Thursday, June 7, 2007

DoJ Files Deficiency Petition with FCC over J-STD-025B

On May 15th 2007, the Dept. of Justice (as represented by the FBI, DEA and National Security Division) filed a "Petition for Expedited Rulemaking to Establish Technical Requirements and Standards Pursuant to Section 107(b) of the Communications Assistance for Law Enforcement Act", specifically in regard to J-STD-025B where it covers CDMA2000 packet data wireless services.

So what does this mean? Section 107 of CALEA covers the "Technical Assistance" portion of the CALEA law and during 2003 when the TIA and ATIS standards bodies were developing the JSTD25B standard, Law Enforcement (represented by the FBI at those meetings), raised several concerns over what they felt were technical deficiencies in the standard. Those concerns were never adequately satisfied in their opinion but the standards bodies moved forward anyway and the standard became effective in January of 2004. In March 2004 the standard (which at that point was only a "Trial Use" standard) was submitted for ballot to become an ANSI standard. In August 2006, J-STD-025B was adopted as an ANSI standard. At that time Law Enforcement began formulating a response to articulate the deficiencies they felt were still part of the standard. On May 15th (coincidence that it was the day after the May 14th deadline for Broadband and VoIP compliance? Probably not) they filed their official request for rulemaking to address these technical concerns.

So what are they asking for? On the technical side they are asking for 4 things:

1. Addition of Packet Activity Reporting - this would provide, among other things, the protocol in use, the Originating and Terminating IP address, the IP version and the Port number. The same types of things that are available as Call Data (or CII) for circuit switch calls today

2. Timing Information (Time stamping) - currently J-STD025B does not require any time stamping and they would like it to match the guidelines set forth by the commission for circuit switch time stamps (time stamp within 200ms and delivery to the LEA within 8 seconds).

3. More granular Location Information - currently cell site and sector are available but with the proliferation of location based services, it seems that more granular location information would be "reasonably available" (the metric used to determine what LI information can be made available to law enforcement).

4. Increased Security, Performance and Reliability of Delivery - these are fairly wide ranging items but the bottom line is that they want established rules over the protection of sensitive information and processes (internal as well as technical), along with assurances that they are receiving all of the packets from a communication session

On the process side, they are looking for an expedited ruling from the FCC along with a compliance deadline of 12 months after the FCC makes its' ruling.

Last week's ISS World conference didn't shed any new light on the subject even though the FBI, FCC and DEA were all represented there. They continued to reference the filing and the information contained within it.

So what does the timeline and next steps for this look like? Well this process has been followed before with both the Report and Orders over Broadband and VoIP compliance and with the original J-STD-025 (which is why J-STD-025A now exists). There is a response/comment period that is now underway and that will lead to a review period by the FCC. There is also a possibility that a second round of response/comments and review will take place. At some point the FCC will make a ruling, this will probably be somewhere between 8 and 18 months away. When the ruling occurs the standards bodies can then address the content of the ruling and implement any necessary changes to the standard. I say "necessary changes" because remember, as I noted above, this has happened before and just because capabilities are requested doesn't mean they are automatically granted. The original request for additional capabilities for J-STD-025 was for 11 items but only 7 were actually granted in the "Punchlist".

So how long will the changes to the standard take? Again it depends on how the FCC rules, but most likely 8 - 12 months. Which then begs the question, if compliance needs to be achieved within 12 months of the ruling but the standards body may take up to 12 months to modify the standard, how will compliance be achieved on time? Sound familiar?

Till next time ...

No comments: