One-Two Punch List

Alexander the Great was told that anyone who undid the complicated knot that held the cart of Gordius, King of the Phrygians, would reign over the whole East. Alexander solved the problem in a way that no others had tried: He sliced it in two with his sword. The FCC was handed a Gordian knot when it accepted the challenge of ruling on telecom industry compliance with U.S. CALEA legislation. The FCC appears to have started untying the knot, but it has asked the telecom industry to finish the job.

CALEA is controversial because at least three radically different constituencies want three different solutions. Law enforcement wants wiretapping to be as easy in the digital age as it was in the analog. Civil libertarians want to ensure that no personal rights are infringed, and the telecommunications industry wants a clear definition of compliance. The industry also wants it either to be cheap, or have someone else to pay for it.

The FCC appears to have sided largely with law enforcement, and that creates some significant technical problems that are compounded by the aggressive schedule that the FCC wants the industry to follow.

One victory for the industry is that the FCC has recognized the J-STD-025 standard as safe harbor after it has been modified to conform to the order. The legal term "safe harbor" means that a company that implements J-STD-025 will be CALEA compliant, even if there are discrepancies between the standard and the law.

OLD INGREDIENTS The FCC ruling largely recognizes the current contents of the J-STD-025 standard. This is based on a model that adds intercept access points to existing telecom equipment. These are connected both to data facilities (call-data channels or CDCs) and voice facilities (call-content channels or CCCs). The CDCs are used to transmit information about all monitored calls, and the CCCs are used only to transmit voice information if the type of court order allows it (Title III).

Two questionable items were the location of a wireless phone and support for packet data. The problem with location is that you can interpret this to be call-identifying information. Current landline-call monitoring may provide the phone numbers of both the calling party and called party, which (in a landline system) usually indicates the location of both parties. An alternate interpretation says it's location-tracking information, which is excluded. The FCC chose the middle road: The location of a phone at the beginning and end of a call should be provided but not the location during a call. It also excluded the more accurate positioning that may be provided by E-911 location services.

Packet data is a problem because the call-identifying information often is mixed in with the user's data. The telecommunications system normally does not segregate these types of data. The FCC ruled that by September 2001, carriers must provide all packet information even when the court order does not allow access to call content. This leaves law enforcement with the responsibility for "minimization": separating what it is allowed to monitor from what it is not. At the same time, the FCC told TIA to study the issue and report back in a year.

NEW INGREDIENTS The FCC ruled that most of the FBI's punch-list items be included, and carriers have to provide these capabilities by September 2000, instead of the June 2000 deadline for basic J-STD-025 features.

One issue is whether law enforcement agencies should be provided with an indication of a conference call's change in status. The FCC ruled that law enforcement should be informed via a message on the CDC every time a party is added to a multiparty call, placed on hold or dropped from the call.

During a call, information is conveyed in a variety of ways. Callers hear ring-back and busy tones and may generate dual-tone multifrequency (DTMF) tones to access services from a long-distance carrier, bank or voice mail. The FCC ruled that carriers must provide all of these. The most difficult is subject-generated DTMF tones, which currently are not monitored during a call. Carriers must attach DTMF-receiver hardware to all monitored calls, even though the information they obtain is of limited use.

A relatively minor issue was whether timing information should be provided to help correlate call-related information transmitted on the CDC with call content on a CCC. Again, the FCC answered yes.

LEFTOVERS Three punch-list capabilities were left out: surveillance status, continuity check tone and feature status.

The first two would have helped ensure monitoring reliability. Surveillance status regularly would report the list of subjects that are being monitored, and continuity check tone would automatically verify whether CCCs are functioning before allocating them to a call.

Feature status would have reported from the HLR whenever a feature was activated, deactivated or modified in any way. This information already is available through monitoring the digits that a subject dials. This decision lets HLR manufacturers off the CALEA-compliance hook.

The FCC decision finally has established what CALEA compliance means and when it is required. Telecom companies must implement the current version of J-STD-025 by June 2000 and the enhanced version by September 2001. However, the most difficult deadline may be to complete the standard by March 2000. Even if the FCC interprets completion to mean ready for ballot, it would be extraordinary for such complex and controversial modifications to be ready by then. Just as with software development or kitchen renovations, you can choose to have the work done on time or done right -- but not often both. You can hope this extraordinary pressure will not create a standard that fails to meet the legitimate needs of law enforcement and telecom carriers or that fails to protect the rights of ordinary Americans.

The lead organization for the J-STD-025 standard is TIA; although, the designation (joint standard) indicates that it has been developed in association with the Alliance for Telecommunications Industry Solutions (ATIS). In particular, TIA subcommittee TR-45.2 provided input related to U.S. wireless networks based on TIA analog, TDMA and CDMA standards. ATIS committee T1S1 provided information related to wireline telecommunications, and ATIS committee T1P1 provided information related to GSM-based standards (both 1.8GHz PCS and the Motorola iDEN system.)

If you compared the FCC ruling to a goulash produced by a committee, it would be based on somebody's mother's recipe (existing J-STD-025), with a few things omitted, and about half of the ingredients from another recipe (the FBI punch list) thrown into the pot. The best you can do is hope that the result will be tasty, or at least edible.