1

Carrier concerns Carrier concerns and issues: VoIPand issues: VoIP

Anthony M RutkowskiAnthony M RutkowskiVice President, NetDiscovery ServiceVice President, NetDiscovery Service

VeriSignVeriSignmailto:tony@verisign.commailto:tony@verisign.com

President, Global LI Industry ForumPresident, Global LI Industry Forum

2

Adverse Impacts on Adverse Impacts on CarriersCarriers

Intercept solutions costlyIntercept solutions costly Hardware and software expendituresHardware and software expenditures Mediation devicesMediation devices

Large on-going operational expensesLarge on-going operational expenses Dedicated Security Office PersonnelDedicated Security Office Personnel Compliance to Legal/Regulatory Procedures for System Security & Compliance to Legal/Regulatory Procedures for System Security &

IntegrityIntegrity Network Operations Staff for supporting network connectivity for Network Operations Staff for supporting network connectivity for

each LEAeach LEA Assistance to LEAs in initial connectivity or on-going surveillance Assistance to LEAs in initial connectivity or on-going surveillance

supportsupport Legal liabilities for non-compliant Security Policies and Legal liabilities for non-compliant Security Policies and

unauthorized disclosure of legal order informationunauthorized disclosure of legal order information LI preliminary investigative support requirements can be LI preliminary investigative support requirements can be

equally significantequally significant Directories and identifier discoveryDirectories and identifier discovery Communications detail records searchesCommunications detail records searches

LEAs often reluctant to use lower cost secure VPN technology LEAs often reluctant to use lower cost secure VPN technology

3

New requirements for New requirements for carriers with a global carriers with a global

footprint and LEAsfootprint and LEAs New laws coming into force will significantly New laws coming into force will significantly

affect some carriers (and LEAs)affect some carriers (and LEAs) Convention on CybercrimeConvention on Cybercrime Mutual Assistance Multilateral and Bilateral Mutual Assistance Multilateral and Bilateral

Agreements, especially the 2000 European MLAT Agreements, especially the 2000 European MLAT 2nd Protocol2nd Protocol

Homeland Security Information Sharing ActHomeland Security Information Sharing Act Transnational interceptions and handovers likely to Transnational interceptions and handovers likely to

be commonplacebe commonplace Multiple independent Lawful Interception Multiple independent Lawful Interception

provisions and standards substantially drive up provisions and standards substantially drive up costs of compliance and implementationcosts of compliance and implementation Raises many issues, including discovery phase Raises many issues, including discovery phase

obligationsobligations VoIP will be a major focus of transnational LIVoIP will be a major focus of transnational LI

4

Multiple VoIP Lawful Multiple VoIP Lawful Interception solutions for Interception solutions for

carriers are emergingcarriers are emerging Cisco has just announced a new, highly effective, Cisco has just announced a new, highly effective,

standards-based, service independent LI architecture standards-based, service independent LI architecture for worldwide usefor worldwide use www.ietf.org/internet-drafts/draft-baker-slem-architecture-00.twww.ietf.org/internet-drafts/draft-baker-slem-architecture-00.t

xtxt www.ietf.org/internet-drafts/draft-baker-slem-mib-00.txtwww.ietf.org/internet-drafts/draft-baker-slem-mib-00.txt Initial implementation will support VoIP network elementsInitial implementation will support VoIP network elements Other vendors are following Cisco leadOther vendors are following Cisco lead All mediation and collection system vendors are implementingAll mediation and collection system vendors are implementing VeriSign NetDiscovery Service™ has already implemented and VeriSign NetDiscovery Service™ has already implemented and

tested as a cost-effective service bureau architecturetested as a cost-effective service bureau architecture What is not intercepted from built-in VoIP network What is not intercepted from built-in VoIP network

elements can be extracted from traffic streams using elements can be extracted from traffic streams using special access devices and probes offered by existing special access devices and probes offered by existing vendors (e.g., TopLayer-Verint/SS8, ECtel, Aqsacom)vendors (e.g., TopLayer-Verint/SS8, ECtel, Aqsacom)

More difficult issues involve the interception of third More difficult issues involve the interception of third party signalling information and availability of party signalling information and availability of identifier informationidentifier information

5

VoIP LI Specifications VoIP LI Specifications (by scope)(by scope) Generic HandoverGeneric Handover

Cisco TapMIB et seq.Cisco TapMIB et seq. ETSI ES 201 671v2.1.1 (2001-09)*[also known as GLIC or ULIC]; TS ETSI ES 201 671v2.1.1 (2001-09)*[also known as GLIC or ULIC]; TS

101 671 V2.4.1 (2002-10)**101 671 V2.4.1 (2002-10)** Germany REGTP TR FÜV V3.0 (2001-11)* [modified ETSI Germany REGTP TR FÜV V3.0 (2001-11)* [modified ETSI

specification]specification] TIA J-STD-025A*; PN-4465-RV1.12 (14 Jan 2003)**TIA J-STD-025A*; PN-4465-RV1.12 (14 Jan 2003)** UK HO NHIS V1.0 (2002-05)* [replaces GHIS, modified ETSI UK HO NHIS V1.0 (2002-05)* [replaces GHIS, modified ETSI

specification]specification] IP HandoverIP Handover

ETSI DES/SEC-003020 V0.3.0 (2002-10)**ETSI DES/SEC-003020 V0.3.0 (2002-10)** Netherlands EZ TIIT V1.0.0 (2002-09)*Netherlands EZ TIIT V1.0.0 (2002-09)*

Wireless IP HandoverWireless IP Handover 3G/UMTS3G/UMTS

3GPP TS 33.108v5.1.0 (2002-09)*3GPP TS 33.108v5.1.0 (2002-09)* Cable IP HandoverCable IP Handover

Cable Labs PKT-SP-ESP-I01-991229*Cable Labs PKT-SP-ESP-I01-991229* SCTE 24-13 2001**SCTE 24-13 2001**

Cable IP Handover for Voice & MultimediaCable IP Handover for Voice & Multimedia ETSI ES_101 909-20.1 V.0.0.11 (2002-11)**ETSI ES_101 909-20.1 V.0.0.11 (2002-11)**

Softswitch Based NetworksSoftswitch Based Networks ISC [unknown] (27 Nov 2002)**ISC [unknown] (27 Nov 2002)**

VoIPVoIP DTS/TIPHON-03020v1.0.1(2002-11)**DTS/TIPHON-03020v1.0.1(2002-11)**

Wireline VoP (includes VoIP, VoMPLS, and VoATM)Wireline VoP (includes VoIP, VoMPLS, and VoATM) ANSI T1.XXX-XXXX (T1S1 Doc. 3s100030)**ANSI T1.XXX-XXXX (T1S1 Doc. 3s100030)***Adopted and **most current draft versions listed

6

The VoIP meta-architecture The VoIP meta-architecture

significantly affects carrierssignificantly affects carriersApplication/Signalling ProviderPremises

SNMP

Backbone ProviderPremises

SNMP

Access Provider Premises

SNMP

LI Watcher

Provider Premises,LEMF Premises,

or Service Bureauintermediary

3rd Party Premises

Target Subject Location

Law Enforcement Monitoring Facility (LEMF)

User Client(s)/ Agent(s)

Collection and Analysis Systems

Access Servers

LogFile

AccountFile

LI Access Device

Intranet

3rd PartyClient(s)/ Agent(s)

Internet

IRI & CC FunctionsHI 2, HI 3 (typical)

Provisioner FunctionHI 1 (typical)

Application/Signalling

ServerLI Access Device

Intranet

LI Mediation Device

LI Access Device

LI Mediation Device

LI

LI Mediation Device

LI Watcher

AccountFile

LI

LogFile

From An Internet Ecosystem LI Reference Model and its elements, Figure 1, VeriSign Switzerland SA, Doc. ETSI/LI-Rap#05TD012, Sophia Antipolis, 28-29 Jan 2003

7

LI meta-architecture effects LI meta-architecture effects on carrierson carriers

Referencing diagram - at most provider premises Referencing diagram - at most provider premises sites, there are four interception options emerging - sites, there are four interception options emerging - based on different standardsbased on different standards

There are no “one option fits all” solutions; so they There are no “one option fits all” solutions; so they will co-existwill co-exist

Different standards are also emerging for each VoIP Different standards are also emerging for each VoIP mediummedium

VoIP network elements can also be spread across VoIP network elements can also be spread across multiple independent providers and premisesmultiple independent providers and premises

A 10,000+ provider by 5,000+ LEA Lawful A 10,000+ provider by 5,000+ LEA Lawful Interception matrix already existsInterception matrix already exists

Obligations of providers to support LEAs VoIP Obligations of providers to support LEAs VoIP orders concurrently among multiple providers orders concurrently among multiple providers becomes highly complex, difficult, and potentially becomes highly complex, difficult, and potentially costlycostly

Intermediary service bureaus may become crucial to Intermediary service bureaus may become crucial to effective intercept integration of all the VoIP options effective intercept integration of all the VoIP options and achieving cost reductionsand achieving cost reductions

8

LI investigative support LI investigative support costs significantly affects costs significantly affects

carrierscarriers LI investigative support costs can be very substantialLI investigative support costs can be very substantial

Explicitly raised in Canadian consultative and other national Explicitly raised in Canadian consultative and other national proceedingsproceedings

Typically the occurrence of these requests significantly exceed Typically the occurrence of these requests significantly exceed the number of for actual interceptionsthe number of for actual interceptions

Needed common VoIP LI related capabilities includeNeeded common VoIP LI related capabilities include Requests for VoIP account identifiersRequests for VoIP account identifiers Requests for VoIP communication detail recordsRequests for VoIP communication detail records Service of LI orders, subpoenas, and warrantsService of LI orders, subpoenas, and warrants Interactions between Law Enforcement Monitoring Facility Interactions between Law Enforcement Monitoring Facility

(LEMF) and access mediation equipment(LEMF) and access mediation equipment Multiple, non-interoperable ASN.1 VoIP Handover Interface Multiple, non-interoperable ASN.1 VoIP Handover Interface

information syntax specificationsinformation syntax specifications Interoperable global LI parties and objects registriesInteroperable global LI parties and objects registries Certificate-based authentication for parties, documents, and Certificate-based authentication for parties, documents, and

carrier-agent-LEA transactionscarrier-agent-LEA transactions Solutions must be based on standard global schemas that Solutions must be based on standard global schemas that

allow for national and regional variations and XML-ASN.1 allow for national and regional variations and XML-ASN.1 interoperabilityinteroperability

Significant benefits would accrue to providers, intermediate Significant benefits would accrue to providers, intermediate agents, and LEAsagents, and LEAs