 |
|
|
Some people complain that nobody ever really listens to them. Well, if you’re suspected of criminal behaviour, the police may be paying attention to your phone calls even if nobody else is.
Most everyone can agree that wiretapping (clearly not a very good term in wireless) of phone calls to and from the bad guys is a good idea. It is also easy to agree that there should be legal authorization for wiretaps to make sure that they aren’t used for political or criminal purposes and that there should be some oversight to make sure that law enforcement agencies don’t go on fishing expeditions. The world has had bad experiences with both extremes of surveillance, with examples where the standards for surveillance have been both too high and too low.
Some people might have visions of the police running around with alligator clips and radio scanners tracking the bad guys. But that is not usually how it works, mainly because it is too time consuming and too easy for the suspect to detect. Law enforcement agencies take advantage of the fact that public communications is generally concentrated at some point in the network for cost, efficiency and connectivity purposes. In traditional telephony this is usually the switch site, the Mobile Switching Center (MSC) in circuit-switched wireless systems. Central communications gathering points are where electronic surveillance can best be accomplished. In the last decade, law enforcement agencies have also decided that they do not want to have to be physically present, but that they want to be able to monitor by connecting electronic links to the carrier’s facilities and informing the carrier of the customers to be monitored. The carriers will then be expected to forward traffic for intercept subjects over these links.
Wireless carriers are caught in the middle with discussions of wiretapping. The cooperation of carriers is clearly necessary to provide the surveillance stream of voice or data, but the carriers also need to be responsible both to law enforcement agencies and to the general public. They need to provide surveillance when it is legally authorized, but not be overly cooperative and provide it when it isn’t justified. They also need to be responsible to their shareholders and ensure that costs are reasonable and covered either by law enforcement agencies or by rate increases.
Refusing to provide surveillance can land the carrier with fines, but agreeing to programs that aren’t justified can lead to lawsuits. In the United States, for example, the Electronic Frontier Foundation recently sued AT&T for “collaboration with [an] illegal domestic spying program” (www.eff.org/legal/cases/att).
Canada’s former Liberal government, in its dying days of November 2005, introduced The Modernization of Investigative Techniques Act (MITA), designed not to make surveillance legally easier but to make it technically easier. It will also somewhat expand the reach of surveillance by making customer data easier to obtain. This legislation died with the government. Yet, considering the focus of the Conservative opposition – which is now running Canadian government – this law, or something like it, is likely to be revived. Their focus is on law and order issues. The Honourable Vic Toews, the new Minister of Justice and Attorney General, was unwilling to comment on how he expected the Conservative government to proceed.
MITA was several years in the making, with rounds of consultation in 2002 and 2005. One impetus was the U.S. Communications Assistance for Law Enforcement Act (CALEA) which became law in 1995. This resulted in the development of a joint standard between the U.S. standards organizations TIA (Telecommunications Industry Association) and ATIS (Alliance for Telecommunications Industry Solutions). The development of this standard, known as J-STD-025, was so controversial that it resulted in a Federal Communications Commission (FCC) ruling on items that law enforcement felt should be in the standard, a court hearing and further FCC rulemakings. In the end, law enforcement did win some extensions to the standard, but not all that they wanted.
Ballots of J-STD-025 have been drawn out because law enforcement agencies have voted against it, making it difficult to achieve the unanimity that standards organizations like to reach. Disputes have not been over the bulk of the standard, but over controversial issues that some parties feel are technically difficult, overly expensive to implement or legally questionable.
Other countries that have also passed laws designed to make it easier for law enforcement to eavesdrop on modern communications devices include Australia with its Telecommunications Act updated in 1997, the UK with its Regulation of Investigatory Powers Act of 2000 and New Zealand with the Telecommunications (Interception Capability) Act of 2004.
Canada, which to a small extent participated in J-STD-025, developed its first communications interception law in 1974 within the Criminal Code, and extended the provisions to give CSIS the right to perform surveillance when it was formed in 1984.
One good example of a controversial feature in J-STD-025 and other surveillance standards is the provision of subscriber location, particularly from mobiles that have GPS capabilities built-in – something that is becoming more common for 911 and commercial applications. The U.S. CALEA legislation appeared to allow for cellsite location on all legally authorized surveillance, but more accurate position was excluded (“call-identifying information shall not include any information that may disclose the physical location of the subscriber (except to the extent that the location may be determined from the telephone number)”). Law enforcement, however, feels that accurate position is within the scope of the legislation. A related controversy is because they have even been obtaining cellsite/sector information without showing probable cause of a crime (www.eff.org/legal/cases/USA_v_PenRegister). These are U.S. examples, but they show how decisions can become extraordinarily complex as technology evolves faster than our laws, and how new technical capabilities can create new legal debates.
Technology change is at the root of these legal changes. Just as surveillance laws from the postal service were adapted to wired telephone service, they are now adapting to various combinations of digital communications, wireless, spreading and encryption. GSM and TDMA wireless services are an example of communications that combines wireless with digital, while 3G wireless systems and internet packet routing systems spread the information around, with many users sharing the same channel, in a fashion that can be very difficult to decode. Worse yet, from the law enforcement perspective, is the use of end-to-end encryption.
By intercepting wireless traffic at fixed spots, and having the traffic that is selected for surveillance routed to their offices, law enforcement can eliminate many of those complexities. Air interface encoding is eliminated, an entire user session can be provided and over-the-air encryption (but not end-to-end) is removed.
This does not eliminate all technical problems faced by law enforcement, but it significantly reduces them. Many of the remaining problems are related to the advent of the complex layering and routing of internet-based protocols.
The authors of the legislation have recognized the potential danger to privacy from the requirement to provide subscriber contact information without a court order. The legislation was modified to limit requests for subscriber information to designated officials only, by requiring a record to be maintained of all requests, including the reasons for them, and by making these records available for review. All audits will be provided to the responsible minister. Those of the RCMP will also be provided to Canada’s Privacy Commissioner, CSIS’s to the Security Intelligence Review Committee and those of provincial and municipal police forces will be provided to provincial privacy commissioners. These organizations may, in turn, conduct their own audits.
The legislation does not make the results of the audits available to the public.
The viewpoints of those concerned about the civil liberties and privacy rights of the Canadian public can be found at:
www.cippic.ca/en/projects-cases/lawful-access
Carriers are obviously concerned about being squeezed, by this potential legislation, between the requirements of law enforcement and the desire of their customers for an adequate level of privacy.
In addition, telecom carriers have to pay for the upgrades and higher equipment costs that result, costs that are not always easy to pass on to consumers in a competitive environment. During the development of this legislation these concerns were recognized to some extent, resulting in a 12 month transition period and a clear statement that the type of equipment purchase is the responsibility of the carrier, and will not be dictated by the government. Carriers must have breathed a sigh of relief when criminal penalties for non-compliance were replaced by fines.
The news on expenses is not all bad. Carriers may be compensated for some of their expenses under the legislation, although this is at the government’s discretion, so it will likely not cover all costs. For the consumer, however, it’s a choice between the costs coming out of their taxes versus their monthly telephone bills.
Several other proposals in initial drafts of the legislation were dropped, as they would have been expensive as well as intrusive on the privacy of users of telecommunications services. Carriers will not have to retain subscriber contact information and the proposal for a national registry of this information was dropped. Carriers will not have to track and retain information about the communication activities of all customers, and anonymous services such as pre-paid cards will not be banned.
Carriers with under 100,000 customers would not be required to perform intercept themselves for three years after MITA came into effect, but would just have to provide a physical point of interconnect for law enforcement. This would require law enforcement to do much more of the ‘minimization’ – the elimination of information that is not relevant to the legal intercept order.
MITA makes subscriber contact information available upon request (i.e. without a court order) to specified law enforcement and CSIS officials. This includes name, address, contact phone number, IP address and all other identifiers. This would presumably include the MIN or IMSI that identifies the subscription and the ESN, IMEI or MEID that identifies the phone.
These technical identifiers are highly sensitive from a privacy perspective, as they would allow over-the-air monitoring without access to the telecom provider’s equipment. More advanced security systems, such as those in 3G wireless systems, reduce this security risk, as they provide encryption of most voice, data and signaling information.
Although this information must be provided without a court order, there are some limits. Requests can only come from personnel who are authorized by a high ranking official within the law enforcement agency or CSIS. No more than five percent of employees can be given this authorization at any one time.
Exceptions to these rules can be made when a law enforcement officer believes that the situation is too urgent to wait for an authorized person to request the subscriber contact information. In this case the request can be granted, but full details of the request, including the name of the requesting officer, must be provided to the telecommunications carrier and, within one day, the officer must report details to someone who is authorized to obtain this information.
Under MITA, or similar legislation, carriers would have to carry out surveillance after a court order had been provided.
Carriers would have to identify the voice or data communications that are the target of a valid interception order, and provide to law enforcement only information related to the intercept target. Information such as a transaction id or session id that correlates the disparate pieces of a communication would also be provided.
Multiple simultaneous intercepts would have to be provided. In many cases these intercepts would have to be delivered to different law enforcement agencies.
Information that will have to be provided for a surveillance includes:
Wireless carriers often provide a variety of encodings for radio communications and more advanced systems provide encryption. These must be removed before communications are forwarded to law enforcement. This is not an onerous requirement, because it is normally the practice before interfacing with the PSTN, for example. When encryption or other encoding are not controlled by the carrier, they are not required to provide the clear text of the communications (something that would be impossible in many cases, anyway).
The legislation requires that the carrier provide the surveillance data according to the specifications of law enforcement, to the extent that they are capable of doing so. This brings up the sticky issue of what it means to be “capable” of something. A device monitoring a protocol at a low level may have all the bits necessary to reconstruct a JPEG graphic being transmitted, but many people would not think that, without knowledge of the complete protocol stack, this device has the capability. However, there is a large grey area, where providing information in a particular format is difficult, but not impossible. Based on U.S. experience, this is likely to be an area of friction, where law enforcement is more optimistic about the analytical capabilities of telecom carrier equipment than the carriers themselves.
Advances in communication have made surveillance increasingly difficult. The transition from analog to digital circuits for phone calls made it more difficult to tap into a single phone line, and even obtaining a single channel from a multiplexed circuit, such as a T1 card in a switch, required the support of technicians at a switch site.
Similarly, the transition from analog to digital wireless makes eavesdropping on cellular calls over the radio interface much more difficult, and forces the Mobile Switching Center (MSC) to be used as the intercept access point (IAP).
However, in both of these cases of a transition, switches or MSCs are already set up to demultiplex individual channels, so with the cooperation of switch technicians, monitoring is not difficult. Even for wireless where there is not a fixed relationship between an incoming circuit and a subscsriber, the MSC always knows which mobile is connected to each circuit, so extracting the single channel for a mobile under surveillance is relatively simple.
The internet changes all that, as it is a much more layered protocol, and the multiplexing of different protocols and different users is more complex. A graphic in an email, for example, may be carried over IP then TCP, then an email protocol (e.g. POP3 or SMTP) then MIME encoding and then a graphic encoding such as JPEG or TIFF.
Combined with sophisticated routing algorithms, this means that circuits leaving a wireless site carry a seemingly random assortment of internet packets. In some cases the traffic for a single user will be identified by a unique IP address, but in other cases interception is more difficult because the user’s session goes via a server, resulting in the IP address only identifying the server, not the individual user. The user’s identity will then only be found at a higher protocol level, but that requires the interpretation of that protocol, whether it is for email, web surfing, file transfer or many other things.
Even when the individual can be identified, the court order might not cover all types of traffic. For example, Voice-over-IP might be covered, but not email. This introduces the same kind of problem, the separation of different protocols.
When this situation occurs, the question is whether the carrier or the law enforcement agency is responsible for “minimization” – the deletion of all traffic unrelated to the court order, either because it belongs to an unrelated user, or to a portion of the communication that is not covered by the court order.
Another example is court orders that may just cover basic transmission information. For an email, this might be the sender and recipient’s email addresses, and any IP addresses or domain names in the header that indicate routing. It would also include the date and perhaps the subject line, but not the content of the message or any attachments.
For a surveillance device that is working at the basic IP level, this type of minimization is very difficult, as every possible protocol has to be understood in order to be teased apart. In reality, this is going to result in data being sent to law enforcement that they should ignore, although carriers may well be expected to parse the most common internet protocols that are in use. Sophisticated criminals may well select obscure or deliberately modified protocols for this reason.
It might seem strange that there are already numerous standards for lawfully authorized wireless surveillance when Canadian legislation does not yet exist, but they are based largely on U.S. and European legislation. Since the requirements of Canadian law enforcement agencies are similar, they should be able to rely on some parts of these existing standards.
The basic groundwork for wireless surveillance was laid during the development of joint TIA (Telecommunications Industry Association) and ATIS (Alliance for Telecommunications Industry Solutions) standard J-STD-025, which has been developed and updated since before the original U.S. CALEA legislation was passed into law in 1995.
| Standard | Capability |
| 3GPP TS 32.350 | Communication Surveillance Requirements for GSM and W-CDMA systems. Withdrawn. |
| 3GPP TS 33.106 | Lawful interception requirements for GSM and W-CDMA |
| 3GPP TS 33.107 | 3G security; Lawful interception architecture and functions |
| 3GPP TS 33.108 | 3G security; Handover interface for Lawful Interception (LI) |
| 3GPP2 S.R0071 | User Requirements for cdma2000 Legacy System Packet Data Surveillance |
| 3GPP2 S.R0072 | User Requirements for cdma2000 “All IP” System Surveillance |
| J-STD-025 | A joint TIA/ATIS standard, with several revisions available. It defines intercept for circuit-switched telephony, both wireless and wireline. |
| TIA-1018 | Additional capabilities beyond the U.S. CALEA mandate. Under development |
| TIA-1066 | Surveillance for Voice-over-IP (VoIP). Not published at press time. |
| TIA-1071 | Technical Aspects of IP Multimedia Subsystem (IMS/MMD) Electronic Surveillance for cdma2000. Not published at press time. |
| TIA-1072 | Technical Aspects of Push-to-Talk/Press-to-Talk Surveillance for cdma2000. Not published at press time. |
More advanced lawfully authorized surveillance legislation will arrive in Canada soon. Carriers and equipment vendors must pay attention to further consultations and make their voices heard to help balance the competing interests of law enforcement, capital and operating costs – and the privacy rights of their customers.
David Crowe is a wireless standards, technology and numbering resource consultant based in Calgary. He can be reached at David.Crowe@cnp-wireless.com.
© – Copyright