Phase 5 Review: Project Digital Delight December 2002 Project Management

Digital Delight

Phase 5 Review

December 4, 2002 b6 b7C

Phase 5 Briefing Vers 1.0 1 FOR OFFICIAL USE ONLY * * *

ALL IMF0EHATI0N COHTAIHEE HEEEIM IS UNCLASSIFIED PATE 05-30-2007 BY 65179dEh/Ssi:/lm£ Review Purpose and Objectives

Phase 5 Review: Project Digital Delight December 2002 Project Management

Purpose • To conduct a review of the activities and control products completed during the Project Digital Delight development effort, review final cost and schedule performance, and provide management direction for implementation and follow on activities.

Phase 5 Review Objectives • Present project accomplishments • Review Project Closeout Report highlights • Identify the project team • Review project cost performance • Review project schedule performance • Present completed project activities/control products • Discuss outstanding issues and lessons learned • Obtain authorization to close the project Phase S Briefing Vers 1.0 2 * * * FOR OFFICIAL USE ONLY * * * Project Accomplishments Phase 5 Review: Project Digital Delight December 2002 Project Management

• Goal - This project successfully accomplished the goal of developing and deploying interim-CALEA access, intercept, and collection capabilities.

• Project Objectives

- Develop engineering prototype systems to support immediate and evolving case requirements

- Implement engineering production systems to support continuing requirements for pre- and interim-CALEA collection

- Provide support and maintenance of both the engineering prototype and engineering production systems

- Provide liaison with federal, state, and local law enforcement, switch vendors, service providers, and commercial collection system developers.

Phase 5 Briefing Vers 1.0 3 * * * FOR OFFICIAL USE ONLY * * * Project Accomplishments (cont.) Phase 5 Review: Project Digital Delight December 2002 Project Management

• Project Approach

- Design, develop, and deploy prototype systems to respond to immediate collection needs:

» Work with technically-trained field agents

» Work with switch manufacturers

» Work with telecommunications service providers.

- Enhance prototype systems designs to offer a robust and mature interim-CALEA collection platform.

Phase 5 Briefing Vers 1.0 4 * * * FOR OFFICIAL USE ONLY * * * Project Accomplishments (cont.) Phase 5 Review: Project Digital Delight December 2002 Project Management

• Technical Performance:

- DCS-3000 system is a suite of access, intercept, collection, and management software and hardware for pen-register/trap-trace, Title III, and Title 50 applications.

- DCS-3000 system architecture is based on client/server technology:

» IBM PC compatible computer systems

» Microsoft Windows NT/2000 operating system compatible

» IP networking and internetworking • Operational Performance (as of December 2002):

- Deployed in 55 FBI field divisions and numerous resident agencies

- Used to conduct ALL FBI wireless telephone intercepts and an increasing number of wireline intercepts

- Used by more than 60 federal, state, and local law enforcement agencies

- Used by CIS to test and validate Motorola's iDEN CALEA solution in March 2001

Phase 5 Briefing Vers 1.0 5 * * * FOR OFFICIAL USE ONLY * * * Project Closeout Report Summary

Phase 5 Review: Project Digital Delight December 2002 Project Management

Project Management was executed as planned except as noted below: - At the completion of the originally planned period of performance (12/31/98), CALEA implementation was still in process and vendor solutions had not been completed; and, additional interim prototype collection capabilities were needed to continue to support field operations. As such, funding levels and the project period were extended.

All Project Objectives were accomplished except as noted below: - None.

Phase S Briefing Vers 1.0 6 FOR OFFICIAL USE ONLY * * * Phase 5 Review: Project Digital Delight December 2002 Project Management

Section Chief lL|i^^iii«ili:!!iii Originally E. Allen

Unit Chief

§| p| Originally

b6 Digital Delight Project Leader b7C

Support User Personnel Representative

Development Contractor

Booz Allen Hamilton

Phase 5 Briefing Vers 1.0 7 FOR OFFICIAL USE ONLY * * * Development Cost Performance Phase 5 Review: Project Digital Delight December 2002 Project Management

Total Planned Project Cost was: $1,500,000

Actual Cost-at-Completion: $3,792,098

Variance ($): $2,292,098

Variance (%): 152%

The variation between the original planned cost and actual cost-at-completion is due to the change in implementation time-frame for CALEA and the lack of commercially available collection systems for CALEA-based intercepts.

Phase S Briefing Vers 1.0 8 FOR OFFICIAL USE ONLY * * * Schedule Performance

Phase 5 Review: Project Digital Delight December 2002 Project Management

' Period Of performance: Planned: 6/97 to 12/98 Actual: 6/97 to 9/02

- Schedule Variance of 250% Actual 63 months vs Planned 18 months variance was due to delays and uncertainties surrounding the CALEA solutions and the lack of available commercial systems for CALEA-based intercepts.

Milestones M:1-6 M: 7-12 M: 13-18 M: 19-24 M: 25-30 M: 31-36 M: 37-42 M: 43-48 M: 49-66 M: 55-63 w Statement of Need Section Level: Planned if Actual^

Internal Concept Proposal w w Project Closeout Report T

Project Closeout Report (Phase 5 Review)

Phase S Briefing Vers 1.0 9 * * * FOR OFFICIAL USE ONLY * * * Project Activities Summary

Phase 5 Review: Project Digital Delight December 2002 Project Management

Completed Planned Phase 1 and 2 Documentation and Briefings - Statement of Need (SON) Date Completed: 1/28/97 - Internal Concept Proposal Date Completed: 5/15/97 - Technical Requirements Specification Date Completed: None - System Requirements Review Briefing Date Completed: None - SRR Report Date Completed: None - Phase 2 Review Date Completed: 6/13/97

Phase 5 Briefing Vers 1.0 10 FOR OFFICIAL USE ONLY' Project Activities Summary Phase 5 Review: Project Digital Delight December 2002 Project Management

• Planned Phase 3 Control Products and Unit Level Reviews - Functional Description (FD) Date Completed: None - System Development Plan (SDP) Date Completed: None - System Design Description (SDD) Date Completed: None - Preliminary Design Review and Report (PDR-R) Date Completed: None - Critical Design Review and Report (CDR-R) Date Completed: None - Acceptance Test Plan and Procedures (TP and TPr) Date Completed: None - Test Readiness Review and Report (TRR-R) Date Completed: None - Phase 3 Review and Report Date Completed: None - Planned Phase 4 Control Products and Unit Level Reviews - Acceptance Test Report (TR) Date Completed: None - Technical Manual (TM) Date Completed: June 2001 - Training Plan (TrP) Date Completed: June 2001 - Installation Plan (IP) Date Completed: None - Operational Readiness Review and Report (TRR-R) Date Completed: None - Phase 4 Review and Report Date Completed: None

Phase 5 Briefing Vers 1.0 11 * * * FOR OFFICIAL USE ONLY * * * Project Activities Summary

Phase 5 Review: Project Digital Delight December 2002 Project Management

Points Of Contact b6 b7C FBI Technical Point of Contact - Developer Point of Contact

Phase 5 Briefing Vers 1.0 12 FOR OFFICIAL USE ONLY * * * Lessons Learned

Phase 5 Review: Project Digital Delight December 2002 Project Management

• Lesson 1. LINUX vs. Microsoft - Limited COTS products and system drivers were available for the LINUX operating system - End users are not familiar with the LINUX operating system

• Lesson 2. Commercial vs. Custom - Commercial collection systems lag behind changes in electronic surveillance features for new switch software releases - Law enforcement needs to maintain an awareness of upcoming switch software releases and surveillance features - DCS-3000 system provides law enforcement with an excellent platform for quickly addressing new surveillance features.

Phase S Briefing Vers 1.0 13 FOR OFFICIAL USE ONLY * * * Lessons Learned Phase 5 Review: Project Digital Delight December 2002 Project Management

• Lesson 3. Liaison

- Liaison activities with telecommunications carriers and equipment manufacturers are important in anticipating changes in the format and delivery of CALEA and CALEA-like information.

- Regional training for FBI personnel and liaison with telecommunications companies are extremely important to the continued success of the FBI's electronic surveillance mission.

Phase 5 Briefing Vers 1.0 14 FOR OFFICIAL USE ONLY * * * Recap Phase 5 Review: Project Digital Delight December 2002 Project Management

• Presented an overview of the project accomplishments

- Concurrence Q • Presented an overview of the Project Closeout Report

- Concurrence • • Reviewed Project activities, control products and technical documents

- Concurrence • • Reviewed Lessons Learned

- Concurrence Q • Authorized Closeout of the project

- Authorized •

Phase 5 Briefing Vers 1.0 15 * * * FOR OFFICIAL USE ONLY * * * Project Digital Delight

• Initiated in January 1997 to develop CALEA-interim ELSUR capabilities for newly-deployed PCS and ESMR networks • Developed DCS-3000 - a new intercept/collection system for new PCS switches (primarily PCS-1900/GSM switches)

PG-16 Project Digital Delight

DCS-3000 is currently deployed in 16 FBI field offices covering:

b2 b7E

PG-17 DCS-3000 System Architecture

b2 b7E

PG-18 Intercept Capabilities

DMS-IOO/GSM switch has real-time pen-register and Title-Ill ELSUR capabilities - Compatible with the DCS-3000 system - Currently, 3nly has implemented these capabilities in 2 MSCs - Atlanta, GA and White Plains, NY - Motorola DAP/MPS switch does not have any ELSUR capabilities

PG-19 Department of Justice Federal Bureau of Investigation

DCS-3000 News

ff$\ Telecommunications Intercept and j^y Collection Technology Unit

October 16, 2005

ALL IHFORM&TIOH COBTAIHED HEEEIH IS OTCLAS3IFIEB DATE 05-29-2007 BY 65179/DHH/K3R/LHF Switch-Based Intercept Team

b6 b7C

2 DCS-3000 News

Topics

DCS-3000 Numbers

PTT Intercepts Valkyrie BW-3000 VoIP Intercepts DCS-3000 News

DCS-3000 Numbers

More thar ntercepts supported by the DCS-3000 in FY2005

b2 b7E 83% Wireless 17% Landline

4 DCS-3000 News

b2 System Architecture b7E

b2 b7E

5 DCS-3000 News

b2 b7E DCS-3000 News

b2 b7E

7 DCS-3000 News

b2 b7E DCS-3000 News

bl b7E Ready I ink DCS-3000 News

Valkyrie

b2 b7E

10 DCS-3000 News

b2 Valkyrie b7E DCS-3000 News : :li^H

BW-3000

Many landline carriers now deploying new GR30 intercept capability h2 and others b7E - CCC delivered via 'dial-out' - CDC delivered via FSK over 'dial-out' Initial DCS-3000 solution depended on Zoom modem - Zoom modem developed by ATU for switch solution verification - Not suited for high density collections SBIT developed BW-3000 for large collection sites - Software based FSK demodulators (up to 8 per system) - Seamless integration with existing collection systems DCS-3000 News VoIP Intercepts

Many common carriers now deploying VoIP subscriber access technologies Some carriers have already embraced CALEA requirements and have intercept solutions available: b2 b7E The solutions deployed by these carriers have forced SBIT to develop a new access model: - CDC and CCC delivery via VPN over the Internet

13 DCS-3000 News VoIP Intercepts

Neustar acts as technical agent • CDC: Cable Labs (~ J-STD-025A) • CCC: UDP/IP (target differentiation by MAC address) b2 b7E Verisign acts as technical agent • CDC: CableLabs • CCC: UDP/IP (target differentiation by UDP port)

Technical issues handled internally S • CDC: CableLabs • CCC: 'Dial Out'

14 DCS-3000 News VoIP Intercepts

b2 b7E

15 DCS-3000 News ". • -^M Under Development

• CCC audio concentrator for DCS-3000 to RW applications - High density VolP-to-Analog delivery system - Multiple intercepted CCCs will be packed onto T-1 circuit for RW input *l IVSELP. AMBE++, and PCM CCCs H ICCCS b2 • LandlineVolPCCCs •I I and other VoIP PTT CCCs

16 \ii»a

17 1 I I +,< 1r.u H, i i I'lij ii "in g|g|j^|iii|i<|]iiiiiq|yl vfjf ||||!||l!| • i j '• . Telecommunication; i nierce and Collection Techno1 . . I n1

Electronic Surveillance in the 21st Century

-JJ-.-H.

ALL IHF0RH1TI0H CONTAIHEB HEKEIH 15 UICLASSIFIED PG-1 DATE 05-29-2007 BY 65179DHH/K3R/LHF ACCESS

COLLECTION

ANALYSIS

PG-2 r ACCESS

^ Interconnection with the 4 switching facilities of the carrier(s) and delivery of the COLLECTION authorized data and/or content to the designated monitoring facility. ANALYSIS

i 1 4 1

PG-3 Support for real time monitoring and the organized ) COLLECTION electronic storage of call content and associated call- related data by commercial applications at field offices. ANALYSIS

PG-4 Key Ete

•--A

ACCESS The application of specialized software tools, against the collected content COLLECTION and/or data, to identify

• i suspects, associations, patterns and other investigative leads. \ ANALYSIS *t.

*

PG-5 I — "I lT~ I 3T W SSBfc Key Elements

ANALYSIS

Link Analysis Keyword Spotting Keyword Searching Voice Recognition Voice Identification

PG-6 I I

PG-7 ,i ' •q-_«l.-4r

*• ~ — - • J -i . iii- i ^*U.l.:...i:.:M

Collection

PG-8 ••I *«*'• Id '•'•'•• •••

."• 1

A b 1 Collection nn. GJCJ

PG-9 o

I i! I Lucent Nortel 5ESS GSM DMS-100

PG-10 Bridged A^Q§j^

I • '-h- -|J- —"- ••*•*• •» *• ••"•-1

Circuit 1 Receive Path Receive Circuit V j J DELIVERY X :.__Y^~"._ -----~-^V- Transmit Path Transmit Circuit \/-....»i" ^

Circuit

PG-11 DELIVERY ---^^-: Receive Path I I Transmit Path :^"_-_-_-_-:"j:j

PG-12 PG-13 Service Pmm$kt G

Incumbent Local Exchange Carrier (ILEC) Competitive Local Exchange Carrier (CLEC) Conventional Cellular wl Personal Communications Services (PCS) Enhanced Specialized Mobile Radio fl| Satellite nternet Telephony (Voice over IP) i ^S **& —a fs<& .-H. -t r; /

CCABABCi&DEFES ln

PG-14 o

i I i|i "|1' i Ij pr ]"p nn-|| 1 I '1 I! Ii "' Ail! ExpTO^i|yg|;< il T II i hHr Mil • liihuiihl—ml I i I In I iiln

- -^MIDWEST """•T*, WIRELESS 1 _-_--'— f f wast*i*tf r-^iH544^ P^ "^ r*^*U» f •Hyi^ii^MAi^i|ii ii |iiii(irja !% DIQIPH p l 1 MM MSMMK

AI s T o u c w PRIMECO

CnCi#t CELLULAR©liEE Si-ri-iitu Suuilmenl FltK-hlu

PG-15 Switda Venders " " -.. 3"T P Jh J. " 'I : • • J.I.I Iil.i.. I 1I1I11 • • ilml 11 lilii • mm • • I.I.. • • lull

b2 b7E

1 J

PG-16 "•|-| ~^B TT" '"m- "ilu

T^fffls5 Tm^mfiim3ff £'~ ?» a":" H

••• • ill lih1 " • "• • —• ••

ASN-1 <"e, fia-% * ** ATM.9/ ; ^ 4fe Basic Rate Interface Serial Port T Authentication ¥ CP/ip 9 Modem Home Locatiotraatirtrnt RegisteDanictar .» I Application layer

RS-232 -**

tSS&* 255.255.255.0

PG-17 Interim PCS Solutions

Electronic Surveillance Technology Section Networks Access Development Unit

PG-18 Topics of Discussion • Broadband PCS • ESMR • Current PCS/ESMR Solutions • DCS 3000 Demo

PG-19 PCS Collection System Architecture

b2 b7E

PG-20 PCS Collection System Architecture

b2 b7E

PG-21 PCS Collection System Architecture

b2 b7E

PG-22 PCS Collection System Architecture

PG-23 Current Switch Capabilities Switch Type Intercept Technique/Delivery Intercept Equipment

b2 b7C

PG-24 DCS-3000 System • DCS-3000 is currently deployed in more than 20 FBI field offices covering: - | - 5 switches - • 3 switches 4 switches -I I- 2 switches b2 b7E - - 8 switches - 2 switches - 5 switches - -4 switches

PG-25 DCS-3000 System Architecture b2 b7E

PG-26 • •

PCS Solutions

Telecommunications Access Program EST-3

PG-27 • •

Topics of Discussion • Broadband PCS I 1 b2 a b7E • Current PCS/ESMR Solutions • DCS 3000

PG-28 DCS-3000 System

• FBI's first CALEA-paradigm intercept/collections system • Windows NT-based Client/Server architecture • Originally developed for PCS/GSM switches

PG-29 DCS-3000 System Currently deployed in more than 40 FBI field offices and 75 MSCs covering:

b2 b7E

PG-30 o •

DCS-3000 Deployments

PG-31 DCS-3000 Intercept/Collection System

b2 b7E

PG-32 Interim PCS Solutions

Electronic Surveillance Technology Section Networks Access Development Unit

PG-33 Topics of Discussion • Broadband PCS • ESMR • Current PCS/ESMR Solutions • DCS 3000 Demo

PG-34 b2 Current Switch Capabilities b7E

PG-35 PCS Collection System Architecture

PG-36 Interim PCS Solutions

Electronic Surveillance Technology Section Networks Access Development Unit

PG-37 Topics of Discussion • Broadband PCS • ESMR • Current PCS/ESMR Solutions • DCS 3000 Demo

PG-38 Current Switch Capabilities Switch Type Intercept Techniaue/Deliverv Intercept Equipment

b2 b7E

^nnaaaifPMM^aHii*

PG-39 DCS-3000 System DCS-3000 is currently deployed in more than 20 FBI field offices covering:

PG-40 PCS Collection System Architecture

PG-41 PCS Solutions

Telecommunications Access Program EST-3

PG-42 Topics of Discussion • Broadband PCS 1 b2 m b7E • Current PCS/ESMR Solutions • DCS 3000 Hands-on Demo

PG-43 DCS-3000 System DCS-3000 is currently deployed in more than 33 FBI field offices covering:

b2 b7E

PG-44 DCS-3000 Deployments

[' ' --{—r -* K f7-k> «-' fe I ' ,1- -, , _ J i , - f—=q rtV

^

PG-45 DCS-3000 Intercept/Collection System b2 b7E

PG-46 United States Department of Justice Federal Bureau of Investigation

Telephone Interception

Y%$\ Telecommunications Intercept and L_y Collection Technology Unit

November 30, 2005

ALL IHFORM&TIOH COHTAIBED HEEEIH 15 UNCLASSIFIED DATE 05-29-2007 BY 65179/DHH/KSR/lHF Topics

• OTD Organization • The Paradigm Shift • DCS-3000and • PTT Interception • VoIP Interception • Local Number Portability • Caller ID Spoofing • Online Resources Operational Technology Division

iilliiililJHilBllll f t X •MBIDl£l*=qti: Slllllfflllllllilllllill spyisiiiiiiii U JB^3..E,'L*"fr^fr llliiilliiiiiiilll

Telecom Audio Technical CALEA ELSURTech | Special Intercept & Advanced Technology Operations imi l«muniHi un Management Projects Collection Telephony Technology Development Coordination Traditional Intercept Model

C.M.P.

TELCO CENTRAL OFFICE rnflW*TTtn^y

: m *» <• u

4 CALEA Intercept Model

FBI OFFICE

SWITCH nirW^iJ

COLLECTION DEVICE (e.g. DCS-3000)

CARRIER PROVISIONING FUNCTION DCS-3000 Numbers

More than intercepts supported by the DCS-3000 in FY2005

b2 b7E 83% Wireless .--<* T^""""* 17% Landline

6 b2 System Architecture b7E

b2 b7E

7 b2 DCS-3000f b7E

b2 b7E • •

b2 b7E VoIP Intercepts

• Many common carriers now deploying VoIP subscriber access technologies • Some carriers have already embraced CALEA requirements and have intercept solutions available: I 1 b2 _ b7E • The solutions deployed by these carriers have forced OTD to develop a new access model: - CDC and CCC delivery via VPN over the Internet • #

Local Number Portability

• Required by the Telecommunications Act of 1996 for landline providers • FCC extended the requirement to wireless carriers in November 2003-WLNP - Permits consumers to switch wireless carriers within the same geographic area while retaining same phone number - In some cases a number can be ported from a landline carrier to a wireless carrier • Creates new challenges for law enforcement - NPA/NXX is not sufficient to determine the subscriber's service provider - Porting is not reported via CALEA messaging. If a target ports during the period of intercept, the collection will be interrupted until the new carrier is identified and served with a court order

11 Local Number Portability

40M

^T • .

30M/^

^f A 20M>/

^^r A 10M .^

3M

I l I I I

12 Local Number Portability

• Neustar Interactive Voice Response (IVR) System - Established by the telecommunications industry to assist law enforcement - Automated dial-up service handles inquires for both landline and wireless numbers

b2 b7E

- Not to be used for FISA/classified target numbers

13 Caller ID

• Developed by Bell Labs • Method of displaying calling party information using the established SS7 data network • Information is passed from the originating (calling) system to the terminating (called) system/switch and then to the called party

14 Caller ID

b2 b7E Caller ID Spoofing

b2 b7E

b2 b7E Taller ID SnnnfiiMF

b2 b7E

17 Caller ID Spoofing

b2 b7E

18 Online Resources

b2 b7E TICTU has many resources available online (Trilogy):

19 Ifr:" • ~- • ••: •• •;:••• • ••::•••• Federal Bureau of Investigation Electronic Surveillance Technology Section s-a_?< Telecommunications Intercept and Collection Technology Unit

TICTU/SBIT Brief Book

Last Update 2006-01-31

ALL IHFOEHiTIOH COIJTAIHED HEEEIH IS DHCLA3SIFIED PG-1 BATE 06-01-2007 EY 65179 dmh/fcsr/lmfi Traditional Wiretap Model

C.M.P. TELCO CENTRAL OFFICE

; JUB '•»**-~i

PG-2 • o GEE) CALEA Wiretap Model

CARRIER PROVISIONING FUNCTION

PG-3 FM iSST* CALEA Wiretap Model

CDC - Call Data Channel • Typically, TCP/IP or X.25 data connection • Transports pen-register and trap/trace information • One CDC per intercept access point (i.e. switch or network) CCC - Call Content Channel • Typically, circuit switched • Transports intercepted content/audio • At least one CCC per target

CALEA CDC and CCC delivered independently

PG-4 DCSnet Backbone Delivery

;SSSJS,,!a,,,,it,,,L,,,Ji.,,E,.,.i; &kiia;J!LJL£.Jii:^

H T-Moblta

H Spin) PCS •VMBfln B3 Map Saver -\ a

^ — , ^^> —wr-u * j^ V

-t * . * J,

> — »

I Denied Tratte -—

PG-5 • • CALEA-Enabled Intercepts

CALEA-based intercepts conducted with more than 50 U.S. carriers in 2005 92% Wireless 8% Landline

b2 b7E

PG-6 FBK CDC Delivery

PG-7 CCC Delivery

b2 b7E

PG-8 DCS 3000[

b2 b7E

PG-9 VoBro Experiences \ XtlMMMIII«BinniMIMMMBBMW^MllilMMahimiWiiy Many common carriers now deploying VoIP and VoP subscriber access technologies Some carriers have already embraced CALEA requirements and have intercept solutions available: b2 b7E

The solutions deployed by these carriers have forced the FBI to develop a new access model. It - CDC and CCC delivery via VPN over the Internet

PG 10| I'f-ir7'",?!"^! I••' +*XJ -i-^ i~ «?"*I -• <• • > .- I L i f J VoBro Experiences j

b2 b7E

PG 11 £^Mys^i?f -f m •»• m> m* •• •- ^ »« i IT "r" im mm <™ mm -PI'"«HIP»«I

VoBro Experiences j b2 b7E

PG 12 *3LiIT<

PG-13 In/Out j

b2 b7E

|]QjF'

PG-14