--[ 4 - Introduction to Lawfully Authorized Electronic Surveillance (LAES)

           by Mystic <mystic@lostways.net>

In 1994 Congress adopted the Communications Assistance for Law Enforcement
Act (CALEA). It's intent was to preserve but not expand the wiretapping
capabilities of law enforcement agencies by requiring telecommunication
providers to utilize systems that would allow government agencies a basic
level of access for the purpose of surveillance. The act however does not
only preserve the already existing capabilities of law enforcement to tap
communications, it enhances them, allowing the government to collect
information about wireless callers, tap wireless content, text messing, and
packet communications. The standard that resulted from this legislation is
called Lawfully Authorized Electronic Surveillance or LAES.


A Telecommunications Service Provider (TSP) that is CALEA compliant
provides means to access the fallowing services and information to Law
Enforcement Agencies (LEAs):

1. Non-call associated: Information about the intercept subjects that is
   not necessarily related to a call.

2. Call associated: call-identifying information about calls involving the
   intercept subjects.

3. Call associated and Non-call associated signaling information: Signaling
   information initiated by the subject or the network

4. Content surveillance: the ability to monitor the subjects'
   communications. 

This process is called the intercept function. The intercept function is
made up of 5 separate functions: access, delivery, collection, service
provider administration, and law enforcement administration.    


----[ 4.1  The Access Function (AF)


    The AF consists of one or more Intercept Access Points (IAPs) that
isolate the subject's communications or call-identifying information
unobtrusively. There are several different IAPs that can be utilized in
the intercept function. I have separated them into Call Associated and
Non-call Associated information IAPs and Content Surveillance IAPs:

Call Associated and Non-call Associated information IAPs
--------------------------------------------------------

- Serving System IAP (SSIAP): gives non-call associated information.

- Call-Identifying Information IAP (IDIAP): gives call associated
  information and in the form of the fallowing call events for basic
  circuit calls:

  Answer      - A party has answered a call attempt
  Change      - The identity or identities of a call has changed
  Origination - The system has routed a call dialed by the subject or the
                system has translated a number for the subject
  Redirection - A call has been redirected (e.g., forwarded,
                diverted, or deflected)
  Release     - The facilities for the entire call have
	        been released TerminationAttempt - A call attempt to an
	        intercept subject has been detected

- Intercept Subject Signaling IAP (ISSIAP): provides access to
  subject-initiated dialing and signaling information. This includes if the
  intercept subject uses call forwarding, call waiting, call hold, or
  three-way calling. It also gives the LEA the ability to receive the
  digits dialed by the subject.

- Network Signaling IAP (NSIAP): Allows the LEA to be informed about
  network messages that are sent to the intercept subject. These messages
  include busy, reorder, ringing, alerting, message waiting tone or visual
  indication, call waiting, calling or redirection name/number information,
  and displayed text.

Content Surveillance IAPs
-------------------------

   The fallowing are content surveillance IAPs that transmit content using
a CCC or CDC. An interesting note about content surveillance is that
TSPs are not responsible for decrypting information that is encrypted by
the intercept subject unless the data was encrypted by the TSP and the
TSP has the means to decrypt it. 

- Circuit IAP (CIAP): accesses call content of circuit-mode communications. 

- Conference Circuit IAP (CCIAP): Provides access to the content of
  subject-initiated Conference Call services such as three-way calling and
  multi-way calling.

- Packet Data IAP (PDIAP): Provides access to data packets sent or received
  by the intercept subject.
  
 These include the fallowing services:

 ISDN user-to-user signaling
 ISND D-channel X.25 packet services
 Short Message Services (SMS) for cellular and Personal Communication Services
 Wireless packet-mode data services (e.g., Cellular Digital Packet Data
        (CDPD), CDMA,  TDMA, PCS1900, or GSM-based packet-mode data  services)
 X.25 services
 TCP/IP services
 Paging (one-way or two-way)
 Packet-mode data services using traffic channels

----[ 4.2  The Delivery Function (DF)

   The DF is responsible for delivering intercepted communications to one
or more Collection Functions. This is done over two distinct types of
channels: Call Content Channels (CCCs) and Call Data Channels (CDCs).
The CCCs are generally used to transport call content such as voice or
data communications. CCCs are either "combined" meaning that they carry
transmit and receive paths on the same channel, or "separated" meaning
that transmit and receive paths are carried on separate channels. The
CDCs are generally used to transport messages which report
which is text based such as Short Message Service (SMS). Information
over CDCs is transmitted using a protocol called the Lawfully Authorized
Electronic Surveillance Protocol (LAESP).

----[ 4.3  The Collection Function (CF)

   The CF is responsible for collecting and analyzing intercepted
communications and call-identifying information and is the
responsibility of the LEA.

----[ 4.4  The Service Provider Administration Function (SPAF)

   The SPAF is responsible for controlling the TSP's Access and Delivery Functions.

----[ 4.5  The Law Enforcement Administration Function (LEAF)

   The LEAF is responsible for controlling the LEA's Collection Function
and is the responsibility of the LEA.

   Now that I've introduced you to LAES lets look at an implementation of
it that is on the market right now and is being used by some TSPs:

Overview of the CALEAserver:

   The CALEAserver is manufactured by SS8 Networks. It is a collection and
delivery system for call information and content. It allows existing
networks to become completely CALEA compliant. It allows for a LEA to
monitor wireless and wire line communications and gather information about
the calls remotely. The CALEAserver interfaces with the network through
Signaling System 7 (SS7) which is an extension of the Public Switched
Telephone Network (PSTN). The CALEAserver is composed of three major
layers: the Hardware Platform Layer, the Network Platform Layer and the
Application Software Layer.

    The Hardware Platform Layer consists of the Switching Matrix and the
Computing Platform. The Switching Matrix is an industry standard
programmable switch. It contains T1 cards for voice transmission and cross
connect between switches, DSP cards for the conference circuits required
for the intercept and DTMF reception/generation, and CPU cards for
management of the switch. The Computing Platform is a simplex, rack
mounted, UNIX based machine. It is used to run the CALEAserver application
software that provides Delivery Function capabilities and controls the
Switching Matrix.

   The Network Platform Layer provides SS7 capability, as well as, call
processing APIs for the Application Software Layer. It also controls the
Switching Matrix.

   The Application Software Layer is where the Delivery and Service Provider
Administration functions are carried out. It isolates the interfaces
towards the Access and Collection Functions from the main delivery
functionality allowing for multiple Access and Collection Functions through
the Interface Modules that can be added or modified without impacting the
existing functionality.

System Capacity:

Configurable for up to: 

1000 Collection functions 
128 Access Function Interfaces 
32 SS7 links 
512 simultaneous call content intercepts on a single call basis 
64 T1 voice facilities 

Operating Environment: 

NEBS compliant, -48 volt, 19" rack mounted equipment 
Next-generation UltraSPARC processor 
66-MHz PCIbus 
Solaris UNIX operating system 
9Gbyte, 40-MB/sec SCSI disks 
512 Mbytes RAM standard 
Ethernet/Fast Ethernet, 10-BaseT and 100-BaseT 
Two RS-232C/RS-423 serial ports 
Programmable, scalable switch with up to 4000 port time slot interchange

Features: 

Built in test tools for remote testing 
Full SS7 management system 
Alarm reporting and Error logging 
Automatic software fault recovery 
Automatic or manual disk backup 
SNMP support 
Optional support for X.25 and other collection function interfaces 
ITU standard MML and Java based GUI support 
Support of both circuit-switched and packet-switched networks 
Optional support for other access function interfaces as required for
         CALEA compliance, including: 
 *HLR (Home Location Register) 
 *VMS (Voice Mail System) 
 *SMS (Short Message System) 
 *CDPD wireless data 
 *Authentication Center 
 *Remote access provisioning 


   This concludes the introduction to LAES. This being only an introduction,
I've left out allot of details like protocol information. However, if you
are interested it learning more about LAES I would suggest reading the TIA
standard J-STD-025A. I hope you learned a little bit more about the
surveillance capabilities of LEAs. If you have any questions feel free to
contact me. Email address: see above.