):

• Content of Subject-Initiated Conference Calls*  - A LEA will be able to access the content of conference calls initiated by the subject under surveillance (including the call content of parties on hold) pursuant to a court order or other legal authorization beyond a pen register order.
• Party Hold, Join, Drop-On Conference calls*  - Messages will be sent to a LEA that identify the active parties of a call.  Specifically, on a conference call these messages will indicate whether a party is on hold, has joined, or has been dropped from the conference call.
• Subject-Initiated Dialing and Signaling Information  - Access to dialing and signaling information available from the subject will inform a LEA of a subject's use of features (e.g., call forwarding, call waiting, call hold, and three-way calling).
• In-Band and Out-of-Band Signaling (Notification Message)  - A message will be sent to a LEA whenever a subject's service sends a tone or other network message to the subject or associate (e.g., notification that a line is ringing or busy, call waiting signal).
• Timing information  - Information will be sent to a LEA permitting it to correlate call-identifying information with the call content of a communications interception.
• Dialed Digit Extraction  - The originating carrier will provide to a LEA on the call data channel any digits dialed by the subject after connecting to another carrier's service, pursuant to a pen register authorization.  The FCC found that some such digits fit within CALEA's definition of call-identifying information and that they are generally reasonably available to carriers.

* - Note that the term "conference calls" is intended to include, but not be limited to, three-way calls and teleconferences.

The above "punch list" gave rise to a number of technical standards (designed by the FBI with industry input).

The most important of these are TIA J-STD-025B (which details the technical requirements), T1M1.5 (which details, among other things, user interface standards for emergency telecommunications services), and 11.678 (which details user interface standards for VoIP surveillance).

These standards documents are copyrighted and are not available for download without payment, but you may be able to find copies by searching the web.

Both standards are referenced by telecommunications equipment manufacturers in developing CALEA features for their products, and all modern telecommunications equipment includes built-in CALEA modules.

In general, CALEA software must both satisfy the FCC "punch list" requirements and follow industry best practices:

• Surveillance must be undetectable by the intercept subject.
• Intercept should not affect service to subscribers.
• No interruption of ongoing communications.
• Intercept not perceptible to target or outside parties.
• Knowledge of surveillance must be limited to authorized personnel.
• No indication of intercept to unauthorized parties.
• LEAs must not be able to detect other LEA intercepts.
• Ability to correlate dialing and signaling information with the content of the communication.
• Confidentiality, integrity, and authentication of the dialing and signaling information.

CALEA compliance is complicated for carriers.

As the employee of a telecommunications carrier, you can be criminally liable if you fail to follow all of the correct procedures.

Additionally, telecommunications carriers are required to provide technical assistance to law enforcement in gaining access to surveillance infrastructure.

This has spawned a cottage industry in compliance outsource firms.  Companies such as Verisign, Cbeyond, and Fiducianet offer turn-key CALEA solutions to their customers - for a fee of course.

Additionally, companies such as SS8 offer integrated console software for use by law enforcement agencies in conducting CALEA surveillance.  Unfortunately, the prevalence of outsourcing adds yet another dimension to privacy concerns.

Surveillance is here to stay, and CALEA made it all possible.

Meanwhile, privacy concerns have gone completely by the wayside and will probably continue to do so.  Of course, since my employer doesn't have a business process to keep me away from this technology, my evenings here in the central office are a lot less boring.

Incidentally, the police chief's wife would sure be upset if she knew he was having an affair with his daughter's college roommate (she calls him "bubby snoogums").

References

• www.askcalea.org - FBI's main information page for telecommunications carriers on CALEA deployment.
• cryptome.org/fbi-flexguide2.htm - CALEA deployment guide for packet mode communications.
• www.ss8.com
• Listserv archive: CALEA-HE@LISTSERV.SYRACUSE.EDU
• RFC 3924

This column is dedicated to Seattle Police Officer Steve Leonard, who didn't stop at a donut shop while rushing to save the lives of my friends on 3/25/06.  His dedication and public service are an inspiration to us all.  RIP Jeremy, Christopher, Jason, Justin, Melissa, and Suzanne.