Some of you may have seen articles ( http://news.zdnet.com/2100-9595_22-6154457.html ) about a presentation made by Professor Paul Ohm (former trial attorney at the Justice Department) at the "Search & Seizure in the Digital Age" symposium held at Stanford University last Friday. Professor Ohm, currently a law professor at Univ. of Colorado, spoke about the new "full-pipe recording" approach the FBI is now using when doing a broadband intercept.
His description asserts that instead of just intercepting the IP traffic of the target, they are collecting traffic from a point in the network that includes other user's traffic as well. I would suggest that in an environment that hasn't achieved CALEA compliance yet (the FCC CALEA deadline is May 14, 2007 see earlier entries) this may be necessary. But once true LI solutions are in place this will no longer be necessary. Current LI technology provides for both active and passive solutions that can identify the specific traffic of a target, assuming the target is known. There may be challenges with some enterprises in identifying their users but certainly all service providers know who their users are since they have to bill them :-)
And don't be surprised if you continue to hear about "full-pipe" intercepts even after CALEA compliant solutions are in place. In LI circles "full-pipe" actually has a different meaning and references the traffic on the "pipe" that goes to the target's location. This is in contrast to an intercept that would intercept a specific type of traffic (email, VoIP, chat, http etc.).
An example makes this clear. I happen to use Charter as my cable/broadband provider and Vonage as my VoIP provider. Because Vonage operates within the U.S., law enforcement could get a warrant, serve Vonage with it and only intercept my voice IP traffic. Now if my VoIP provider happened to be out of the country, then law enforcement could go to Charter and intercept the "full pipe" going to my house in order to access the voice traffic that is embedded in the IP stream going across the pipe I have from Charter. They would have the "full-pipe" but it would only be my traffic, not any one else's.
Feel free to comment. Till next time ...
Tuesday, January 30, 2007
Friday, January 19, 2007
Bush Administration Changes Stance on "Unauthorized" Wiretapping
Ever since the Foreign Intelligence Surveillance Act (FISA) was passed in 1978 there have been two processes for obtaining and implementing wiretaps. One utilizes the traditional court system while the other uses a secret court system, but in both cases the judicial branch has acts as one side of the "check and balance" in the request and approval process of obtaining wiretaps.
For normal criminal activity and investigations sworn law enforcement agents, with the appropriate training and certification, build portfolios with information that allows them to justify to a judge why a wiretap is needed. The judge then either approves or denies the request, but even with approval puts restrictions on the duration and use of the wiretap. For cases involving foreign targets/communication, the same process is followed but due to the highly sensitive nature of foreign intelligence, the requests are taken out of the public system and processed through a separate and distinct Foreign Intelligence Surveillance Court system.
An issue arose at the end of 2005 when it was discovered that the Bush administration, under the umbrella of executive war time powers, authorized wiretaps without the review or approval of any court system. Now I'm not a legal authority so I'm not in a position to comment one way or the other on the legality of the action but it is clear to see why this raised concerns with many Americans.
However, this past Wednesday the administration has reversed their position and has apparently worked out an agreement to work with the FISA court system to obtain expedited authorization for the intercepts they need.
I think this agreement is good news for America. It allows the government to keep doing what it needs to do to protect the citizens of the U.S. in a timely manner while also protecting the privacy rights and concerns of those same citizens.
Please feel free to comment. Till next time ...
For normal criminal activity and investigations sworn law enforcement agents, with the appropriate training and certification, build portfolios with information that allows them to justify to a judge why a wiretap is needed. The judge then either approves or denies the request, but even with approval puts restrictions on the duration and use of the wiretap. For cases involving foreign targets/communication, the same process is followed but due to the highly sensitive nature of foreign intelligence, the requests are taken out of the public system and processed through a separate and distinct Foreign Intelligence Surveillance Court system.
An issue arose at the end of 2005 when it was discovered that the Bush administration, under the umbrella of executive war time powers, authorized wiretaps without the review or approval of any court system. Now I'm not a legal authority so I'm not in a position to comment one way or the other on the legality of the action but it is clear to see why this raised concerns with many Americans.
However, this past Wednesday the administration has reversed their position and has apparently worked out an agreement to work with the FISA court system to obtain expedited authorization for the intercepts they need.
I think this agreement is good news for America. It allows the government to keep doing what it needs to do to protect the citizens of the U.S. in a timely manner while also protecting the privacy rights and concerns of those same citizens.
Please feel free to comment. Till next time ...
Wednesday, January 10, 2007
LI Evolution - the pace quickens
I was cleaning out my basement this weekend and came across an assortment of telephony equipment from my past (butt set, continuity tester, bridge clips, punchdown tool, 66 blocks etc.), a little museum of sorts. The last time I used any of it was when I was teaching my son's Cub Scout den how phones and phone networks work (no I wasn't teaching them how to wiretap anyone). As I reflected on my past and my father-in-law's career at New York Telephone (way back before Verizon and Bell Atlantic), it impressed me with how significantly and how rapidly things have changed in the past 20+ years.
In the 80's most everything was still analog and services like caller id, call forwarding were just being introduced. I remember getting "Total Phone" in 1982 in Connecticut, just after we replaced our rotary phone with a touchtone. Of course this was all prior to CALEA and wiretapping was still done by bridging on a copper pair or using a "loop around" trunk that terminated on analog recorders. But by the late 80's digital technology was on a tear and law enforcement was starting to realize what it was potentially missing and asked for help.
CALEA was passed and new solutions were implemented that were able to access call forwarding, conf calls etc. and most of it was done right on the "big iron" switches of the day. But by the late 90's IP services were making their presence know and a new generation of LI needed to be deployed. No longer was traffic going to be delivered over POTS dial up lines, new IP connectivity for data and content was needed and implemented.
And it appears we're on the brink of another change, another generation. Forget the centralized softswitches and media gateways of today's VoIP services, communication is now done with simple SIP clients using standard broadband pipes. So what does that mean for LI solutions? Well they have had to adapt and include "application" servers so that things like conference calls, prepaid calls and PTT talk groups are captured. Deep packet inspection has also become a critical component of these solutions as communication traffic needs to be filtered out as these broadband pipes become consumed with the transfer of entertainment media. And forget about using "well known ports" to identify traffic, protocol characterization is now the key to finding and tracking the targeted traffic.
From the use of butt sets for decades, to nationalized standards in 2 decades, to 2 new generations of IP LI in one decade, the pace of technology advancement, and the equivalent advances needed within LI, certainly is increasing rapidly.
Please feel free to send comments or questions. Till next time ...
In the 80's most everything was still analog and services like caller id, call forwarding were just being introduced. I remember getting "Total Phone" in 1982 in Connecticut, just after we replaced our rotary phone with a touchtone. Of course this was all prior to CALEA and wiretapping was still done by bridging on a copper pair or using a "loop around" trunk that terminated on analog recorders. But by the late 80's digital technology was on a tear and law enforcement was starting to realize what it was potentially missing and asked for help.
CALEA was passed and new solutions were implemented that were able to access call forwarding, conf calls etc. and most of it was done right on the "big iron" switches of the day. But by the late 90's IP services were making their presence know and a new generation of LI needed to be deployed. No longer was traffic going to be delivered over POTS dial up lines, new IP connectivity for data and content was needed and implemented.
And it appears we're on the brink of another change, another generation. Forget the centralized softswitches and media gateways of today's VoIP services, communication is now done with simple SIP clients using standard broadband pipes. So what does that mean for LI solutions? Well they have had to adapt and include "application" servers so that things like conference calls, prepaid calls and PTT talk groups are captured. Deep packet inspection has also become a critical component of these solutions as communication traffic needs to be filtered out as these broadband pipes become consumed with the transfer of entertainment media. And forget about using "well known ports" to identify traffic, protocol characterization is now the key to finding and tracking the targeted traffic.
From the use of butt sets for decades, to nationalized standards in 2 decades, to 2 new generations of IP LI in one decade, the pace of technology advancement, and the equivalent advances needed within LI, certainly is increasing rapidly.
Please feel free to send comments or questions. Till next time ...
Monday, January 8, 2007
A call for more standards
As noted in previous posts, I both attended and spoke at ISS World in December '06. At the conference my speaking topic was "Centralized Management - We missed the boat ". I'd like to briefly address that subject again here.
The original intent and concept for the Mediation (Delivery) Function, by the standards bodies, was to create a single, centralized point in the network, with clear demarcation points that would handle all interfaces needed to perform lawful intercept. The benefits of this are fairly well known and include at a high level:
• Centralized control
• Scaling across systems
• Support of legacy systems
• Securing sensitive information
• Reducting the amount of “technical” support needed to actually implement an intercept
• Software license expansion instead of incremental hardware to support new equipment
• Single point of interface for Law Enforcement
And for the most part the industry has done a good job in creating and implementing Mediation Functions, however there is an area where I think the industry has missed the boat. With the exception of Packet Cable, for the cable industry, none of the standards bodies have created standards for the INI (network side) interfaces. And even Packet Cable hasn't defined INI-1 (provisioning). The result is that almost every network element (router, gateway, wireless switch, PDSN, SGSN, AAA, DSLAM, softswitch etc.) has a unique or proprietary interface.
How did this happen? As with many things it was about money. When CALEA was first passed, wireline and wireless communications were the norm and switching manufacturers saw an opportunity to grab a share of the $500 million that congress set aside for implementation. So instead of creating INI interfaces that would support a single unified LI interface they built proprietary interfaces into their switches and charged the government for it. Now however the government money is gone and carriers are paying for CALEA capabilities.
The effect of this is that solution costs are higher and implementation schedules are longer because new interfaces have to be continually created in order to support LI on the various technologies that are being deployed. And in some cases it is even worse. No only do certain "old school" switch manufacturers still have proprietary interfaces, but they are also tightly guarding them and requiring their customers to pay a premium to open them up. When compared to a next generation company like Cisco, that has readily published and supported a consistent LI interface, it is obvious that these companies are not acting in the best interest of their customers.
Recommendation: Follow PacketCable's example and define interfaces on both sides of the Mediation Function. This will afford the following benefits:
• Allow Mediation Function developers to focus development efforts on:
–Security of sensitive information
–User experience
–Correlation of data and content
–Identification of IAPs (Intercept Access Points) in the new, complex IP networks
–Secured interfaces (INI and HI)
–Encryption
–Separation of applications/services
(movies, TV etc. from valuable transactions or communications)
• Lower total cost of ownership
–Single DF
–Reduced development for new network element support
• Higher quality products and solutions
• Quick integration and support of new “probe” technologies and capabilities
• Certification and qualification could occur faster and easier, similar to what has been done at Cable Labs in the past.
Summary
LI solutions have come a long way towards meeting the initial intent but aren’t there yet when it comes to the creation of standards based INI interfaces. In order to help push this effort forward, service providers need to change expectations and demand open, standards based INI interfaces from equipment manufacturers. And finally, the standards bodies should define a single INI standard, fully embracing the concept of separated AFs, MFs and CFs and removing equipment providers from undue influence over a function that is non-revenue generating for service providers.
Please send me any comments or thoughts. Till next time ...
The original intent and concept for the Mediation (Delivery) Function, by the standards bodies, was to create a single, centralized point in the network, with clear demarcation points that would handle all interfaces needed to perform lawful intercept. The benefits of this are fairly well known and include at a high level:
• Centralized control
• Scaling across systems
• Support of legacy systems
• Securing sensitive information
• Reducting the amount of “technical” support needed to actually implement an intercept
• Software license expansion instead of incremental hardware to support new equipment
• Single point of interface for Law Enforcement
And for the most part the industry has done a good job in creating and implementing Mediation Functions, however there is an area where I think the industry has missed the boat. With the exception of Packet Cable, for the cable industry, none of the standards bodies have created standards for the INI (network side) interfaces. And even Packet Cable hasn't defined INI-1 (provisioning). The result is that almost every network element (router, gateway, wireless switch, PDSN, SGSN, AAA, DSLAM, softswitch etc.) has a unique or proprietary interface.
How did this happen? As with many things it was about money. When CALEA was first passed, wireline and wireless communications were the norm and switching manufacturers saw an opportunity to grab a share of the $500 million that congress set aside for implementation. So instead of creating INI interfaces that would support a single unified LI interface they built proprietary interfaces into their switches and charged the government for it. Now however the government money is gone and carriers are paying for CALEA capabilities.
The effect of this is that solution costs are higher and implementation schedules are longer because new interfaces have to be continually created in order to support LI on the various technologies that are being deployed. And in some cases it is even worse. No only do certain "old school" switch manufacturers still have proprietary interfaces, but they are also tightly guarding them and requiring their customers to pay a premium to open them up. When compared to a next generation company like Cisco, that has readily published and supported a consistent LI interface, it is obvious that these companies are not acting in the best interest of their customers.
Recommendation: Follow PacketCable's example and define interfaces on both sides of the Mediation Function. This will afford the following benefits:
• Allow Mediation Function developers to focus development efforts on:
–Security of sensitive information
–User experience
–Correlation of data and content
–Identification of IAPs (Intercept Access Points) in the new, complex IP networks
–Secured interfaces (INI and HI)
–Encryption
–Separation of applications/services
(movies, TV etc. from valuable transactions or communications)
• Lower total cost of ownership
–Single DF
–Reduced development for new network element support
• Higher quality products and solutions
• Quick integration and support of new “probe” technologies and capabilities
• Certification and qualification could occur faster and easier, similar to what has been done at Cable Labs in the past.
Summary
LI solutions have come a long way towards meeting the initial intent but aren’t there yet when it comes to the creation of standards based INI interfaces. In order to help push this effort forward, service providers need to change expectations and demand open, standards based INI interfaces from equipment manufacturers. And finally, the standards bodies should define a single INI standard, fully embracing the concept of separated AFs, MFs and CFs and removing equipment providers from undue influence over a function that is non-revenue generating for service providers.
Please send me any comments or thoughts. Till next time ...
Subscribe to:
Posts (Atom)
