"It is well-known in undercover operations that communications is the mainstay for rapid accomplishment. However, it is a double-edged sword: It can be to our advantage if we use it well and it can be a knife dug into our back if we do not consider and take the necessary security precautions."
The FBI? The National Security Agency? The CIA?
Nope. It's taken directly from the Al Qaeda Training Manual found in a home in Manchester, England.
Discoveries such as these have added extra vigor to the U.S. government's efforts to implement the Communications Assistance for Law Enforcement Act.
Yet CALEA, which has been on the books since October 1994, has yet to become reality. Financial burdens on carriers, legal entanglements and confusion about what's required under the statute continue to slow the use of communications tapping technology at most carrier sites. The time, money and personnel telcos have to dedicate to network engineering issues have led most of America's carriers to request deadline extensions.
The nation's law enforcement agencies-just 19 days before the Sept. 30, 2001, deadline for wireline, cellular and broadband PCS compliance-earned the right to be fearful about terrorists using the telecommunications network to plan attacks.
"The FBI is really pushing this very hard," says Robert McDermott, director of sales and marketing for Network Engineering Consultants, a company that helps carriers meet CALEA requirements.
Wiretapping has been around since telephones became commonplace, but leaps in technology have made it difficult to monitor and eavesdrop on communications, especially in the packet-switched realm. It's no longer simply a matter of tapping into a phone line on a pole outside a suspect's house. Law enforcement agencies want access to, and the ability to tap into, carrier-grade voice over IP, SMS messaging, broadband PCS, and cellular and other newer voice communications techniques. "In many instances," the FBI says in its CALEA deployment guide, "telecommunications carriers have neither the capability nor the capacity to handle all electronic surveillance court orders."
Burdens on Carriers
The FBI says it has tried to ease the process for carriers. Its Flexible Deployment Assistance Guide (online at www.askcalea.net) outlines the procedures and requirements for reaching CALEA compliance, includes an FAQ and lists phone numbers carriers can call for information.
So what's holding the carriers up? The cost and the time it takes, for starters. Telcos have to install dedicated lines, such as T-1s and other circuits, at network sites. They have to install CALEA-compliant servers into their back-office systems and other network points; document processes to integrate and test the system, train employees and write procedures for complying with law enforcement requests. Carriers for the most part have to depend on software vendors and switch makers to create interfaces and links that allow the servers to document the law enforcement requests, collect call detail data, and send the data and voice intercepts to remote sites such as FBI field offices, Drug Enforcement Administration sites or multiple agencies at one time.
Investment One: Money
"You could potentially have hundreds of switches connected to a centralized location," McDermott says. "To have CALEA implemented at each switch, including the upgrades, costs money in hardware, and there is software that goes in every switch. The telcos pay for the equipment and buy licenses for the software from the vendor based on the number of ports. There are smaller companies that don't want to install the full CALEA solution."
Carriers also claim that software and switch vendors have been slow to introduce and implement the software. "There is a mechanism in CALEA to request an extension based on the availability of software from the vendors," McDermott says. "The FCC has been deluged with hundreds, if not thousands, of extension requests."
For its part, the federal government lets the carriers include the new functionalities in regular upgrades rather than forcing them to rush in rewrites-an expensive proposition.
How The Equipment Works
A CALEA-compliant server can provision a switch remotely and ensures that the back switch to which the server is attached meets the requirements of wiretap warrants. "The court may have specific information for the warrant to reproduce," says Keith Bhatia, vice president of global sales at SS8 Networks. "The warrant may want the system to capture call details such as origination, termination, numbers the caller dialed, the information on the call itself, including such network information as was the call forwarded, were multi-parties involved? If so, what were the phone numbers, where were they forwarded?"
The server receives the data about the call, and sets up the path for the call itself to be transmitted to law enforcement agencies, including multiple offices, in various forms.
Feds Will Help Foot the Bill
The FBI reimburses carriers for the software in two ways. The first is via the right-to-use (RTU) license agreement, in which the agency pays for a carrier's purchase of the software license for a switch installed on or before Jan. 1, 1995. The FBI set aside approximately $500 million to help pay carriers and vendors for this deployment.
Second, if the carrier and manufacturer don't want to pursue an RTU license with the FBI, manufacturers design and develop the CALEA software using the industry's normal business practices. The market determines the software's price. Using this method, reimbursement is not so assured. "Under a switch-by-switch reimbursement approach," the deployment guide says, "carriers will be reimbursed for CALEA software on an individual, switch-by-switch basis at … deployment."
"Normally the carrier absorbs the integration costs, while the FBI pays for a rated line [to its offices]," Bhatia says. "Carriers don't get reimbursed for end-to-end testing."
Though interface standards exist, the CALEA-compliant equipment sometimes has to be custom-integrated into the network, says Pat Donnelly, executive director of product management at Telcordia. "There's not a standard yet that covers a lot of the network devices," he says. "Where they need to be custom built, there will be added time-not just technical time to build the interface, but to test the entire end-to-end network, including failure scenarios. It's a complex testing environment."
Another layer of difficulty: ensuring that retrieving packet content (the call detail) is fast enough so law enforcement agencies get the data in near-real time. "The content part is hard," Donnelly says. "The packets are flowing across the network at microseconds. It involves multiple technologies and suppliers and has hard technical requirements."
Bhatia at SS8 Networks identifies the same challenge. "The real issue is, can you read the header to get the information? How fast can you track the packets? It's the difficulty the vendors face. At the present moment some don't have the ability to do this in real time."
Capacity Requirements Tough to Meet
CALEA also established reimbursement for modifications to any of a carrier's systems or services that do not have the capacity to accommodate a predetermined number of simultaneous content interceptions, pen registers, and trap-and-trace devices. The FBI issued a county-by-county survey of actual, maximum and historical eavesdropping requirements, and determined the number of simultaneous taps each telco would have to supply. That can be expensive for carriers in areas of dense population. "One carrier had a switch with 3,000 lines, and they were in a county with a fairly large number of potential traps. Las Vegas, for instance, is huge in this respect."
The United States Telecom Association didn't like the capacity payback scheme. It filed suit against the FBI, arguing that carriers shouldn't be required to meet the government's demand for interception if it exceeds the capacity for which the FBI has agreed to reimburse the carrier. The USTA lost the case on Jan. 18.
"Compliance with the FBI's capacity requirements can be expensive, since capacity drives cost. It's in everyone's best interest to spend this money wisely," says Allison Remsen, USTA spokeswoman. "We're supportive of law enforcement, but we want to ensure that the statute is interpreted properly."
"It's up to the carrier to work with the FBI to meet the capacity and capability requirements," Bhatia says. "Customers don't want to have a lot of capacity immediately, but they may need to upgrade very quickly. That's how we configured our Xcipio box. Carriers didn't want to use the capacity … but want to have the scalability when they're required to have it."
FCC Has Yet To Clarify Punch List
Another reason for the CALEA hold-up: The courts ordered the FCC to clarify punch-list capabilities the FBI requested from telcos. "The FBI wanted, and the FCC granted, those items," an FCC official says. "The court said the commission hadn't explained properly why those capabilities are required."
The FCC still hasn't done that, which means the requirements have been suspended until it finishes the task, sometime in February or March, the official says. The items are as follows:
o Content of subject-initiated conference calls. These include content of conference calls begun by a suspect and the call content of parties on hold.
o Party hold, join, drop-on conference calls. Includes messages that indicate active parties of a call. Specifically, on a conference call, these messages indicate whether a party is on hold, has joined or has been dropped from the conference call.
o Subject-initiated dialing and signaling information. This includes access to dialing and signaling information available from the subject, such as call forwarding, call waiting, call hold and three-way calling.
o In-band and out-of-band signaling. Includes messages that indicate whether a subject's service sends a tone or other network message to the subject, or that the other call participant's phone is ringing, busy or has a call-waiting signal
o Timing information. Information will be sent to the law enforcement agency per-mitting it to correlate call-identifying information with the call content of a communications interception.
o Dialed digit extraction. The origination carrier will provide the law enforcement agency on the call data channel any digits dialed by the subject after connecting to another carrier's service, pursuant to pen register authorization.
So the hurdles are large, but the industry plans to implement CALEA fully at some point. Yet some providers aren't even sure if they are required to comply. "The murkiest part is who is required to follow this, such as who is a telecommunications provider," the FCC official says. "They fall under this if they have a packet-mode capability. Information providers, such as ISPs that chiefly provide data and not voice over packet networks, don't. It gets a little murky in some areas. That's where you have to get a lawyer [to find out for you]."
And another wrinkle has appeared. Reports from Capitol Hill indicate that Rep. Michael Oxley, R-Ohio, plans to introduce an amendment to the Tauzin-Dingell bill that would require carriers to complete CALEA upgrades before getting permission to run Internet backbone and high-speed Internet services across inter-LATA boundaries. Oxley introduced the amendment, he said, because he believes the Sept. 11 attacks proved that delaying the government's ability to tap into communications networks is dangerous.
Email this article
Add a comment
Printer version
Order reprints
RSS Feed
Bookmark article