February 2015 Newsletter
Top of the News
Subsentio Launches Safe Harbor MediatorTM, Sonus Integration — and New Customer!
It’s not every day you see a trifecta that makes everybody a winner, but Subsentio has done just that with our launch of the Subsentio Safe Harbor MediatorTM, an exciting new entry to the lawful intercept market that benefits customers, law enforcement, and public safety alike.
Subsentio, the CALEA Compliance Companysm, is proud to announce this exciting new product, its integration with leading softswitch and SBC (session border controller) innovator Sonus — and our first customer who will be using the Safe Harbor Mediator on their Sonus platform. The customer is a large national VoIP provider based in Chicago.
As the former “telecom” industry races toward an all-IP environment — where communications are now thought of as “sessions” instead of phone calls — we think it’s fitting that the Subsentio Safe Harbor Mediator debuts with one of the nation’s foremost providers of session border controllers. This version of the Subsentio Safe Harbor Mediator is expressly designed for Sonus and IP “sessions” such as VoIP calls.
Any VoIP provider that uses Sonus can choose the Subsentio Safe Harbor Mediator, knowing that Subsentio has successfully tested with Sonus network equipment, demonstrating flawless integration. Sonus customers now can immediately benefit from the Subsentio CALEA Service Bureausm, our unique end-to-end service that provides best-in-class technology, legal expertise, and hands-on experience in law enforcement liaison.
Reaching a Broad Market
The new Subsentio Safe Harbor Mediator is our venture into providing a branded mediation device designed to meet the demanding specifications of our diverse and growing customer base. As a mediation device, the Subsentio Safe Harbor Mediator is an “active” solution that connects directly to a customer’s network appliances.
And it doesn’t end with VoIP. The new mediation device offers customers of all types — wireless, wireline, broadband and cable — an exciting option that meets their needs for peerless innovation in lawful intercept technology at an affordable price.
Among the benefits for any and all CSPs, the Subsentio Safe Harbor Mediator is:
- Powerful: Able to identify and intercept multiple target assignments
- Flexible: Integrates into various sized networks
- Low Cost: Half the price of the competitors’ platforms
- Installation: Easy and quick to install.
- Adaptable: Resides at a central point within the customer network
- Standards: Supports all standards
- Efficient: Integrated provisioning requires no separate mediation system
- Streamlined: Integrated VPN reduces installation complexity
“Active” or “Passive Solutions, ”Subsentio is on the March
The Subsentio Safe Harbor Mediator is the company’s fourth new product in just 24 months, an incredible pace of innovation in the lawful intercept arena or any technology market.
During this time we have debuted industry leading “passive” surveillance equipment including the Subsentio Safe Harbor 1GB Probe, the Subsentio Safe Harbor Probe for LTE, and the Subsentio Safe Harbor 10 GB Probe. The new “active” Subsentio Safe Harbor Mediator is the latest member of our rapidly expanding product portfolio.
“As the nation’s CALEA Compliance Company, Subsentio is dedicated to putting our customers’ interests first by providing the full range of technologies that meet their requirements,” said Martin McDermott, EVP Marketing and Customer Care. “With the Subsentio Safe Harbor Mediator we can now meet the needs not only of Sonus customers, but any service provider with a large, complex network — and eye to achieving greater efficiency and savings.”
CALEA Insurance, Workman’s Comp for Lawful Intercept Compliance
By Steve Bock, President
At the end of the year, I was reviewing our business insurance policies: Healthcare, key man, regular life insurance, workman’s comp, property, accident, indemnification, etc. There are a bunch of policies and the premiums are accordingly significant. But, I wouldn’t consider being in business without the protection they afford. It got me thinking.
Why do so many communications service providers (CSP’s) risk FCC and court imposed penalties for their lack of being CALEA compliant? More importantly, why do these carriers put the public at risk? They wouldn’t violate fire ordnances in their data centers or ignore E911 service. However, with CALEA many carriers and ISP hosted service providers totally ignore the CALEA mandate betting that they won’t receive a court order for lawful intercept.
Subsentio didn’t become the CALEA Compliance Company overnight. We’ve been providing lawful intercept services since 2007. During that time, Subsentio’s clients have been responsible for assisting law enforcement with the apprehension and arrest of murderers, kidnappers, drug dealers and more.. We rejoice when a child is successfully found and returned to their parents and the kidnapper is arrested. Usually these emergencies or “Exigent Circumstances” are turned up within 10 minutes or less after validating both the credentials of the officer and that the target is active on the network. Good for our customer’s subscribers, good for us and good for law enforcement. But, what if the carrier was not compliant? It puts everyone at risk.
Over the last few months we have sponsored an educational webinar through our partnership with NTCA titled “The Importance of Being CALEA Compliant. It’s Not Going Away” Over 120 members attended. Why now after seven years? Because the surveillance activity on the part of law enforcement has grown substantially as mobile technology has morphed from 3G to 4G and LTE and from traditional voice to VoIP services. It’s a critical investigate tool for Law Enforcement.
We constantly hear all kinds of excuses for non-compliance including, “We’re too small”, “We never get court orders” and “Our upstream provider will help us if we do get a court order”. Yet we end up doing triage all the time on all kinds of companies that are completely unprepared when an officer shows up with a badge, a gun and a court order in their hand.
My insurance agent once told me he could write a policy for me even if my house was on fire, it’s just a question of money. His point is well taken. If you don’t insure yourself from the hazards of non-compliance before you receive a court order, you could be putting your entire business and the lives of your subscribers at risk and it will cost a lot of money.
So do yourself a favor and get the CALEA insurance you need before there is a problem. You’ll save yourself a lot of time, money and bad publicity and who knows, perhaps you’ll even help Law Enforcement catch the bad guy and make your community a safer place to live.
U.S. National Research Council: No Substitute for Bulk Metadata Collection
(INSIDER SURVEILLANCE) Following the terrorist attack in Paris, NSA whistleblower Edward Snowden gave an interview claiming that bulk metadata collection didn’t save the Charlie Hebdo victims, and called for better methods to target terrorists without checking the communications traffic of all citizens. The problem, according to a report just issued by the National Research Council — with input from tech leaders including Google and Microsoft — is that no better alternative exists.
At the request of the U.S. Office of the Director of National Intelligence (ODNI) in mid-2014, the National Research Council set out to examine bulk metadata collection, its practice and results, and more specifically, to study the potential for developing software that will provide a more targeted approach to singling out dangerous elements and pre-empting acts of terror.
The National Research Council report focused on the technology of all types of electronic communication and not just domestic telephone metadata collection. The Council conducted its research in response to President Barack Obama’s call last year for a review of potential software-based alternatives to the controversial program.
The Council’s report coincided with Edward Snowden’s latest attack on national security programs.
“France passed one of the most intrusive, expansive surveillance laws in all of Europe last year and it didn’t stop the attack, and this is consistent with what we’ve seen in every country,” said Snowden, adding that French authorities knew of the Paris attackers beforehand but didn’t act to preempt the murders based on the intelligence at hand.
Snowden argued that advance warnings didn’t stop the Boston Marathon Bombers’ attack, either. “The problem with mass surveillance is that you’re burying people under too much data,” he said, echoing arguments that others have made about the “base rate fallacy.”
Intelligence officials disagree, maintaining that collecting telephone metadata in bulk is critical to U.S. counter-terrorism efforts. The Council’s new research backs them up.
“A choice to eliminate all forms of bulk collection would have costs in intelligence capabilities,” concluded Council researchers, who came from universities across the country and top technology companies.
“There are no technical alternatives that can accomplish the same functions as bulk collection and serve as a complete substitute for it; there is no technological magic.”
Published by permission of Insider Surveillance: The Journal of Electronic Surveillance Technology www.insidersurveillance.com
The Fed’s Outreach Continues
Some years ago, a little known unit of the FBI called the CALEA Implementation Unit got in touch with us to ask if we would mind sharing our customer list with them. They explained that the FBI managed the court order distribution for all 21 of the Federal Government law enforcement agencies. To help stream line the process they would like to identify the Trusted Third Party’s customer and distribute the court order to the TTP for redistribution to their customer. They felt that it would be faster, more efficient and allow for faster implementation of the court order intercept. They were right.
Now, all Federal court orders for Subsentio customers are distributed to us from one FBI field office. This enables us to begin the surveillance process while we notify our customer of the court order. Subsentio validates the court order even as we coordinate with customer regulatory and technical resources. Court orders are implemented faster, with less disruption to customer operations realizing one of the FBI’s objectives.
But it doesn’t happen by magic. Where a few years ago Subsentio sent in a customer list on an annual basis, our coordination is much closer. We now submit a customer list on a quarterly basis and incrementally notify them of newly signed agreements that are entering the Subsentio eight week installation window. Likewise, in those rare occasions where a customer ceases to utilize Subsentio services, we notify the FBI of those instances. This creates a real time environment where the FBI knows who is and who is not in Compliance.
Over the past few months, the FBI, through their National Domestic CALEA Assistance Center (NDCAC) has begun to verify compliance with several of our customers by doing their own testing of the customer’s technical solution. It’s pretty straight forward. They call the customer. The customer normally freaks and calls us, which is what they should do. Subsentio then coordinates the testing between the customer and NDCAC. However, the point of it all is that they are testing. And we expect more of this in the future. They are serious about CALEA Compliance.
New Customer Care Programs
Subsentio’s Customer Care Program is launching new initiatives for the coming year. As your CALEA Compliance Company, we feel it’s important to keep you up to date on changes in the CALEA compliance world with timely CALEA Alerts, new means of quickly updating contact personnel information and introducing quarterly CALEA webinars, new services, products and regulatory updates.
Notice more activity from Subsentio over the past several months? Our new Customer Account Manager, Annette Hairfield began fourth quarter last year with an outreach program attempting to contact each of our customers. We’ve been able to reach about 85% of our customers. Now think about that for a moment. What if Subsentio received a court order for one of those 15% companies and we couldn’t contact anyone who is on our contact list to establish the court ordered intercept? You’ve got to talk to us.
The FBI reached out to several of our customers directly requesting subpoena information. Confusion. Customers were unsure of why the FBI was contacting them since Subsentio manages all their CALEA Compliance. Court Orders and Subpoenas are different. We aren’t in the subpoena service business. However, since the FBI asked us, we agreed to include Subpoena Contact Information in our customer records. A Subpoena is a warrant requesting information, historical data such as Call Detail Records. It will be issued directly to you for fulfillment. Subsentio will continue to manage the Court Orders for live intercepts.
So, when we call, please talk to us. It’s important!
Products & Services
Service is the Solution
The Telecom Industry is nothing but one technology interconnected to another technology enabling a voice or data call. We stand in awe of our technology. We love to “talk techie”. So, of course, CSPs naturally want to understand how Subsentio’s technical solutions are employed to institute a lawful intercept. We spend so much time “talking techie” we forget that the technology simply “enables” the creation of the intercept. From that point on, a series of detailed and incremental services establish, guide, review and direct a successful lawful intercept. Subsentio calls this collage of services Surveillance Management.
It starts with a court order. What happens first? If it is a Federal court order, Subsentio receives it from the FBI. A state or local court order is normally delivered to the CSP’s facility and then immediately sent to Subsentio. Surveillance Management starts at that point. A log is opened for each court order for tracking purposes. The court order goes thru two stages of validation for correctness. If discrepancies are noted, it is returned to the issuing law enforcement agency for correction. Subsentio Security notifies law enforcement that the intercept is in process. The customer is notified of the court order. Technical contacts are notified of the pending intercept for on-site technical support, if necessary. The system is tested. The individual telephone number or IP address is selected for intercept. Upon interception activation, the requested data is transmitted from the customer’s location to the requesting law enforcement monitoring location. Continual testing is maintained for the duration of the intercept to make sure of the data stream’s integrity. Five minutes prior to the termination time stipulated in the court order, (really important legally) both law enforcement and the customer are notified of the intercept’s termination. Pertinent notes are recorded in the specific log and the case closed.
Seems logical, right? There are lots of moving parts and most of the time it takes place “after hours”. In fact, the total service requires expertise in the following areas: technical, engineering, testing, networking, legal, regulatory, law enforcement procedures, software, and administrative. Making it all come together is why Subsentio is the CALEA Compliance Company.
Rules & Regulations
Verizon’s Encryption Policy May Resolve A Conflict Between Privacy and Public Safety
By Joel Margolis, EVP Government Affairs & General Counsel
In October of 2014, Apple and Google announced new privacy enhancements to their handset encryption policies that was considered so obstructive to public safety that FBI Director James Comey began visiting Capitol Hill to demand a legislative response. A few months later, Verizon modified its handset encryption in a way that helped both privacy and public safety. Is the encryption fight suddenly resolved?
Apple and Google’s Encryption Improved Privacy but Potentially Risked Public Safety
In the wake of the 2013 NSA/Ed Snowden scandal Apple and Google were two of the major Internet providers who took heat from privacy interests for allegedly cooperating too closely with the intelligence community. The complaints made the companies fear their assistance to national security investigations might scare away business, especially in foreign markets such as Western Europe, a leader in privacy protection. The tech giants responded to the bad press by raising their privacy standards. Among other things, Apple created an “encryption-by-default” policy for its iPhone, and Google adopted a similar practice for Android phones. The new policy essentially made it impossible for law enforcement to access the content of a suspect’s smart phone, even when agents presented the phone maker with a valid warrant.
Privacy advocates cheered the encryption-by-default innovations as necessary defenses against government intrusion. Law enforcement complained that the new encryption policies placed terrorists and criminal suspects above the law. Meanwhile, law enforcement agencies felt they were judged guilty by association with the NSA even though they played no role in the NSA’s activities.
The encryption-by-default actions sent FBI Director Comey running to Congress for a legislative fix.
The CALEA Section on Encryption Failed to Achieve its Public Safety Purpose
The statute Director Comey wants to change is the Communications Assistance for Law Enforcement Act of 1994 (“CALEA”). CALEA requires that if a communication service provider encrypts communications it must decrypt the communications when implementing court-ordered surveillance. However, soon after CALEA was enacted the encryption provision became useless as carriers migrated to user-initiated forms of encryption.
Law enforcement agencies generally cannot decrypt communications by themselves. In a growing number of cases they must try to solve crimes using old fashioned methods, as opposed to lawful intercepts, because they can’t fruitfully tap a communication that cannot be deciphered. Hence the need for service provider assistance. Director Comey’s goal is to update the old 1994 CALEA statute so lawful surveillance can include a realistic means of decryption.
Verizon’s Encryption Serves Both Privacy and Public Safety
Verizon Wireless recently unveiled its own encryption policy. Verizon Voice Cypher provides end-to-end encryption for voice calls on all wireless networks, and it works not only on iOS and Android platforms but Blackberry as well. When required to assist lawful surveillance, the wireless carrier equipped with Verizon Voice Cypher can decrypt the suspect’s calls.
For now, Voice Cypher is available only to business and government users. But the product may eventually appear in the residential market.
The Best of All Encrypted Worlds
Verizon shows that when it comes to encryption, privacy advocates and the cops need not wage war. For nearly all calls that a wireless service provider carries it can give its subscribers extreme privacy. And on those rare occasions when a court orders the service provider to intercept the conversations of a terrorist or criminal suspect, the provider can deliver those calls to law enforcement as is, not hidden in a jumble of code.
In light of Verizon’s encryption product, will Director Comey continue seeking a new encryption mandate on communication providers? That probably depends on whether industry follows the encryption policy established by Apple and Google or the one adopted by Verizon.
How Much Does Your Target Really Use His Phone Service?
By Marcus Thomas, CTO
What exactly is a Gigabyte of mobile data? How many emails is that? How many minutes of YouTube video? How many hours of streaming music from the likes of Pandora? These are very real questions for all mobile phone users. Figures from comparison website uSwitch.com shows that almost a quarter of all mobile phone users regularly exceed their data allowances, each paying an extra $150.00 per year on average.
More and more, to address this issue, users of mobile phones are to be found switching off of the mobile network and onto WIFI. This is true, not only for browsing and checking email, but for making voice calls as well. There has been an emergence in WIFI-enabled over-the-top Voice Over IP (VOIP) services and apps in recent years.
Another alternative for users is to use compression applications, like Onavo Extend, or a web-based compression like that provided by Opera Web Browser. In this approach, an application running on a user’s mobile phone, directs all (or some) data to a special server in a compressed format, thus minimizing the volume of data flowing over the mobile channel. Either of these, or other, methods to reduce data usage, can greatly complicate the lawful interception efforts directed against subjects using mobile phones.
According to the website Device Atlas, the average U.S. consumer used 2 Gb of mobile data per month in 2014. However, it is likely that the average consumer used much, much, more WIFI over the same mobile device. According to the Wall Street Journal, “the most important data limiter working in consumers’ favor is WiFi, a wildcard that can turn a mountainous phone bill into a molehill.” WiFi is, in fact, the major reason data traffic growth is actually slowing in the U.S.
CALEA, of course, requires that telephone service providers provide lawful intercept solutions for their mobile phone services, including broadband services. However, when users are actively encouraged to offload their data to private WIFI services, the question of CALEA compliance becomes a murky area. (At least one carrier has prohibited VOIP applications which utilize WIFI from running on their phones.).
So, what is law enforcement to do? A comprehensive and successful effort to conduct lawful interception on a target using a mobile phone will include interception not only of the mobile phone service, but home (and likely workplace) WIFI as well. Additionally, in critical cases, lawful interception will continue to be foiled by public WIFI hotspots like those offered at the local library or coffee shop, unless those too are covered. So, well-executed lawful interception against subjects using mobile phones is becoming a significant and substantial effort, but, the value of lawful interception will continue to provide some of the most compelling evidence available to prevent and investigate serious crime.