Thursday, December 8, 2016

Communications Assistance for Law Enforcement Act (CALEA)


Starting back in 1994, Congress introduced the Communications Assistance for Law Enforcement Act (CALEA).
In response to concerns that emerging technologies such as digital and wireless communications were making it increasingly difficult for law enforcement agencies to execute authorized surveillance, Congress enacted CALEA on October 25, 1994
CALEA requires a "telecommunications carrier," as defined by the CALEA statute, to ensure that equipment, facilities, or services that allow a customer or subscriber to "originate, terminate, or direct communications," enable law enforcement officials to conduct electronic surveillance pursuant to court order or other lawful authorization. 
CALEA is intended to preserve the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment design and modify their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities as communications network technologies evolve
Communications services utilizing Circuit Mode equipment and facilities, and communications services utilizing packet mode are all subject to CALEA. In May 2006, the FCC issued a Second Report and Order also requiring facilities-based broadband Internet access providers and providers of interconnected Voice over Internet Protocol (VoIP) service to come into compliance with CALEA obligations no later than May 14, 2007.
Direct any questions to the FBI.

Underpinning this is the Assistance Capability Requirements (see end of article for full text).

In summary, under court order, a carrier is obligated to support

  1. Lawful intercept - the ability to tap in and listen to a conversation
  2. Call-Identifying Information (CII) - the switching information from the communication
  3. Decryption of any communications within their domain
  4. On-premesis access for both monitoring equipment and personnel.

Aviation communication service providers have been obligated to comply with CALEA.  Lawful intercept and CCI are required.

Spys and Espionage

The following article brings light to a British exploit that targets in-flight passenger communications.

The article includes a number of fascinating references.  Take note these are from 2006-2010 (as in Blackberry!).

Claims include access to

  1. travel of a target
  2. other persons (devices) on the same flight
  3. cellular device and subscriber registration with selected "aviation" visited location registers (VLR)
  4. not just airplanes - ships and trains are using this technology
  5. Blackberry PIN and associate email addresses
  6. visited web sites
  7. Facebook ID
  8. Skype address
What is not entirely clear is the source of the information - at what point are they tapping?

The story links to the following graphic showing an architecture for mobile telephony.  Not sure what to say about the status on the bottom - the information contained is not a secret.

There are several "choke" points in an airborne service. 
  1. Local Area Network (LAN, Pico Cell)
  2. Air-Ground Network (Satellite)
  3. Mobile Switching Center (MSC)
Typically CALEA would be introduced at the Mobile Switching Center for telephony.  For IP traffic, it would likely be at the edge of the Air-Ground Network.

But the nature of the article suggested that information was being gathered without participation of CALEA, that this was a rogue action not authorized specifically by court order.

The article mentions Inmarsat satellites, and this shows up a few times.  I would profess that the methods appear to be based on listening to the satellite communications themselves.

Back in the early 1990s, while I was at Boeing, we were testing Inmarsat voice terminals for suitability in communicating between pilot and controller.  In the process of testing, we stumbled into a problem where the voice conversation would drop-out for a bit, randomly.  The best method to reveal it was to count 1, 2, 3... and the person on the other end would hear the count but suddenly there would be a gap   ...13, 14...17, 18...

We appealed to the two avionics suppliers and to Inmarsat for resolution, but the issue was elusive and no one was certain where it lied.  

Out of necessity, one of our engineers dreamt up a clever solution to check to see if the problem was unique to one of the avionics suppliers and not the other - or if it was in Inmarsat's domain.  The idea was to set up a ghost terminal with the second supplier, configured with the same identity as the first supplier terminal.  We tricked the ghost terminal into thinking it was logging into a live network, when it was really the first terminal in communication.  We then were able to put up a call and listen in on both terminals at the same time.  We got that working in a couple of days.  
By the way, that problem turned out to be the levels between the Public Switched Telephone Network (PSTN) at each Inmarsat Ground Earth Station (GES).   Dick Smith had to personally trek to each station for the calibration procedure over the course of the next year. 
Inmarsat L-band voice services classically used a circuit-switched channel for each voice call.  The dedicated C-Channel includes a signaling sub-channel.  The typical method of using Inmarsat classic L-band for a GSM picocell service utilizes the sub-channel to pass necessary GSM registration and signaling to facilitate the initial log in, as well for any call attempts.

That was then, this is now.

Inmarsat has evolved two generations since the classic days with SwiftBroadband (SBB).  SBB is a packet network capable of committed information rate (CIR) services including voice-over-IP (VOIP).  The methods for interfacing and communication these call attempts are now pressed into the IP fabric and not held up on a platter along the C-subchannel signaling path.

At this time, many airlines are still flying around with classic setups, but the clock is ticking and the motivations are great to upgrade to SBB.  

I have confidence that we have the means to encrypt the networks that facilitate airplane communications, whether passengers, pilot, or aircraft system.  

The marketplace moves slowly, and the laggards are leaving the doors open.

Stay tuned!

Peter Lemme
peter @

Follow me on twitter: @Satcom_Guru

Copyright 2016     All Rights Reserved

Peter Lemme has been a leader in avionics engineering for 35 years. He offers independent consulting services largely focused on avionics and L, Ku, and Ka band satellite communications to aircraft. Peter chairs the SAE-ITC AEEC Ku/Ka-band satcom subcommittee developing PP848, ARINC 791, and PP792 standards and characteristics. 

Peter was Boeing avionics supervisor for 767 and 747-400 data link recording, data link reporting, and satellite communications. He was an FAA designated engineering representative (DER) for ACARS, satellite communications, DFDAU, DFDR, ACMS and printers. Peter was lead engineer for Thrust Management System (757, 767, 747-400), also supervisor for satellite communications for 777, and was manager of terminal-area projects (GLS, MLS, enhanced vision).

An instrument-rated private pilot, single engine land and sea, Peter has enjoyed perspectives from both operating and designing airplanes.  Hundreds of hours of flight test analysis and thousands of hours in simulators have given him an appreciation for the many aspects that drive aviation; whether tandem complexity, policy, human, or technical; and the difficulties and challenges to achieving success. 

U.S. Code › Title 47 › Chapter 9 › Subchapter I › § 1002 - Assistance capability requirements
(a) Capability requirementsExcept as provided in subsections (b), (c), and (d) of this section and sections 1007(a) and 1008(b) and (d) of this title, a telecommunications carrier shall ensure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable of— 
(1) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities, or services of a subscriber of such carrier concurrently with their transmission to or from the subscriber’s equipment, facility, or service, or at such later time as may be acceptable to the government; 
(2) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to access call-identifying information that is reasonably available to the carrier— 
(A) before, during, or immediately after the transmission of a wire or electronic communication (or at such later time as may be acceptable to the government); and 
(B) in a manner that allows it to be associated with the communication to which it pertains, except that, with regard to information acquired solely pursuant to the authority for pen registers and trap and trace devices (as defined in section 3127 of title 18), such call-identifying information shall not include any information that may disclose the physical location of the subscriber (except to the extent that the location may be determined from the telephone number); 
(3) delivering intercepted communications and call-identifying information to the government, pursuant to a court order or other lawful authorization, in a format such that they may be transmitted by means of equipment, facilities, or services procured by the government to a location other than the premises of the carrier; and 
(4) facilitating authorized communications interceptions and access to call-identifying information unobtrusively and with a minimum of interference with any subscriber’s telecommunications service and in a manner that protects— 
(A) the privacy and security of communications and call-identifying information not authorized to be intercepted; and 
(B) information regarding the government’s interception of communications and access to call-identifying information
(b) Limitations 
(1) Design of features and systems configurationsThis subchapter does not authorize any law enforcement agency or officer— 
(A) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services; or 
(B) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services. 
(2)Information services; private networks and interconnection services and facilitiesThe requirements of subsection (a) do not apply to— 
(A) information services; or 
(B) equipment, facilities, or services that support the transport or switching of communications for private networks or for the sole purpose of interconnecting telecommunications carriers. 
(3) Encryption 
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication. 
(c) Emergency or exigent circumstances 
In emergency or exigent circumstances (including those described in sections 2518(7) or (11)(b) and 3125 of title 18 and section 1805(e) of title 50), a carrier at its discretion may comply with subsection (a)(3) by allowing monitoring at its premises if that is the only means of accomplishing the interception or access. 
(d) Mobile service assistance requirements 
A telecommunications carrier that is a provider of commercial mobile service (as defined in section 332(d) of this title) offering a feature or service that allows subscribers to redirect, hand off, or assign their wire or electronic communications to another service area or another service provider or to utilize facilities in another service area or of another service provider shall ensure that, when the carrier that had been providing assistance for the interception of wire or electronic communications or access to call-identifying information pursuant to a court order or lawful authorization no longer has access to the content of such communications or call-identifying information within the service area in which interception has been occurring as a result of the subscriber’s use of such a feature or service, information is made available to the government (before, during, or immediately after the transfer of such communications) identifying the provider of a wire or electronic communication service that has acquired access to the communications.

No comments:

Post a Comment