CALEA and Cable: Part Two4/20/2003 8:00 PM Eastern
Last time, we examined the necessity and workings of the law known as the Communications Assistance for Law Enforcement Act, or "CALEA."
A quick refresher: CALEA helps the police and other law-enforcement agencies, like the FBI, to electronically monitor and track the telephone activities of suspected criminals. It affects providers of circuit-switched, cellular and Internet protocol-styled telephony.
In practice, though, CALEA is more straightforward for telephony providers who use circuit-switched technology, because that environment has been exposed to the need for wiretapping since 1970.
This week, we'll wade through the nuances of CALEA deployment in packet-based telephony configurations, like those used in voice-over-IP (VoIP).
In cable, the technologies and techniques of VoIP are embodied in a Cable Television Laboratories Inc. effort called "PacketCable." PacketCable, in essence, is a set of software-based methods written to do exactly what today's analog, circuit-switched phone network does, from dial tone to ring tone.
That includes CALEA. PacketCable, for example, contains an interim specification to tackle the matter. (For the intrepid, it is called "PKT-SP-ESP-I01-991229," and is available for viewing at packetcable.com. Get coffee first.)
Understanding how CALEA works in PacketCable situations necessitates a (very oversimplified) review of how phone calls move through that environment.
It goes like this: You pick up the telephone handset, which is plugged into a combination cable modem-VoIP unit. In PacketCable-speak, this combo unit goes by "MTA," for "multimedia terminal adapter." It looks like a cable modem with phone jacks on the back.
An off-hook indicator moves through the MTA, along the upstream, Internet-protocol path to the companion device in the headend known as the "cable modem termination system," or "CMTS."
The CMTS recognizes the packets as specific to VoIP, and passes them to a "call-management server," or "CMS," which returns the familiar-sounding dial tone.
You dial. The dialed digits traverse the same path, again to the call-management server. The server queries a built-in look-up table, to ascertain which "zone" holds the destination for the call.
If the call needs to move off of the PacketCable network to the public switched telephone network, it goes through a "media gateway," which is a server that knows how to interpret stuff entering or leaving the legacy phone network.
Recall that in CALEA, law-enforcement agencies need access to two things: Call content, and call data. In short, everything that can be intercepted about a call, including the conversation.
That means that in a cable VoIP network, at least three devices need to be aware of what's going on in order to intercept a call: The CMTS, the call-management server, and the media gateway.
It gets tricky quickly. Consider the intercept target (that's FBI-speak for the bad guy), who is a cable VoIP customer and who has call-forwarded his calls to his cell phone. A call comes in from the PSTN. The media gateway sees the digits that describe where the call is going, and already knows that the destination number wants its calls forwarded to a different destination.
Rather than sending the call along through the CMTS to the MTA — only to have to haul it back and perform the call-forwarding maneuvers — the media gateway instead passes it off to the cellular-phone network. It's sort of like luggage that continues to move with you, in the underbelly of the plane, even though you made a last-minute flight change at the airport.
If you were to look at a map of those packets, the situation described would resemble a hairpin curve. They hit the media gateway, and do a U-turn off the network, to the call forwarded location. They never leave the media gateway.
This matters because CALEA implementation varies from vendor to vendor of cable VoIP gear. PacketCable defines the possible junction points between various servers and network components. It does not spell out how the vendor community is supposed to build them.
So if a VoIP supplier's CALEA approach doesn't include the media gateway, and instead only watches the CMTS and the call-management server, not good.
This example, by the way, is real. Among the MSOs that dabble in VoIP, some technologists sometimes get that "here we go again" look when discussing VoIP suppliers who've refashioned equipment they developed for, say, the competitive local-exchange carrier industry, and then call it cable VoIP gear.
That's OK, they say, but be aware of the nuances that make cable VoIP unique. Or, as one cable MSO technologist puts it: "I just love these guys that come in and say, 'Oh yeah, we know CALEA, you betcha.' "
As reality goes, it is legal to file a "safe harbor" document with the FCC that describes how a cable VoIP system will comply with CALEA. In the past, the FCC has granted extensions as long as two years. The FBI's official policy is one of "flexible deployment," which basically means "do it when it makes sense to do it, but do it."
But in the grand scheme of things, stopping the really bad stuff from happening by helping thwart the people who are planning it over their cable VoIP phones probably ranks higher than angling for an extension.
Questions? Suggestions? Contact Leslie Ellis at Ellis299@aol.com.