There has been a lot of hub bub this week over the FBI's use of National Security Letters and the Dept. of Justice's audit that was performed revealing that in over 1000 cases incorrect or additional information was collected.
A couple of points on this issue stood out in my mind:
1. The Audit concluded that in none of the cases did the agents intentionally over-collect info
2. Most of the extra information provided was done accidentally by the service provider / enterprise
3. This really had to do with static subscriber information not dynamic call information, which really means it had little to do with lawful intercept/wiretapping since addresses etc. are not provided as part of electronic surveillance
So if it wasn't intentional, how did the over-collection (providing) of information occur?
Now I don't have specifics on the actual use and implementation of the NSLs in these cases but if we look at the way CALEA based wiretapping is done and compare it to the use of the NSLs, you can draw some conclusions on what might have happened and why the over-collection occurred and why it doesn't occur for CALEA based wiretaps.
In CALEA based electronic surveillance, the fundamental concept is that the information is collected in real time as the communication session occurs. If that is to happen then specific target identifiers need to be articulated, the type of information to collect and directions on where to send the information need to be provided, otherwise the systems simply won't work. As long as those directions are followed then the system rules (not a person) within the Mediation/Delivery Functions control what information can be sent. In addition the protocols and standards (J-STD, PacketCable, ATIS etc.) only allow certain information, in specified parameters, with specified formats to be sent. And finally the collection function at law enforcement only accepts information that follows the prescribed formats and standards. Using this methodology, the information provided to law enforcement is very specific and well documented and significantly reduces the possibility of over-collection. Obviously over-collection could occur if someone put in the wrong end date etc. but in general the system has many checks and balances to ensure that CALEA based intercepts provide exactly what is permitted.
In contrast, the NSLs were more free form in their directions and use, and didn't have well established industry standards to fall back in the collection and delivery of information to law enforcement. It fell to the knowledge and capabilities the person receiving the NSL to determine what information was appropriate to send, how much to send and how to send it. Since it was determined that this was not intentionally done, clearly the problem was with the process and not the intention.
Till next time ...
Friday, June 15, 2007
Thursday, June 7, 2007
DoJ Files Deficiency Petition with FCC over J-STD-025B
On May 15th 2007, the Dept. of Justice (as represented by the FBI, DEA and National Security Division) filed a "Petition for Expedited Rulemaking to Establish Technical Requirements and Standards Pursuant to Section 107(b) of the Communications Assistance for Law Enforcement Act", specifically in regard to J-STD-025B where it covers CDMA2000 packet data wireless services.
So what does this mean? Section 107 of CALEA covers the "Technical Assistance" portion of the CALEA law and during 2003 when the TIA and ATIS standards bodies were developing the JSTD25B standard, Law Enforcement (represented by the FBI at those meetings), raised several concerns over what they felt were technical deficiencies in the standard. Those concerns were never adequately satisfied in their opinion but the standards bodies moved forward anyway and the standard became effective in January of 2004. In March 2004 the standard (which at that point was only a "Trial Use" standard) was submitted for ballot to become an ANSI standard. In August 2006, J-STD-025B was adopted as an ANSI standard. At that time Law Enforcement began formulating a response to articulate the deficiencies they felt were still part of the standard. On May 15th (coincidence that it was the day after the May 14th deadline for Broadband and VoIP compliance? Probably not) they filed their official request for rulemaking to address these technical concerns.
So what are they asking for? On the technical side they are asking for 4 things:
1. Addition of Packet Activity Reporting - this would provide, among other things, the protocol in use, the Originating and Terminating IP address, the IP version and the Port number. The same types of things that are available as Call Data (or CII) for circuit switch calls today
2. Timing Information (Time stamping) - currently J-STD025B does not require any time stamping and they would like it to match the guidelines set forth by the commission for circuit switch time stamps (time stamp within 200ms and delivery to the LEA within 8 seconds).
3. More granular Location Information - currently cell site and sector are available but with the proliferation of location based services, it seems that more granular location information would be "reasonably available" (the metric used to determine what LI information can be made available to law enforcement).
4. Increased Security, Performance and Reliability of Delivery - these are fairly wide ranging items but the bottom line is that they want established rules over the protection of sensitive information and processes (internal as well as technical), along with assurances that they are receiving all of the packets from a communication session
On the process side, they are looking for an expedited ruling from the FCC along with a compliance deadline of 12 months after the FCC makes its' ruling.
Last week's ISS World conference didn't shed any new light on the subject even though the FBI, FCC and DEA were all represented there. They continued to reference the filing and the information contained within it.
So what does the timeline and next steps for this look like? Well this process has been followed before with both the Report and Orders over Broadband and VoIP compliance and with the original J-STD-025 (which is why J-STD-025A now exists). There is a response/comment period that is now underway and that will lead to a review period by the FCC. There is also a possibility that a second round of response/comments and review will take place. At some point the FCC will make a ruling, this will probably be somewhere between 8 and 18 months away. When the ruling occurs the standards bodies can then address the content of the ruling and implement any necessary changes to the standard. I say "necessary changes" because remember, as I noted above, this has happened before and just because capabilities are requested doesn't mean they are automatically granted. The original request for additional capabilities for J-STD-025 was for 11 items but only 7 were actually granted in the "Punchlist".
So how long will the changes to the standard take? Again it depends on how the FCC rules, but most likely 8 - 12 months. Which then begs the question, if compliance needs to be achieved within 12 months of the ruling but the standards body may take up to 12 months to modify the standard, how will compliance be achieved on time? Sound familiar?
Till next time ...
So what does this mean? Section 107 of CALEA covers the "Technical Assistance" portion of the CALEA law and during 2003 when the TIA and ATIS standards bodies were developing the JSTD25B standard, Law Enforcement (represented by the FBI at those meetings), raised several concerns over what they felt were technical deficiencies in the standard. Those concerns were never adequately satisfied in their opinion but the standards bodies moved forward anyway and the standard became effective in January of 2004. In March 2004 the standard (which at that point was only a "Trial Use" standard) was submitted for ballot to become an ANSI standard. In August 2006, J-STD-025B was adopted as an ANSI standard. At that time Law Enforcement began formulating a response to articulate the deficiencies they felt were still part of the standard. On May 15th (coincidence that it was the day after the May 14th deadline for Broadband and VoIP compliance? Probably not) they filed their official request for rulemaking to address these technical concerns.
So what are they asking for? On the technical side they are asking for 4 things:
1. Addition of Packet Activity Reporting - this would provide, among other things, the protocol in use, the Originating and Terminating IP address, the IP version and the Port number. The same types of things that are available as Call Data (or CII) for circuit switch calls today
2. Timing Information (Time stamping) - currently J-STD025B does not require any time stamping and they would like it to match the guidelines set forth by the commission for circuit switch time stamps (time stamp within 200ms and delivery to the LEA within 8 seconds).
3. More granular Location Information - currently cell site and sector are available but with the proliferation of location based services, it seems that more granular location information would be "reasonably available" (the metric used to determine what LI information can be made available to law enforcement).
4. Increased Security, Performance and Reliability of Delivery - these are fairly wide ranging items but the bottom line is that they want established rules over the protection of sensitive information and processes (internal as well as technical), along with assurances that they are receiving all of the packets from a communication session
On the process side, they are looking for an expedited ruling from the FCC along with a compliance deadline of 12 months after the FCC makes its' ruling.
Last week's ISS World conference didn't shed any new light on the subject even though the FBI, FCC and DEA were all represented there. They continued to reference the filing and the information contained within it.
So what does the timeline and next steps for this look like? Well this process has been followed before with both the Report and Orders over Broadband and VoIP compliance and with the original J-STD-025 (which is why J-STD-025A now exists). There is a response/comment period that is now underway and that will lead to a review period by the FCC. There is also a possibility that a second round of response/comments and review will take place. At some point the FCC will make a ruling, this will probably be somewhere between 8 and 18 months away. When the ruling occurs the standards bodies can then address the content of the ruling and implement any necessary changes to the standard. I say "necessary changes" because remember, as I noted above, this has happened before and just because capabilities are requested doesn't mean they are automatically granted. The original request for additional capabilities for J-STD-025 was for 11 items but only 7 were actually granted in the "Punchlist".
So how long will the changes to the standard take? Again it depends on how the FCC rules, but most likely 8 - 12 months. Which then begs the question, if compliance needs to be achieved within 12 months of the ruling but the standards body may take up to 12 months to modify the standard, how will compliance be achieved on time? Sound familiar?
Till next time ...
Subscribe to:
Posts (Atom)
