calea communications assistance for law enforcement act l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
CALEA Communications Assistance For Law Enforcement Act PowerPoint Presentation
Download Presentation
CALEA Communications Assistance For Law Enforcement Act

Loading in 2 Seconds...

play fullscreen
1 / 33

CALEA Communications Assistance For Law Enforcement Act - PowerPoint PPT Presentation


  • 201 Views
  • Uploaded on

CALEA Communications Assistance For Law Enforcement Act. David Ward, Senior Attorney Public Safety and Homeland Security Bureau, Policy Division March 20, 2008. Public Safety and Homeland Security Bureau. PSHSB. Part 1- CALEA Demystified.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'CALEA Communications Assistance For Law Enforcement Act' - alyn


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
calea communications assistance for law enforcement act

CALEACommunications Assistance For Law Enforcement Act

David Ward, Senior Attorney

Public Safety and Homeland Security Bureau, Policy Division

March 20, 2008

Non-Public Information; For Internal Use Only

Public Safety and Homeland Security Bureau

PSHSB

part 1 calea demystified

Part 1- CALEA Demystified

Description, Compliance Requirements, Compliance Relief, and Enforcement

Non-Public Information; For Internal Use Only

what is calea legal and regulatory fundamentals
What Is CALEA?Legal and Regulatory Fundamentals
  • Communications Assistance for Law Enforcement Act,
    • Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified as amended in sections of 18 U.S.C. and 47 U.S.C.).
  • The CALEA Preamble:
    • “AN ACT To amend title 18, United States Code, to make clear a telecommunications carrier’s duty to cooperate in the interception of communications for law enforcement purposes, and for other purposes.”
  • CALEA is an Enabling Statute
    • Allows entities identified in other statutes to obtain lawful electronic surveillance, e.g., Federal (Titles 18 and 50), and State statutes.
  • Why CALEA?

Non-Public Information; For Internal Use Only

what is calea legal and regulatory fundamentals4
What Is CALEA?Legal and Regulatory Fundamentals
  • CALEA “Newspeak:”
    • Electronic surveillance: generic term for electronic eavesdropping.
    • Interception: generic term for electronic eavesdropping.
    • Wiretap: physical connection to a target’s service, “pliers and wires.”
    • Content interception: intercepting the conversation.
    • Two types of wiretaps:
      • Content, or “Title III:” a lawfully-authorized content interception obtained by a law enforcement agency (LEA).
      • Call identification information: 47 USC § 1001(2), formerly known as “trap, trace and pen register” wiretaps.
    • Call-related records: Available to LEAs via other statutes but not covered by CALEA.

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals
CALEA ComplianceLegal and Regulatory Fundamentals
  • What Entities must comply with CALEA?
    • Statute: “Telecommunications Carriers, “ as they are defined by 47 USC § 1001(8).
    • Regulations: CALEA Second Report and Order; in general, telecommunications carrier = common carrier
      • Included: Common Carriers, Resellers, CMRS, VoIP Service Providers, and Broadband Internet Access Providers
      • Not included: PMRS not connected to PSTN as a common carrier, Pay Telephone Providers, and Internet Services Providers (ISPs) that do not provide VoIP or broadband Internet access services.

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals6
CALEA ComplianceLegal and Regulatory Fundamentals
  • What Entities must comply with CALEA? (cont’d)
    • 47 CFR § 102(8)(B)(ii): [CALEA includes] “a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such a person or entity to be a telecommunications carrier for purposes of this title; but
    • (c) does not include --
      • (i) persons or entities insofar as they are engaged in providing information services; and
      • (ii) any class or category of telecommunications carriers that the Commission exempts by rule after consultation with the AG”

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals7
CALEA ComplianceLegal and Regulatory Fundamentals
  • What Entities must comply with CALEA? (cont’d)
    • Second Report and Order:
      • ¶ 29: “We do not believe it necessary at this time to identify by rule additional classes of entities within CALEA’s definition of telecommunications carrier, pursuant to section 102(8)(B)(ii), or to exempt in our rules any classes pursuant to section 102(8)(C)(ii). Moreover, we agree with the FBI that codification in our rules of a list of examples would run the risk of being considered definitive rather than merely illustrative. We therefore have decided not to adopt such a list, as we had proposed in the NPRM.”

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals8
CALEA ComplianceLegal and Regulatory Fundamentals
  • “System Security and Integrity” (SSI) requirements:
    • Two statutory provisions: 47 USC §§ 1004 (CALEA section 105), and 229 (CALEA section 301).
    • CALEA section 105:
      • Big change over pre-CALEA electronic surveillance
      • “A telecommunications carrier shall ensure that any interception of communications access to call-identifying information effected within its switching premises can be activated only in accordance with a court order or other lawful authorization and with the affirmative intervention of an individual officer or employee of the carrier acting in accordance with regulations prescribed by the Commission.”

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals9
CALEA ComplianceLegal and Regulatory Fundamentals
  • SSI requirements: (continued)
    • 47 USC § 229:
      • Requires the Commission to make rules to ensure SSI compliance, so that carriers:
        • require appropriate authorization to activate interception of communications or access to call identifying information
        • Prevent unauthorized interception
        • Maintain secure and accurate records of interceptions, with or without authorization
        • Submit to Commission SSI policies and procedures
      • Commission must review each carrier’s SSI plans
      • First Report and Order contains SSI filing requirements

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals10
CALEA ComplianceLegal and Regulatory Fundamentals
  • What constitutes capability compliance?
    • Statute: 47 U.S.C. § 1002, CALEA section 103 “Assistance Capability Requirements”
      • Prescribes content interception requirements
        • “concurrently to or from the subscriber’s equipment, facility, or service
        • “or at such later time as may be acceptable to the government
      • Prescribes call-identifying information requirements
        • “before, during, or immediately after the transmission. . .or at a later time as may be acceptable to the government
        • “in a manner that allows it to be associated with the communications to which it pertains
    • The government determines the information format

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals11
CALEA ComplianceLegal and Regulatory Fundamentals
  • What constitutes capability compliance? (continued)
    • Statutory Limitations:
      • Law enforcement agencies (LEAs) cannot require any specific design of equipment, facilities, services, features, or system configurations.
      • Excludes information services and decrypting services
      • Excludes physical location info., except from telephone number
      • Intercept must protect:
        • Subscriber privacy
        • Existence of surveillance
    • Carriers may permit monitoring at carrier premises in emergencies
    • Mobile carriers must provide the means for seamless taps.

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals12
CALEA ComplianceLegal and Regulatory Fundamentals
  • What constitutes capability compliance? (continued)
    • “Safe Harbor” provided by standards:
      • Statute: 47 USC § 1006: technical requirements and standards; extension of compliance date
      • Compliance with an established CALEA standard will protect a carrier from an enforcement action.
      • 47 USC § 1006(a): Industry standards organizations must consult with FBI, who must consult with state, local, and other federal LEAs, to guide the standards development process.
      • 47 USC § 1006(a)(3): Absence of standards no safe harbor.
      • 47 USC § 1006(b): LEAs may petition the FCC for a standards ruling.
      • 47 USC § 1006(c) (section 107(c)): Individual carriers may petition the FCC for an extension of up to two years, if compliance “is not reasonably achievable through application of technology.”

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals13
CALEA ComplianceLegal and Regulatory Fundamentals
  • What constitutes capability compliance? (continued)
    • CALEA Third Report and Order
      • Adopted TIA J-STD-025 as the CALEA standard
      • Ordered that TIA include an additional six capabilities, from the nine “punch list” capabilities demanded of the FBI.
    • FCC role in the CALEA standards process -
      • TIA J-STD-025 (“J” Standard)
      • Safe harbor for carriers that use switching equipment built to comply with J standard
      • Third Report and Order,

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals14
CALEA ComplianceLegal and Regulatory Fundamentals
  • What constitutes capability compliance? (continued)
    • 47 USC § 1006(c), CALEA section 107(c): “Not reasonably achievable” due to “availability of technology”
    • 47 USC § 1008(b), CALEA section 109(b): “Not reasonably achievable,” due to 11 statutory reasons.

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals15
CALEA ComplianceLegal and Regulatory Fundamentals
  • How much intercept capacity must a carrier provide?
    • 47 USC § 1003, CALEA section 104 “capacity requirements”
    • The statute requires the Attorney General, who delegated CALEA responsibility to the FBI, to develop “actual” and “maximum” CALEA capacity requirements.
      • Carriers must expand to the actual within three years of enactment.
      • Carriers must expand to the maximum within four years of enactment.

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals16
CALEA ComplianceLegal and Regulatory Fundamentals
  • Who pays?
    • Statutory schema:
      • Capability requirements - carriers without “significant upgrades or major modifications” before 1/1/95, will have CALEA capabilities paid by the FBI. If the FBI refuses to pay, the carrier is deemed compliant by operation of statute (47 USC § 1008(d)).
      • Costs for CALEA capability compliance for equipment and software purchases after 1/1/95, that constitute “major modification and significant upgrade” must be borne by carriers.
      • Bottom line: CALEA has been around for 14 years, so all new network equipment for sale is CALEA-compliant and has been for quite some time.
      • Second CALEA R&O: Capitol costs for CALEA compliance accrue to the carrier.

Non-Public Information; For Internal Use Only

calea compliance legal and regulatory fundamentals17
CALEA ComplianceLegal and Regulatory Fundamentals
  • By when?
    • The original deadline was four years from the date of CALEA’s enactment, or October 25, 1998.
    • The FCC extended the original compliance date until June 30, 2000, on CALEA section 107(c) grounds; not reasonably achievable due to the unavailability of compliant technology.
    • FCC ordered an additional extension to 9/30/2000 for the six punch list items approved by the Third Report and Order, and for packet mode communications.
    • Additional extensions were ordered to allow time for carriers and manufacturers to field compliance solutions for VoIP and Broadband Internet Access services providers. The deadline for all compliance was 14 May 07.

Non-Public Information; For Internal Use Only

calea enforcement legal and regulatory fundamentals
CALEA EnforcementLegal and Regulatory Fundamentals
  • Who enforces?
    • 47 USC § 229 requirements: FCC
      • Full panoply of Title V enforcement mechanisms.
      • Civil damages under 47 USC § 206- What if the entity is not a common carrier?
    • All other CALEA:
      • FBI, pursuant to 47 USC § 1007, and 18 USC § 2522.
      • FCC, for violations of Commission Rules

Non-Public Information; For Internal Use Only

part ii how does calea work

Part II- How Does CALEA Work?

Circuit Switched, Voice over Internet Protocol (VoIP), Broadband Access, and Industry-Specific Solutions

Non-Public Information; For Internal Use Only

how does calea work the concept of mechanized wiretapping
How Does CALEA Work?The Concept of Mechanized Wiretapping
  • Telecommunications Carrier CALEA Services
    • Call Data Channel (CDC) for Call Identifying Information
    • Call Content Channel (CCC) for Content Information
  • No More “Pliers and Wires”
  • Cooperation Among all Interested Parties
    • Telecommunications Carriers- purchase and use only CALEA-compliant service providing equipment
    • Telecommunications Equipment Manufacturers- design and build into all telecommunications equipment CALEA compliance
    • Law Enforcement Agencies (LEAs)

Non-Public Information; For Internal Use Only

how does calea work lawful intercept functions ownership

LegalOrder

How Does CALEA Work?Lawful intercept functions & ownership

Law Enforcement

Administrative

Function (LEAF)

Collection

Function (CF)

Law enforcement agency

Service Provider

Administrative

Function (SPAF)

Delivery

Function (DF)

Voice service provider orTrusted third party

Intercept Access

Function or

Point (AF/IAP)

Network service provider

Target subscriber

how does calea work service provider lawful intercept functions in detail
Service Provider Administration Function (SPAF)

ADMF: Administration Function

Provisions Target’s ID in AF

Intercept Access Function/Point (AF/IAP)

Intercepts Target’s communication unobtrusively

Mirrors & forwards call content (media) to DF

Collects & forwards call data (signaling related information) to DF

Delivery Function (DF)

Collects & delivers call content & data from AF to Law Enforcement CF

Prevents unauthorized access, manipulation and disclosure of call content & data

LegalOrder

How Does CALEA Work?Service provider lawful intercept functions in detail

LEA

Law Enforcement

Administrative

Function (LEAF)

Collection

Function (CF)

VSP/TTP

Service Provider

Administrative

Function (SPAF)

Delivery

Function (DF)

NSP

Intercept Access

Function or

Point (AF/IAP)

Target subscriber

how does calea work lawful intercept interfaces
How Does CALEA Work?- Lawful intercept interfaces
  • “a” interface: SPAF-AF- provisioning
    • Target number
    • INI-1, X1
  • “d” interface: AF-DF – call identifying information
    • Signaling related information
    • Call data events - Call Data Connection (CDC), INI-2
    • Encapsulated SIP - Intercept Related Information (IRI) X2
  • “d” interface: AF-DF - call content
    • Media
    • Call Content Connection (CCC), INI-3, X3
  • e interfaces: handover to/from LEA
    • HI-1: LEAF-ADMF- legal order provisioning
    • CDC, HI-2: DF-CF – call data
    • CCC, HI-3: DF-CF – call content

Law Enforcement

Administrative

Function (LEAF)

Collection

Function (CF)

b

LegalOrder

e

c

Service Provider

Administrative

Function (SPAF)

Delivery

Function (DF)

d

a

Intercept Access

Function or

Point (AF/IAP)

Target subscriber

voice and video over ip how it works

Signaling messages

SIP in UDP, TCP or SCTP

INVITE + SDP(media options)

OK + SDP(media selection)

Voice media flows

RTP in UDP

RTCP in UDP

Video media flows

Voice and video over IP – how it works

Non-Public Information; For Internal Use Only

types of interactive communications voice video and messaging over ip

ITSP/VoIP provider responsible for intercept

Broadband ISP responsible for intercept

Types of interactive communications - voice, video, and messaging - over IP
  • One tier (centralized) services
    • Vonage, AT&T Callvantage, Primus Lingo, Pulver FWD
    • Registration (authentication & authorization), presence & routing centralized
  • Two-tier service
    • Skype
    • Registration – centralized
    • Presence & routing distributed to subscriber endpoints – “supernode” with public IP address
  • Peer-to-peer
    • Users with global IP addresses
    • No VoIP provider/ITSP
    • Set up session peer-peer
intercept requires right level of intelligence and active participation

Media gateway

Media server

Signaling messages

Softswitch

Router

SBC

Voice media flows

Video media flows

Intercept requires right level of intelligence and active participation
slide27

Session

border

controller

LEA

AN1

AN2

A

B

Router+ softswitch

Media server + softswitch

LEA

LEA

AN1

AN1

AN2

AN2

A

A

B

B

Signaling

Media

Media gateway + softswitch

LEA

PSTN

AN1

AN2

A

B

solution internet telephony service provider

Signaling

Media

Solution: Internet Telephony Service Provider
  • Regulatorycompliance – lawful intercept & emergency service (E911)
  • Security – SBC DoS protection, access control, topology hiding & privacy, VPN separation, service infrastructure DoS prevention, fraud prevention
  • Servicereach – adaptive NAT traversal; SIP, SIP-H.323 IWF; OLIP/VPN bridging; interworking: transport & encryption protocols
  • SLAassurance – admission control: session agent load, bandwidth; peer-peer media release; app/media server load balancing QoS reporting
  • Revenue&profitprotection – routing, accounting

Data Center

Database(s)

Accounting

SIP

Internet

Managed net

SIP

SIP/H.323

PSTN

solution facilities based hip ic services business residential

H.248

Signaling

Media

Solution: Facilities-based HIP IC services – business & residential
  • Regulatory compliance – lawful intercept & emergency service
  • Security – SBC DoS protection, access control, topology hiding & privacy, VPN separation, service infrastructure DoS prevention,fraud prevention
  • Service reach – SIP, MGCP/NCS, H.248, SIP-H.323 PBX IWF; adaptive NAT traversal; OLIP/VPN bridging; interworking: transport & encryption protocols; surrogate registration IP PBX & IAD endpoints
  • SLA assurance – admission control: session agent load, bandwidth, policy server, QoS metrics; peer-peer media release; QoS marking/mapping; QoS reporting
  • Revenue & profit protection– bandwidth policing, QoS theft protection, accounting, session timers

SIP

H.248

MGCP

DSL

Frame/LL

Cable

MPLS VPN

SIP

H.323

MGCP

solution universities

SIP

Solution: Universities

University network

H.323 or SIP PBX

SIP endpoints/server

  • Regulatory compliance – lawful intercept
  • Security– access control (FW), topology hiding (NAPT), privacy, VPN separation, IP PBX/endpoint DoS prevention, SBC DoS protection
  • SLA assurance – admission control: IP PBX/SIP server constraints, bandwidth; QoS marking/VLAN mapping – voice vs. video; QoS reporting, bandwidth policing, accounting
  • Service reach - VPN/OLIP bridging, SIP-H.323 interworking, adaptive NAT traversal

SRTP pass-thru

SIP/TLS

ManagedSIP services

Internet

SOHO

IP access to PSTN, hosted services, IP extranet, other IP subscribers

part iii

Part III

What’s Next?

Non-Public Information; For Internal Use Only

pending calea activity
Pending CALEA Activity
  • Records Management
    • Mechanized System to Support the FBI with Accurate and Complete SSI Plan 7X24 Contact Information
  • FBI/DOJ/DEA CDMA 2000 Standards Deficiency Petition
    • Draft NPRM
  • Adjudicate Section 107(b) and 109(b) Relief Petitions

Non-Public Information; For Internal Use Only