Lying Telcos and Lazy Lawmen?
Ellen Nakashima of the Post reports . . .
Verizon also disclosed that the FBI, using administrative subpoenas, sought information identifying not just a person making a call, but all the people that customer called, as well as the people those people called. Verizon does not keep data on this “two-generation community of interest” for customers, but the request highlights the broad reach of the government’s quest for data.
Quite simply, as long as Verizon retains call detail records (5-7 years?), somebody can generate the two-generation set. Among the umpty-ump components of the various CDR formats, there is always the Originating Telephone Number and the Terminating Telephone Number – which number dialed and which number picked up. Your first-generation “community of interest” is just the TTNs you find when you search your CDR repository for all calls made by the OTN the FBI gives you.
To get the second generation, all you do is use the values in that list of TTNs in a new search of OTNs. Frex. FBI wants a two-gen link set from 301-555-1212. First, I search my CDRs for “OTN == 3015551212.” Second: Let’s say one of those numbers is 201-555-1212. I search my CDRs again for “OTN == 2015551212.” Do that for every TTN that popped up in step one and I’ve got a community of interest that’s two levels deep.
There are a couple of wrinkles. Some of those TTNs will be the customers of other carriers – you’ll have to go to them to do the OTN search. And “CDR repository” may be more streamlined in concept than in actuality. I’ve got separate databases of cell-phone and land line records. I may well have switched billing systems at some point, or just changed my CDR format for some other reason. Since it’s not easy, and I’m a telco, I may bitch. More likely, since bitching itself takes work, I try to fob you off with some lame excuse. But it’s only a slight exaggeration that this kind of problem is what databases are for.
And I’m probably getting better able to do these searches all the time. Coastal Technologies is doing its best to help Tier 1 carriers
. . . under increasing pressure to process these CDRs quickly for further analysis, from resolving interconnect billing disputes, to better understanding network call routing patterns, to complying with law enforcement to investigate call pattern analysis . . .
They’re not alone. In Europe: “EMC and Intec and Sensage Technology to Identify Terrorist Activity in Call Detail Records.” A whole industry has sprung up dedicated to taking away carriers’technical excuses for not giving the feds what they want pronto. In the Echelon/Internet Era, government has demanded that communications providers build surveillance access into every innovation. The job isn’t done unless your communication is insecure.
I’m somewhat interested that AT&T is being Jesuitical about not “keep[ing] data” on second-generation contacts. I’m about as interested that Nakashima’s article doesn’t give any evidence that she checked out what the spokespeople were telling her with an independent technical expert. Interested if not surprised.
Now watch Brett pop in to explain why the above is all wet.
See also: The Stiftung; IOZ; Greenwald.
Disclosure: I’ve worked for several years for companies involved in the telecom industry.
Comment by Alex —
October 16, 2007 @ 5:05 am
product = “SELECT FROM cdrs WHERE otn IN suspects”; LEFT JOIN product, (SELECT FROM cdrs WHERE otn IN product)
You’d want to pull the Acision SMSC log as well; and why not the SS7 cell location log?
Comment by Jim Henley —
October 16, 2007 @ 6:33 am
Yeah, I thought about just writing the SQL code myself. But I mostly do QBE grids and didn’t trust myself. I think there’s an SS7 record of land-line traffic too, at least if I remember one session of a revenue assurance conference I attended about seven years ago correctly.
Comment by Alex —
October 16, 2007 @ 6:50 am
In fact I’m a little surprised, professionally, that they were putting so much effort into static data mining of CDRs. Frankly, trying to get anything useful out of the CDR pile is something the industry is very poor at for business purposes.
If it was my supersekrit illegal mass surveillance project, I’d get me some of them SS7 probes the network engineers use for troubleshooting and do something more event-driven. The problem with statically mining CDRs is that the output is almost as big an undifferentiated pile of data as the input.
Comment by Barry —
October 16, 2007 @ 7:12 am
Remember that (a) a large illegal government program has no problem spending huge sums of money, (b) a contractor working on a large illegal government program is quite capable of making the government dept look frugal, (c) once the large data sets are obtained, they can be augmented and mined for years, using tools ranging from simple queries to secret, cutting edge techniques, and finally and most important – (d) the goal might be to see which US citizens of interest were talking to other US citizens of interest.
Where ‘US citizen of interest’ means ‘people we want to spy on for domestic political purposes.
Comment by KCinDC —
October 16, 2007 @ 8:09 am
And many of the people involved may not be particularly interested in either fighting terrorism or investigating political opponents (or romantic or business rivals, or whoever) but just want access to a growing pool of government money that’s not well audited (because who’s going to question funding for “terrorist surveillance” at a time like this?).
Comment by KCinDC —
October 16, 2007 @ 8:38 am
Which is not to say that wasted money is a bigger concern than spying on citizens, just that spying on citizens can be accelerated by simple financial motives — then again, depending on what proportion of those involved care only about the money, the program could end up producing very expensive but ineffective spying technology.
Comment by Brett —
October 16, 2007 @ 9:53 pm
I can think of two reasons why telcos would refuse second-generation requests:
1) It’s technically very hard, and
2) there’s no money in it.
I think #2 is the primary reason why telcos balk at this. If #2 somehow became false, then #1 might be overcome — albeit with some seriously hard obstacles in the way. The internal issues are hard: different switch formats, different markets, different concurrent billing systems, recycling MDNs. It gets even worse when you get into intercarrier routing, international routing, toll free routing, transfer and release mechanisms, VoIP systems, etc., recursive analysis becomes practically impossible for any single carrier to solve, and very hard for multiple carriers acting in concert.
(Oh yeah, and there are some Class B switches that fail to report the correct ANI on calls made through them, and instead lump them all under a random one. Then they sometimes forget to report wireless roaming numbers. I almost forgot about that little problem.)
First-generation CDR analysis is essential to a telco. You must record and rate each call accurately to charge for it. Understanding call patterns (be it per caller, per switch, per pipe, time of day flows, geographic bandwith needs, etc.) has an extremely high ROI. Even having a streamlined subpoena process is a wise investment: it’s less cost dealing with what is essentially an administrative task to comply with the law.
But second-generation call analysis? Where’s the business model there? Does it save costs? No. Does it drive revenue? No.
So, why invest in it as a business?