impact of calea on network operators n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Impact of CALEA on Network Operators PowerPoint Presentation
Download Presentation
Impact of CALEA on Network Operators

Loading in 2 Seconds...

play fullscreen
1 / 29

Impact of CALEA on Network Operators - PowerPoint PPT Presentation


  • 165 Views
  • Uploaded on

Impact of CALEA on Network Operators. Chip Sharp Cisco System, Inc. chsharp@cisco.com. What it is and what it ain’t. Disclaimer: The views expressed herein may not reflect the views of my employer or anyone else associated with me. :-). What is it?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Impact of CALEA on Network Operators' - kelton


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
impact of calea on network operators

Impact of CALEA on Network Operators

Chip SharpCisco System, Inc.

chsharp@cisco.com

What it is and what it ain’t

Disclaimer: The views expressed herein may not reflect the views of my employer or anyone else associated with me. :-)

what is it
What is it?
  • CALEA: Communications Assistance for Law Enforcement Agencies Act (1994)
    • 47 USC §1001, CALEA §102
  • Requirements for Carriers to Assist Law Enforcement in Carrying out Wiretaps
what is it not
What is it not?
  • CALEA does not grant Law Enforcement new authority for wiretaps
    • Caveat: “new authority” is a matter of interpretation
congressional intent
Congressional Intent

"(1) to preserve a narrowly focused capability for law enforcement agencies to carry out properly authorized intercepts;

(2) to protect privacy in the face of increasingly powerful and personally revealing technologies; and

(3) to avoid impeding the development of new communications services and technologies.”

- H.R. Rep. No. 103-827, 103d Cong., 2d Sess. (1994)

surveillance laws
Surveillance Laws
  • Title III of the Omnibus Crime Control and Safe Streets Act of 1968
  • Electronic Communications Privacy Act of 1986
  • The Foreign Intelligence Surveillance Act of 1978
terminology
Terminology
  • Telecommunications Carrier
  • Telecommunications Service
  • Information Service
  • Call Identifying Information
  • Electronic messaging
  • Safe Harbor standard
information service
Information Service

“(6) The term ‘information services’--

(A) means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications; and

(B) includes--

(i) a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities;

(ii) electronic publishing; and

(iii) electronic messaging services; but

information service cont
Information Service (cont.)

(C) does not include any capability for a telecommunications carrier's internal management, control, or operation of its telecommunications network.”

- from Communications Assistance for Law Enforcement Act

electronic messaging
Electronic Messaging

“(4) The term ‘electronic messaging services’ means software- based services that enable the sharing of data, images, sound, writing, or other information among computing devices controlled by the senders or recipients of the messages.”

- from Communications Assistance for Law Enforcement Act

telecommunications carrier
Telecommunications Carrier

“(8) The term ‘telecommunications carrier’--

(A) means a person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire; and

(B) includes--

(i) a person or entity engaged in providing commercial mobile service (as defined in section 332(d) of this title); or

(ii) a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such a person or entity to be a telecommunications carrier for purposes of this chapter; but”

- from Communications Assistance for Law Enforcement Act

telecommunications carrier cont
Telecommunications Carrier (cont.)

“(C) does not include--

(i) persons or entities insofar as they are engaged in providing information services; and

(ii) any class or category of telecommunications carriers that the Commission exempts by rule after consultation with the Attorney General.”

- from Communications Assistance for Law Enforcement Act

telecommunications service
Telecommunications Service

This page intentionally left blank

call identifying information
Call Identifying Information

“(2) The term ‘call-identifying information’ means dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a telecommunications carrier.”

- from Communications Assistance for Law Enforcement Act

safe harbor standards
Safe Harbor Standards

“...publicly available technical requirements or standards adopted by an industry association or standard-setting organization, or by the Commission under subsection (b) of this section, to meet the requirements of section 1002 of this title.”

- from Communications Assistance for Law Enforcement Act

types of surveillance
Types of Surveillance
  • Pen Register
    • Phone numbers of people that target is calling
  • Trap and Trace
    • Phone numbers of people calling target
  • Full content of call
    • Title III
    • FISA
requirements on carrier equipment
Requirements on Carrier Equipment
  • Provide LEA access to intercept
    • All wire and electronic communications to/from target
    • Call Identifying information
    • Correlation
  • Minimize Interference with service
  • Protect privacy
limitations
Limitations
  • Do not deliver location information
  • Information Services not included
  • Private networks not included
  • No decryption required
    • Unless Service Provider has keys
  • Protect privacy of non-targets
current standards efforts
Current Standards Efforts
  • TIA: J-STD-025(a)
    • Telephony & Packet Data
  • PacketCable(TM)
    • Cable Telephony (VoIP)
  • PCIA: Paging
  • IETF: Declined to play
    • Published RFC2804 (Raven)
j std 025 packet data
J-STD-025 Packet Data
  • Two Methods for Delivery

Call Data Channel

Call Content Channel

  • Only IP definition is for Wireless IP
    • However scope is vague.
  • Current solution for Pen Register & Trap and Trace -> Send all packets and let LEA sort them out.
fcc third report order
FCC Third Report & Order
  • Released by FCC August 31, 1999
  • Responded to FBI requests
    • e.g., Location ID is required
  • Invited TIA to provide report on packet data surveillance by September 30, 2000
  • Compliance deadline for delivery of packet data using J-STD-025: 9/30/2001
usta vs fcc
USTA vs. FCC
  • USTA, et. al. filed suit opposing third report and order
    • Punch list items (e.g., Location)
    • Packet Data solution in J-STD-025
      • Sending all data violates privacy protection provision in CALEA
  • Initial arguments heard 5/18/2000
  • Court will probably advise FCC to reconsider its position
tia joint experts meeting
TIA Joint Experts Meeting
  • Technical Fact-Finding Body
  • Determine feasibility of delivering less than the full content of a packet to a law enforcement agency (LEA) in response to a pen register or trap and trace court order
  • Provide input to TIA for report to FCC by Sept. 30, 2000
scope of jem
Scope of JEM
  • Many packet technologies: TDMA/CDMA/PCS/GSM/CDPD/X.25/ ISDN/ATM/Frame Relay/IP/others
  • Does not include
    • legal issues
    • interpretation of FCC orders
    • impacts of encryption other than how it affects ability to deliver less than full content of packet
status of jem
Status of JEM
  • First JEM held 5/3-5
    • Most participants from Wireless industry
    • Not much input from ISPs
    • Meeting Report: http://www.tiaonline.org/standards/CALEA_JEM/45053125.pdf
    • Current Draft JEM Report http://www.tiaonline.org/standards/CALEA_JEM/45053126.pdf
  • Second JEM scheduled 6/27-29
    • http://www.tiaonline.org/standards/CALEA_JEM/
status of jem main points
Status of JEM - Main Points
  • Separating “Information Service” from “Telecommunications Service” impossible unless carrier is providing the service
  • Two scenarios identified
    • Service Provider offering Call Management Services (e.g., SIP server)
    • Service Provider offering IP transport
  • Technology dependent appendices
personal conclusions
Personal Conclusions
  • Separating IP header info from content is technically feasible
  • Reliably identifying application in packet as telecom or information service is not technically feasible
  • Increasing line speed & encryption aggravate (or improve) the situation
  • New operating procedures to reply to warrants
other personal conclusions
Other Personal Conclusions
  • Tradeoff between protecting privacy and burden on ISP
  • Seizing stored communications vs. communications in transit (wiretap)
  • Who will be the test case?
  • Nobody really knows what the end result will be.
references
References
  • How wiretaps are done: http://www.cpsr.org/cpsr/privacy/communications/wiretap/denning_wiretap_procedure_paper.txt
  • Overview of Wiretap law: http://www.nap.edu/readingroom/books/crisis/D.txt
  • CALEA text: http://techlawjournal.com/agencies/calea/47usc1001.htm
  • TIA CALEA page: http://www.tiaonline.org/standards/CALEA_JEM/
  • FCC CALEA Page: http://www.fcc.gov/wtb/csinfo/calea.html
  • FBI CALEA page: http://www.fbi.gov/programs/calea/overview.htm
  • ETSI Lawful Intercept: http://www.etsi.org/technicalactiv/li.htm
  • EPIC Wiretap pages: http://www.epic.org/privacy/wiretap/
  • CTIA Comments on FCC Third Report and Order: http://www.wow-com.com/lawpol/filing/Body.cfm?Reg_ID=196
  • CDT Wiretap page: http://www.cdt.org/digi_tele/
  • CDT Privacy page: http//www.cdt.org/privacy/plif.shtml
  • USTA/CDT brief on CALEA challenge:
  • Brief of EPIC, ACLU, and EFF: http://techlawjournal.com/courts/ustavfcc/20000120.htm
  • IETF RAVEN RFC: ftp://ftp.isi.edu/in-notes/rfc2804.txt
acknowledgments
Acknowledgments
  • The following people either provided comments or I used their presentations for material:
    • Al Gidari: g-savvy.com
    • Terri Brooks: Nokia
    • Peter Musgrove: AT&T