Editorial: ISS Meets IPDR

Two years ago TeleStrategies recognized the need to support intelligence gathering in IP networks and coined the term Intelligence Support Systems (ISS). Five years ago TeleStrategies, along with AT&T and Narus, started a standards effort to create a call detail record (CDR) for IP transactions called IPDR. Now it's time for ISS to meet IPDR! Why? Because service providers believe that both are needed to move IP networking to the next level.

Why ISS?

Service providers need business support systems (BSS) to support customers (billing, customer care, and more) and operation support systems (OSS) to support services and network infrastructure. So, too, ISS are needed to gather intelligence on terrorists, fraudmeisters, spammers and other criminals. Whether you agree or disagree about gathering intelligence on U.S. citizens and others is to no avail. It's the law.

The ISS vendor market segment hasn't taken off as expected. First, the mission of service providers is to generate profits from network infrastructure, not to catch criminals. It's hard to generate an acceptable business plan with an ISS ROI. Second, there haven't been any consequences for service providers that don't comply— to date no provider in the United States has been fined. Finally, current standards for the lawful interception of IP-based services have shortcomings.

There are three market drivers for OSS/BSS vendors as well as ISS vendors: OpEx savings, new services/markets, and government mandates. The case for OpEx reduction is impossible—unless the case can be made that citizens would pay less in taxes to support law enforcement, if the telecommunications service providers would spend money on ISS that could make it easier to catch criminal and/or deter crime. Of course, the service providers would have to pass the ISS costs to their customers. In theory the consumer would pay less in the long run, but in practice this is not likely to happen in the United States. In other countries like the Netherlands, though, there is a fee covering lawful interception on the consumer's bill. Therefore, ISS investment in general is driven by new services/markets and government mandates. The latter is a no-brainer.

Expected and Unexpected Government Mandates

The FCC in April is expected to rule in favor of a petition by the Department of Justice, FBI and Drug Enforcement Administration to mandate CALEA support of VoIP and other IP-based services over broadband. The departure of Chairman Michael Powell only strengthens this likelihood, since he was the main opponent at the FCC of any kind of VoIP regulation. Such an action by the FCC will require upgrading lawful intercept support (an ISS infrastructure upgrade).

What's also expected is that the service providers will challenge this in the courts, with an argument that goes like this: "Yes, we support lawful intercept, but CALEA doesn't apply to VoIP and IP-based services, because they are information services and not telecommunications services."

This action of bringing CALEA to the courts will cause Congress to do the unexpected: pass a new, 2005 version of the Telecom Act of 1996. Issues on the congressional table driving the need for new legislation include Internet taxation, the requirement of a local franchise by telephone companies to offer video over DSL, telco competition and others. But all these lack that special sound bite to motivate politicians to act. The CALEA issue provides that sound bite: "Here's a horrendous crime, but the criminal investigation involves the Internet, and the telephone companies refuse to help law enforcement."

The downside for service providers is that stonewalling on this issue could force Congress to act, thus risking the chance of getting what they don't want. For example, the United States is by far the most lenient country in the world when it comes to lawful interception enforcement. The current service provider fine is $10,000 per day, and since CALEA passed in 1995 no one has paid a dime in fines. In Australia, the fine is $10 million Australian (US $7 million) for non compliance—per day! Also, around the world carriers must demonstrate compliance with lawful interception (like CALEA) before services are introduced and announced. In short, U.S. service providers will have to start thinking about CALEA compliance for IP-based services.

IPDR to the Rescue

The universal theme in the November 2004 response to the FCC's Notice of Proposed Rulemaking on CALEA compliance for VoIP and other IP-based services by Tier 1 wireless and wireline carriers in the United States was: "Yes, we certainly would like to comply if ordered by the FCC—but we can't, because there are no standards for what's called call identifying information (CII)." This is simply not true. There's the Internet Protocol Data Record (IPDR) that can do the job of formatting IP usage and delivery from a service provider to law enforcement agents. Note, none of these wireless and wireline service providers mention a word about the IPDR standard in their filings. The only service provider segment that did in essence say it can support CALEA in its IP networks is the cable industry. And guess what? That is the only service provider segment that has adopted IPDR as its usage record format. It's found in CableLabs' DOCSIS 2.0 specification.

Why is IPDR applicable? First, the IPDR standard provides a structure (called an IPDR) to transfer billing information from a mediation device to a billing system. It also can be a standard for transferring usage information from IP network elements to mediation devices, but additional work (meaning funding) is needed. Also, the IPDR standard can be used to send IP usage records to data warehouses. The law enforcement agency equivalents of data warehouses are called collection devices. With IPDR, the CII standard problem is solved, if it's adopted by service providers and law enforcement agencies.

Other Potential Government ISS Mandates

Telecommunications carriers and ISPs have had a long tradition of not monitoring how customers use their networks or services, and in this regard they have the strong support of privacy advocates. On the flipside, the recording and content creation industries or developers of copyrighted software have a different opinion. The only way an entertainment content developer or software company can learn the names of suspected file traders is to file a lawsuit. At last count, the Recording Industry Association of America has sued 7,700 file swappers.

So far, service providers like Verizon have successfully challenged the RIAA's demands to turn over names of suspected file sharers. However, the Business Software Alliance—whose members include Microsoft, IBM, Intel, Adobe Systems and others—is joining the RIAA and pressuring Congress for help.

The list of problems goes on. Just in case you haven't noticed in your email, scattered among all the spam: the online pharmacy business has really come of age. Yes, you may save money on prescription drugs; however, anyone can buy harmful narcotics, including kids without a doctor's prescription (an authorization or user authentication issue). Again, a member of congress can create a great 10-second sound bite out of this: "This kid died from a drug purchased at an Internet online pharmacy."

ISS Market Drivers

OK, what if the government doesn't mandate ISS for telecoms or ISPs? Is there a market for ISS products not involving lawful intercept? Yes, there are a few:

A. Private Networks

All corporations and government agencies have security departments that basically do two things: buy and upgrade IP network firewalls to protect themselves from intrusion, and hire a security staff to monitor the activities of their employees.

Telecommunications service providers are no different. They buy firewalls and spend most of their efforts watching their own employees for denial of service attempts, or schemes to steal customer email lists, credit card information and the like, and of course they have to process a court-ordered intercept request. Service providers deploying ISS and IPDR standards can leverage it as part of their private IP network offering.

B. Content

Content providers can choose which telecommunications service providers to partner with. At last count they have at least four wireless providers deploying 3G networks per market, as well as choosing among service provider types (wireline vs. wireless vs. cable and so on). Now stop for a minute and imagine: You're in the market to buy a house and you've discovered two houses, each with the same features, appearance and door locks, but in different neighborhoods. One neighborhood has a police department that can catch the bad guys (fraudmeisters, hackers, and others), but the other has no police protection. Which home would you buy?

C. Market of One

OK, targeting a customer without a court order pushes lots of people's privacy sensitivity buttons—including mine. But what if you as a customer said, "Yes, I want to be a ‘target.' I want to know who I am contacting, who's contacting me, what traffic types are coming in and out of my premises. I don't want my content (conversation) to be intercepted, just the IP call-identifying information (CII)."

So who would want this, and why? Say I'm a small business and all my incoming and outgoing traffic comes via an IP broadband connection. I could learn who my sales team is contacting and who's contacting us. Here, I could structure my sales commission plan on a particular sales rep's CII data. Note, there is no caller ID in the IP world. Yes, caller ID is available if the public VoIP call touches the PSTN, but if it's IP traffic from a native IP or non-voice device, the CII data is not in a user-friendly format, if it exists at all.

Finally, say you're a consumer and get a sales call from your service provider asking to monitor your traffic for the purpose of matching your usage to the ideal pricing plan, thus saving you a lot of money. Would you give permission? By the way: the IPDR standard can send IPDRs to a rating engine for pricing for a market of one. Plus, if you have any plans to bill for content on a usage basis, you will need IPDR standard protocols as well.

This is the state of ISS today and its relationship to IPDR. If you need more information, plan to attend ISS World, scheduled for May 23-25, 2005, in Washington D,C. There will be a special standards track for deploying IPDR standards to address CII challenges. For program details go to www.telestrategies.com.