© 2004 VeriSign, Inc. VoIP and CALEA:
-
date post
14-Sep-2014 -
Category
Documents
-
view
517 -
download
2
description
Transcript of © 2004 VeriSign, Inc. VoIP and CALEA:
© 2004 VeriSign, Inc.
VoIP and CALEA: Current Developments
Tony RutkowskiV.P. for Regulatory Affairs
VeriSignmailto:[email protected]
tel:+1 703.948-4305
VoIP World Fall 2004Washington DC12 Nov 2004Panel on CALEA and VoIP
Overview
+ The new FCC CALEA proceeding+ Timeline+ Who is saying what
+ Applicability of CALEA+ Public broadband Internet access facilities+ Public managed/mediated VoIP facilities+ Jurisdiction and findings+ Other bases+ Telecommunications carrier issue+ Information service issue
+ Requirements and Solutions+ Traffic data extraction+ Trusted Third Party service bureaus as complete independent solution+ Safe harbor standards+ Subscriber identity information+ Stored traffic data+ Transnational
+ Compliance Extension Petitions+ Enforcement
+ How should the FCC deal with the problem of evolving standards and their implementation?+ Are any existing CALEA standards deficient?+ What other steps could be adopted for effective enforcement?
+ Cost and Recovery+ Effective Date+ VeriSign and its NetDiscovery™ Service
The new FCC CALEA proceeding
1990 1995 2000 2004 2005 2006 2007
Adopted 25 Oct 1994
Original CALEA ProceedingNPRM 10 Oct 1997FNPRM 5 Nov 1998
R&O 15 Mar 19992ndR&O 31 Aug 19993rdR&O 31 Aug 1999
DCcir 15 Aug 2000Recon Order 16 Apr 2001
Order 21 Sep 2001Order 27 Sep 2001
Remand Order 11 Apr 2002
Docket 97-213
Docket 04-36
Omnibus IP-Enabled Services ProceedingNPRM 14 Feb 2004
Docket 04-295
Broadband-VoIP CALEA ProceedingRM-10865 12 Mar 2004
NPRM 9 Aug 2004Comments 8 Nov 2004
Replies 7 Dec 2004R&O Apr? 2005
Compliance Benchmark Notice Aug? 2005Compliance Benchmark Deadline Jul? 2006
Congressional hearing 10 Sep 2004
Spectrum of filings
http://svartifoss2.fcc.gov/prod/ecfs/comsrch_v2.cgi Enter: “04-295” in block 1
American Civil Liberties UnionBellSouth CDT/ Public Interest Joint EarthLink, Inc. EDUCAUSE Coalition Electronic Frontier Foundation Global Crossing Level 3 Communications, LLC US Internet Service Provider Assn Yahoo! Inc.
Largely No Problems
Largely Opposed
FiduciaNetNCTA New York Attorney General Nextel Communications, Inc. Satellite Industry Association SubsentioTexas Department of Public Safety United States Department of Justice USTA VeriSignVerizon
AMA TechTel CommunicationsCTIA CingularCorrCoalition for Rural Broadband CALEAMotorolaNational Telecom Cooperative Association NextelNuvioOPASTCORural Telecommunications Group Rural Telecommunications Providers SBCSmithvilleT-Mobile USA, Inc. TIA
Some Concerns
Alternative:http://www.fcc.gov/cgb/ecfs/Click on “Search for Filed Comments”
Applicability of CALEA+ Communications Assistance to Law Enforcement
+ Provide real-time (or stored) traffic data or content for forensic evidence or investigations+ More than 10,000 agencies in U.S.; Title 18, Title 50, almost every State; international+ Certainty – basic purpose of proceeding+ Enhance privacy
+ Focus+ Next Generation Networks; IP-enabled services
+ Broadband Internet Access Service (>200 kb/s)+ Managed/Mediated VoIP (anything other than P2P)
+ Jurisdiction and findings+ Substantial Replacement+ Public Interest
+ Critical infrastructure protection+ Switching and common carrier service+ No adverse effect on technology+ Cybercrime Convention and MLATs
+ Global action+ Almost every country has similar requirements+ Coordination among law enforcement worldwide
+ Telecommunications carrier issue+ Carriers under CALEA have different definition and purpose
+ Information service issue+ Narrow exclusion+ Packet-Mode is covered
Requirements and Solutions+ Traffic data (call-identifying, Intercept Related Information) extraction
+ What is reasonable in packet-mode environment?+ Who is encumbered? Where? How?
+ Trusted Third Party service bureaus as complete independent solution+ Can TTPs by themselves serve as safe harbor+ Relationship to safe harbor standards
+ Safe Harbor standards+ What constitutes safe harbor+ What standards are “deficient”+ Who can produce standards+ How do you deal with evolution of standards; versioning problem
+ Notice as to what’s required+ FBI and international requirements documents
+ Subscriber identity information+ Inherent problem with NGN/IP-enabled services+ NGN Directory service protocols are key
+ Stored traffic data+ Greater problem/cost for carriers than real-time CALEA requirements+ Common global stored data handover interface is key
+ Transnational requirements+ Looming problem for providers; backhauling is not a scaleable solution
+ Enhancing Privacy+ How to enhance privacy in a NGN/IP-enabled services environment
Trusted Third Party Value Propositions
+ Independence is key to trust+ What is a trusted third party+ TTPs can enhance CALEA privacy
+ Has freedom to employ a range of architectures+ Internal, adjunct, external+ Mew unified interfaces
+ Will generally follow safe harbor standards, exceptions+ standards do not exist or are “deficient”+ standards are not incorporated in network elements+ standards versions change
+ Value added services+ Authentication and trust systems+ Legal analysis and verification of orders+ Proof of performance+ Subpoena processing
TTP Models for Broadband Internet Access
Internal
Adjunct
External
Local Access Point Premises
LI Provider Premises
Broadband Service Provider Premises
Broadband Service Provider Premises
LI Provider Premises
Broadband Service Provider Premises
To Law Enforcement
Public Internet
Public Internet
Local Access Point Premises
To Law Enforcement
content
traffic data
control
content
traffic data
control
LI Provider Premises
To Law Enforcement
traffic data + content
control
traffic data + content
control
(Mixture of the above)
TTP Models for Managed/Mediated VoIP Services
Internal
Adjunct
Managed/Mediated VoIP Provider Premises
LI Provider Premises
LI Provider Premises
To Law Enforcement
Public Internet
Public Internet
To Law Enforcement
Managed/Mediated VoIP Provider Premises
External
Broadband Service Provider PremisesLI Provider Premises
To Law Enforcement
content
traffic data
control
content
traffic data
control
(Mixture of the above)
content
traffic data
control
content
traffic data
control
PSTN
PSTN
VoIP LI Standards
+ ETSI (access, multimedia cable, WiFi)+ 3GPP/ETSI (3G)+ IETF (IP generic, SNMP based)+ Cable Labs (voice cable)+ ATIS (VoIP, access)+ TIA (wireless)
Network Mediation
Functionality (MS)
Handover interface
Law Enforcement Monitoring
Facility (LEMF)
IETF Architecture International (ETSI) Architecture Unified Interface Architecture
Compliance Extension Petitions
+ Potential relief under CALEA Secs. 107 and 109+ What is “reasonably achievable”+ USDOJ argues none should be granted+ Lack of standard is not a basis
+ Existing packet-mode extensions+ Most appear “without merit”+ Solutions are available in the marketplace+ No further extensions+ Fold into enforcement and benchmark compliance process+ CALEA carriers face “high burden of proof” for non-compliance
+ Treatment of rural and “underserved” providers+ Benchmark compliance process should be applied
Enforcement
+ FCC use of its own enforcement authority+ Under CALEA [47 USC § 229(a)] and under Communications Act+ Ability to investigate and impose administrative penalties+ Would exist in addition to judicial enforcement
+ CALEA carrier is generally encumbered with obligations+ Reseller may be responsible if involved in provisioning+ WiFi hotspot implementations may have shared responsibility
+ Responsibility remains with CALEA carrier, even if outsourced to Trusted Third Party+ Law allows Trusted Third Parties to assume responsibility and indemnify
the carrier
+ Proof of performance+ Used by FCC over many decades in radio sector+ Self or independent party certification may be considered for CALEA
compliance
Cost and Recovery
+ Distinguish between “CALEA capital costs” and “CALEA intercept costs”
+ U.S. government will not pay for capital or recurring costs, only actual costs for intercepts
+ Providers cannot attempt recovery in interception billings+ Detail billings required
+ Providers can institute line-item billing to subscribers+ Full and complete record is needed in the proceeding
+ Providers can outsource to Trusted Third Parties and recover costs
Effective date
+ 90 days after adoption of rules+ Notice of compliance or benchmark plan required
+ 15-month benchmark compliance process+ Benchmark compliance plan to be filed 90 days after adoption+ Detail steps taken to implement
+ Self-implementation+ Trusted Third Party
+ Detail any additional steps necessary over subsequent 12 months
VeriSign and its NetDiscovery™ Services
+ Largest global provider of “intelligent infrastructure” services+ Billion dollar annual revenues and growing+ Worldwide presence+ Emphasis on own ultra high availability and security platforms+ Multiple interrelated sectors
+ Telecom/wireless content, signalling, and directory infrastructure+ Internet signalling and directory infrastructure+ Telecom and Internet security and financial transaction infrastructure
+ CALEA, Lawful Interception and subpoena processing services+ Started as internal services in 1990s+ Rolled out as NetDiscovery™ service bureau offerings in early 2002 + Operates on national VPN cloud with redundant data centers+ Pushed into IP-services, international in 2003+ Serves as industry leader domestically and internationally + Contact Raj Puri [[email protected]; +1.510.469.7874] or VeriSign
carrier sales representative
Compliance Outsourcing – Cost Comparison
+ NetDiscovery Service results in significant accumulative cost savings year over year
+ Provides consistency in policies and procedures+ Provides “future-proof” compliance
Self Deployment Costs• Initial equipment capital expense• Annual equipment maintenance• Dedicated Resources
– Security Operations Staff – Technical Support, LEA Connectivity
Installation Support– Regulatory/Legal Support
Outsourced Lawful Assistance Compliance
• Low Initial Setup/Monthly Fee/ Per Event Fee• VeriSign acts as the agent
VeriSign NetDiscovery vs. Self Deployment
1 2 3 4 5 6 7 8 9 10Year
Co
st (
$)
NetDiscovery Self Deployment