Pipeline Publishing, Volume 3, Issue 11
This Month's Issue:
The Long Arm of Telecommunications Law
download article in pdf format
last page next page

Staring Down the Compliance Conundrum

back to cover

By Joe Hogan and Marc Price

It reads like a spy novel or political thriller. A person of interest is identified. He’s accessed jihadist web sites. He’s received and made calls from a person who, in turn, has received calls from Afghanistan or Western Pakistan. He has sent a flurry of recent picture messages from a vulnerable national monument. Police move fast to corroborate these facts with other information: a questionable driver’s license from a state with lax rules, a recent pilot’s license, a money transfer from overseas.

Worldwide communications are essential for our freedom. At the same time they are one of the best means we have to identify early warning signs of impending threats. As in the example above, any single call or event may be insignificant by itself, while in total, these events present a complete profile worthy of interest.

But do operators and governments have all the tools they need to record, track, and correlate such information? The answer is yes, and as the importance of the tools grows, so does the sophistication.

Lawful interception and surveillance mandates have gone from a low-visibility back-office function to a critical need, in an environment where operators may be asked and required to compile millions of customer records in a matter of hours to turn over to authorities. The focus, budget and auditing of the operator’s lawful intercept capabilities have thus come to the forefront. Political ramifications aside, this is a very real challenge that service providers have little choice but to face. Furthermore, with the rise to prominence of many different types of data services—text messaging, video and email—this problem becomes even more complex. By way of example, while five voice sessions produce five voice call records, a single IP-based session can produce hundreds, or even thousands of records.

Authorities understand well that a complete picture of voice and data is necessary to greatly improve the odds of identifying a person of interest. Indeed, having such a complete picture narrows the list of possible suspects whereas information from voice calls or data alone would fail to narrow the pool sufficiently.

For operators, the importance of dealing with lawful interception mandates cannot be understated. However, mandates such as the Communications Assistance for Law Enforcement Act (CALEA) in the U.S., and similar mandates in Europe and elsewhere, have raised a conundrum. How do service providers rectify the tug of war that exists between providing quality and safe service to customers, while at the same time delivering

Lawful interception and surveillance mandates have gone from a low-visibility back-office function to a critical need.

photo here
records across a subscriber base of 50 million in a matter of hours?

Furthermore, in addition to CALEA compliance, service providers must also comply with laws such as Sarbanes-Oxley and E911. The problem is that in many cases, a solution designed to satisfy CALEA requirements will not necessarily meet the demands of Sarbanes-Oxley, by providing a comprehensive and visible trail of all accounting functions, or E911, by identifying the location of a caller using a VoIP-based phone service. Service providers are faced with the prospect of shelling out serious cash for individual solutions that satisfy the varying compliance laws.

How did we get here?

Prior to the 1990s the global market for intercept and surveillance products was relatively small and included only the original manufacturers of telecom switching equipment and a few specialized equipment vendors. Surveillance capabilities were comprised of proprietary features leveraging physical wiretapping interfaces available within the switch, as delivered by the telecom equipment manufacturers, or available from specialty manufacturers to support law enforcement agencies. These early solutions were typically installed by the communication service providers on behalf of domestic law enforcement agencies on an as needed basis. Permanent surveillance systems integrated with sophisticated cryptographic analysis were deployed by specialized branches of the military at major international telecommunications interconnect locations (undersea cable and satellite) to support foreign intelligence gathering.

 

article page | 1 | 2 | 3 | 4 |
last page back to top of page next page
 

© 2006, All information contained herein is the sole property of Pipeline Publishing, LLC. Pipeline Publishing LLC reserves all rights and privileges regarding
the use of this information. Any unauthorized use, such as copying, modifying, or reprinting, will be prosecuted under the fullest extent under the governing law.