CALEA and Cable: Part 2
by Leslie Ellis // April 21 2003
Last time, we examined the necessity and workings of the law known as the Communications Assistance for Law Enforcement Act, or “CALEA.”
A quick refresher: CALEA helps the police and other law enforcement agencies, like the FBI, to electronically monitor and track the telephone activities of suspected criminals. It affects providers of circuit-switched, cellular and IP-styled telephony.
In practice, though, CALEA is more straightforward for telephony providers who use circuit-switched technology, because that environment has been exposed to the need for wire-tapping since 1970.
This week, we’ll wade through the nuances of CALEA deployment in packet-based telephony configurations, like those used in voice-over-IP (VOIP).
In cable, the technologies and techniques of VOIP are embodied in a CableLabs effort called “PacketCable.” PacketCable, in essence, is a set of software-based methods written to do exactly what today’s analog, circuit-switched phone network does, from dial tone to ring tone.
That includes CALEA. PacketCable, for example, contains an interim specification to tackle the matter. (For the intrepid, it is called “PKT-SP-ESP-I01-991229,” and is available for viewing at packetcable.com. Get coffee first.)
Understanding how CALEA works in PacketCable situations necessitates a (very oversimplified) review of how phone calls move in that environment. It goes like this: You pick up the phone handset, which is plugged into a combination cable modem/VOIP unit. In PacketCable-speak, this combo unit goes by “MTA,” for “multimedia terminal adapter.” It looks like a cable modem with phone jacks on the back.
An off-hook indicator moves through the MTA, along the upstream, IP path, to the companion device in the headend known as the “Cable Modem Termination System,” or “CMTS.” The CMTS recognizes the packets as specific to VOIP, and passes them to a “call management server,” or “CMS,” which returns the familiar-sounding dial tone.
You dial. The dialed digits traverse the same path, again to the call management server. The server queries a built-in lookup table, to ascertain what “zone” holds the destination for the call. If the call needs to move off of the PacketCable network, to the Public Switched Telephone Network, it goes through a “Media Gateway,” which is a server that knows how to interpret stuff going on or off the legacy phone network.
Recall that in CALEA, law enforcement agencies need access to two things: Call content, and call data. In short, everything that can be intercepted about a call, including the conversation.
That means that in a cable VOIP network, at least three devices need to be aware of what’s going on, in order to intercept a call: The CMTS, the call management server, and the media gateway.
It gets tricky quickly. Consider the intercept target (that’s FBI-speak for the bad guy), who is a cable VOIP customer, and who call-forwarded his calls to his cell phone. A call comes in, from the PSTN. The media gateway sees the digits that describe where the call is going, and already knows that the destination number wants its calls forwarded to a different destination.
Rather than sending the call along, through the CMTS to the MTA, only to have to haul it back and perform the call-forwarding maneuvers, the media gateway instead passes it off to the cellular phone network. It’s sort of like luggage that continues to move with you, in the underbelly of the plane, even though you made a last minute flight change at the airport.
If you were to look at a map of those packets, the situation described would resemble a hairpin curve. They hit the media gateway, and do a U-turn off the network, to the call forwarded location. They never leave the media gateway.
This matters because CALEA implementation varies, from vendor to vendor of cable VOIP gear. PacketCable defines the possible junction points between various servers and network components. It does not spell out how the vendor community is supposed to build them.
So, if a VOIP supplier’s CALEA approach doesn’t include the media gateway, and instead only watches the CMTS and the call management server – not good.
This example, by the way, is real. Among the MSOs dabbling in VOIP, some technologists sometimes get that “here we go again” look when discussing VOIP suppliers who refashioned equipment they developed for, say, the CLEC industry, and then call it cable VOIP gear.
That’s ok, they say, but be aware of the nuances that make cable VOIP unique. Or, as one cable MSO technologist puts it: “I just love these guys that come in and say, ‘oh yeah, we know CALEA, you betcha.'”
As reality goes, it is legal to file a “safe harbor” document with the FCC that describes how a cable VOIP system will comply with CALEA. In the past, the FCC has granted extensions as long as two years. The FBI’s official policy is one of “flexible deployment,” which basically means “do it when it makes sense to do it, but do it.”
But in the grand scheme of things, stopping the really bad stuff from happening, by helping thwart the people who are planning it over their cable VOIP phones, probably ranks higher than angling for an extension.
This column originally appeared in the Broadband Week section of Multichannel News.
Cable, CALEA, and Catching the Bad Guys: Part 1
by Leslie Ellis // April 07 2003
This is one of those columns that necessarily dips into the anxious language of current events: Tracking the phone activities of the bad guys. It’s about CALEA, which stands for the “Communications Assistance for Law Enforcement Act.”
CALEA, usually pronounced as a word, “kuh-LEE-uh,” is an effort to electronically monitor and track the telephone activities of suspected criminals. As its last word denotes – “Act” – it is a law, issued in 1994.
In these times, and particularly since the rise of terrorist threats, there are ample reasons for institutions like the Federal Bureau of Investigations, as well as local police agencies, to need the help of service providers – including those cable operators who also offer telephone lines to customers.
If you’ve not heard of CALEA, and you’re either doing or getting ready to do phone service over cable, whether circuit switched or IP, you need to be ready. This is the kind of thing where a court order shows up at the GM’s doorstep, in the hands of a uniformed police officer. The court order usually requires immediate access to the phone records and conversations of a customer, who is a suspect, for whatever reason, in a criminal act.
The immediacy is reflected in the wording of the law itself, which makes frequent use of the word “expeditiously,” especially at the front of sentences. Telling the uniformed police officer with the court order that you’ll need three days to get the CALEA gear set up is just as helpful as telling the firefighter that you’ll need three days to get that bucket of water.
CALEA came to be because it is no longer enough to gaff a telephone pole a few blocks from a suspect’s location, clamp onto a pair of phone wires, and listen in. If anything has flourished in the history of electronics, it is our collective appetite for talking with each other. The marketplace responded. The result is an increasingly complex environment for the good guys to catch the bad guys.
At the head-scratching boundaries of electronic surveillance are devices like the disposable cellular phone, bought with cash. In between are alternate forms of telephone communications, like PC-based IP phone, cable phone, and anything else that allows people to use traditionally unmonitored lines of communication.
Because the need for electronic surveillance has long roots – wire-tapping has been around for decades – the existing forms of telephone communications, using circuit switches, come with CALEA modules. That makes getting ready for CALEA more straightforward for cable operators who offer circuit-switched telephony.
In that scenario, enacting a CALEA event involves sending a specifically entrusted cable employee to the circuit switch, invoking the CALEA software, and setting up the spigot that flows the necessary information to the FBI or police.
Two things are required: Call data, and call content. Call data is everything that can happen with a phone: What numbers it dials, what numbers it receives. Details of three-way calling events, or call-forwarding activities. Call content is the equivalent of slipping another straw into the drink: It taps the call.
That information is collected and sent, over protocols specified in CALEA, to law enforcement officials.
Gathering call detail and content in a packet-based, IP environment isn’t quite as straightforward. A voice call made over the public Internet uses the methods of the Internet, which break a bunch of packets into clumps, and send them over varying routes to their destination. The route itself can change from one call to the next.
The industry’s specifications for voice-over-IP, known as PacketCable, include methods for dealing with CALEA. All vendors of voice-over-IP (VOIP) equipment for cable are aware of CALEA, and offer modules or standalone servers to address the need for electronic surveillance. But, because VOIP in cable is still relatively new, it’s fair to say that its CALEA efforts have yet to settle into a pattern.
Some suppliers, for example, combine CALEA directly into a soft switch. Others isolate CALEA into a separate server. PacketCable allows for integrated or standalone handling. What works in a day-to-day environment will work itself out as everything else related to the back office of VOIP works itself out.
That’s the set-up of CALEA, and its importance in cable’s growing presence as a telephone service provider. Next time, a look at how information flows to and from law enforcement agencies, in VOIP environments.
This column originally appeared in the Broadband Week section of Multichannel News.