LEAs are allowed to partake in communications surveillance between a subject and an associate in an attempt to obtain further evidence of criminal activity. The evidence that the LEAs have historically been allowed to capture generally comprises call identifying information and call content of voice calls. Call identifying information generally comprises the calling party number and the called party number. Court orders allowing access to the call identifying information generally comprise a Trap-and-Trace order and a Pen Register order, and generally require only a suspicion of wrongdoing. Trap-and-Trace orders allow LEAs access to call identifying information for incoming calls placed to a specified device identified by a phone number, and Pen Register orders allow LEAs access to call identifying information for outgoing calls originating from a specified device or phone number.
Call content generally comprises the content of the call, such as the voice transmissions. Call content orders, commonly known as Title III orders, generally require proof that the subject of the order is engaging in, or there is a high likelihood that the subject of the order is about to engage in, illegal activity. It is estimated that about 10% of the orders are Title III orders, the remaining 90% comprising Trap-and-Trace orders and Pen Register orders.
The technological advances in the area of telecommunications, such as packet-switched networks, however, have provided additional methods and types of communication that render call identifying information less meaningful and difficult to obtain. As a result, the concept of a call, which typically refers to a voice call, is generally replaced with the concept of a communication, which encompasses additional types of communications such as e-mail, Voice over Internet Protocol (VoIP), on-line banking, video, data of various types, and the like.
Communications generally comprise communication associated information (CAI) and communication content. CAI generally comprises communication identifying information, such as Internet Protocol (IP) addresses and session identifiers, call identifying information, call redirection commands, e-mail addresses, and the like. Communication content comprises the information exchanged between the subject and the associate, such as voice transmissions, text messages, credit card numbers, bank accounts, and the like.
Furthermore, in a packet-switched network, such as the Internet, a single message is generally broken into many packets, each packet containing routing information. The packets are sent through an access network, such as the Public Switched Telephone Network (PSTN), and re-assembled at the termination point. Since packet-switched communications are broken into many packets, an access network performing Trap-and-Trace and/or Pen Register orders would typically capture and report information for each packet, yielding voluminous CAI records for each communication sent and/or received by a subject.
The packets are generally organized according to the Open Standards Interconnect (OSI) seven-layer protocol model. The access networks generally route the packets of communication by evaluating the Network Layer 3, with the Layers 4–7, which typically contain the CAI and the communication content, remaining unevaluated by the access networks. The Network Layer 3 of each packet generally comprises the routing information, which can also be considered CAI, such as the IP addresses of the source and destination network components for the packets. Therefore, communications sent or received via a service provider, such as America Online, generally comprise the IP addresses of the service provider and the subject. For some applications, the identifying information of the other party, i.e., the associate, is provided in the Application Layer 7.
For instance, e-mail service providers generally use the Application Layer 7 to communicate the addressee of an e-mail. When a subject sends an e-mail to an associate, the Network Layer 3 source and destination IP addresses comprise the IP addresses of the subject and the e-mail Service Provider. The e-mail address of the associate is generally placed in the Application Layer 7 by the e-mail application and, therefore, is generally not available to the access networks since the access networks evaluate the Network Layer 3. Moreover, for the access networks to evaluate the additional layers, there is a need for an indication of the application type allowing the access networks to isolate and send the CAI to the LEAs for Trap and Trace and Pen Register court orders.
Prior attempts at providing the necessary information have used applications that search packets for the necessary information, commonly referred to as “sniffers”. Sniffers typically provide LEAs access to the entire communication. The LEAs then evaluate and remove the allowed material, such as the CAI. Access by LEAs to the entire communication, however, violates the privacy of the individual absent a Title III content order.
Therefore, for these and other reasons, there is a need for a method allowing the access networks to isolate and extract CAI of packet-based communications. Additionally, there is a need to provide CAI information obtained in a packet-based network in a condensed format.