LAW ENFORCEMENT SNARES VOICE-OVER-IP CARRIERS

In the wake of the recent terrorist attacks on the U.S., traditional telcos will no longer be the only service providers held accountable for complying with wiretapping laws. Now the IP world will have to cooperate with government officials on the adoption of technology to monitor voice-over-IP calls — even if it's not yet written into law.

The Communications Assistance for Law Enforcement Act of 1994, or CALEA, is at the heart of the debate.

MORE INFO EQUAL ENFORCEMENT by Vince Vittore Telephony, Nov 5, 2001 Security Vs. Privacy By Annie Lindstrom Wireless Review, Nov 1, 2001 USTA TRIES TO BALANCE  SECURITY WITH AUTONOMY by Glenn Bischoff Telephony, Oct 15, 2001 Defense proposals spark reluctant privacy debate by Tim McElligott Telephony, Sep 24, 2001

Originally, CALEA was passed to allow law enforcement agencies to track calling information over traditional landline networks. CALEA also applies to packet networks, but it doesn't cover newer architectures such as softswitch-based networks. Furthermore, the FCC categorizes IP telephony providers as information service providers, not traditional voice carriers.

Thus, VoIP providers are in a unique situation: They are not technically subject to CALEA, nor do they have to comply with the FCC's 1999 technical requirements because they were never defined as telecom carrier. Until legislation is passed dealing specifically with wiretapping for VoIP providers — or until CALEA is amended to include VoIP — the government must request the tapping of VoIP networks on a case-by-case basis.

Despite the push to adhere to CALEA, VoIP providers such as ITXC and Net2Phone don't think their networks are the best place to wiretap. “Do they want to take on the burden when it really doesn't pertain to them? Probably not,” said Bob VanSickle, vice president of sales for the Americas for VocalTec Communications. “It makes more sense at the local level.

Some VoIP providers turned down requests to be interviewed for this article, citing the fact that CALEA is still evolving and doesn't pertain to them.

Indeed, some believe that VoIP networks will never be able to comply with CALEA. “CALEA was developed before [VoIP] was an idea, so it's just not going to work,” said Dan Berninger, managing director of pulver.com. “The need is legal interception, and it will have to be its own law that addresses the specific features of voice over IP.”

But whether they like it or not, most VoIP providers will likely have to grapple with CALEA at some level. “It's going to become a requirement for operators of all data streams to know what's going on,” said Alistair Woodman, marketing director of packet telephony solutions for Cisco Systems.

When the federal government mandated that wireline, cellular and broadband PCS telecom carriers make it easier for law enforcement to wiretap the nation's communications network, there was uproar from the telecom industry about privacy issues, compliance issues and associated costs.

THE MOVE TOWARD COMPLIANCE October 1994 Congress enacts CALEA December 1997 TIA develops a final draft of proposed industry standard for CALEA compliance December 1997 TIA publishes interim standard J-STD-025, which defines services required to support lawfully authorized electronic surveillance March 1998 FCC extends CALEA compliance date to September 2001 March 1999 The FCC releases rules to implement systems security and integrity requirements for CALEA August 1999 FCC adopts technical requirements for wireline, cellular and broadband PCS carriers to comply with CALEA May 2000 Original deadline for carriers to file their CALEA policies and procedures with the FCC August 2001 The FCC grants a deadline extension for wireline carriers September 2001 FCC further extends CALEA compliance deadline, which includes several packet-based technologies Nov. 19, 2001 Wireline, cellular and broadband PCS carriers must complete implementation of packet-mode capability or seek individual relief

Several providers filed for extensions for complying with CALEA (see timeline at left). But the recent terrorist attacks have forced the issue. “The government has always proven to be willing to work with service providers and vendors intent on providing those types of capabilities,” said Scott Coleman, senior product manager of intercept technology for ADC Communications. “It's just more of a sense of urgency to get things done in a timely fashion.”

Complying with CALEA will play out for about 18 months, Berninger said. “If it weren't for Sept. 11, it would probably play out for five to 10 years. But it's not going to be overnight.”

President George W. Bush's signing on Oct. 26 of new anti-terrorism legislation is more proof that networks need easier tapping capabilities. The legislation expands the rights of federal authorities to increase surveillance and intelligence-gathering powers, including the ability to track a person's calls from device to device. The legislation includes expanded wiretapping authority and places a greater burden on the FCC to define what constitutes a telecom operator.

The beauty of IP is that it has the potential to carry all services over a single network. Currently, data is growing at a higher rate than voice, and most VoIP providers offer voice as an incremental service.

According to TeleGeography 2001, about 5% of international calls now go over IP, so call volume on a VoIP network is not a problem. But voice is growing. Frost & Sullivan estimates that by 2007 VoIP will account for about 75% of world voice services.

But in applying CALEA to VoIP, the industry must contend with a number of technological hurdles. VoIP is reliable and robust, but it is not easily monitored. In a circuit-switched network there is a physical location to tap into, but a VoIP network is connectionless, meaning it has to be tapped at the network edge. VoIP breaks calls into packets that are intermingled with other data packets such as e-mail. The voice packets are then reassembled where the call terminates. So to comply with CALEA, all equipment that processes IP packets has to play a part.

“The effort is to understand the conversation, who the target is calling and any associated data with that call,” said Matt Holdrege, a consultant on the technical advisory counsel and chair of the Legal Intercept Working Group for the International Softswitch Consortium.

The issues surrounding VoIP tapping are legion. For starters, there's the legality of tapping a VoIP phone if a raw connection is used, which doesn't require the use of a carrier like a PC-to-PC call. In addition, commercially off-the-shelf encryption software for PCs is available to block the deciphering of IP calls. Plus there are proprietary VoIP solutions available that were released before standards were available, which means they don't comply with current IP standards and are configured differently. Another sticky component is post-dial digit analysis, which is concerned with tracking numbers when end users dial additional digits at the request of an automated response system when a call is already up and running — an issue that concerns both TDM and VoIP networks.

Furthermore, though it is easier to isolate VoIP traffic from the local loop, things get complicated with a worldwide network such as that of wholesale provider ITXC. Where to put a device to trace a call also becomes an issue because with a network such as ITXC's, voice comes through the public network via a gateway and then is handed off to another part of the world.

Despite the difficulties in readying VoIP for CALEA, there are solutions available that replicate a VoIP signal for the local loop. For example, ADC came out with the first VoIP solution that interacts with a softswitch or call agent, called the NewNet IP CALEAserver. But other vendors that make the edge equipment have to redirect the information to the ADC equipment to make it really compliant.

ADC is creating a platform for service providers moving toward a more hybrid network that combines legacy TDM with VoIP. Next month, the vendor will release a global product that works with wireless and wireline networks.

Other vendors such as Jasomi Networks are coming out with solutions that help tap into VoIP networks. Jasomi's PeerPoint platform can be used as a forced point of routing for VoIP providers so they can pick off audio streams and send them to law enforcement agencies.

Carriers in both the TDM and the VoIP environment also are looking to industry associations to help them become CALEA-compliant. The International Softswitch Consortium has formed the Legal Intercept Working Group to develop a solution for wiretapping the IP voice environment.

In the meantime, the FCC is expected to act on a remand by the appellate court to clarify issues with CALEA by the end of the year. Consequently, the FBI is granting CALEA extensions for up to two years. “As we rush to implement CALEA we must be sure to protect an individual's right to privacy except in respect to CALEA laws,” said Dan Freedman, CEO of Jasomi. “We wouldn't want to open it up so broadly so that anyone can listen to calls.”