Emergency Services & Regulatory Compliance Internet Telephony Conference & Expo February 5-7, 2003, Miami, FL Cemal T. Dikmen, Ph.D. SS8 Networks General Manager Lawful Intercept Products Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. Agenda 1. CALEA Introduction Electronic Surveillance Model Lawful intercept in VoIP network Data Intercept 2. E.911 Basics of E.911 Routing & IN Functions PSAP Functionality Basic E.911 Architecture Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 2 Communications Assistance for Law Enforcement Act CALEA Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 3 Lawful Interception is … … NOT about listening to people’s private conversations. It is about fighting organized crime and terrorism. It is about protecting the government and the good citizens from organized crime and terrorism. It is about providing the necessary tools to the Law Enforcement to do their job better. Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 4 Market Conditions for Vendors Lawful Intercept is a regulatory mandate in US and in many other countries with complex dynamics Market is mostly well defined and out there Predictable (because it is a mandate with certain timelines) Unpredictable (because of extensions for timelines) Variety of standards and proprietary switch interfaces Lawful Intercept is not revenue generating for the customer Nobody wants to buy anything unless they have to Everybody waits until the last moment Service Providers want to minimize the capital expenditure and the operational cost without sacrificing quality Cost and Quality are the keys to success Products which can reduce the operational cost of lawful intercept shall be the winners Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 5 CALEA Electronic Surveillance Model Telecommunications Service Provider Law Enforcement Agency Court Order Provisioning of Warrant Provisioning Access Function (AF) Intercept Access Point Call Data Events Call Content Proprietary Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. Delivery Function (DF) Call Data Channel Collection Function (CF) Call Content Channel J-STD-025 PacketCable ETSI 6 Lawful Intercept Technology Components Access Function (AF) Network Elements (CO Switches, Routers, Trunking Gateways, Softswitches, CMTS) that provide access to and replication of intercepted traffic. Sniffers and splitters that can passively monitor network traffic Delivery Function (DF) Database of target and warrant information Provisioning interface Proprietary interfaces to AFs Standards based (J-STD-025, ETSI, TIIT, PacketCable) delivery of intercepted traffic to CFs Collection Function (CF) Collects and records lawfully authorized intercepted communications (e.g., call content) and call-identifying information for Law Enforcement Agencies Provides analysis tools to the Law Enforcement Agents Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 7 Lawful Intercept in VoIP Network Service Provider Domain Provisioning of Warrant LI Administration Function Gatekeeper, SIP Proxy, Call Agent Law Enforcement Collection Function DELIVERY FUNCTION Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Call Control Call Control RTP Stream Target Subscriber Aggregation Router Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. Customer Premise IAD Aggregation Router 8 PacketCable Voice Intercept – Edge Routers Service Provider Domain Provisioning of Warrant LI Administration Function Gatekeeper, SIP Proxy, Call Agent Law Enforcement Collection Function Admin CDC CDC DELIVERY FUNCTION Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Call Control COPS Request Call Control Voice Packets RTP Stream Target Subscriber CCC Aggregation Router Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. Customer Premise IAD Aggregation Router 9 PacketCable Voice Intercept – Trunking GW Service Provider Domain Provisioning of Warrant LI Administration Function Gatekeeper, SIP Proxy, Call Agent Admin CDC Call Forward to PSTN CDC XCIPIO SSDF DELIVERY FUNCTION CCC MGCP Target Subscriber Voice Packets Call Control Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Law Enforcement Collection Function Call to Target PSTN Aggregation Router Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. Gateway Forwarded Call 10 Proprietary Solutions – Edge Routers Service Provider Domain Provisioning of Warrant LI Administration Function Gatekeeper, SIP Proxy, Call Agent Law Enforcement Collection Function Admin CDC CDC DELIVERY FUNCTION Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Call Control Proprietary Request Voice Packets Call Control RTP Stream Target Subscriber CCC Aggregation Router Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. Customer Premise IAD Aggregation Router 11 Proprietary Solutions – Trunking GW Service Provider Domain Provisioning of Warrant LI Administration Function Gatekeeper, SIP Proxy, Call Agent Law Enforcement Collection Function Admin CDC Call Forward to PSTN CDC XCIPIO SSDF DELIVERY FUNCTION CCC Proprietary Target Subscriber Voice Packets Call Control Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Call to Target PSTN Aggregation Router Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. Gateway Forwarded Call 12 Data Intercept via Passive Monitoring Service Provider Domain Provisioning of Warrant LI Administration Function Law Enforcement Collection Function AAA Server CDC XCIPIO IADF DELIVERY FUNCTION Provisioning SNIFFER Report New IP Address Assigned CCC Report Intercepted Data DHCP Authenticate SNIFFER Data Stream Target Subscriber Internet Aggregation Router Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 13 Technical Challenges It is extremely difficult to capture call identifying information and call content in some of the call features, specifically for the features implemented within the customer premise IAD. Some of the “FBI Punch List” items are extremely difficult to implement since they involve call features implemented within the customer premise IAD. Dialed Digit Extraction (another Punch List item) is also very difficult to implement. Most of the network elements (Call Agents, Gatekeepers, Trunking Gateways, Aggregation Routers, CMTS, etc.) need to support this feature within the distributed IP environment. Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 14 Emergency Services E.911 Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 15 E.911 Basics E.911 establishes a regulatory framework for delivering emergency services over telephony infrastructure Design and regulations were based on (then) existing circuit- switched infrastructure Packet-based technologies present new challenges within the E.911 framework – particularly as they relate to location Most VoIP deployments currently classify themselves as “secondary line” and “exempt” from E.911 regulations E.911 infrastructure varies widely from large metropolitan areas to small rural locations Metro areas are sophisticated and highly concentrated, operating 24x7 Rural areas are often very distributed, only operative during parts of the day, and can be quickly overloaded in the case of emergencies such as flooding, tornados, etc. Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 16 Two Types of “E.911” Requirements Statutory Requirements Legal framework requiring carriers to provide Emergency Services Includes Lifeline (power from the switch) Includes 911 Services (routing, call camp, force line open, etc). Applies only to Primary Line services and can be waived by consent of the customer DeFacto Requirements If a 911 call is dropped or lifeline not delivered, the carrier will most likely be sued Recent court judgments average around $30 million for successful plaintiffs Applies to secondary and primary line – if the victim can prove he/she did not know this was a secondary line (there is no label on the phone), they will most probably win the case VoIP is subject to DeFacto Emergency services today Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 17 Aspects of E.911 Service Four Elements of an E.911 Service Lifeline: Providing power to the device in the case of power outage Signaling: Call state signaling between the switch and the E.911 trunks to the Public Safety Answering Point (PSAP) Routing and Name Delivery: Looking up calling party name and address and determining optimal PSAP to send the call to (with backup PSAPs in the case primaries are not available) PSAP Processing: Automatic Call Distributor (ACD) -level call queuing and features executed at the PSAP Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 18 Lifeline Phone network does this over twisted pairs Most VoIP solutions are not offering lifeline or are using battery backup Batteries are often larger and more expensive than the IP terminals themselves A battery backup could double as a kitchen table Power over LAN solutions are now available but not widely deployed Lifeline will be provided by either the end-device manufacturer (battery backup) or the IP network through an access router adjunct system Lifeline is currently the most difficult of the emergency services to tackle for IP providers Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 19 Signaling E.911 calls are processed over dedicated trunks from the switch to the PSAPs Most 911 trunks today are still MF-based Spec for SS7 was approved in the early 90s, but never widely deployed In addition to call setup, E.911 trunks must provide one-way call tear down – only the receiving party can release the circuit. Few, if any, Media Gateway manufacturers support MF signaling to the E.911 spec Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 20 Routing and IN Functions Intelligent Network functions are the core of E.911 services When a call is placed to E.911, the users name and location must be retrieved Based on location and factors like time of day, a PSAP route list is invoked Calls are routed to the correct E.911 trunk with delivery of calling party name and address SS8 provides the IN functions for E.911 today (but assumes static location) Location is the big issue for call routing If the IP device can be assumed to reside at a static location, traditional E.911 services are easy to deliver However, this cannot be assumed – the user may take a SIP phone or end device and plug it in to any LAN, register, and make calls Determining the location of the user is an ongoing issue – solutions such as GPS have been proposed, but…. Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 21 PSAP Functionality At each PSAP, the operator has a series of tools to answer, dispatch and resolve an E.911 call PSAP tools are similar to those in a traditional call center, with specific functionality for emergency services Much of this equipment is currently old and difficult to manage ACD functions such as queuing, prioritization, session keep-alive, recording, and forwarding/pooling Currently, PSAPs only take PSTN trunks – eventually this will evolve to complete IP connectivity between the network and the PSAP IP technology will actually improve many PSAPs by incorporating presence, parallel forking, and PC integration Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 22 Elements of E.911 (where functions live) Lifeline End devices (battery) and/or network transmission Signaling Media Gateways supporting MF and E.911 SS7 IN/Routing IN platform vendors such as SS8 PSAP Call Control ACD and PBX providers, including E.911 providers like Entrado and Telcontrol Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 23 A Basic E.911 Network Architecture IP-Enabled PSAP Call Routing, Location Services, Calling Party Name/Address (Overall Network Logic) SIP SERVICE CONTROLER Gatekeeper, SIP Proxy, Call Agent IP Access Network SIP Traditional PSAP Carrier Backbone MGW MF Trunks MGCP/ SIP Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 24 Summary E.911 will become a major requirement for VoIP operators in the near future Legal mandates are being avoided for the moment, but de facto exposure still exists Primary line service is the 2004 goal for most operators Call Routing and Network logic is currently resolved by vendors like SS8, but the issue of location is outstanding Lifeline power services are still evolving MF interfaces to legacy PSAPs Evolution of IP-Enabled PSAPs will streamline delivery and help make PSAPs more efficient Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. 25 Thank You ! ! ! Cemal Dikmen cemal.dikmen@SS8.com Phone: +1.203.925.6185 http://www.ss8.com Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission.