View
217
Download
0
Category
Tags:
Preview:
Citation preview
1© 2000, Cisco Systems, Inc. CALEA_NANOG_2000_0611.ppt
Impact of CALEA on Impact of CALEA on Network OperatorsNetwork Operators
What it is and what it ain’tWhat it is and what it ain’tChip Sharp
Cisco System, Inc.chsharp@cisco.com
Disclaimer: The views expressed herein may not reflect the views of my employer or anyone else associated with me. :-)
2CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
What is it?What is it?
• CALEA: Communications Assistance for Law Enforcement Agencies Act (1994)
47 USC §1001, CALEA §102
• Requirements for Carriers to Assist Law Enforcement in Carrying out Wiretaps
3CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
What is it not?What is it not?
• CALEA does not grant Law Enforcement new authority for wiretaps
Caveat: “new authority” is a matter of interpretation
4CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Congressional IntentCongressional Intent
"(1) to preserve a narrowly focused capability for law enforcement agencies to carry out properly authorized intercepts;
(2) to protect privacy in the face of increasingly powerful and personally revealing technologies; and
(3) to avoid impeding the development of new communications services and technologies.”
- H.R. Rep. No. 103-827, 103d Cong., 2d Sess. (1994)
5CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Surveillance LawsSurveillance Laws
• Title III of the Omnibus Crime Control and Safe Streets Act of 1968
• Electronic Communications Privacy Act of 1986
• The Foreign Intelligence Surveillance Act of 1978
6CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
TerminologyTerminology
• Telecommunications Carrier
• Telecommunications Service
• Information Service
• Call Identifying Information
• Electronic messaging
• Safe Harbor standard
7CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Information ServiceInformation Service
“(6) The term ‘information services’--
(A) means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications; and
(B) includes--
(i) a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities;
(ii) electronic publishing; and
(iii) electronic messaging services; but
8CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Information Service (cont.)Information Service (cont.)
(C) does not include any capability for a telecommunications carrier's internal management, control, or operation of its telecommunications network.”
- from Communications Assistance for Law Enforcement Act
9CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Electronic MessagingElectronic Messaging
“(4) The term ‘electronic messaging services’ means software- based services that enable the sharing of data, images, sound, writing, or other information among computing devices controlled by the senders or recipients of the messages.”
- from Communications Assistance for Law Enforcement Act
10CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Telecommunications CarrierTelecommunications Carrier“(8) The term ‘telecommunications carrier’--
(A) means a person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire; and
(B) includes--
(i) a person or entity engaged in providing commercial mobile service (as defined in section 332(d) of this title); or
(ii) a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such a person or entity to be a telecommunications carrier for purposes of this chapter; but”
- from Communications Assistance for Law Enforcement Act
11CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Telecommunications Carrier Telecommunications Carrier (cont.)(cont.)
“(C) does not include--
(i) persons or entities insofar as they are engaged in providing information services; and
(ii) any class or category of telecommunications carriers that the Commission exempts by rule after consultation with the Attorney General.”
- from Communications Assistance for Law Enforcement Act
12CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Telecommunications ServiceTelecommunications Service
This page intentionally left blank
13CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Call Identifying InformationCall Identifying Information
“(2) The term ‘call-identifying information’ means dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a telecommunications carrier.”
- from Communications Assistance for Law Enforcement Act
14CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Safe Harbor StandardsSafe Harbor Standards
“...publicly available technical requirements or standards adopted by an industry association or standard-setting organization, or by the Commission under subsection (b) of this section, to meet the requirements of section 1002 of this title.”
- from Communications Assistance for Law Enforcement Act
15CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Types of SurveillanceTypes of Surveillance
• Pen Register
Phone numbers of people that target is calling
• Trap and Trace
Phone numbers of people calling target
• Full content of call
Title III
FISA
16CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Requirements on Carrier Requirements on Carrier EquipmentEquipment
• Provide LEA access to intercept
All wire and electronic communications to/from target
Call Identifying information
Correlation
• Minimize Interference with service
• Protect privacy
17CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
LimitationsLimitations
• Do not deliver location information
• Information Services not included
• Private networks not included
• No decryption required
Unless Service Provider has keys
• Protect privacy of non-targets
18CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Current Standards EffortsCurrent Standards Efforts
• TIA: J-STD-025(a)
Telephony & Packet Data
• PacketCable(TM)
Cable Telephony (VoIP)
• PCIA: Paging
• IETF: Declined to play
Published RFC2804 (Raven)
19CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
J-STD-025 Packet Data J-STD-025 Packet Data • Two Methods for Delivery
Call Data Channel
Call Content Channel
• Only IP definition is for Wireless IP
However scope is vague.
• Current solution for Pen Register & Trap and Trace -> Send all packets and let LEA sort them out.
20CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
FCC Third Report & OrderFCC Third Report & Order
• Released by FCC August 31, 1999
• Responded to FBI requests
e.g., Location ID is required
• Invited TIA to provide report on packet data surveillance by September 30, 2000
• Compliance deadline for delivery of packet data using J-STD-025: 9/30/2001
21CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
USTA vs. FCCUSTA vs. FCC
• USTA, et. al. filed suit opposing third report and order
Punch list items (e.g., Location)
Packet Data solution in J-STD-025
Sending all data violates privacy protection provision in CALEA
• Initial arguments heard 5/18/2000
• Court will probably advise FCC to reconsider its position
22CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
TIA Joint Experts MeetingTIA Joint Experts Meeting
• Technical Fact-Finding Body
• Determine feasibility of delivering less than the full content of a packet to a law enforcement agency (LEA) in response to a pen register or trap and trace court order
• Provide input to TIA for report to FCC by Sept. 30, 2000
23CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Scope of JEMScope of JEM
• Many packet technologies: TDMA/CDMA/PCS/GSM/CDPD/X.25/ ISDN/ATM/Frame Relay/IP/others
• Does not include
legal issues
interpretation of FCC orders
impacts of encryption other than how it affects ability to deliver less than full content of packet
24CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Status of JEMStatus of JEM
• First JEM held 5/3-5Most participants from Wireless industry
Not much input from ISPs
Meeting Report: http://www.tiaonline.org/standards/CALEA_JEM/45053125.pdf
Current Draft JEM Report http://www.tiaonline.org/standards/CALEA_JEM/45053126.pdf
• Second JEM scheduled 6/27-29http://www.tiaonline.org/standards/CALEA_JEM/
25CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Status of JEM - Main PointsStatus of JEM - Main Points
• Separating “Information Service” from “Telecommunications Service” impossible unless carrier is providing the service
• Two scenarios identified
Service Provider offering Call Management Services (e.g., SIP server)
Service Provider offering IP transport
• Technology dependent appendices
26CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Personal ConclusionsPersonal Conclusions
• Separating IP header info from content is technically feasible
• Reliably identifying application in packet as telecom or information service is not technically feasible
• Increasing line speed & encryption aggravate (or improve) the situation
• New operating procedures to reply to warrants
27CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
Other Personal ConclusionsOther Personal Conclusions
• Tradeoff between protecting privacy and burden on ISP
• Seizing stored communications vs. communications in transit (wiretap)
• Who will be the test case?
• Nobody really knows what the end result will be.
28CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
ReferencesReferences
• How wiretaps are done: http://www.cpsr.org/cpsr/privacy/communications/wiretap/denning_wiretap_procedure_paper.txt
• Overview of Wiretap law: http://www.nap.edu/readingroom/books/crisis/D.txt
• CALEA text: http://techlawjournal.com/agencies/calea/47usc1001.htm
• TIA CALEA page: http://www.tiaonline.org/standards/CALEA_JEM/
• FCC CALEA Page: http://www.fcc.gov/wtb/csinfo/calea.html
• FBI CALEA page: http://www.fbi.gov/programs/calea/overview.htm
• ETSI Lawful Intercept: http://www.etsi.org/technicalactiv/li.htm
• EPIC Wiretap pages: http://www.epic.org/privacy/wiretap/
• CTIA Comments on FCC Third Report and Order: http://www.wow-com.com/lawpol/filing/Body.cfm?Reg_ID=196
• CDT Wiretap page: http://www.cdt.org/digi_tele/
• CDT Privacy page: http//www.cdt.org/privacy/plif.shtml
• USTA/CDT brief on CALEA challenge:
• Brief of EPIC, ACLU, and EFF: http://techlawjournal.com/courts/ustavfcc/20000120.htm
• IETF RAVEN RFC: ftp://ftp.isi.edu/in-notes/rfc2804.txt
29CALEA_NANOG_2000_0611.ppt © 2000, Cisco Systems, Inc.
AcknowledgmentsAcknowledgments
• The following people either provided comments or I used their presentations for material:
Al Gidari: g-savvy.com
Terri Brooks: Nokia
Peter Musgrove: AT&T
Recommended