NSA Call Data Channel (CDC) Monitoring
On 11 May 2006 USA Today reported that the National Security Agency had secretly collected the phone call records of millions of Americans, using data from three of the nation's biggest phone service providers. Thee National Security Agency used information provided by AT&T, Verizon and BellSouth, which were reported to be working under contract with the NSA. The three companies provide local and wireless phone service to more than 200 million customers in the US.
The newspaper said it learned from sources familiar with the program that the NSA does not listen or record actual phone conversations, but uses the data to analyze the calling patterns of ordinary Americans in order to detect possible terrorist activities. Under Section 222 of the U.S. Communications Act passed in 1934 and amended in 1996, telephone companies are prohibited from giving out information regarding their customers' calling habits.
The law around wiretaps has grown up around a legal distinction between Content and Identifying Information with a legal history based in the postal system. The outside of a letter identifies the recipient, the sender, the place where the letter was posted and the time. Obtaining this "Identification" information requires a lower legal standard than the "Content" of the mail - the letter inside the envelope.
In March 2004 the Telecommunications Industry Association (TIA) and the Alliance for Telecommunications Industry Solutions (ATIS) jointly published the TIA Standard/ATIS Committee T1 Trial Use Standard, "Lawfully Authorized Electronic Surveillance" J-STD-025-B. This standard defines the interfaces between a telecommunications service provider (TSP) and a law enforcement agency (LEA) to assist the LEA in conducting lawfully authorized electronic surveillance. The purpose of this standard is to facilitate a TSP's compliance with the assistance capability requirements defined in Section 103 of the Communications Assistance for Law Enforcement Act (CALEA).
J-STD-025-B defines services and features to support Lawfully Authorized Electronic Surveillance (LAES) and the interfaces to deliver intercepted communications and communication-identifying information to an LEA when authorized. The document also defines a protocol for delivering specific information elements to LEAs. Compliance with this standard satisfies the "safe harbor" provisions of Section 107 of CALEA and helps ensure efficient and industry-wide implementation of the assistance capability requirements.
J-STD-025-B focuses on refining the CALEA packet-mode communications requirements for the interface to the collection equipment of LEAs. The requirements in this standard pertain to several technologies. The details of the solution for the cdma2000®* packet data system are included in the standard, as are normative references for Voice over Packet (VoP) for Wireline Telecommunications Networks and Universal Mobile Telecommunications System/General Packet Radio Service (UMTS/GPRS), technologies focused on by ATIS' Technical Committees T1S1 and T1P1 respectively.
J-STD-025-B is a TIA Standard/ATIS Committee T1 Trial Use Standard, which was developed and approved by TIA and ATIS' Committee T1 for trial use, comment and criticism, and published in December 2003. At its March 2004 meeting, the TIA Engineering Committee TR-45 approved a ballot to determine whether the Trial Use Standard should be made into an American National Standard. In like fashion, ATIS' Technical Committees T1P1 and T1S1 issued similar letter ballots.
Content is defined in 18 USC 2510 (8) to be "when used with respect to any wire or electronic communications, includes any information concerning the substance, purport, or meaning of that communication." Call-identifying information is defined in CALEA Section 102 (2) to be "dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a [TSP]."
A TSP is required to provide access to the communications and call-identifying information for particular intercept subjects. The CDCs and CCCs use separate logical channels. The Call Content Channels and Call Data Channels [CDC and CCC(s)] may be transported to an LEA over separate or common physical facilities. The CDCs may be multiplexed onto one or more physical facilities.
The Call Content Channel (CCC) is the link between the surveillance switch and the law enforcement agency that carries the call content. The CCC may be a switched connection or a dedicated path through the Public Switched Telephone Network (PSTN), e.g., on a private line. The Call Data Channel (CDC) is the interface between the surveillance switch and the law enforcement agency that carries the call set-up data. The CDC may be a switched connection or dedicated path through the Public Switched Telephone Network (PSTN) or may be separate from the PSTN, e.g., via a private line or a packet switched network.
A call content channel (CCC) delivers the content of voice conversations and voice-band data to the monitoring center over digital trunks. Two circuits are required for the CCC, one for the subject's voice content and the other for the associates' voice content. A call data channel (CDC) carries the call data related to monitored calls (origination information, termination attempt, information answer detection). The CDC is a TCP/IP connection linking the switch serving the subject to the monitoring center. Up to five different monitoring centers can receive the voice content and call data from a single subscriber, allowing that subscriber to be the subject of five simultaneous investigations.
A subject's call content is generally transported to the LEA over one or more Call Content Channels [CCCs]. The actual number of CCCs will vary with each electronic surveillance according to the number of CCCs ordered by the LEA. Factors influencing this number are the subject's bearer capabilities, the subject's call capabilities, the type of communication being intercepted, the type and capacity of individual CCCs, the number of possible call appearances, and the subject's call-related activities. CCCs shall be provisioned as combined (i.e., carrying both the transmit and receive paths on one channel) or separated (i.e., using independent channels for the transmit and receive paths). Each CCC for an electronic surveillance must be capable of transporting one or more of the subject's intercepted bearer services. For some types of applications used by the subject (e.g., short message service), the call content may be transported over the Call Data Channel [CDC].
Additional CCCs are used (up to the number provisioned for a particular electronic surveillance) when the CCCs currently open are incompatible with the bearer services being intercepted. An example of this situation could be when a subject initiates a voice call, optionally places that call on hold, and initiates a second call using a different bearer service (e.g., fax or data). The type of CCC delivered to an LEA may be influenced by the subject's bearer services, the manner in which the subject's call content is accessed, the preferences of the TSP, and the preferences of the LEA conducting the electronic surveillance. Communications that inherently use separate transmit and receive communications paths require separated CCCs. Other communications inherently combine the transmit and receive paths (or assume that the paths may be combined), so combined CCCs may be appropriate.
Call-identifying information is formatted into discrete messages using a specialized protocol called the Lawfully Authorized Electronic Surveillance Protocol (LAESP). The LAESP messages shall be transported to an LEA over a CDC. As defined in this Standard, a single CDC may support the delivery of LAESP messages for one or more electronic surveillances to a particular LEA collection facility.
|Join the GlobalSecurity.org mailing list|