© 2004 VeriSign, Inc.

VoIP and CALEA: Current Developments

Tony RutkowskiV.P. for Regulatory Affairs

VeriSignmailto:trutkowski@verisign.com

tel:+1 703.948-4305

VoIP World Fall 2004Washington DC12 Nov 2004Panel on CALEA and VoIP

Overview

+ The new FCC CALEA proceeding+ Timeline+ Who is saying what

+ Applicability of CALEA+ Public broadband Internet access facilities+ Public managed/mediated VoIP facilities+ Jurisdiction and findings+ Other bases+ Telecommunications carrier issue+ Information service issue

+ Requirements and Solutions+ Traffic data extraction+ Trusted Third Party service bureaus as complete independent solution+ Safe harbor standards+ Subscriber identity information+ Stored traffic data+ Transnational

+ Compliance Extension Petitions+ Enforcement

+ How should the FCC deal with the problem of evolving standards and their implementation?+ Are any existing CALEA standards deficient?+ What other steps could be adopted for effective enforcement?

+ Cost and Recovery+ Effective Date+ VeriSign and its NetDiscovery™ Service

The new FCC CALEA proceeding

1990 1995 2000 2004 2005 2006 2007

Adopted 25 Oct 1994

Original CALEA ProceedingNPRM 10 Oct 1997FNPRM 5 Nov 1998

R&O 15 Mar 19992ndR&O 31 Aug 19993rdR&O 31 Aug 1999

DCcir 15 Aug 2000Recon Order 16 Apr 2001

Order 21 Sep 2001Order 27 Sep 2001

Remand Order 11 Apr 2002

Docket 97-213

Docket 04-36

Omnibus IP-Enabled Services ProceedingNPRM 14 Feb 2004

Docket 04-295

Broadband-VoIP CALEA ProceedingRM-10865 12 Mar 2004

NPRM 9 Aug 2004Comments 8 Nov 2004

Replies 7 Dec 2004R&O Apr? 2005

Compliance Benchmark Notice Aug? 2005Compliance Benchmark Deadline Jul? 2006

Congressional hearing 10 Sep 2004

Spectrum of filings

http://svartifoss2.fcc.gov/prod/ecfs/comsrch_v2.cgi Enter: “04-295” in block 1

American Civil Liberties UnionBellSouth CDT/ Public Interest Joint EarthLink, Inc. EDUCAUSE Coalition Electronic Frontier Foundation Global Crossing Level 3 Communications, LLC US Internet Service Provider Assn Yahoo! Inc.

Largely No Problems

Largely Opposed

FiduciaNetNCTA New York Attorney General Nextel Communications, Inc. Satellite Industry Association SubsentioTexas Department of Public Safety United States Department of Justice USTA VeriSignVerizon

AMA TechTel CommunicationsCTIA CingularCorrCoalition for Rural Broadband CALEAMotorolaNational Telecom Cooperative Association NextelNuvioOPASTCORural Telecommunications Group Rural Telecommunications Providers SBCSmithvilleT-Mobile USA, Inc. TIA

Some Concerns

Alternative:http://www.fcc.gov/cgb/ecfs/Click on “Search for Filed Comments”

Applicability of CALEA+ Communications Assistance to Law Enforcement

+ Provide real-time (or stored) traffic data or content for forensic evidence or investigations+ More than 10,000 agencies in U.S.; Title 18, Title 50, almost every State; international+ Certainty – basic purpose of proceeding+ Enhance privacy

+ Focus+ Next Generation Networks; IP-enabled services

+ Broadband Internet Access Service (>200 kb/s)+ Managed/Mediated VoIP (anything other than P2P)

+ Jurisdiction and findings+ Substantial Replacement+ Public Interest

+ Critical infrastructure protection+ Switching and common carrier service+ No adverse effect on technology+ Cybercrime Convention and MLATs

+ Global action+ Almost every country has similar requirements+ Coordination among law enforcement worldwide

+ Telecommunications carrier issue+ Carriers under CALEA have different definition and purpose

+ Information service issue+ Narrow exclusion+ Packet-Mode is covered

Requirements and Solutions+ Traffic data (call-identifying, Intercept Related Information) extraction

+ What is reasonable in packet-mode environment?+ Who is encumbered? Where? How?

+ Trusted Third Party service bureaus as complete independent solution+ Can TTPs by themselves serve as safe harbor+ Relationship to safe harbor standards

+ Safe Harbor standards+ What constitutes safe harbor+ What standards are “deficient”+ Who can produce standards+ How do you deal with evolution of standards; versioning problem

+ Notice as to what’s required+ FBI and international requirements documents

+ Subscriber identity information+ Inherent problem with NGN/IP-enabled services+ NGN Directory service protocols are key

+ Stored traffic data+ Greater problem/cost for carriers than real-time CALEA requirements+ Common global stored data handover interface is key

+ Transnational requirements+ Looming problem for providers; backhauling is not a scaleable solution

+ Enhancing Privacy+ How to enhance privacy in a NGN/IP-enabled services environment

Trusted Third Party Value Propositions

+ Independence is key to trust+ What is a trusted third party+ TTPs can enhance CALEA privacy

+ Has freedom to employ a range of architectures+ Internal, adjunct, external+ Mew unified interfaces

+ Will generally follow safe harbor standards, exceptions+ standards do not exist or are “deficient”+ standards are not incorporated in network elements+ standards versions change

+ Value added services+ Authentication and trust systems+ Legal analysis and verification of orders+ Proof of performance+ Subpoena processing

TTP Models for Broadband Internet Access

Internal

Adjunct

External

Local Access Point Premises

LI Provider Premises

Broadband Service Provider Premises

Broadband Service Provider Premises

LI Provider Premises

Broadband Service Provider Premises

To Law Enforcement

Public Internet

Public Internet

Local Access Point Premises

To Law Enforcement

content

traffic data

control

content

traffic data

control

LI Provider Premises

To Law Enforcement

traffic data + content

control

traffic data + content

control

(Mixture of the above)

TTP Models for Managed/Mediated VoIP Services

Internal

Adjunct

Managed/Mediated VoIP Provider Premises

LI Provider Premises

LI Provider Premises

To Law Enforcement

Public Internet

Public Internet

To Law Enforcement

Managed/Mediated VoIP Provider Premises

External

Broadband Service Provider PremisesLI Provider Premises

To Law Enforcement

content

traffic data

control

content

traffic data

control

(Mixture of the above)

content

traffic data

control

content

traffic data

control

PSTN

PSTN

VoIP LI Standards

+ ETSI (access, multimedia cable, WiFi)+ 3GPP/ETSI (3G)+ IETF (IP generic, SNMP based)+ Cable Labs (voice cable)+ ATIS (VoIP, access)+ TIA (wireless)

Network Mediation

Functionality (MS)

Handover interface

Law Enforcement Monitoring

Facility (LEMF)

IETF Architecture International (ETSI) Architecture Unified Interface Architecture

Compliance Extension Petitions

+ Potential relief under CALEA Secs. 107 and 109+ What is “reasonably achievable”+ USDOJ argues none should be granted+ Lack of standard is not a basis

+ Existing packet-mode extensions+ Most appear “without merit”+ Solutions are available in the marketplace+ No further extensions+ Fold into enforcement and benchmark compliance process+ CALEA carriers face “high burden of proof” for non-compliance

+ Treatment of rural and “underserved” providers+ Benchmark compliance process should be applied

Enforcement

+ FCC use of its own enforcement authority+ Under CALEA [47 USC § 229(a)] and under Communications Act+ Ability to investigate and impose administrative penalties+ Would exist in addition to judicial enforcement

+ CALEA carrier is generally encumbered with obligations+ Reseller may be responsible if involved in provisioning+ WiFi hotspot implementations may have shared responsibility

+ Responsibility remains with CALEA carrier, even if outsourced to Trusted Third Party+ Law allows Trusted Third Parties to assume responsibility and indemnify

the carrier

+ Proof of performance+ Used by FCC over many decades in radio sector+ Self or independent party certification may be considered for CALEA

compliance

Cost and Recovery

+ Distinguish between “CALEA capital costs” and “CALEA intercept costs”

+ U.S. government will not pay for capital or recurring costs, only actual costs for intercepts

+ Providers cannot attempt recovery in interception billings+ Detail billings required

+ Providers can institute line-item billing to subscribers+ Full and complete record is needed in the proceeding

+ Providers can outsource to Trusted Third Parties and recover costs

Effective date

+ 90 days after adoption of rules+ Notice of compliance or benchmark plan required

+ 15-month benchmark compliance process+ Benchmark compliance plan to be filed 90 days after adoption+ Detail steps taken to implement

+ Self-implementation+ Trusted Third Party

+ Detail any additional steps necessary over subsequent 12 months

VeriSign and its NetDiscovery™ Services

+ Largest global provider of “intelligent infrastructure” services+ Billion dollar annual revenues and growing+ Worldwide presence+ Emphasis on own ultra high availability and security platforms+ Multiple interrelated sectors

+ Telecom/wireless content, signalling, and directory infrastructure+ Internet signalling and directory infrastructure+ Telecom and Internet security and financial transaction infrastructure

+ CALEA, Lawful Interception and subpoena processing services+ Started as internal services in 1990s+ Rolled out as NetDiscovery™ service bureau offerings in early 2002 + Operates on national VPN cloud with redundant data centers+ Pushed into IP-services, international in 2003+ Serves as industry leader domestically and internationally + Contact Raj Puri [rpuri@verisign.com; +1.510.469.7874] or VeriSign

carrier sales representative

Compliance Outsourcing – Cost Comparison

+ NetDiscovery Service results in significant accumulative cost savings year over year

+ Provides consistency in policies and procedures+ Provides “future-proof” compliance

Self Deployment Costs• Initial equipment capital expense• Annual equipment maintenance• Dedicated Resources

– Security Operations Staff – Technical Support, LEA Connectivity

Installation Support– Regulatory/Legal Support

Outsourced Lawful Assistance Compliance

• Low Initial Setup/Monthly Fee/ Per Event Fee• VeriSign acts as the agent

VeriSign NetDiscovery vs. Self Deployment

1 2 3 4 5 6 7 8 9 10Year

Co

st (

$)

NetDiscovery Self Deployment