CALEA Goes IP
SS8 Networks' Cemal Dikmen outlines how VoIP providers can comply with the US Communications Assistance for Law Enforcement Act (CALEA).
Lawful intercept (LI), also referred to as "wiretapping" or "communications interception," is the identification, isolation, delivery and collection of communication sessions (voice, email, packet data, etc.) for use by law enforcement. This critical law enforcement tool is used by many authorized government agencies to investigate criminal and terrorist activities.
Now that the clinical definition has been dispensed with, it's on to talking about what LI really is -- simply the partnership between law enforcement and service providers based on the US Communications Assistance for Law Enforcement Act (CALEA). Obviously, service providers are reluctant to talk about LI. No provider wants to discuss the "Big Brother" implications of making it possible for law enforcement to tap phone calls. However, the law requires that every traditional telephony carrier must offer a CALEA solution. VoIP, on the other hand, lacks many of the regulations levied upon traditional wireline service providers.
When the CALEA law was signed into existence a decade ago, lawmakers had no idea that 10 years later, people would use the Internet to communicate freely with each other. As such, the laws, which allow law enforcement officials to listen in on the calls of criminals, terrorists and other targets of criminal investigation, were not written to include VoIP. Today, that oversight (if it's even fair to call it that) has left VoIP as a wide-open communications avenue for criminals. Fortunately for the good guys, law enforcement agencies (LEAs), service providers and equipment manufacturers are continuously working together to develop products and define technical standards for LI in the quest to to protect the public.
That quest isn't an easy one. The LI market is dynamic. New switch releases, switch types, edge devices and technologies are constantly being added to service provider networks. In addition, LI standards are evolving as technology and government requirements change. VoIP's popularity has increased dramatically over the past year, but as this evolution takes place, many service providers are still operating legacy systems and need an LI solution that can meet both circuit and packet requirements. For these reasons, choosing an LI solution can be tricky for carriers and are some major points to consider when facing that decision.
The first real VoIP LI solutions were introduced only two years ago, but they set the tone for all other solutions that must come after them. In its design, an LI solution should leverage wireless, wireline and VoIP applications. An additional necessary feature is support for multiple delivery standards for traditional circuit-switched (wireless and wireline), next-generation packet, ISP, 2G/3G wireless data and hybrid networks. Constructing the solution with a modular architecture will make it possible to support multi-vendor switch environments with a common interface that increases the ease of use and operation. Compliance with LI requirements, both for domestic and international markets as well as multiple standards, also is important.
As with many new technologies at present, transitioning from the old technologies will take time. In the case of service providers, legacy systems still supply the bulk of the providers' revenues. These providers are, however, beginning to see the value in next-generation networks. As such, many of the carriers have developed a migration strategy to eventually deploy IP networks. In the meantime, many are operating converged, hybrid networks that use elements of PSTN and IP.
To provide a path to expanded LI capabilities -- both in current and future networks -- an LI solution should feature a scalable, modular architecture and use standard hardware. That type of architecture lends itself to entry-level implementations and can be upgraded easily or modified to meet growth requirements manifesting from network expansion, increases in subscriber population or intercept volumes, changes in monitoring patterns and new monitoring requirements. The modular architecture also supports co-located, regional or centralized deployment models and provides configurations for country-specific regulations.
A good CALEA solution also should feature secure centralized operational management for service providers and ensure a single point of administration and access for LEAs. That central command and control point enables service providers to manage their LI operations located at multiple sites or distributed across multiple networks in a secure and efficient manner. In addition, multiple levels of user privileges are required, both for secure operations, and to separate regular maintenance activities from intercept provisioning. This way, administrators and operators with different clearance levels can support the same platform without accessing each other's secure data.
It also is important for an LI solution to support multiple switches from a central point. A centralized delivery point allows the provisioning of a single LI interface on the switch and eliminates the need for additional physical interfaces from each switch to the law enforcement. The single access point enables carriers to centralize surveillance operations in a more controlled, cost-effective and secure way. This reduces the overall LI administration cost for the service providers and simplifies the job of the LEA by providing a single interface into a carrier's multi-switch, multi-vendor network.
In addition, to develop a good CALEA solution, a vendor should work closely with multiple parties, including network equipment providers, service providers and law enforcement communities worldwide to ensure that all of their needs are met. Because an LI solution should comply with US and international LI requirements, representation and involvement in industry associations and major standards bodies also is essential.
Another crucial part of providing an LI solution is offering training and knowledge transfer to the system administrators who install and maintain the system, as well as to the operators and agents who use the intercept platform. With more knowledge and training, service providers and LEAs can use the LI solution more effectively and securely. That increased effectiveness ultimately means more criminals off the streets and behind bars.
Choosing an LI solution that can simultaneously handle the ever-changing worlds of VoIP and crime can be a difficult task, but a little bit of research and a lot of patience can help service providers stay compliant. More importantly, those carriers will be going beyond simply offering telecommunications services -- they will be providing peace of mind to their customers and working toward making the world a safer place in which to live, work and play.
Cemal Dikmen is vice president and general manager of lawful intercept for SS8 Networks.