Using of Wiretap in Law Enforcement - Research Paper Example

Wiretaps 0. Introduction The national security and law enforcement agencies use telephone wiretap and the dialed number recording systems in collecting the investigative legal and intelligence evidence. These systems are prone to unilateral and simple countermeasures that permits wiretap targets to prevent call audio from inaccurate dialed digits or recordings. Protection of the rights of citizens in the fourth amendment as well as ensuring that the government conducts just search and seizure is very challenging. The countermeasures exploit unprotected in-band signals between the collection system and telephone network, and they are effective in preventing wiretapping technologies used by the US law enforcement (Docket, 2002). The interception systems in voice telephone facilitate collection of the wiretap evidence. Wiretapping refers to unauthorized listening to an electronic communication through telephone, computer, and other devices. This is achieved through attaching taps and recording or listening equipment to communication wires. Wiretapping may also refer to wireless communication; eavesdropping (Cronin, Sherr, & Blaze, 2005). Wiretap is used as a tool in law enforcement by many governments, like in corporate espionage, to access privileged information. Wiretapping can be controlled by the laws designed to protect the privacy rights. The US has formulated laws that regulate wiretapping. Federation Communication Act, 1934, outlines that divulgence of information without the sender’s consent procured through interception of the messages is a crime. However, some states allow wiretapping when there is consent by the state judge (Cronin, Sherr, & Blaze, 2005). Wiretapping is considered a controversy by many opponents who believe that the right to privacy is absolutely guaranteed by the US constitution which outlaws any unreasonable seizures and search of individuals in their homes, papers, or any other related effects. Some people believe that the Supreme Court in United States holds on wiretapping not being a search and seizure, and is permissible based on the constitution. Other officers in law enforcement justify wiretapping because they use it as evidence for serious crimes like treason, organized vice and kidnapping. The Supreme Court in US outlawed eavesdropping on electronic communication unless through the court consent. The Crime Control Act in United States authorized employment of the court-authorized wiretaps at periods of 30 days with renewals at court’s discretion. Nevertheless, the people monitored through wiretapping were supposed to be informed later by the authorities (Siemens, 2002). 1.2. Wiretapping and the United States Law There are two broad categories of wiretapping authorized by the enforcement agencies in United States Law under FISA (8) and Title (7). These are the federal laws that govern the electronic surveillance of national security and criminal investigations. In the first category, there is the Pen Register or the Dialed Number Recorder (DNR) which records outgoing signaling information and the digits dialed, but they do not record the calls’ audio. The DNR taps allow for ‘traffic analyses but not the content of the call, or the identity of the speaker. They require modest judicial scrutiny in order to be authorized. Other relate investigative techniques include the ‘trap and trace’ that provide analogous information on incoming calls (Kampmeier, Smith, & Smith, 2004). The Full Audio Interception, also FISA or Title III, forms the second category. It records both the both signaling and dialed digits and the authentic call content. The legal authorization for the complete audio interception involves a high level of proof and judicial scrutiny. Full Audio Interception is labor intensive and very expensive for law enforcement agencies than the DNR taps since they require the investigators to monitor it continuously (Division, 2005). Despite of the wide variation between the two types of legal wiretaps, same equipment can be used in investigations in both cases. Nevertheless, audio capturing features are normally disabled in DNR taps. The two common wiretapping technologies used by law-enforcement agencies are CALEA and Loop Extender taps. 1.3. Wiretapping Technology The evidence of communication is not based exclusively on wiretap interceptions since some investigations involved examination of telephone billing and accounting data by the carrier. Occasionally, the law agencies subpoena the telephone records as evidence. These are not interceptions because of their retrospective nature of reporting past the telephone activity, and are therefore not appropriate for future activity. The full audio and DNR are prospective in nature since it occurs after installation or is real time. The real time interception can be used to collect full audio or signaling data. Some configurations of Full Audio and DNR taps include the loop extenders and CALEA taps (Prieur, 2002). 1.3.1. Loop Extender Taps These are the oldest and the most basic wiretap technology. They entail direct electrical connection between the telephone line of the subject and terminating line of the law enforcement agency. The connections can be installed at any point along the ‘local loop’ of the subject and do not require special hardware for the interceptions to allow splice in wires back to the facilities of the law enforcement agencies. The dialup slave or loop extender ensures level equalization and proper isolation of the intercepted content at the splice point by sending any audios to the law enforcement line from the subject’s line. The device re-encodes the signals and executes the level equalization. The DNR equipment located at the law enforcement agency will record the voice content and decode the call activity signals and the dialed digits when the full audio interception is configured. A voice grade telephone line is used in tapping a line with the loop extender, and it is controlled by the law enforcement agency. The loop extenders intercept only the telephone lines and have been thus supplanted by the CALEA systems (Shankar & Paxson, 2003). 1.3.2. CALEA Taps This was designed to comply with Communication Assistance for Law Enforcement Act which mandates standardized interface between the service providers and the agencies performing the wiretap. CALEA taps involves decoding of the signaling information by the telephone company after authorization of the full audio intercept. This separates the call audio into its channel. The law enforcement agency will connect to the telephone company using standardized interface, usually defined in the J-STD-025A (27). The call audio and signaling information are sent to the separate channels in the law enforcement. The J-STD-025A compliant interception and switches are applicable to other countries apart from United States, but CALEA applies only in US (Lynne & Mohammed, 2004). The law enforcement agency performing the interceptions of J-STD-025A leases the telephone line(s) between the facilities of the agency and the telephone switch of the target subject. The first line carries Call Data Channel, CDC which reports the signaling data that is integrated with the other lines that are monitored at that switch by the agency. The additional line in law enforcement agency will carry the Call Content Channels, CCCs which contain the live audio of the monitored lines. CDC can carry the call data in more than one tap while a CCC can carry a single call audio at a time, or more than one audio for the different subjects (Addicott, 2008). According to the J-STD-025A standards, messages sent over the CDC and the CCC channels should follow certain specifications. The simplest arrangement for CDC and CCC is through the standard analog telephone line, POTS, or the bearer channels of 56Kbps ISDN. Nevertheless, CDC and CCC can be delivered over secure VPN with the IP packets. After provisioning of the CDC or CCC between the law enforcement agency and switch, the installation of the tap on the new line requires configuration of the delivery system of CALEA at the switch in order to report the activity on the target line (Burstein, 2006). 1.4. Wiretap Threat Models The effectiveness of eavesdropping should be examined based on the detection in network intrusion of the digital work (Caproni, 2007). 1.4.1. Detection Detection is considered as the most prominent threat against eavesdropping. Wiretap systems which depend on the direct metallic connections to the local loop are highly susceptible to detection. A tapping device installed at the subject’s premises may be noticed during the physical inspections. Based on circuitry used, any tap which changes transmission characteristics in the line can be discovered electronically. Taps can also be exposed by Telephone Company’s penetration to an information system or facility. The loop extenders have high impedance circuitry and innocuous physical appearance hence not easy to detect. The J-STD-025A requirements outline that monitoring using switch-based CALEA should not be detected by the subject. This maintains the security of the interceptions. The standards do not however prescribe the specific security mechanisms, hence no special authentication or protection for the CDC and CCC links (Prieur, 2002). 1.4.2. Encryption and Obfuscation of the Content The modern cryptosystems and cryptographic technologies are used to counteract eavesdropping. The voice encryption is rarely used in wiretapping and the digital voice encryptions are unavailable in the market. The end-to-end encryptions protect the content only and fail to protect other signaling and the dialed numbers (Prieur, 2002). 1.4.3. Denial of Service This prevents collection of the content of the subject call on systems with CCCs that are dynamically assigned. It takes advantage of the voice channels that are unbounded during call forwarding by the subject. The correspondents of the target flood the monitored line using unrelated calls forwarded from elsewhere. Every additional call is given its own CCC to ensure that no any CCC is open for controlling significant calls. The J-STD-025A addresses the capabilities the motivation of the CALEA using the new services, like call forwarding, that was not considered in development of original CALEA interfaces (Prieur, 2002). 1.4.4. Evasion, Confusion and the Dilemma of the Eavesdropper This acts as a major trade-off in some interception architectures. Evasions results when the target prevents the legitimate traffic reaching the interception system and confusion occurs after the spurious traffic is directed at it. Depending on the susceptibility of the system to countermeasures, fidelity of intercepted traffic maybe arbitrary degraded by the target or the third party. Many eavesdropping systems defend against confusion or evasion at the expense of exposure to the other. This results to the dilemma of the eavesdropper. Interception system is prone to eavesdropper’s dilemma when the information at low layers of the protocol stack is destroyed (Prieur, 2002). 2.0. Signaling Countermeasures against the loop Extenders The loop extenders heavily rely on in-band signaling. This architecture increases their vulnerability to target manipulation. The countermeasures against systems using loop extenders include the dialed digit spoofing, incoming call-number ID spoofing, and line status and record suppression spoofing (Dinger, 2005). 2.1. The Dialed Digit Spoofing The loop extenders are weak when decoding the audio signals and dialed digits. The number signals on the telephone lines are transmitted in analog form. The Dual-Tone Multi-Frequency, DTMF is the most common dialing system whose signals are converted and decoded to digital form. The DTMF signals have two audio frequency tone; low tone for the horizontal rows, and high tone for the columns. This technique of combined dialing masks the actual dialed number eve after evasion or confusion succeeds (Chemerinsky, 2004). 2.2. Incoming calling number ID (CNID) Caller ID feature is optional and is offered by the local exchange careers. This allows the subscriber screen the incoming calls. When the CNID service is enabled, central office will transmit the telephone number of the caller and the name of the account. The information on the CNID is thereafter relayed through in-band signaling between first and second ring signals. The CNID service in a wiretap device can record and decode the source of incoming calls. The evasion in CNID is impossible but the transmission can be confused by injecting the counterfeit signals in the line. This is prevented by replaying periodically the audio signal of forged CNID, and the wiretap will tap forged signals instead of legitimate CNID transmission (Chemerinsky, 2004). 2.3. Line Status Spoofing and the Recording Suppression The loop extenders involve sending all signaling data and audio to the law enforcement agency using a single channel using analog voice band. Call progress and signaling data for the line status must be sent through the same channel carrying the target audio. The call processing signals must be collected by an intercept collection system. These signals pass through a dialup slave and the hardware in the law enforcement agency can decode it completely. The signals can be relayed back in the same form and encoded as unique audio tones that are superimposed on friendly audio line and decoded by the law enforcement agency (Chemerinsky, 2004). 3.0. Signaling Countermeasures against J-STD-025A CALEA Taps The J-STD-025A CALEA interface effectively neutralizes the countermeasures of in-band signaling and allow DTMF tones be decoded at the switch. Reported signals are obtained from the call processing system of the telephone company. Some implementations of CALEA do not achieve the degree of robustness that the architecture should allow. Most configurations of CALEA are reliable than loop extenders regarding the susceptibility to evasion and confusion dialing. Nevertheless, CALEA and J-STD-025A only specify the standard interface between Telephone Company and the law enforcement so as not to assume specific implementation of the interfaces. Most telephone switches that comply with CALEA can report decoded digits which are true and are processed by the switch for processing of the call. Recording suppression through the in-band signal; continuity tone, is a major vulnerability of the CALEA implementations. The configurations which process the signal are prone to the same countermeasures of content evasion that can be applied against the systems in loop extender (Casey, 2008). 3.1. Suppression Recording in CALEA Implementations Though the standards in J-STD-025A enhance the elimination of in-band signaling countermeasures through the provision of call content to the law enforcement, the actual implementation may blur the distinction. DTMG-C tone signals are particularly used by the CALEA implementations to demonstrate that call content channel, CCC, is idle, and the signal also indicates the line status of the loop extender systems. The C-tone is processed by the collection systems of the CALEA CCC in a similar way as a signal in order to disable the equipment used in recording (Casey, 2008). This is enhanced by demand for backward compatibility of the loop extender collection system. The law enforcement agencies and the telephone companies construct a variety of the architectures of CALEA collection systems. The CCC and CDC may be conveyed directly to the agencies using separate telephone lines or can be delivered through an IP VPN. The design of CALEA collection system is such that it can accept the CCC and CDC channels directly or adapt the recording system of the legacy loop extender (Dinger, 2005). The justice department and the FBI requested for the inclusion of idle CCC channels in features of the CALEA to improve original specification of J-STD-025A. The C-tone on CCC is specified in product literature as a means of controlling the audio recording equipment in the collection system (Casey, 2008). C-tone supervision allow unilateral disabling of the content recording by sending continuous C-tone at a high amplitude that triggers the suppression mechanism used in recording and low amplitude that allow intelligible conversation. The target should not know the type of the tap used; CALEA or loop extender. This is achieved by using the same tone to suppress the recording. The C-tone supervisions are not supported in all CALEA implementations. However, C-tones are common among the present CALEA systems that use ISDN or the analog channels for the CALEA products and CCC delivery that is designed for the legacy collection equipment output (Casey, 2008). Conclusion Making robust extender interception systems in conventional analog loop is difficult due to the countermeasures in the design constraints. These include the vulnerability to the dialed digit evasion and confusion. State spoofing is caused by inherent properties of the design and architecture. The audio recording by the dialing signals can provide limited opportunities for the subsequent analysis of evaded or confused dialed digits, though the legal constraints preclude agencies from making recordings on the DNR taps. On the other hand, the robustness of the CALEA systems can be increased with minor changes in configuration. The equipment in law enforcement that is used in processing CCC must be configured to avoid shutting off in the presence of C-tone in the channel. Rather, such a system should rely on CDC to determine the recording time. The enforcement agencies must confirm the behavior of the CALEA systems with their vendors. The wiretap evidence collected by CALEA system or loop extender should be examined for any signaling countermeasures signs. Records of call times and dialed numbers must be evaluated for any discrepancies against the records in the call details of a telephone company. Performance of this reconciliation should be as soon as the records are available. The J-STD-025A and the rest of interception practices and standards should be examined critically against any countermeasures. The systematic search for the vulnerabilities in the threat model for the countermeasures that are subject-initiated is not considered in the development process in J-STD-025A standards or other systems that implements it. With the increased standardization and homogeneity of wiretap systems, consequences resulting from the vulnerabilities become more severe. Weak J-STD-025A systems degrade the ability of the law enforcement in conducting wiretaps on advanced mobile and digital systems envisioned by the CALEA. The J-STD-025A standardizes delivery of the intercepted content to in law enforcement from several communication services. Therefore, any countermeasure against such systems threatens the access of law enforcement to the whole spectrum of the intercepted communications. The community in law enforcement should articulate and develop assurance requirements for the interception systems to measure the existing and future technologies and standards. Only the electronic service providers, telecommunication carriers, and other service providers in communication should claim protection from wiretapping as authorized 11th and 17th January, 2007. Groups which are entitled to claim protection under other grounds include any custodian directed or ordered to offer assistance. The certification of the attorney general is binding when supported by evidence. However, the court should consider the challenges and any supporting evidence, and should assert that the disclosure harms the national security. Cases on wiretapping filed in state court should be moved to federal courts. References Addicott, M. (2008). The Protect America Act of 2007: . A Framework for Improving Intelligence Collection in the War on Terror (13). Texas Review on laws and Politics . Burstein, H. (2006). Amending the ECPA to Enable a Culture of Cuybersecurity Research. Harvard. Caproni, A. (2007). Surveillance and Transparency (11). Lewis and Clark Law review. Casey, G. (2008). Electronic Surveillance and the Right to Be Secure (41) UC DAVIS LAW REVIEW 977 . Chemerinsky, L. (2004). Losing Liberties: Applying a Foreign Intelligence Model to Domestic Law Enforcement (51) UCLA LAW REVIEW 1619. Cronin, E., Sherr, M., & Blaze, M. (2005). The eavesdropper’s dilemma. Pennsylvania: Technical Report MS-CIS-05-24. Dinger, F. (2005). Should Parents Be Allowed to Record a Child’s Telephone Conversations When TheyBelieve the Child Is in Danger?: A Examination of the Federal Wiretap Statute and the Doctrine of Vicarious Consent in the Context of a Criminal Prosecution. Seatttle University Press. Division, G. A. (2005). Office of the Inspector General Audit Division. Federal Bureau of Investigation’s foreign language translation program follow-up. U.S: Audit Report 05-33 .U.S. Department of Justice. Docket, C. (2002). Communications Assistance for Law Enforcement Act. Order on remand . Federal Communication Commission , 97-213. Kampmeier, E., Smith, D., & Smith, M. (2004). Utilization of communication channels between a central office switch and a law enforcement agency. Patent No.6, 728, 338, U.S. Patent and Trademark Office. U.S. Lynne, S., & Mohammed, Y. (2004). Trialtranscripts, United States District Court, Southern District of New York. Testimony of Special Agent Michael Elliot , 7392-99. Prieur, L. (2002). Automatic monitoring service for telecommunications networks. Patent No.6, 470, 075, U.S. Patent and Trademark Office. Shankar, U., & Paxson, V. (2003). Active mapping :Resisting NIDS evasion without altering traffic. In Proc. of the 2003. IEEE Symposium on Security and Privacy , 44-61. Siemens. (2002). EWSD Product Line Management. EWSD integrated CALEA with dial-out capability. Bulletin 02PB-CALEA 01. Read More