Surveillance Standard Debate

The dispute over the CALEA surveillance legislation flooded over the banks of standards committees some time ago, with critical decisions now before Congress and the FCC. Will the J-STD-025 standard that the TIA and ATIS developed be declared sufficient? Or deficient? Will the funding cutoff date be modified? What about the implementation date? While (multi-) million dollar questions like these are decided in Washington, the standards group that created J-STD-025 now is working on the FBI's so-called "punch list" of surveillance capabilities not included in the standard.

The FBI's description of the requirements for the punch list represents the technical gulf between U.S. law enforcement and the telecom industry. Details were presented to both the FCC as reply comments in CC Docket No. 97-213 and to the TIA/ATIS Enhanced Surveillance Services ad hoc standards group in June. Some requirements would extend surveillance to new situations, and others would improve the robustness of the link between a switch and the law enforcement monitoring station.

Multiparty Calls J-STD-025 specifies that for conference calls, call waiting and other services that may put parties on hold, only parties connected to the intercept subject are monitored. The FBI is demanding that parties on hold be monitored separately, and it wants to be informed of every change in the connection status (e.g. adding a party, dropping a party or placing a party on hold). The ability to monitor associates who are not covered by a surveillance order at times when they are not connected to the surveillance subject already has raised the eyebrows of people concerned about civil liberties.

In-Call Signaling The television image of surveillance is of officers huddled in a van listening to conversations, yet in many cases law enforcement requests only a summary of data pertinent to the call, such as the identity of the parties involved in the call and the time and duration of the call. Consequently, any DTMF tones that are dialed during the call would not be monitored. Not surprisingly, law enforcement wants calls monitored for these tones, which then could be transmitted over a data connection to law enforcement. This requirement has a few technical problems (apart from the potential legal problem of monitoring call content without a court order) because the wireless system cannot determine easily what DTMF tones are valid.

The minimum and maximum duration of tones is defined by the device receiving them (e.g. bank, voice mail, interexchange carrier). Without precise timing information, it would be easy for a smart criminal to spoof the monitors by entering tones that were too short to cause any action or that were entered when the terminating device was not ready to receive them. Several other parameters may be critical, such as the tolerance for frequency and amplitude of the tones. And it is impossible for the originating telecom system to identify the system (e.g. bank machine or inter-exchange carrier) that is processing the tones, if there even is one.

Fundamentally, short of recording the tones and the feedback from terminating devices, the meaning of midcall tones cannot be determined reliably by a carrier. Even if it is technically feasible to collect thisinformation, it increases the cost of monitoring calls by requiring that the voi ce path be monitored continuously for valid DTMF tones (and possibly other groups of tones as well) for every intercept for which voice is not being provided. If full call content is provided, then law enforcement has easy access to the tones and any feedback associated with them.

Similarly, the FBI wants to be notified of all network-initiated signals, including tones (e.g. busy and call-waiting tones) and short messages (excluding user-generated short messages). Obviously, audible information is available if the court order requires voice monitoring, but it is considerably more difficult to provide otherwise because each type of signal has to be separately encoded, which will result in protocol modifications every time a new tone is added for a new feature. One future example could be calling party pays (CPP), which may be implemented using a distinct tone to inform callers of the possibility of CPP charges.

Furthermore, other types of signals, such as display messages or other visual indicators, could come in a wide variety and all will have to be encoded in a standardized fashion. Again, any change in signaling will require the standardization of new encodings to inform law enforcement of the new information.

Timing, Correlation & Robustness J-STD-025 requires that data be delivered to law enforcement over one interface, the call-data channel (CDC), while voice is delivered over a number of trunks. Data messages on the CDC identify the trunk that has started to carry the voice of a subject, but the trunk (which carries no signaling) does not identify the CDC. The FBI is requesting that the voice trunk actually carry a unique identifier (e.g. a series of tones) that will correlate with the data messages on the CDC. This will delay the delivery of voice information and will require that all voice conversations be buffered by that amount of time, requiring a significant amount of RAM to be assigned, more than 100kb for each trunk, assuming a 2-second delay. The cost of such custom circuits will be considerably more than standard T1/DS0 circuits.

Other timing requirements are the delivery of voice no more than 2 seconds late 99% of the time and the delivery of messages on the CDC no more than 3 seconds after the event occurs. And, they want all time stamps to be accurate to within 100ms.

To increase the robustness of communications between the wireless system and law enforcement, the FBI is demanding that the status of every active surveillance be reported on a regular basis and that a continuous tone (probably the DTMF "C" tone) be transmitted on each voice trunk to verify connectivity.

These requirements may increase the cost of implementations and may be outside the jurisdiction of law enforcement to specify.

If the FBI punch-list requirements are imposed by the FCC or Congress, it will add significantly to the costs of telecommunications carriers' compliance with CALEA. Many FBI requirements could be performed more easily by law enforcement obtaining full call content and performing the interpretation itself. Midcall tones, for example, could be obtained easily (with context) in this way. This approach would be cheaper and more efficient. Also, it is difficult to see how an interpretation of a series of tones could stand up in court without any feedback from the device intercepting the tones and without a full characterization of their timing, frequencies, amplitude and other characteristics. Furthermore, there are privacy considerations because the tones may be conveying information that is not covered by the court order.

The major decisions regarding the FBI punch list are now in the hands of Congress and the FCC. All technologists can do is point out some of the difficulties that these capabilities will introduce, the illusory nature of the supposed benefits and the concomitant increase in costs for implementing CALEA. Even then, they can do this only when asked.