COMMUNICATIONS ASSISTANCE FOR LAW COMMUNICATIONS ASSISTANCE FOR LAW ENFORCEMENT ACT (CALEA) ENFORCEMENT ACT (CALEA) Law Enforcement Requirements for Law Enforcement Requirements for VoIP and Broadband Access VoIP and Broadband Access
The CALEA Challenge Law Enforcement Requirements for VoiP and ...
Aug 20, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
COMMUNICATIONS ASSISTANCE FOR LAW COMMUNICATIONS ASSISTANCE FOR LAW ENFORCEMENT ACT (CALEA)ENFORCEMENT ACT (CALEA)
Law Enforcement Requirements for VoIP and Law Enforcement Requirements for VoIP and Broadband AccessBroadband Access
COMMUNICATIONS ASSISTANCE FOR LAW COMMUNICATIONS ASSISTANCE FOR LAW ENFORCEMENT ACT (CALEA)ENFORCEMENT ACT (CALEA)
Law Enforcement Requirements for VoIP and Law Enforcement Requirements for VoIP and Broadband AccessBroadband Access
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 22
IntroductionIntroductionIntroductionIntroduction
• CALEA BackgroundCALEA Background
• Development of Law Enforcement End-User RequirementsDevelopment of Law Enforcement End-User Requirements
• CIU Standards Capability PolicyCIU Standards Capability Policy– VoiceVoice
– DataData
• Responsibilities for InterceptionResponsibilities for Interception
• CALEA BackgroundCALEA Background
• Development of Law Enforcement End-User RequirementsDevelopment of Law Enforcement End-User Requirements
• CIU Standards Capability PolicyCIU Standards Capability Policy– VoiceVoice
– DataData
• Responsibilities for InterceptionResponsibilities for Interception
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 33
WHAT IS CALEA?WHAT IS CALEA?WHAT IS CALEA?WHAT IS CALEA?
• Legislation preserving Law Enforcement’s ability to Legislation preserving Law Enforcement’s ability to intercept communications involving advanced intercept communications involving advanced telecommunications technologiestelecommunications technologies
• Mandates that the telecommunications industry Mandates that the telecommunications industry consider Law Enforcement when designing new consider Law Enforcement when designing new services and featuresservices and features
• Applicable to all telecommunications carriers Applicable to all telecommunications carriers regardless of the underlying technologyregardless of the underlying technology
• Legislation preserving Law Enforcement’s ability to Legislation preserving Law Enforcement’s ability to intercept communications involving advanced intercept communications involving advanced telecommunications technologiestelecommunications technologies
• Mandates that the telecommunications industry Mandates that the telecommunications industry consider Law Enforcement when designing new consider Law Enforcement when designing new services and featuresservices and features
• Applicable to all telecommunications carriers Applicable to all telecommunications carriers regardless of the underlying technologyregardless of the underlying technology
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 44
WHY CALEA IS IMPORTANT TO LAW ENFORCEMENTWHY CALEA IS IMPORTANT TO LAW ENFORCEMENTWHY CALEA IS IMPORTANT TO LAW ENFORCEMENTWHY CALEA IS IMPORTANT TO LAW ENFORCEMENT
• Electronic surveillance undergoes a paradigm shiftElectronic surveillance undergoes a paradigm shift– Information availableInformation available– How it is conductedHow it is conducted– Who controls (administers) itWho controls (administers) it
• Effects on Law EnforcementEffects on Law Enforcement– Technology used in collectionTechnology used in collection– Cost (collection and delivery)Cost (collection and delivery)
• Law Enforcement now has recourse when the industry Law Enforcement now has recourse when the industry introduces advanced technologies with no introduces advanced technologies with no commensurate capabilities to conduct electronic commensurate capabilities to conduct electronic surveillancesurveillance
• Electronic surveillance undergoes a paradigm shiftElectronic surveillance undergoes a paradigm shift– Information availableInformation available– How it is conductedHow it is conducted– Who controls (administers) itWho controls (administers) it
• Effects on Law EnforcementEffects on Law Enforcement– Technology used in collectionTechnology used in collection– Cost (collection and delivery)Cost (collection and delivery)
• Law Enforcement now has recourse when the industry Law Enforcement now has recourse when the industry introduces advanced technologies with no introduces advanced technologies with no commensurate capabilities to conduct electronic commensurate capabilities to conduct electronic surveillancesurveillance
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 55
CALEA Main Legal Requirements CALEA Main Legal Requirements Quick OverviewQuick Overview
CALEA Main Legal Requirements CALEA Main Legal Requirements Quick OverviewQuick Overview
• duties to ensure capability (section 103) –– Isolating and enabling interception of communications – Isolating and enabling acquisition of call-identifying information (CII) that is
“reasonably available”• and correlated with the communications
– Delivering communications and CII – Facilitating interception such that it is “unobtrusive” and secure
• Safe-Harbor for industry standards (Section 107)
• FCC may adopt rules if standards are determined to be “deficient”
– FCC requires System Security filings (Section 105)– FCC determines cost petitions (Section 109)
• duties to ensure capability (section 103) –– Isolating and enabling interception of communications – Isolating and enabling acquisition of call-identifying information (CII) that is
“reasonably available”• and correlated with the communications
– Delivering communications and CII – Facilitating interception such that it is “unobtrusive” and secure
• Safe-Harbor for industry standards (Section 107)
• FCC may adopt rules if standards are determined to be “deficient”
– FCC requires System Security filings (Section 105)– FCC determines cost petitions (Section 109)
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI
Methods for Carrier CALEA ComplianceMethods for Carrier CALEA ComplianceMethods for Carrier CALEA ComplianceMethods for Carrier CALEA Compliance
• Carriers have two alternatives to meet their obligations under CALEA:Carriers have two alternatives to meet their obligations under CALEA:– Adoption of an Industry StandardAdoption of an Industry Standard
• Industry initiates and participates in the development of lawful intercept Industry initiates and participates in the development of lawful intercept standards in order to be afforded the “Safe Harbor” provision of Section 107 of standards in order to be afforded the “Safe Harbor” provision of Section 107 of CALEACALEA
– A carrier shall be found in compliance with Section 103 of CALEA if the A carrier shall be found in compliance with Section 103 of CALEA if the carrier has implemented the capabilities set forth in an industry accepted carrier has implemented the capabilities set forth in an industry accepted standard standard
• The FCC concluded in its Second Report and Order that The FCC concluded in its Second Report and Order that absent the filing of a deficiency petition under CALEA section 107(b), it would be premature for the FCC to intervene in the standards development process
– Direct Compliance with Section 103(a) of CALEADirect Compliance with Section 103(a) of CALEA• Carriers may implement an ad-hoc solution which meets the four objectives of 103:Carriers may implement an ad-hoc solution which meets the four objectives of 103:
– Expeditious isolation of the targets communicationsExpeditious isolation of the targets communications– Expeditious isolation of the targets communication-identifying informationExpeditious isolation of the targets communication-identifying information– Delivery of the target’s communications and communication identifying information to Delivery of the target’s communications and communication identifying information to
law enforcement in a means which can be correlatedlaw enforcement in a means which can be correlated– Assuring unobtrusive and transparent interception of the targets communications and Assuring unobtrusive and transparent interception of the targets communications and
communication identifying information.communication identifying information.
• Carriers have two alternatives to meet their obligations under CALEA:Carriers have two alternatives to meet their obligations under CALEA:– Adoption of an Industry StandardAdoption of an Industry Standard
• Industry initiates and participates in the development of lawful intercept Industry initiates and participates in the development of lawful intercept standards in order to be afforded the “Safe Harbor” provision of Section 107 of standards in order to be afforded the “Safe Harbor” provision of Section 107 of CALEACALEA
– A carrier shall be found in compliance with Section 103 of CALEA if the A carrier shall be found in compliance with Section 103 of CALEA if the carrier has implemented the capabilities set forth in an industry accepted carrier has implemented the capabilities set forth in an industry accepted standard standard
• The FCC concluded in its Second Report and Order that The FCC concluded in its Second Report and Order that absent the filing of a deficiency petition under CALEA section 107(b), it would be premature for the FCC to intervene in the standards development process
– Direct Compliance with Section 103(a) of CALEADirect Compliance with Section 103(a) of CALEA• Carriers may implement an ad-hoc solution which meets the four objectives of 103:Carriers may implement an ad-hoc solution which meets the four objectives of 103:
– Expeditious isolation of the targets communicationsExpeditious isolation of the targets communications– Expeditious isolation of the targets communication-identifying informationExpeditious isolation of the targets communication-identifying information– Delivery of the target’s communications and communication identifying information to Delivery of the target’s communications and communication identifying information to
law enforcement in a means which can be correlatedlaw enforcement in a means which can be correlated– Assuring unobtrusive and transparent interception of the targets communications and Assuring unobtrusive and transparent interception of the targets communications and
communication identifying information.communication identifying information.
66
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 77
• Wireline and wireless service providers are moving from circuit-based Wireline and wireless service providers are moving from circuit-based technologies to packet-based technologies for voice servicestechnologies to packet-based technologies for voice services
• Surveillance of voice services in circuit-based networks is covered under J-Surveillance of voice services in circuit-based networks is covered under J-STD-025ASTD-025A
• The number of standards organizations developing lawful interception The number of standards organizations developing lawful interception capabilities has expanded as industry’s approach has fragmentedcapabilities has expanded as industry’s approach has fragmented– Different legal and regulatory backgrounds (e.g., cable vs. DSL)Different legal and regulatory backgrounds (e.g., cable vs. DSL)– Different philosophies on how to approach CALEA obligationsDifferent philosophies on how to approach CALEA obligations
• FCC First Report and Order has resulted in additional standards groups FCC First Report and Order has resulted in additional standards groups initiating working on “Safe Harbor” intercept solutionsinitiating working on “Safe Harbor” intercept solutions– Broadband Over PowerlineBroadband Over Powerline– WiMAXWiMAX
• Wireline and wireless service providers are moving from circuit-based Wireline and wireless service providers are moving from circuit-based technologies to packet-based technologies for voice servicestechnologies to packet-based technologies for voice services
• Surveillance of voice services in circuit-based networks is covered under J-Surveillance of voice services in circuit-based networks is covered under J-STD-025ASTD-025A
• The number of standards organizations developing lawful interception The number of standards organizations developing lawful interception capabilities has expanded as industry’s approach has fragmentedcapabilities has expanded as industry’s approach has fragmented– Different legal and regulatory backgrounds (e.g., cable vs. DSL)Different legal and regulatory backgrounds (e.g., cable vs. DSL)– Different philosophies on how to approach CALEA obligationsDifferent philosophies on how to approach CALEA obligations
• FCC First Report and Order has resulted in additional standards groups FCC First Report and Order has resulted in additional standards groups initiating working on “Safe Harbor” intercept solutionsinitiating working on “Safe Harbor” intercept solutions– Broadband Over PowerlineBroadband Over Powerline– WiMAXWiMAX
Law Enforcement is working with industry to ensure surveillance capabilities are maintained as networks evolveLaw Enforcement is working with industry to ensure surveillance capabilities are maintained as networks evolve
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 88
Development of FBI Standards RequirementsDevelopment of FBI Standards RequirementsDevelopment of FBI Standards RequirementsDevelopment of FBI Standards Requirements
• The development of law enforcement requirements for CALEA The development of law enforcement requirements for CALEA interception of packet-based services can be broken down into two interception of packet-based services can be broken down into two areas: Carrier Grade Voice over Packet and Broadband Data Accessareas: Carrier Grade Voice over Packet and Broadband Data Access
• Carrier Grade Voice over Packet Service (CGVoP)Carrier Grade Voice over Packet Service (CGVoP)– Addresses Voice over Packet carriers offering managed serviceAddresses Voice over Packet carriers offering managed service
– Development of positions for VoIP began in 2000Development of positions for VoIP began in 2000
– State and Local law enforcement as well as FBI provided input to CIU’s State and Local law enforcement as well as FBI provided input to CIU’s positionposition
– Document was completed and released to Industry on January 23, 2003Document was completed and released to Industry on January 23, 2003• Can be requested by Industry at Can be requested by Industry at www.askcalea.net
• The development of law enforcement requirements for CALEA The development of law enforcement requirements for CALEA interception of packet-based services can be broken down into two interception of packet-based services can be broken down into two areas: Carrier Grade Voice over Packet and Broadband Data Accessareas: Carrier Grade Voice over Packet and Broadband Data Access
• Carrier Grade Voice over Packet Service (CGVoP)Carrier Grade Voice over Packet Service (CGVoP)– Addresses Voice over Packet carriers offering managed serviceAddresses Voice over Packet carriers offering managed service
– Development of positions for VoIP began in 2000Development of positions for VoIP began in 2000
– State and Local law enforcement as well as FBI provided input to CIU’s State and Local law enforcement as well as FBI provided input to CIU’s positionposition
– Document was completed and released to Industry on January 23, 2003Document was completed and released to Industry on January 23, 2003• Can be requested by Industry at Can be requested by Industry at www.askcalea.net
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 99
Development of FBI Standards Requirements (cont’d)Development of FBI Standards Requirements (cont’d)Development of FBI Standards Requirements (cont’d)Development of FBI Standards Requirements (cont’d)
• Broadband Data Access ServiceBroadband Data Access Service– Addresses broadband technologies for both fixed and mobile Addresses broadband technologies for both fixed and mobile
implementationsimplementations
– Work on developing positions for Data Access began in 2002Work on developing positions for Data Access began in 2002
– CIU developed position on broadband data access with input from State CIU developed position on broadband data access with input from State and Local LE and Local LE
• FBI has had significant operational experience with broadband interceptsFBI has had significant operational experience with broadband intercepts
– Publicly available document does not exist for this servicePublicly available document does not exist for this service• Industry can contact CIU for additional information on Broadband Data Access Industry can contact CIU for additional information on Broadband Data Access
service interception requirementsservice interception requirements
• Broadband Data Access ServiceBroadband Data Access Service– Addresses broadband technologies for both fixed and mobile Addresses broadband technologies for both fixed and mobile
implementationsimplementations
– Work on developing positions for Data Access began in 2002Work on developing positions for Data Access began in 2002
– CIU developed position on broadband data access with input from State CIU developed position on broadband data access with input from State and Local LE and Local LE
• FBI has had significant operational experience with broadband interceptsFBI has had significant operational experience with broadband intercepts
– Publicly available document does not exist for this servicePublicly available document does not exist for this service• Industry can contact CIU for additional information on Broadband Data Access Industry can contact CIU for additional information on Broadband Data Access
service interception requirementsservice interception requirements
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 1010
General Characteristics of a VoIP Intercept SolutionGeneral Characteristics of a VoIP Intercept SolutionGeneral Characteristics of a VoIP Intercept SolutionGeneral Characteristics of a VoIP Intercept Solution
• Standardization efforts focus on delivery from carrier to law enforcementStandardization efforts focus on delivery from carrier to law enforcement
• Call-Identifying InformationCall-Identifying Information: The carrier is required to map their specific VoIP : The carrier is required to map their specific VoIP protocols to a generic set of messages for delivery to law enforcementprotocols to a generic set of messages for delivery to law enforcement
– Messages based on circuit-switched message set with inclusion of new capabilities specific Messages based on circuit-switched message set with inclusion of new capabilities specific to VoIPto VoIP
– Messages have a “catch-all” field which will delivery any additional information not Messages have a “catch-all” field which will delivery any additional information not anticipated in the generic messagesanticipated in the generic messages
• Call ContentCall Content: The carrier provides content in a wrapper, unaltered: The carrier provides content in a wrapper, unaltered– Content is defined as all VoIP packets which contain subject’s communicationContent is defined as all VoIP packets which contain subject’s communication
• CorrelationCorrelation: Carrier must correlate interception product (e.g., timestamps, case ID) : Carrier must correlate interception product (e.g., timestamps, case ID) and deliver it over a single interfaceand deliver it over a single interface
– Critical as more than one Intercept Access Point (IAP) per intercept is required to provide Critical as more than one Intercept Access Point (IAP) per intercept is required to provide the necessary data to law enforcementthe necessary data to law enforcement
• The carrier is required to provide the intercepted data to law enforcement in near The carrier is required to provide the intercepted data to law enforcement in near real-timereal-time
• Standardization efforts focus on delivery from carrier to law enforcementStandardization efforts focus on delivery from carrier to law enforcement
• Call-Identifying InformationCall-Identifying Information: The carrier is required to map their specific VoIP : The carrier is required to map their specific VoIP protocols to a generic set of messages for delivery to law enforcementprotocols to a generic set of messages for delivery to law enforcement
– Messages based on circuit-switched message set with inclusion of new capabilities specific Messages based on circuit-switched message set with inclusion of new capabilities specific to VoIPto VoIP
– Messages have a “catch-all” field which will delivery any additional information not Messages have a “catch-all” field which will delivery any additional information not anticipated in the generic messagesanticipated in the generic messages
• Call ContentCall Content: The carrier provides content in a wrapper, unaltered: The carrier provides content in a wrapper, unaltered– Content is defined as all VoIP packets which contain subject’s communicationContent is defined as all VoIP packets which contain subject’s communication
• CorrelationCorrelation: Carrier must correlate interception product (e.g., timestamps, case ID) : Carrier must correlate interception product (e.g., timestamps, case ID) and deliver it over a single interfaceand deliver it over a single interface
– Critical as more than one Intercept Access Point (IAP) per intercept is required to provide Critical as more than one Intercept Access Point (IAP) per intercept is required to provide the necessary data to law enforcementthe necessary data to law enforcement
• The carrier is required to provide the intercepted data to law enforcement in near The carrier is required to provide the intercepted data to law enforcement in near real-timereal-time
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 1111
General Characteristics of a Data Access Intercept General Characteristics of a Data Access Intercept SolutionSolution
General Characteristics of a Data Access Intercept General Characteristics of a Data Access Intercept SolutionSolution
• Standardization efforts focus on delivery from carrier to law enforcementStandardization efforts focus on delivery from carrier to law enforcement
• Communication-Identifying InformationCommunication-Identifying Information: The carrier is required to provide : The carrier is required to provide basic information about the management of the data access service to law basic information about the management of the data access service to law enforcementenforcement– The data access solutions do not address application-level data extraction (e.g. e-The data access solutions do not address application-level data extraction (e.g. e-
mail, chat, VoIP) or application pen register solutionsmail, chat, VoIP) or application pen register solutions
• Communication ContentCommunication Content: The carrier provides content in a wrapper, unaltered: The carrier provides content in a wrapper, unaltered– Content is defined as ALL packets sent or received by the subjectContent is defined as ALL packets sent or received by the subject
• CorrelationCorrelation: Carrier must correlate interception product (e.g., timestamps, case : Carrier must correlate interception product (e.g., timestamps, case ID) and deliver it over a single interfaceID) and deliver it over a single interface– Critical as more than one Intercept Access Point (IAP) per intercept may be Critical as more than one Intercept Access Point (IAP) per intercept may be
required to provide the necessary data to law enforcementrequired to provide the necessary data to law enforcement
• Standardization efforts focus on delivery from carrier to law enforcementStandardization efforts focus on delivery from carrier to law enforcement
• Communication-Identifying InformationCommunication-Identifying Information: The carrier is required to provide : The carrier is required to provide basic information about the management of the data access service to law basic information about the management of the data access service to law enforcementenforcement– The data access solutions do not address application-level data extraction (e.g. e-The data access solutions do not address application-level data extraction (e.g. e-
mail, chat, VoIP) or application pen register solutionsmail, chat, VoIP) or application pen register solutions
• Communication ContentCommunication Content: The carrier provides content in a wrapper, unaltered: The carrier provides content in a wrapper, unaltered– Content is defined as ALL packets sent or received by the subjectContent is defined as ALL packets sent or received by the subject
• CorrelationCorrelation: Carrier must correlate interception product (e.g., timestamps, case : Carrier must correlate interception product (e.g., timestamps, case ID) and deliver it over a single interfaceID) and deliver it over a single interface– Critical as more than one Intercept Access Point (IAP) per intercept may be Critical as more than one Intercept Access Point (IAP) per intercept may be
required to provide the necessary data to law enforcementrequired to provide the necessary data to law enforcement
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 1212
Data Access Intercept Delivery RequirementsData Access Intercept Delivery RequirementsData Access Intercept Delivery RequirementsData Access Intercept Delivery Requirements
• Delivery solutions for data access interception must allow for open IP network Delivery solutions for data access interception must allow for open IP network connectivity for transmission from the carrier premises to law enforcementconnectivity for transmission from the carrier premises to law enforcement– Assures rapid establishment of connectivity from carrier to law enforcement where Assures rapid establishment of connectivity from carrier to law enforcement where
preexisting connections do not existpreexisting connections do not exist– Cost effective delivery solutionCost effective delivery solution– Does not preclude use of dedicated facilities, but avoids reliance upon themDoes not preclude use of dedicated facilities, but avoids reliance upon them
• The carrier may either provide the intercepted data to law enforcement in The carrier may either provide the intercepted data to law enforcement in near real-time or in a file structure formatnear real-time or in a file structure format– Near real-time access: Carrier must allow law enforcement to co-locate equipment Near real-time access: Carrier must allow law enforcement to co-locate equipment
which stores intercepted data and provide a static IP for law enforcement remote which stores intercepted data and provide a static IP for law enforcement remote access via VPNaccess via VPN
– File structure access: carrier provides “buffering” function and provides law File structure access: carrier provides “buffering” function and provides law enforcement with remote access via a secure connection (e.g., VPN)enforcement with remote access via a secure connection (e.g., VPN)
• Delivery solutions for data access interception must allow for open IP network Delivery solutions for data access interception must allow for open IP network connectivity for transmission from the carrier premises to law enforcementconnectivity for transmission from the carrier premises to law enforcement– Assures rapid establishment of connectivity from carrier to law enforcement where Assures rapid establishment of connectivity from carrier to law enforcement where
preexisting connections do not existpreexisting connections do not exist– Cost effective delivery solutionCost effective delivery solution– Does not preclude use of dedicated facilities, but avoids reliance upon themDoes not preclude use of dedicated facilities, but avoids reliance upon them
• The carrier may either provide the intercepted data to law enforcement in The carrier may either provide the intercepted data to law enforcement in near real-time or in a file structure formatnear real-time or in a file structure format– Near real-time access: Carrier must allow law enforcement to co-locate equipment Near real-time access: Carrier must allow law enforcement to co-locate equipment
which stores intercepted data and provide a static IP for law enforcement remote which stores intercepted data and provide a static IP for law enforcement remote access via VPNaccess via VPN
– File structure access: carrier provides “buffering” function and provides law File structure access: carrier provides “buffering” function and provides law enforcement with remote access via a secure connection (e.g., VPN)enforcement with remote access via a secure connection (e.g., VPN)
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 1313
Responsibilities for Data InterceptionResponsibilities for Data InterceptionResponsibilities for Data InterceptionResponsibilities for Data Interception
• The carrier assisting LEA will be responsible for:The carrier assisting LEA will be responsible for:– Isolating the target’s complete raw packet communication streamIsolating the target’s complete raw packet communication stream– Providing communication identifying information about the target for the sessionProviding communication identifying information about the target for the session– Delivering communication to law enforcementDelivering communication to law enforcement
• Near real-time access: Carrier must allow law enforcement to co-locate equipment which Near real-time access: Carrier must allow law enforcement to co-locate equipment which stores intercepted data and provide a static IP for law enforcement remote access via stores intercepted data and provide a static IP for law enforcement remote access via VPNVPN
• File structure access: carrier provides “buffering” function and provides law enforcement File structure access: carrier provides “buffering” function and provides law enforcement with remote access via a secure connection (e.g., VPN) with remote access via a secure connection (e.g., VPN)
– Assuring the communications are delivered reliably, securely, and transparently to Assuring the communications are delivered reliably, securely, and transparently to law enforcementlaw enforcement
• The LEA is responsible for:The LEA is responsible for:– Procuring secure connectivity to carrier (VPN Internet connectivity or dedicated Procuring secure connectivity to carrier (VPN Internet connectivity or dedicated
facilities)facilities)– Co-locating equipment, if necessaryCo-locating equipment, if necessary– Receiving delivered raw packet stream from buffering functionReceiving delivered raw packet stream from buffering function– Reassembling the target’s raw packet stream into the individual applications (e.g., Reassembling the target’s raw packet stream into the individual applications (e.g.,
e-mail, chat, web browsing, FTP)e-mail, chat, web browsing, FTP)
• The carrier assisting LEA will be responsible for:The carrier assisting LEA will be responsible for:– Isolating the target’s complete raw packet communication streamIsolating the target’s complete raw packet communication stream– Providing communication identifying information about the target for the sessionProviding communication identifying information about the target for the session– Delivering communication to law enforcementDelivering communication to law enforcement
• Near real-time access: Carrier must allow law enforcement to co-locate equipment which Near real-time access: Carrier must allow law enforcement to co-locate equipment which stores intercepted data and provide a static IP for law enforcement remote access via stores intercepted data and provide a static IP for law enforcement remote access via VPNVPN
• File structure access: carrier provides “buffering” function and provides law enforcement File structure access: carrier provides “buffering” function and provides law enforcement with remote access via a secure connection (e.g., VPN) with remote access via a secure connection (e.g., VPN)
– Assuring the communications are delivered reliably, securely, and transparently to Assuring the communications are delivered reliably, securely, and transparently to law enforcementlaw enforcement
• The LEA is responsible for:The LEA is responsible for:– Procuring secure connectivity to carrier (VPN Internet connectivity or dedicated Procuring secure connectivity to carrier (VPN Internet connectivity or dedicated
facilities)facilities)– Co-locating equipment, if necessaryCo-locating equipment, if necessary– Receiving delivered raw packet stream from buffering functionReceiving delivered raw packet stream from buffering function– Reassembling the target’s raw packet stream into the individual applications (e.g., Reassembling the target’s raw packet stream into the individual applications (e.g.,
e-mail, chat, web browsing, FTP)e-mail, chat, web browsing, FTP)
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 1414
Responsibilities for Data Interception (Cont’d)Responsibilities for Data Interception (Cont’d)Responsibilities for Data Interception (Cont’d)Responsibilities for Data Interception (Cont’d)
Access Access ProviderProviderNetworkNetwork
Access Access ProviderProviderNetworkNetwork
Intercept Buffering Server (IBS)Intercept Buffering Server (IBS)(Carrier Operated)(Carrier Operated)
Intercept Buffering Server (IBS)Intercept Buffering Server (IBS)(Carrier Operated)(Carrier Operated)
Subject CPESubject CPESubject CPESubject CPE
LE DomainLE DomainLE DomainLE Domain
VPN tunnel
LE LE Delivery InterfacesDelivery Interfaces
LE LE Delivery InterfacesDelivery Interfaces
InternetInternetInternetInternet
ChatWeb
FTP
Intercept Intercept PresentationPresentation
Intercept Intercept PresentationPresentation
Packet ReformationPacket ReformationPacket ReformationPacket Reformation
Service IDService IDService IDService ID
Service Service AssemblyAssemblyService Service
AssemblyAssembly
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 1515
SummarySummarySummarySummary
• Standards are a vital component of for the implementation of Industry’s Standards are a vital component of for the implementation of Industry’s CALEA obligationsCALEA obligations– Industry has published six specifications which address VoIP and Broadband Data Industry has published six specifications which address VoIP and Broadband Data
Access for various technologiesAccess for various technologies– Five more specifications are under developmentFive more specifications are under development– Satellite communication providers do not have a “Safe Harbor” specification for Satellite communication providers do not have a “Safe Harbor” specification for
VoIP and broadband services offered over their technologyVoIP and broadband services offered over their technology
• Capabilities requested by Law Enforcement have been collected from Capabilities requested by Law Enforcement have been collected from significant stakeholders and includes an operational perspectivesignificant stakeholders and includes an operational perspective– FederalFederal– StateState– LocalLocal
• Standards are a vital component of for the implementation of Industry’s Standards are a vital component of for the implementation of Industry’s CALEA obligationsCALEA obligations– Industry has published six specifications which address VoIP and Broadband Data Industry has published six specifications which address VoIP and Broadband Data
Access for various technologiesAccess for various technologies– Five more specifications are under developmentFive more specifications are under development– Satellite communication providers do not have a “Safe Harbor” specification for Satellite communication providers do not have a “Safe Harbor” specification for
VoIP and broadband services offered over their technologyVoIP and broadband services offered over their technology
• Capabilities requested by Law Enforcement have been collected from Capabilities requested by Law Enforcement have been collected from significant stakeholders and includes an operational perspectivesignificant stakeholders and includes an operational perspective– FederalFederal– StateState– LocalLocal
CALEA Implementation Unit, OTD, FBICALEA Implementation Unit, OTD, FBI 1616
QUESTIONSQUESTIONS
Maura QuinnMaura QuinnUnit ChiefUnit Chief
CALEA Implementation UnitCALEA Implementation Unit
703-632-6897703-632-6897
Maura QuinnMaura QuinnUnit ChiefUnit Chief
CALEA Implementation UnitCALEA Implementation Unit
703-632-6897703-632-6897
Related Documents
