For those of you that have been waiting for the FCC to set the deadlines for filing reports for Section 105 , Section 107 and Monitoring reports, the Office of Management and Budget has now given their approval. For those of you that have not been waiting or didn't even know they were pending, these are the milestones that accompany the current May 14, 2007 deadline for CALEA compliance.
The 105 filing is a security process and procedure document that describes how the carrier is going to meet its obligations for maintaining a secure environment with regard to the handling and processing of wiretap requests.
The 107 filing is a cost recovery procedure that will have little application to current carriers since the only equipment eligible for cost recovery is equipment deployed before October 25, 1998.
And the Monitoring Report provides a view into the carrier's progress with regard to meeting the May 14, 2007 CALEA deadline. This is accomplished by filing FCC Form 445.
The newly posted dates are as follows:
March 12, 2007 for Section 105 filings
February 12, 2007 for Section 107 filings
February 12, 2007 for Monitoring Reports
These dates seem close but all previous announcements and publications indicated that they would be coming shortly so it shouldn't be catching anyone by surprise.
For more information on these reports filings you can check with the FCC site http://www.fcc.gov/Daily_Releases/Daily_Digest/2006/dd061214.html or send me a question and I can provide more info.
Thursday, December 21, 2006
Wednesday, December 13, 2006
The value of collected information
There are two “domains” when it comes to lawful intercept, one is the carrier’s premises and the other is law enforcements’ premises. The carrier domain is tasked with access and delivery while law enforcement is more concerned with collection, recording and analysis; with the emphasis on analysis. While both sides are required in order to generate the information necessary to execute a successful wiretap, it is the collection function that makes the information useful and valuable.
The Collection Function is a PC based application that law enforcement uses to build their cases and create evidence. It receives and stores information from subpoenas for call records, warrants for Pen Register / Trap & Trace intercepts and Title III intercepts. From these various sources of information a chronological list of events is accumulated and retained for analysis.
Analysis focuses on finding and building relationships based on the information obtained during the intercept. The information includes calling and called parties, time of the calls, call duration and various other attributes of the call. In addition of course is the call (content) itself. The events of the call are automatically associated with the appropriate call so that the law enforcement agent can efficiently determine the flow of the call (call waiting, conference call etc.) as it is being reviewed.
In addition to matching call data with the appropriate call to decipher activities on the call, the collection functions also seek to build relationships or “links” with other events in its’ database. By automatically identifying these relationships within the data (i.e. a commonly called number shared by two targets), law enforcement is better able to establish patterns and areas of influence for that target.
While electronic surveillance and the automated implementation of wiretaps in networks are making the wiretap process more efficient, it is the capabilities of the collection function that are making the information more valuable.
The Collection Function is a PC based application that law enforcement uses to build their cases and create evidence. It receives and stores information from subpoenas for call records, warrants for Pen Register / Trap & Trace intercepts and Title III intercepts. From these various sources of information a chronological list of events is accumulated and retained for analysis.
Analysis focuses on finding and building relationships based on the information obtained during the intercept. The information includes calling and called parties, time of the calls, call duration and various other attributes of the call. In addition of course is the call (content) itself. The events of the call are automatically associated with the appropriate call so that the law enforcement agent can efficiently determine the flow of the call (call waiting, conference call etc.) as it is being reviewed.
In addition to matching call data with the appropriate call to decipher activities on the call, the collection functions also seek to build relationships or “links” with other events in its’ database. By automatically identifying these relationships within the data (i.e. a commonly called number shared by two targets), law enforcement is better able to establish patterns and areas of influence for that target.
While electronic surveillance and the automated implementation of wiretaps in networks are making the wiretap process more efficient, it is the capabilities of the collection function that are making the information more valuable.
Thursday, December 7, 2006
As noted in my last entry, I attended ISS World this week in Washington D.C. The usual suspects (pun intended) were there: law enforcement (FBI, state/county police, FCC, DOJ), vendors and carriers. In addition to U.S. attendees, representatives from over 30 different countries (mostly law enforcement) were also there.
For those that had been there before it didn't hold much new information but I continued to be amazed by those that were new to the conference and how informative they found it to be. I guess once you have been embedded in something for so long you forget how much information there is on the subject and how much of a specialty it is.
I think the two things that stood out for me were the number of "probe" vendors exhibiting and the strong stance the FCC is taking with regard to compliance by May 14 2007 (see earlier post "Current CALEA Deadline".
There have always been probe vendors and LI solutions that utilize probes but to date they have played a fairly minor role in most LI solutions. With new requirements on broadband and VoIP providers to become compliant, many IP companies that have packet analysis capabilities have started positioning themselves as LI providers even though they have never deployed an LI solution. While these capabilities will become important in the ensuing deployments, a comprehensive solution incorporating these capabilities into established and well known solutions will be the best approach, ensuring that both carriers and law enforcement are comfortable with the solution.
With regard to the FCC's stance, in several conference sessions they, along with the FBI and DEA, made it quite clear that they are expecting full compliance and no extensions to the deadline. After repeated delays, exemptions and extensions the first time in the '90s, they don't want anything to drag out this implementation.
Feel free to sends comments or questions on ISS World or anything LI related and I'll take a crack at responding. Till next time
For those that had been there before it didn't hold much new information but I continued to be amazed by those that were new to the conference and how informative they found it to be. I guess once you have been embedded in something for so long you forget how much information there is on the subject and how much of a specialty it is.
I think the two things that stood out for me were the number of "probe" vendors exhibiting and the strong stance the FCC is taking with regard to compliance by May 14 2007 (see earlier post "Current CALEA Deadline".
There have always been probe vendors and LI solutions that utilize probes but to date they have played a fairly minor role in most LI solutions. With new requirements on broadband and VoIP providers to become compliant, many IP companies that have packet analysis capabilities have started positioning themselves as LI providers even though they have never deployed an LI solution. While these capabilities will become important in the ensuing deployments, a comprehensive solution incorporating these capabilities into established and well known solutions will be the best approach, ensuring that both carriers and law enforcement are comfortable with the solution.
With regard to the FCC's stance, in several conference sessions they, along with the FBI and DEA, made it quite clear that they are expecting full compliance and no extensions to the deadline. After repeated delays, exemptions and extensions the first time in the '90s, they don't want anything to drag out this implementation.
Feel free to sends comments or questions on ISS World or anything LI related and I'll take a crack at responding. Till next time
Friday, December 1, 2006
ISS World is coming up
On Dec. 4th 2006 (next week) the largest gathering of people interested in the operation and implementation of lawful intercept will gather in Washington DC at ISS World. This is a bi-annual conference presented by Telestrategies (http://www.telestrategies.com ) whose attendees, speakers and exhibiters includes law enforcement, service providers (carriers) and solution providers.
The focus of the 3 day conference is on the five speaking tracks that cover various topics (international events, LI technology, analysis solutions etc.) although there are sponsored events and vendor exhibits.
SS8 will of course be there and I’ll be speaking if any of you would like to stop by and say hi or share a beer after hours :-). If I don’t get to see you there, I’ll provide an update on the happenings after the show.
The focus of the 3 day conference is on the five speaking tracks that cover various topics (international events, LI technology, analysis solutions etc.) although there are sponsored events and vendor exhibits.
SS8 will of course be there and I’ll be speaking if any of you would like to stop by and say hi or share a beer after hours :-). If I don’t get to see you there, I’ll provide an update on the happenings after the show.
Variety of “wiretaps”
When someone says “wiretap” most people immediately think of a law enforcement agent huddled over a recorder listening intently to some bad guys plotting their next crime. However, only a very small percentage of wiretaps include the voice portion or “content” of a call. In practice there are three “levels” of “assistance” that carriers have to support when requested by law enforcement.
The first level is a subpoena for call records. These are historical records reflecting the calling activity of a particular target. This is by far the most frequently asked for and utilized capability by law enforcement. In 2006 there were approximately 2 million subpoenas/court orders requesting these types of records. The records for each request are provided to law enforcement either by electronic transfer to their collection function or by a manual process.
The next level moves from static, historical records to real-time reporting of the target’s activities. This level includes two categories of activity. The first category is a “Pen Register” which captures only the outgoing calls of the target. The second is a “Trap and Trace” which captures the inbound calls. Both of these types require the carrier to utilize a standards based, real-time solution that identifies and delivers call “events” to the collection function. These events include outgoing call attempts, incoming call attempts, digits dialed during the call, conferencing, transfers etc. In practice, carriers typically receive Pen Register and Trap/Trace requests together so that all inbound and outbound traffic is received. Far fewer of these were done in 2006, approximately 130 thousand, as compared to subpoenas for call records.
The final level is the Title III. This too is a real-time interface based on safe harbor standards (J-STD, ETSI, PacketCable etc.) but instead of just receiving call events (like the stand alone Pen Register / Trap &Trace), the actual content (conversations) are included. This means that a copy of the conversation is delivered along with the call event messages. Even though the whole conversation is provided, the call events perform a very important function in this scenario as they allow law enforcement to understand, as they are listening, who the active parties of a call are during transfers, call waiting, conferences etc. And as was true with the previous tiers, the number of Title III intercepts done each year is dramatically smaller, only about 2,600 were done in 2006.
These levels represent increased amounts of information but also an increased burden on law enforcement. At each step along the way, the judicial system is scrutinizing and critically reviewing these requests to make sure the need is genuine and justifiable.
From the blogger: I ran a little long this time, as always however, let me know what questions you have.
The first level is a subpoena for call records. These are historical records reflecting the calling activity of a particular target. This is by far the most frequently asked for and utilized capability by law enforcement. In 2006 there were approximately 2 million subpoenas/court orders requesting these types of records. The records for each request are provided to law enforcement either by electronic transfer to their collection function or by a manual process.
The next level moves from static, historical records to real-time reporting of the target’s activities. This level includes two categories of activity. The first category is a “Pen Register” which captures only the outgoing calls of the target. The second is a “Trap and Trace” which captures the inbound calls. Both of these types require the carrier to utilize a standards based, real-time solution that identifies and delivers call “events” to the collection function. These events include outgoing call attempts, incoming call attempts, digits dialed during the call, conferencing, transfers etc. In practice, carriers typically receive Pen Register and Trap/Trace requests together so that all inbound and outbound traffic is received. Far fewer of these were done in 2006, approximately 130 thousand, as compared to subpoenas for call records.
The final level is the Title III. This too is a real-time interface based on safe harbor standards (J-STD, ETSI, PacketCable etc.) but instead of just receiving call events (like the stand alone Pen Register / Trap &Trace), the actual content (conversations) are included. This means that a copy of the conversation is delivered along with the call event messages. Even though the whole conversation is provided, the call events perform a very important function in this scenario as they allow law enforcement to understand, as they are listening, who the active parties of a call are during transfers, call waiting, conferences etc. And as was true with the previous tiers, the number of Title III intercepts done each year is dramatically smaller, only about 2,600 were done in 2006.
These levels represent increased amounts of information but also an increased burden on law enforcement. At each step along the way, the judicial system is scrutinizing and critically reviewing these requests to make sure the need is genuine and justifiable.
From the blogger: I ran a little long this time, as always however, let me know what questions you have.
The number of intercepts is lower than you would think, but why?
It comes as a surprise to most people that only 2600 Title III intercepts are done per year (as reported in 2005) in the United States. I’ll blame most of the surprise on all the police dramas on TV that, I think, lead most people to believe two things: 1 – it is very easy to get a warrant for an intercept and 2 – it happens all the time. But as the numbers attest, for a country with about 300 million citizens, 2600 is a very small number. Which country wins the prize for the most? Italy.
But I digress, lets take a quick look at the reasons that the number is so low. First of all you can thank the strong personal rights and freedoms that are enjoyed by US citizens. The court system is very reluctant to impede on those rights even for the sake of national security. In order for a Law Enforcement agency to receive approval (a warrant) to intercept someone’s communications they have to pass a very high bar and demonstrate significant need. This hurdle not only protects the intended target from undue invasion but also protects all of the potential people that target will be communicating with.
In addition to the significant legal barrier, law enforcement needs to be ready to allocate the necessary resources in terms of manpower. In the U.S. law enforcement can not “turn on the recorder” and record whatever happens and review it at some later point. In order to further protect the rights and privacy of U.S. citizens, when an intercept (wiretap) is being performed the call must be listened to live by a sworn law enforcement agent. This means 24 hours a day, seven days a week an agent needs to be ready to listen to the calls. In addition the agent has to be dedicated to that case, meaning they can’t listen to more than one call at a time. The reason they are dedicated is that if the content of the call is not relevant to the case, then the call is “minimized”. This means that portion of the call is not recorded and not made available for future review.
So at the highest level both the due process of the US judicial system and the required resources to operate an intercept prevent the number of intercepts from getting very large and restrict their use to the most significant cases.
But I digress, lets take a quick look at the reasons that the number is so low. First of all you can thank the strong personal rights and freedoms that are enjoyed by US citizens. The court system is very reluctant to impede on those rights even for the sake of national security. In order for a Law Enforcement agency to receive approval (a warrant) to intercept someone’s communications they have to pass a very high bar and demonstrate significant need. This hurdle not only protects the intended target from undue invasion but also protects all of the potential people that target will be communicating with.
In addition to the significant legal barrier, law enforcement needs to be ready to allocate the necessary resources in terms of manpower. In the U.S. law enforcement can not “turn on the recorder” and record whatever happens and review it at some later point. In order to further protect the rights and privacy of U.S. citizens, when an intercept (wiretap) is being performed the call must be listened to live by a sworn law enforcement agent. This means 24 hours a day, seven days a week an agent needs to be ready to listen to the calls. In addition the agent has to be dedicated to that case, meaning they can’t listen to more than one call at a time. The reason they are dedicated is that if the content of the call is not relevant to the case, then the call is “minimized”. This means that portion of the call is not recorded and not made available for future review.
So at the highest level both the due process of the US judicial system and the required resources to operate an intercept prevent the number of intercepts from getting very large and restrict their use to the most significant cases.
Current CALEA deadline
Deadlines, those always catch people’s attention, especially when they are government mandated, regulatory deadlines. For lawful intercept (CALEA) in the U.S., the next deadline is May 14 2007. That is the date that all “broadband” service providers and “interconnected VoIP” providers must have their networks CALEA compliant. So what is CALEA? The Communications Assistance for Law Enforcement Act, a law passed back in 1994 requiring service providers to assist law enforcement, in a uniform, standards based way, with the process of intercepting (wiretapping) the communications of “bad guys”.
In 1994 an explosion of new communication technologies (cell phones, the internet, distributed networks, roaming, faxes …) were placing a technological burden on law enforcement to do a job they no longer had enough expertise or resources to handle, thus they placed request for help and congress supported their request by creating and passing the CALEA legislation. But how does legislation in 1994 drive a deadline in 2007, some 13 years later? Surely by now any obligations under that law have been fulfilled. For the most part carriers have complied but the catch is that originally “information services” were exempted under CALEA. The internet was young then, email wasn’t an indespensible tool, VoIP didn’t exist, neither did Instant Messaging, Chat, Skype or all the other communication tools now in widespread use.
To address this ever expanding gap in coverage, the FBI, DEA and DOJ filed a joint petition in 2004 asking the FCC to include broadband and VoIP providers since so much communication traffic was now occuring over those media. After due consideration, a lengthy review process and input from many different parties, the FCC issued a Report and Order requiring the previously mentioned “broadband” and “interconnected VoIP” providers to come into compliance by May 14, 2007. So now, with not much time left, carriers are scrambling to understand their obligations, figure out how to meet this deadline and put plans in place to implement a solution.
Still mystified? Read on or ask some questions, I’ll definitely take a stab at answering any question relevant to LI (or maybe even any other interesting questions that get posed).
In 1994 an explosion of new communication technologies (cell phones, the internet, distributed networks, roaming, faxes …) were placing a technological burden on law enforcement to do a job they no longer had enough expertise or resources to handle, thus they placed request for help and congress supported their request by creating and passing the CALEA legislation. But how does legislation in 1994 drive a deadline in 2007, some 13 years later? Surely by now any obligations under that law have been fulfilled. For the most part carriers have complied but the catch is that originally “information services” were exempted under CALEA. The internet was young then, email wasn’t an indespensible tool, VoIP didn’t exist, neither did Instant Messaging, Chat, Skype or all the other communication tools now in widespread use.
To address this ever expanding gap in coverage, the FBI, DEA and DOJ filed a joint petition in 2004 asking the FCC to include broadband and VoIP providers since so much communication traffic was now occuring over those media. After due consideration, a lengthy review process and input from many different parties, the FCC issued a Report and Order requiring the previously mentioned “broadband” and “interconnected VoIP” providers to come into compliance by May 14, 2007. So now, with not much time left, carriers are scrambling to understand their obligations, figure out how to meet this deadline and put plans in place to implement a solution.
Still mystified? Read on or ask some questions, I’ll definitely take a stab at answering any question relevant to LI (or maybe even any other interesting questions that get posed).
Demystifying LI
“Put up a wire”, get a “pen”, do a tap, perform a Title III or Trap and Trace, big brother, eavesdropping, Lawful Intercept, electronic surveillance, CALEA; all terms used to describe what is commonly known as wiretapping. Wiretapping is a useful and important tool for law enforcement allowing them (the good guys) to listen to and monitor what the targets (the bad guys) are doing. And while conceptually everyone understands what wiretapping is, many questions and concerns surround this activity. Questions on the subject include how much it costs to implement, who needs to “comply”, how does one become compliant, what standards are in use, what are the deadlines and does the government pay for it. While concerns usually focus on due process, invasion of privacy, checks and balances and what legal footing (legislation) supports all of the above.
Now I may not be able to answer every question regarding answer “D” (all of the above) but given the business I’m in, the job I do, the experience I have and the people I interact with, I think I can do justice to the topic of Lawful Intercept. My name is Scott Coleman and I am the Director of Marketing for SS8 Networks a provider of Lawful Intercept solutions. SS8 has been in this business for 12+ years and I’ve personally been working in this environment for 7+ years both as a Product Manager and as a Marketeer. I have over 18 years experience in telecommunications, have published articles on the subject, have spoken numerous times about it and have worked with law enforcement agencies and service providers around the world.
But enough with the resume, this blog has been initiated to provide the reader with frank, honest and open answers/opinions to the many aspects of this subject. In a word, we are “Demystifying” lawful intercept.
Now I may not be able to answer every question regarding answer “D” (all of the above) but given the business I’m in, the job I do, the experience I have and the people I interact with, I think I can do justice to the topic of Lawful Intercept. My name is Scott Coleman and I am the Director of Marketing for SS8 Networks a provider of Lawful Intercept solutions. SS8 has been in this business for 12+ years and I’ve personally been working in this environment for 7+ years both as a Product Manager and as a Marketeer. I have over 18 years experience in telecommunications, have published articles on the subject, have spoken numerous times about it and have worked with law enforcement agencies and service providers around the world.
But enough with the resume, this blog has been initiated to provide the reader with frank, honest and open answers/opinions to the many aspects of this subject. In a word, we are “Demystifying” lawful intercept.
Subscribe to:
Posts (Atom)
