October 2016 Newsletter

President’s Corner
Virtualization — Staying Ahead of Criminals and Terrorists

By Steve Bock, President & CEO

I’ve spent most of my career in telecommunications and in all the years of booms and busts I have not seen a more disruptive shift in this industry as we are experiencing today.  The key drivers are the ever insatiable appetite for increasing speeds and virtual switching.
As service providers decommission their legacy infrastructure and migrate to a virtual environment, most of them pay little attention to the impact on law enforcement’s need to gather intelligence on criminals and terrorists.  The resulting security loopholes cause all parties to scramble after the fact and bolt on solutions that would have been much less expensive had there been some thoughtful planning in the first place.

The need for speed is also disruptive.  During our integration of the Neustar Legal Compliance Division, and even within our own Subsentio base; we find that at least 6 out of every 10 companies have inadequate equipment to handle the increased data feeds that are being planned or that are already in place.  Fortunately, our product development roadmap has anticipated these trends so that we can address both problems with a new line of products.

Subsentio’s New Lawful Intercept Capabilities
Earlier this year Subsentio took several steps forward in embracing virtualization and higher data speeds for lawful intercept needs.

The first advance is an intelligent software solution for virtual networks, designed for scenarios where it is impossible to install physical network taps and physical probes.  In those environments, our solution deploys virtual taps in virtual machines such as session border controllers (SBCs) or media gateways. The solution then connects to a Subsentio virtual probe.  It is cost-effective, easy to install, and can be programmed to intercept targeted VoIP and broadband data communications.

The second advance is our new sProbe, a simple, low-cost server configured with Subsentio’s virtual software. There are two common uses for the sProbe: as a less expensive alternative to our regular probe, and as a remote extension of a probe supporting up to 100 clients. The sProbe interfaces can be configured for 1G and 10G networks to address the higher speeds that we find in most of our customer’s networks. Even faster speeds are on our product roadmap.

End results:

  • CSPs now have a low-cost alternative for virtual and high speed networks that does the job, meets CALEA compliance requirements – and doesn’t break the bank.
  • Law Enforcement Agencies no longer hit a wall when they try to collect evidence from these networks.
  • Terrorists and criminals can say goodbye to security loopholes that hide their activities.
  • The world just became a much safer place.

To the best of our knowledge, Subsentio’s move into the world of virtual lawful intercept is a “first of its kind” initiative. With over 250 client CSPs – we are the largest CALEA compliance company in the world and we firmly believe that virtualization will be an important component of the future.

The next challenge is building awareness. The vast majority of CSPs know full well that their legacy lawful intercept solutions do not meet the needs of law enforcement agencies. Through Subsentio’s ongoing commitment to R & D, CSPs now have a cost-effective solution that meets the challenge of fighting crime and terrorism in a virtual word.

When it comes to CALEA compliance, Subsentio provides “Results, Not Excuses.” The next move is yours.

Why CSPs Shouldn’t Ignore DMCA Complaints

Michael Allison, Legal Services Manager

In speaking with our clients it’s clear DMCA claims are a pain point of discussion, to say the least.

Since content owners leverage bots to crawl the internet for copyrighted content, the volume of DMCA claims falling at the footsteps of ISP’s has been on the rise.  Small to mid-level ISPs receive hundreds to thousands of claims per month.  This volume may be too high to add to the responsibilities of a NOC or abuse team.  At the same time, the volume might not constitute the hiring of a full time employee or staff – or worse yet, an ISP may simply not have the budget for such resources.

After a Virginia federal jury ruled against one of the top ISP’s last December to the tune of $25 million dollars for DMCA non-compliance a lot of ISP’s took note.  The message was clear: if you are an ISP operating in the U.S. you need to have a defined policy addressing DMCA claims and the policy must include specifics for service termination to repeat infringers.

Part of the underlying process behind our records production service is tying a target IP address and timestamp to a specific ISP subscriber.  The logistics behind tying a target IP address and timestamp to a specific subscriber is usually an administrative and laborious process.  But it’s a method we’re familiar with and it’s a procedure that’s inherent to processing any DMCA claim.

Subsentio DMCA Records Production service is facilitated by a proprietary case management system.  It automatically creates a unique case for each legal request received, facilitates document generation, notates actions taken on the case, and allows for customized reporting via any number of variables tied to the case.  By creating a case for each DMCA claim received, we can track ISP subscribers for repeat offenses, apply escalation measures when needed, and alert ISP’s when a subscriber has met the qualifications for termination.

The labor and technology we currently use to provide records production services lies in parallel to the demand our ISP clients have for a dedicated team and platform to address DMCA claims.  The days of asking your NOC or abuse team to knock off a few DMCA claims when they have the time is a thing of the past.  Only a formalized and dedicated process will effectively manage and positively affect the DMCA claim situation ISP’s are facing today.  We know processing DMCA claims is not a core function of the ISP business. We’re in a unique position to offer a cost effective alternative to DMCA claim management.

Don’t leave your company at risk of significant financial damages from copyright abuse by your clients. Contact us today to see how Subsentio DMCA Records Production can put you Safe Harbor.

What Should the Government Do with Electronic Data?

Trevor Gray, Legal Services Manager

There has been an increased focus on when and how telecommunications providers release confidential subscriber information to the government. While this is certainly an important area of discussion, there is a rising concern over what the government does with that data once it has been utilized as part of an investigation.  Congress has not laid out a rule of law in this area and the courts now seem poised to fill that void. It is important for telecommunication providers to take note and be prepared.

In May 2016 the Second Circuit Court of Appeals handed down a decision regarding an aspect of legal compliance that has an important impact on how the government and service providers handle electronic data released pursuant to a legal demand. In the case of United States v. Ganias, the Second Circuit ruled that the government was authorized to search a set of hard drives that had been previously obtained in an unrelated investigation pursuant to a separate search warrant. Unfortunately, the Court’s opinion does not seem to offer much in the way of clear guidance as it pertains to Fourth Amendment jurisprudence.

The merits of this case and the reasonable potential that other courts will likely be addressing the Fourth Amendment requirements at issue here should be worthy of service provider’s attention. It would not be that far-fetched to see a rule where both parties to this issue must take responsibility for the return of electronic data. If the courts or Congress lay out a requirement that impacts service providers, Subsentio will provide recommendations for how best to implement a cost-effective procedure to ensure compliance.

The hard drives at issue were obtained by law enforcement during a previous investigation conducted by the Army. They contained personal data that was outside the scope of the warrant. This data was not utilized by the Army, but it was kept. A second warrant for that data was issued as part of a subsequent investigation by the IRS. Originally, the Court ruled that evidence from those hard drives had been obtained in violation of the Fourth Amendment and was suppressed.

The Court subsequently ordered a rehearing and overturned the ruling. In general, the Fourth Amendment does not allow the government to keep non-relevant data seized as part of an investigation. However, the Court’s opinion in this case did not address whether keeping the hard drives violated the Fourth Amendment. There are areas of the opinion that point to valid concerns over whether the government can use electronic data obtained from prior investigations.

The opinion devotes a significant portion of time to whether the digital file searches by the government were valid. The Court distinguishes digital files from physical files (where the government would be required to return the seized property where not relevant). Although the Court indicates that the return or destruction of non-responsive digital files may not be required under the Fourth Amendment it does acknowledge that “the seizure of a computer hard drive, and its subsequent retention by the government, can give the government possession of a vast trove of personal information about the person to whom the drive belongs, much of which may be entirely irrelevant to the criminal investigation that led to the seizure.” While the Court refrained from deciding the Fourth Amendment issue, they have left it open for other courts to consider it in the future.

Subsentio’s Hosted CALEA Compliance Service

Subsentio’s Hosted CALEA Compliance Service gives VoIP and Broadband service providers an exciting new alternative: a high capacity solution that delivers CALEA compliance with the simplicity, reliability and savings of a hosted solution.  Like all Subsentio technology solutions, our hosted option provides state-of-the-art data security, certifies reliability and guarantees technical compliance with CALEA.

As a Subsentio Hosted CALEA Compliance Service client, the VoIP or Broadband Provider receives the full benefit our Compliance Bureau, the industry standard for end-to-end CALEA compliance.  Subsentio’s Compliance Bureau includes the technology solution, in-house review of court orders for lawful intercept and hands-on interaction with law enforcement throughout the lawful intercept process.

Subsentio’s Hosted CALEA Compliance Service Features and Benefits

  • Works with any VoIP or Broadband network
  • Low cost, easy to install and use
  • Uses Subsentio’s sProbe to collect and route evidence to a vProbe in the Subsentio Data Center
  • Can support multiple downstream client networks or locations
  • Full IPv6 support
  • No VPN connectivity or separate mediation device required
  • Fully meets ATIS standards for VoIP and Broadband lawful intercepts

Compliance Management

Martin McDermott, COO
Is it any surprise that with all the bombings and shootings across the country that the number of court orders has risen appreciably this year?    We know because as compliance agents for you, we receive them on your behalf.  Once we receive the court order, we immediately call you:  First to let you know of the pending action that is required and secondly to alert your network management personnel of any assistance we require to complete the lawful intercept.  Unfortunately, this is where the process often breaks down.

Subsentio establishes a complete Client Profile for each client.  It includes contact information for a variety of client personnel to include management, administrative, and technical individuals who have compliance responsibility.  It includes both daytime and after hours contact telephone numbers.  Why?  Because more than 60 percent of court orders are presented to Subsentio after normal working hours, to say nothing of emergency or exigent circumstance orders.  It is imperative that we be able to contact responsible client personnel after hours.  Sad to say that often we are unable to.

Client information is volatile.  It changes often.  Sometimes it is as simple as a person changes job responsibilities within the company.  This isn’t that bad of a situation because when we get to that person, they can then direct us to the right person.  But, when we call telephone numbers and they are disconnected or go to voice mail and then we don’t an immediate return call, we know we have a problem.  Often the person has left the company.

Subsentio has two Client Care Managers:  Annette Hairfield and Tamara Moorman.  They spend their days continually contacting their assigned clients to make sure that the information on the Client Profile is up to date and that their service agreements are up to date.  You can’t imagine the difficulty that they have in contacting the responsible parties for some clients.  When all else fails, I send a letter to our client’s senior manager requesting their support and cooperation from their people who are assigned to support CALEA compliance.  I hate to do that.  But clients hire us because being CALEA compliant places them in Safe Harbor.  To do that, we have to have your support, and part of that support is providing Subsentio with accurate and up-to-date contact and network information.