 |
|
|
The horrifying terrorist attacks of September 11th, 2001 that killed almost 5,000 people have left behind a clamor for assurance that they will not occur again. They revealed enormous gaps in airline security but, perhaps even more worrisome, represented a massive failure of domestic and international intelligence gathering. Almost immediately after the attacks, law enforcement agencies, government agencies and many civilians in the US, Canada and elsewhere were demanding legislation to allow easier access to more comprehensive wiretaps. Civil liberties associations are reeling as their concerns regarding abuse of these new powers are largely being ignored.
Wiretapping, more correctly known as Lawfully Authorized Electronic Surveillance (LAES) – especially when wireless is being monitored and no wires are being tapped – has been around since soon after phones were invented. However, technical advances have made surveillance more and more difficult. Conversions from analog to digital, from circuits to packets, and from cleartext to encrypted data have all raised major challenges. What used to be as simple as alligator clips on a wire now involves sophisticated software and hardware at a switch site.
The United States thought that a solution to their difficulties would be the controversial 1994 US legislation known as CALEA (Communications Assistance for Law Enforcement Act) which describes how US carriers (both wireless and landline) should provide surveillance information to a law enforcement monitoring center. The legislation was not as controversial as its interpretation, with the courts, regulators (FCC), telecom industry and civil liberties proponents coming to strikingly different conclusions.
CALEA legislation is important to Canada because major equipment vendors will be building to standards based on it. The RCMP, for example, submitted comments during balloting of the first revision of the major LAES standard, indicating that they have some interest in it for Canadian applications.
The J-STD-025 standard produced by the Telecommunications Industry Association (TIA – www.tiaonline.org) subcommittee TR-45.2 and Alliance for Telecommunications Industry Solutions (ATIS) committee T1 (www.t1.org) has been bogged down in major political tussles since its publication in December 1997.
Part of the problem arose because the telecommunications industry first treated law enforcement as a customer, providing them with a draft standard that gave them everything that was technically feasible. Half-way through the process the industry had a change of heart, realizing that publishing a standard that went beyond the law could get the whole industry in big trouble, and hastily withdrew a number of features they believed to be outside the scope of CALEA, such as the ability to provide the location of users.
Law enforcement claimed that important items were omitted. These became known as the ‘punch list’ and an FCC ruling ordered that most of them should be included in the standard. This resulted in J-STD-025 Revision A, published in May 2000. However, an August, 2000 US Appeals Court ruling overturned much of the FCC decision, leaving the status of the standard in doubt. The FCC has yet to respond with another rulemaking.
The basics of LAES are not in question. Wiretaps must be transparent to the intercept subject. Clicks, delays or changes in sound quality are not acceptable. This restriction even means that modifications to existing protocols to support eavesdropping are unlikely, even where they would be helpful, because communicating information about taps across network interfaces would be obvious to more telecom carrier employees than are supposed to know about them.
Remote access is another major requirement. Due to the explosion of telecommunications carriers – landline, wireless and internet – law enforcement needs to be able to monitor communications to which it has a legal right from a central location.
Communications to law enforcement must also have a high quality of service. Delays in delivery must be small, sound quality must be maintained, and the beginning and end of communications must be preserved.
The identity of the devices being monitored must be verifiable. It must be possible for telecommunications personnel to be able to confidently identify in court at least the device used by the intercept subject.
The law around wiretaps has grown up around a legal distinction between Content and Identifying Information with a legal history based in the postal system (see Table 1). The outside of a letter identifies the recipient, the sender, the place where the letter was posted and the time. Obtaining this “Identification” information requires a lower legal standard than the “Content” of the mail – the letter inside the envelope.
A legal analogy has been drawn between a letter and telecommunications. The address on the letter is like the dialed phone number, the return address is like the calling number identification and the stamp and cancellation are like the originating switch identity and date and time of the call. The letter inside the envelope is like the actual contents of the phone call – voice or data.
|
. |
Postal Service |
Phone Call |
Packet Data |
|---|---|---|---|
| Identification | Mailing address, return address, stamp and cancellation | Dialed digits, calling party number, time of call, switches involved | Originating and destination IP/email/web addresses, time of packet initiation |
| Content | Letter inside envelope | Voice or data carried on circuit | Data within packet |
| Grey Areas | N/A | DTMF tones and other signals within call | Identifiers within protocol layers unknown to carrier |
Analog telephone communications are generally carried on a single wire with the Call Identifying Information transmitted as tones (e.g. MF, DTMF) at the beginning of a call and as on-hook/off-hook state information indicating the beginning, answering and disconnection of a call. Call content (e.g. voice) is carried at other times.
Digital telephone systems make interception according to this model more difficult. One wire or radio channel may carry multiple time division channels (e.g. 24 for a T1, 3 to 8 for a TDMA cellphone system, even more for CDMA). The channels may contain call content or signaling information. Signaling/Control channels contain the call identifying information for many calls, not just for the intercept subject’s. Furthermore, nothing in the call content channel identifies the parties to the call. This makes it far easier to intercept digital calls at a switch site than anywhere else, as the switch obviously must have the ability to associate identifying information on signaling channels with subscriber traffic on the other channels.
Packet based systems for data or, increasingly for voice (e.g. Voice over IP) hardly fit the legal model at all. Each packet will contain some content information and some identifying information. It is virtually impossible to correlate an individual packet with a particular subject. An entire stream must be monitored for this to be accomplished. Furthermore, depending on the protocol level at which analysis is occurring, all that might be identified is a computer serving many people.
This technological limitation of packet monitoring causes friction between law enforcement agencies which would like to see precise identification, and carriers who may be unaware of the protocol layers (that contain this information) being used by their customers. The most common current solution is to supply the entire packet stream to law enforcement, and have them perform minimization (removal of information related to people other than the subject, or related to the subject but not covered by the court order). This, not surprisingly, offends those concerned about civil liberties, because it would be very easy for law enforcement to obtain information to which they have no legal right, and then use it either to obtain more information legally, or in cases of corruption by law enforcement officers, use it for their own personal gain.
The TIA/ATIS J-STD-025 standard provides a number of messages that can be transmitted to law enforcement over a Call Data Channel (CDC), including:
Some of the capabilities provided in Revision A that are part of the controversial ‘punch list’ are:
3GPP has also produced standards for use by UMTS systems (TS 33.106, 33.107 and 33.108) These define interfaces within telecommunications networks, although application to the external interface to law enforcement is being considered.
|
Many of the conflicts in lawfully authorized electronic surveillance stem from the conflict between the legal Identification/Content distinction, and the difficulty of maintaining that distinction in telecommunications systems as they evolve.
One example of this is DTMF tones (Touch Tones) generated by a subject during a call. These could be used to make a long distance call through another carrier, to access speed-dial lists or to transfer money between bank accounts. Law enforcement considers this Call Identifying Information and wants it provided by the originating carrier for all surveillances. Providing this would mean that every call being intercepted, even those for which content is not being provided, must have the content monitored for the entire duration of the call by the carrier. This increases the cost of interception, requiring a DTMF receiver for every call being monitored. Putting aside the legal debate over whether DTMF tones are call identifying information or content (in reality they are sometimes one, sometimes the other), there is the question of how valuable the information is. An intercept at a bank’s computer would make it possible to determine that, for example, a suspected drug smuggler is transferring huge amounts of money between accounts, but it is not possible to determine this simply from the stream of DTMF digits. The same stream of digits could be used by one subject to transfer money, and by another to make a long distance call through an alternative carrier.
This conflict is even more pronounced with packet communications. A telecommunications carrier might provide a path for its subscribers to carry internet traffic. All the carrier really knows is the IP address of the destination. Depending on where the monitoring occurs, they may or may not know which subscriber has originated the traffic. The IP address cannot, however, identify a specific party being communicated with. To do this might require interpreting higher protocol layers, such as email or web-based protocols. Furthermore, it is quite common for these higher levels of protocol to contain other information encoded in a variety of different ways (e.g. email attachments). Obviously, law enforcement would like to have a simple analysis of the identifying information (email from Jane Doe to Joe Blow at 5:02 am on July 25, 2001), but this requires more analysis than carriers may be technically able to perform. A solution is to simply sweep a broad swath of traffic to law enforcement, and trust them to perform minimization. This is the purpose of the ISP-monitoring equipment named ‘Carnivore’ by the FBI. Data is dumped onto a removable disk, for later off-site analysis by law enforcement. Although filtering can be performed, much of the information that leaves the ISP’s premises on the disk will be outside the scope of the court order.
It can be expected that gradually the legal and technical issues will be worked out. However, there are technical barriers to interception, most notably end-to-end encryption, that make all network-based eavesdropping techniques futile. The availability of high-strength encryption makes all intercepted information useless without the massive computer power for brute-force decryption. Even if encryption was outlawed, it is not likely that it would stop criminals from using it. And, if law-abiding citizens eliminated the use of encryption, much of the legitimate information on telecommunications networks would be exposed to criminal attacks, such as industrial espionage and identity theft. This could actually make it easier for terrorists to operate.
It is not clear that the tragic events of September 11, 2001 were due to a failure of intercept capabilities. In fact, it has been argued by some that an over-reliance on technology, and an under-reliance on human-intensive techniques was part of the intelligence failure. Providing more targeted information will certainly help law enforcement, but simply providing more Terabytes of data may only deepen the flood of data that currently swamps them.
Interception will always play an important role in legal investigations. However, it is not a panacea. It will never catch all criminals. By itself, it is like a toolbox with no tradesmen to put them to use. Maintaining a balance between civil liberties and security, and between a flow of information and a flood, is something that will worry politicians, law enforcement agencies, telecommunications carriers and, indeed, the man (or woman) in the street for many years to come.
© – Copyright