1 / 29

Impact of CALEA on Network Operators

Impact of CALEA on Network Operators. Chip Sharp Cisco System, Inc. chsharp@cisco.com. What it is and what it ain’t. Disclaimer: The views expressed herein may not reflect the views of my employer or anyone else associated with me. :-). What is it?.

kelton
Download Presentation

Impact of CALEA on Network Operators

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Impact of CALEA on Network Operators Chip SharpCisco System, Inc. chsharp@cisco.com What it is and what it ain’t Disclaimer: The views expressed herein may not reflect the views of my employer or anyone else associated with me. :-)

  2. What is it? • CALEA: Communications Assistance for Law Enforcement Agencies Act (1994) • 47 USC §1001, CALEA §102 • Requirements for Carriers to Assist Law Enforcement in Carrying out Wiretaps

  3. What is it not? • CALEA does not grant Law Enforcement new authority for wiretaps • Caveat: “new authority” is a matter of interpretation

  4. Congressional Intent "(1) to preserve a narrowly focused capability for law enforcement agencies to carry out properly authorized intercepts; (2) to protect privacy in the face of increasingly powerful and personally revealing technologies; and (3) to avoid impeding the development of new communications services and technologies.” - H.R. Rep. No. 103-827, 103d Cong., 2d Sess. (1994)

  5. Surveillance Laws • Title III of the Omnibus Crime Control and Safe Streets Act of 1968 • Electronic Communications Privacy Act of 1986 • The Foreign Intelligence Surveillance Act of 1978

  6. Terminology • Telecommunications Carrier • Telecommunications Service • Information Service • Call Identifying Information • Electronic messaging • Safe Harbor standard

  7. Information Service “(6) The term ‘information services’-- (A) means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications; and (B) includes-- (i) a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities; (ii) electronic publishing; and (iii) electronic messaging services; but

  8. Information Service (cont.) (C) does not include any capability for a telecommunications carrier's internal management, control, or operation of its telecommunications network.” - from Communications Assistance for Law Enforcement Act

  9. Electronic Messaging “(4) The term ‘electronic messaging services’ means software- based services that enable the sharing of data, images, sound, writing, or other information among computing devices controlled by the senders or recipients of the messages.” - from Communications Assistance for Law Enforcement Act

  10. Telecommunications Carrier “(8) The term ‘telecommunications carrier’-- (A) means a person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire; and (B) includes-- (i) a person or entity engaged in providing commercial mobile service (as defined in section 332(d) of this title); or (ii) a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such a person or entity to be a telecommunications carrier for purposes of this chapter; but” - from Communications Assistance for Law Enforcement Act

  11. Telecommunications Carrier (cont.) “(C) does not include-- (i) persons or entities insofar as they are engaged in providing information services; and (ii) any class or category of telecommunications carriers that the Commission exempts by rule after consultation with the Attorney General.” - from Communications Assistance for Law Enforcement Act

  12. Telecommunications Service This page intentionally left blank

  13. Call Identifying Information “(2) The term ‘call-identifying information’ means dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a telecommunications carrier.” - from Communications Assistance for Law Enforcement Act

  14. Safe Harbor Standards “...publicly available technical requirements or standards adopted by an industry association or standard-setting organization, or by the Commission under subsection (b) of this section, to meet the requirements of section 1002 of this title.” - from Communications Assistance for Law Enforcement Act

  15. Types of Surveillance • Pen Register • Phone numbers of people that target is calling • Trap and Trace • Phone numbers of people calling target • Full content of call • Title III • FISA

  16. Requirements on Carrier Equipment • Provide LEA access to intercept • All wire and electronic communications to/from target • Call Identifying information • Correlation • Minimize Interference with service • Protect privacy

  17. Limitations • Do not deliver location information • Information Services not included • Private networks not included • No decryption required • Unless Service Provider has keys • Protect privacy of non-targets

  18. Current Standards Efforts • TIA: J-STD-025(a) • Telephony & Packet Data • PacketCable(TM) • Cable Telephony (VoIP) • PCIA: Paging • IETF: Declined to play • Published RFC2804 (Raven)

  19. J-STD-025 Packet Data • Two Methods for Delivery Call Data Channel Call Content Channel • Only IP definition is for Wireless IP • However scope is vague. • Current solution for Pen Register & Trap and Trace -> Send all packets and let LEA sort them out.

  20. FCC Third Report & Order • Released by FCC August 31, 1999 • Responded to FBI requests • e.g., Location ID is required • Invited TIA to provide report on packet data surveillance by September 30, 2000 • Compliance deadline for delivery of packet data using J-STD-025: 9/30/2001

  21. USTA vs. FCC • USTA, et. al. filed suit opposing third report and order • Punch list items (e.g., Location) • Packet Data solution in J-STD-025 • Sending all data violates privacy protection provision in CALEA • Initial arguments heard 5/18/2000 • Court will probably advise FCC to reconsider its position

  22. TIA Joint Experts Meeting • Technical Fact-Finding Body • Determine feasibility of delivering less than the full content of a packet to a law enforcement agency (LEA) in response to a pen register or trap and trace court order • Provide input to TIA for report to FCC by Sept. 30, 2000

  23. Scope of JEM • Many packet technologies: TDMA/CDMA/PCS/GSM/CDPD/X.25/ ISDN/ATM/Frame Relay/IP/others • Does not include • legal issues • interpretation of FCC orders • impacts of encryption other than how it affects ability to deliver less than full content of packet

  24. Status of JEM • First JEM held 5/3-5 • Most participants from Wireless industry • Not much input from ISPs • Meeting Report: http://www.tiaonline.org/standards/CALEA_JEM/45053125.pdf • Current Draft JEM Report http://www.tiaonline.org/standards/CALEA_JEM/45053126.pdf • Second JEM scheduled 6/27-29 • http://www.tiaonline.org/standards/CALEA_JEM/

  25. Status of JEM - Main Points • Separating “Information Service” from “Telecommunications Service” impossible unless carrier is providing the service • Two scenarios identified • Service Provider offering Call Management Services (e.g., SIP server) • Service Provider offering IP transport • Technology dependent appendices

  26. Personal Conclusions • Separating IP header info from content is technically feasible • Reliably identifying application in packet as telecom or information service is not technically feasible • Increasing line speed & encryption aggravate (or improve) the situation • New operating procedures to reply to warrants

  27. Other Personal Conclusions • Tradeoff between protecting privacy and burden on ISP • Seizing stored communications vs. communications in transit (wiretap) • Who will be the test case? • Nobody really knows what the end result will be.

  28. References • How wiretaps are done: http://www.cpsr.org/cpsr/privacy/communications/wiretap/denning_wiretap_procedure_paper.txt • Overview of Wiretap law: http://www.nap.edu/readingroom/books/crisis/D.txt • CALEA text: http://techlawjournal.com/agencies/calea/47usc1001.htm • TIA CALEA page: http://www.tiaonline.org/standards/CALEA_JEM/ • FCC CALEA Page: http://www.fcc.gov/wtb/csinfo/calea.html • FBI CALEA page: http://www.fbi.gov/programs/calea/overview.htm • ETSI Lawful Intercept: http://www.etsi.org/technicalactiv/li.htm • EPIC Wiretap pages: http://www.epic.org/privacy/wiretap/ • CTIA Comments on FCC Third Report and Order: http://www.wow-com.com/lawpol/filing/Body.cfm?Reg_ID=196 • CDT Wiretap page: http://www.cdt.org/digi_tele/ • CDT Privacy page: http//www.cdt.org/privacy/plif.shtml • USTA/CDT brief on CALEA challenge: • Brief of EPIC, ACLU, and EFF: http://techlawjournal.com/courts/ustavfcc/20000120.htm • IETF RAVEN RFC: ftp://ftp.isi.edu/in-notes/rfc2804.txt

  29. Acknowledgments • The following people either provided comments or I used their presentations for material: • Al Gidari: g-savvy.com • Terri Brooks: Nokia • Peter Musgrove: AT&T

More Related