On Fri, 18 Jun 2004, Stephen Sprunk wrote:
Tapping a SONET or Ethernet link isn't tough, and real-time decoding of packets up to OC12 speeds was doable on COTS PCs several years ago. One US telco built such software specifically to comply with CALEA when the FBI inevitably woke up; it could reassemble selected RTP streams (in real time) and even play them on a POTS line running to an FBI monitoring post. I'd assume that OC48/GE isn't much of a stretch today and that OC192/10GE is feasible with the FBI's funding levels. It'd certainly be easier to tap
Thus spake "Christopher L. Morrow" <christopher.morrow@mci.com> the
customer's access line, but typical DSL/Cable gear may not have such provisions...
The real trouble with this scenario is the required truck roll and outage on the link toward the customer... This gets expensive if you have to roll to 10-20/month all over your domestic network. Today that is accomplished on the phone side with builtin 'stuff' on the phone switches (as I recall being told by some phone people) without a truck roll and without much hassle. :(
That built-in "stuff" is possible with IP gear as well; the switches in your remote POP should support port mirroring, and many sniffers have the ability to filter and forward collected data in real time to another site for analysis. It's a pretty crude way of doing it, but it eliminates a truck roll if that's your priority, and there's no outage. Tapping entire SONET or Tx circuits is also possible without an outage, but you need to have a couple loops (of the correct size) somewhere to point the tap at and specialized software to extract the packets.
Figuring out the difference between all the forms of 'VOIP' communications will be a headache for the govies and lawyers... just look at the minor inconveniences of CARNIVORE, eh?
It'll get even more "interesting" when VoIP carriers roll out encryption for signalling and media; pen registers will still be possible, but a tap will be completely useless.
One thing is very clear, however; if the industry doesn't come up with a working solution first, we will certainly have something unworkable shoved down our throats by Congress, the FCC, and the FBI.
Sure, but to date we are still awaiting good/complete requirements from the gov't so it's a little tough to determine what is 'required' in a solution such that data can be tapped and then appear in court in some form which is unimpeachable.
Congress is going down the route of legislating implementation instead of legislating the requirements and leaving it to the FCC or industry to find possible implementations. Unfortunately the industry is collectively sticking their heads in the sand, and the FCC is loathe to comment on anything they don't have the authority to regulate. Without input to counter the FBI, how is Congress supposed to pass anything reasonable? As they say, the road to hell is paved with good intentions. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov