The present invention relates to methods and systems for analyzing call specific data records for traffic through a telecommunication network in order to record detailed traffic information regarding specifically identified subjects of lawfully authorized electronic surveillance.
Acronyms
The written description uses a large number of acronyms to refer to various services, messages and system components. Although generally known, use of several of these acronyms is not strictly standardized in the art. For purposes of this discussion, acronyms therefore will be defined as follows:
Address Complete Message (ACM)
American National Standards Institute (ANSI)
ANswer Message (ANM)
Automatic Message Accounting (AMA)
AMA Transmitter (AMAT)
BellCore AMA Format (BAF)
Carrier Access Billing System (CABS)
Call Detail Record (CDR)
Carrier Identification Code (CIC)
Central Office (CO)
Central Office Terminal (COT)
Competitive Local Exchange Carrier (CLEC)
Common Channel Signaling (CCS)
Communications for Assistance of Law Enforcement Act (CALEA)
Customer Record Information System (CRIS)
Custom Local Area Signaling Service (CLASS)
Cyclic Redundancy Code (CRC)
Destination Point Code (DPC)
Digital Loop Carrier (DLC)
End Office (EO)
Federal Bureau of Investigation (FBI)
Global Title Translation (GTT)
Identification (ID)
Initial Address Message (IAM)
Input/Output (I/O)
Integrated Services Digital Network (ISDN)
Inter-exchange Carrier (IXC)
Internet Service Provider (ISP)
ISDN User Part (ISDN-UP or ISUP)
Law Enforcement Agency (LEA)
Lawfully Authorized Electronic Surveillance Protocol (LAESP)
Line Identification Data Base (LIDB)
Local Access Transport Area (LATA)
Local Exchange Carrier (LEC)
Message Processing Server (MPS)
Message Signaling Unit (MSU)
Message Transfer Part (MTP)
Origination Point Code (OPC)
Operations, Maintenance Application Part (OMAP)
Personal Computer (PC)
Plain Old Telephone Service (POTS)
Public Switched Telephone Network (PSTN)
Release Complete Message (RLC)
Release Message (REL)
Remote Terminal (RT)
Revenue Accounting Office (RAO)
Service Control Point (SCP)
Service Switching Point (SSP)
Signaling Link Selection (SLC)
Signaling System 7 (SS7)
Signaling Point (SP)
Signaling Transfer Point (STP)
SubSystem Number (SSN)
SUSpend (SUS) Message
Telecommunications Industry Association (TIA)
Time Slot Interchange (TSI)
Transaction Capabilities Applications Part (TCAP)
Wide Area Network (WAN)
Historically in the United States authorities such as city, state, or federal police authorities, may legally engage in electronic surveillance (frequently referred to in the vernacular as wire-tapping), when duly authorized to perform such an activity by a cognizant judicial authority. Such surveillance may include delivery of call related signaling data to the authority or delivery of both signaling data and actual content of communications to and from the subject of the surveillance.
In earlier times, when public telephone service was virtually all analog, the procedures were relatively simple. Assuming surveillance of a residence connected to the telephone network by a local loop consisting of a pair of copper wires, the usual practice was to locate a convenient cross connect and bridge on to the two wire analog circuit. The entity conducting the surveillance then engaged the serving telephone network operator or company to provide a circuit from that location to the law enforcement location. The law enforcement organization could then monitor the conversations, generally referred to as content, as well as the call set up and related signaling.
Statistically approximately 90 percent of the authorized surveillance in the United States does not cover content but only signaling data. Signaling data surveillance is performed through a Pen register tap. A pen register is a dialed number recorder. The register includes a dial pulse detector and/or a dual tone multi-frequency decoder, connected to the line serving the subject party. A memory or recording device captures detected dialing information. However, this register accumulates only dialing information and only that for the connected line.
With the widespread use of digital communication and control signaling, the simplicity and ease of the prior surveillance procedures has largely disappeared. As a result, law enforcement agencies, and cooperating Public Switched Telephone Network (PSTN) carriers, are forced to cope with a considerably more complex and costly substitute set of procedures. Partially in response to this situation Congress passed Public Law 103-414, the Communications Assistance for Law Enforcement Act (CALEA). The Telecommunications Industry Association (TIA), accredited by the American National Standards Institute (ANSI), was selected by the telecommunications industry to promulgate the industry""s CALEA standard. The TIA promptly initiated a standards program. Initial disagreements within industry were resolved, and TR45 Lawfully Authorized Electronic Surveillance SP-3580, Baseline Revision 10 was produced. The baseline requirements specified in this standard have become known as the xe2x80x9csafe harborxe2x80x9d standards, pending resolution of still outstanding differences with respect to certain preferences of the Federal Bureau of Investigation (FBI).
The CALEA specifications include a requirement that the subject under surveillance continue to receive all subscribed enhanced, CLASS, and other services. The surveillance must be completely transparent, to the subject and to other parties communicating with the subject. The central office switches currently in use in the public switched telephone networks were not designed with CALEA functions in mind. As a result it is not surprising that many existing switches can not be easily adapted to meet major CALEA requirements.
The basic surveillance problem has undergone continued evolution as telecommunications technology has advanced and provided the public with, an ever-increasing variety of services. Illustrative of such services, which create added complexity for effective telephone surveillance, is call forwarding or redirection, call conferencing, call waiting, bill to third party calling, etc. Another example is central office based speed dialing.
Since the proposed CALEA requirements are worded in terms of service, i.e., monitoring the telephone service (signaling and speech) of the subject, and anything that can be accomplished with the service, significant problems are presented by such enhanced network services. This becomes particularly acute when coupled with a desire that the surveillance capability should be almost universally applicable to all telephone central offices, including end offices that rely on legacy switches.
Of particular note, the new CALEA standards impose a significantly increased requirement for delivery of signaling data regarding communications associated with the subject of the surveilance. The call associated information must include the signaling data relating to the subject party as well as any other parties to the call. The information must also include a variety of other data, for example relating to called party and calling party identities, relating to call redirection, relating to interexchange carrier identity, and the like. The law requires delivery of call related signaling data for subjects under content surveillance, although the signaling data may be delivered separately from the content delivery. Also, many surveilance operations will continue to involve delivery of only the call associated signaling data.
It has been suggested that the carriers implement the CALEA standard, both for content and call data delivery, by deploying specialized surveillance equipment in offices of the carriers"" networks. Deployment of such equipment or other forms of office upgrades in a large number of offices, to satisfy the surveillance requirements, will require a large capital investment. Processing of calls through such specialized equipment raises questions of whether or not the surveillance might be detectable by the target. It has been suggested that, for subjects served from offices not complying with CALEA, the subjects calls could be routed and processed for surveillance through an office having full CALEA compliant capabilities. Many approaches to such routing would be detectable by the subject or parties in communication with the subject.
As described for example in parent application Ser. No. 09/112,155, Applicants have developed solutions, which make the services entirely transparent while processing calls through a CLEA compliant office. The routing to the CALEA compliant office is effective in some situations, particularly where content delivery is required. However, even this approach imposes some costs, for increased interoffice routing and/or for specialized routing control from a service control point or the line. Also, if CALEA compliant equipment in an office is necessary for every surveillance, even for data only surveillance, it forces the carrier to upgrade more offices to insure capacity to handle all expected surveillances.
A need still exists for a cost-effective mechanism to provide the desired level of surveillance, in the modern telecommunications world, while maintaining secrecy of the surveillance, particularly with respect to signaling data delivery.
The telecommunication networks today utilize a wide range of signaling messages and data recording systems, to control set-up and tear down of calls, to record billing information, and the like. Deployment of new equipment to record signaling data for surveillance purposes adds another layer of expense and complexity to operation and maintenance of the telecommunication switching offices.
A specific need therefore exists for a cost-effective technique for accumulating the call signaling data for surveillance purposes. To meet this specific need, any solution should minimize the requirements for installation of new hardware, particularly hardware at the individual office level. Any new hardware for the surveillance should be as centralized as possible, yet provide the requisite data for subjects served through many local offices. Also, it is desired that the surveillance technique impose no new processing steps, during routing of the call, to insure transparency to the subjects.
It is accordingly an object of the present invention to provide a relatively straightforward and cost-effective solution to the foregoing problems of signaling data delivery for lawfully authorized electronic surveillance.
The invention addresses the above stated needs by providing effective techniques for accumulating and delivering call associated signaling data for lawful surveillance from standard management data messages normally used by the network. Management data here refers to information generated by the telecommunication network for its operations purposes. In particular, the inventive surveillance technique utilizes a form of accounting messages, normally sent from central offices of the network to an accounting office, for record keeping and billing purposes. An office serving the subject, however, is programmed to generate the messages for a specified set of calls to facilitate the surveillance, regardless of whether or not each of these calls is billable. Another example of such data would be common channel signaling messages generated to control call set-up and tear-down of interoffice calls and the like. The preferred embodiments utilize both types of messages, to provide complete call associated data for the surveillance in a cost effective manner with a minimum processing burden on the actual call processing elements of the network.
The present invention encompasses methods for conducting surveillance. Other aspects of the invention relate to a telecommunication network implementing the inventive surveillance techniques. The invention also relates to a system, for use in a telephone network, for conducting the call associated data surveillance.
Thus, a first aspect of the invention relates to a method of conducting lawful call associated data surveillance in a switched telecommunication network. During processing of a call in some way associated with a subject of the surveillance, the method entails detecting a code in a service profile for the subject. The profile is stored in a switching office of the network involved in processing of the call. Upon detecting the code, the switching office generates accounting messages containing data regarding events occurring in processing of the call. The accounting messages are processed to form a detailed record of the call. The detailed record includes significant data associated with the call. A data system of a law enforcement agency receives the detailed record of the call.
The code in the profile preferably causes the switching office to generate the accounting messages for a predetermined set or class of calls. The calls in the predetermined set include both completed and uncompleted calls. The set of calls also may include calls that enable the subject to control special service features offered by the telecommunication network. One example of such a control-related call would be a call to activate forwarding of calls for the subject""s telephone number to another telephone number. While active, the switching office would continue to generate accounting messages, in this example, relating to forwarded calls.
The inventive surveillance may deliver the detailed record, in essentially raw form, to the law enforcement agency. However, one feature of the invention is that the carrier may provide enhanced data, if the agency desires. For this purpose, the processing of the messages to form the detailed record may include translating information from one or more of the accounting messages into corresponding descriptive textual information. In this way, the carrier can provide the agency with name and possibly address information for one or more parties to a call. The translation may convert a carrier identification code, such as that for an interexchange carrier, into the name of the carrier. The translation also may add a description of any special service features involved in processing of the call.
In the preferred embodiment, the switching office transmits the accounting messages to an accounting office, which normally processes such messages for accounting purposes. For the surveillance operation, the accounting office compiles a record, typically in the form of a complete set of the data from the messages for each call associated with the subject. The accounting office adds an identifier of the particular surveillance operation and forwards the complete message set to a server. The server performs additional processing, such as the above-described translations. The server also formats the call record, as needed, to satisfy the protocol requirements of the particular agency and/or the CALEA standard. The server transmits the enhanced and formatted record of the call over a data link to a processing system of the authorized law enforcement agency.
As noted, the preferred embodiments actually utilize both the accounting message processing and common channel signaling messages. Thus, another aspect of the invention relates to a method of conducting lawful call associated data surveillance on calls processed through a telecommunication network comprising a plurality of interconnected switching offices and a common channel signaling network for interoffice signaling. This method involves monitoring messages transported on links of the common channel signaling network, to capture signaling messages relating to network processing of a first group of calls associated with the subject. The first group of calls essentially relates to calls that involve the monitored common channel signaling. The captured messages are processed to form a call detail record of each of the first group of calls associated with the subject. This method invention also entails processing a second group of calls associated with the subject through one of the switching offices. The calls in the second group are calls that do not involve the monitored interoffice signaling. The switching office generates accounting messages regarding events in processing of each call in the second group. The accounting messages are processed to form a detailed record of each call in the second group. This method delivers both the call detail records for the first group of calls and the detailed records for the second group of calls to a data system of the law enforcement agency.
Although applicable to other networks, the preferred embodiments facilitate surveillance in a telephone network, such as that of a local exchange carrier or a cellular carrier. In such an application of the invention, the monitored common channel signaling messages are signaling system seven (SS7) messages. The accounting messages are automatic message accounting (AMA) messages. Monitors on the SS7 links capture signaling messages relating to interoffice calls and some other calls that involve interoffice signaling, e.g. calls to manipulate control data stored in a central database. The programming in the switching office causes that office to generate AMA messages for all calls that do not involve the monitored SS7 signaling. Typically, these calls are intra-office calls or interoffice calls through offices using in-band signaling instead of the SS7 common channel signaling.
Another aspect of the invention relates specifically to a surveillance system. The surveillance system accumulates call associated data for surveillance of a subject""s communications through a telephone network. The surveillance system includes monitors coupled to common channel signaling links of the network, for monitoring interoffice signaling messages. A common channel signaling processor, in communication with the monitors, processes monitored messages to compile call detail records for a group of calls associated with the subject that involve interoffice signaling. This surveillance system also encompasses software in one of the switching systems of the network that provides service to the subject. The software causes the switching system to generate accounting messages regarding events in processing of a set of calls. The calls in this set of calls are calls that do not involve interoffice signaling messages detectable by the monitors. A server receives and processes the call detail records from the common channel signaling processor. The server also receives and processes detailed records for the set of calls, derived from the accounting messages. From these various records, the server produces surveillance records and supplies the surveillance records to a data processing system of a law enforcement agency.
Additional objects, advantages and novel features of the invention will be set forth in part in the description which follows, and in part will become apparent to those skilled in the art upon examination of the following or may be learned by practice of the invention. The objects and advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.