FCC (News - Alert)
really crack down on CALEA compliance? Or will the deadline (May 14, 2007)In October 1994, Congress enacted CALEA (Communications Assistance for Law Enforcement Act), a law requiring telecom carriers “to assist law enforcement in executing electronic surveillance pursuant to court order or other lawful authorization”. CALEA preserves the ability of law enforcement agencies to conduct electronic surveillance by requiring equipment vendors and carriers (including common carriers, ISPs and VoIP providers) to design and/or modify their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities prior to the issuance of a warrant for a ‘lawful intercept’ of voice or data traffic. be as ‘loose’ as the early FCC pronouncements on providing E911 service?
Russ Sharer, Vice President of Marketing for Occam Networks (www.occamnetworks.com) says, “It appears that everyone is quite serious about this one. Still, the U.S. government has been slow to release all of the requirements that are needed for ISPs to meet the compliance deadline. In other words, they’ve defined it in terms of what you have to deliver in terms of the information flow, but as of the last time I checked, they didn’t really ask things such as, ‘What kind of response rate did you have?’ In other words, if the provider receives a warrant, how quickly can they activate the tap? There are also procedural issues that are in question. An ISP needs to keep a couple of people on hand capable of turning on a tap, but no one else in the company should be aware that a tap is in place. Some ISPs or operators will say, ‘I know what I’ve got to do but I don’t really understand what my response time is,’ for example. Things like that will drive the way that operators and providers implement a solution.”
“Another issue is that there are multiple kinds of warrants that a phone company can be served for information,” says Sharer. “Consider the three classes of traffic intercept: There were about 3 million Class 1 intercepts last year, consisting of just call data records. There were about 300,000 Class 2 intercepts last year that have a bit more information associated with the call. Finally, and most important, the Class 3 intercept is the live call flow or data flow of an individual subscriber.
Last year there were about 2,900 of those implemented in the entire U.S.; of those, 90+ percent were pretty much confined to California, Florida, New Jersey, New York and Texas. Interestingly enough, we’ve heard a great deal about the scary Patriot Act and anti-terror provisions, and yet the majority of those third class warrants came from local and state governments, as opposed to the federal government. The taps are used mostly to apprehend either drug dealers or child pornographers.”
Sharer muses, “Because of all this, some of the carriers say to themselves, ‘Gee, our chances of ever being approached to do, one of these things is pretty small. I’ve got to be ready to deploy a solution, but until I get a definition of a ‘ready means’ I’m not really sure what to do’ and so they hesitate in terms of implementing a solution.”
Many outsource the CALEA monitoring to what’s called a trusted third party, which audits the network to make sure it’s ready for the solution, and then they’re on a sort of ‘hot standby’ so that if a warrant arrives, they’re ready to either turn on the tap or immediately insert equipment into the network. The cost of these trusted third parties has been pretty high, on the order of thousands of dollars a month.
“Some of the operators and providers are saying that since their odds of getting a warrant aren’t that good, and since it costs thousands of dollars a month to be ready, the cost of this kind of ‘insurance’ is too high,” says Sharer.
“There are two primary architectures for doing CALEA taps,” says Sharer. “One is called ‘passive’ whereby you basically just put probes into the network. Think of them as ‘sniffers’ that are just watching network traffic go by and, when a tap is ordered, they will replicate that data stream and point it off toward the trusted third party. The second type is an ‘active’ tap, whereby one of your network elements is capable of complying with CALEA. Occam’s BLC 6000 product can be provisioned so that you can put a tap on one our DSL or POTS ports and redirect the traffic to a trusted third party. So our BLC is an active element for the monitoring and implementation of a CALEA tap.”
At Procera Neworks (www.proceranetworks.com), Vice President of Products Albert Lopez says, “The FCC is standing pretty firm on this deadline. They’ve stuck firm on the previous February 12 filing of the Monitoring Report, and there was a March 12 filing of policies and procedures and finally there was the May 14, 2007 deadline for compliance to make facilities available and to provide technical assistance to law enforcement whenever they want to engage in the intercept of VoIP conversations. The FCC has said that violators failing to fulfill the demands of a government warrant could result in a fine of up to $10,000 a day.”
Procera Networks (News - Alert)
, our product gear, called Packet Logic, basically sits in the network and can do the wiretaps,” says Lopez. “Many CALEA solutions today aren’t affordable to smaller ISPs, but we have what I would call the more affordable, ‘poor man’s solution’ to this problem that many ISPs can’t afford to deal with. At the same time, our mainline business is being able to see all the traffic going onto the network, not just the traffic on which you’ll be doing the wiretap. We can see and control that traffic, which will be an ongoing issue as bandwidth becomes more and more ‘used up’ by video and other bandwidth-hungry applications. So, in addition to complying with CALEA lawful intercept, we can help ISPs and operators better run their operation and make money. It’s a plug-and-play solution that you have the ‘insurance’ you need as a provider to comply with a potential warrant at a cost effective price, and at the same time it gives you a return on investment on managing your networks and subscribers in a whole different way.”
“There are two pieces to the product,” says Lopez. “Our Packet Logic product is a device in the network. Then, there’s the ‘mediation-trusted third party’, that we certify. If there’s a warrant for a wiretap, they handle the warrant and they can remotely set up the intercept on behalf of the ISP. Packet Logic will extract only the piece of information of interest and deliver it to the requesting law enforcement agency.”
“Surprisingly enough,” says Lopez, “some ISPs and smaller operators still don’t really know whether they’re subject to this law. Some have heard of it but they haven’t gotten a warrant yet. Others are in denial, because they’re small and can’t afford a CALEA solution, and they simply hope that the CALEA deadline doesn’t apply to them.”
No doubt those operators and providers who have stuck their collective heads in the sand will be in for a big surprise.”
Richard Grigonis is Executive Editor of
TMC’s (News - Alert)
IP Communications Group.