Chal­lenges for Law­ful Mon­i­tor­ing

The call of the day is to shift from a de­cen­tral­ized to cen­tral­ized law­ful mon­i­tor­ing sys­tem for in­creased se­cu­rity and bet­ter man­age­ment of data

Voice&Data - - LAWFUL MONITORING - Lalit Chan­dak

Over the last decade, the very na­ture of law­ful mon­i­tor­ing has changed in In­dia—mov­ing from a struc­tured con­tent (sig­nal­ing, phone records) to an un­struc­tured con­tent (web pages, emails, IM con­ver­sa­tions). This leads to a rad­i­cally dif­fer­ent par­a­digm in­volv­ing mas­sive data stor­age and anal­y­sis that ne­ces­si­tates cen­tral­ized de­ploy­ment in re­sponse to this fun­da­men­tal change.

The Chal­lenges

Tra­di­tional data­base-driven BI so­lu­tions do not re­flect the quan­tum leap in data anal­y­sis that has been trig­gered in the past few years by the mon­u­men­tal growth of Web 2.0 and cloud com­put­ing, man­i­fested in the sci­en­tific and tech­ni­cal con­tri­bu­tions of Google, Face­book, and Ya­hoo! to tackle big data. These com­pa­nies have fun­da­men­tally changed the way quan­ti­ta­tive anal­y­sis can be per­formed on gi­gan­tic data sets.

Com­mu­ni­ca­tions is the so­cial fab­ric that binds peo­ple to­gether. Us­ing tech- nol­ogy, talk­ing, meet­ing, chat­ting, and email have be­come the ba­sic el­e­ments of a so­cial net­work. Cur­rently, de­ployed com­mu­ni­ca­tion mon­i­tor­ing sys­tems cap­ture bits and bytes or­phaned from the re­la­tion­ships that should in­her­ently also be de­scribed to put to­gether con­ver­sa­tion threads with mo­bile phone lo­ca­tions that pro­vide for con­text.

Ap­ply­ing So­cial An­a­lyt­ics

What is needed to­day is so­cial an­a­lyt­ics that ap­plies so­cial sci­ence to mas­sive data sets us­ing data-in­ten­sive su­per­com­put­ing meth­ods for sta­tis­ti­cal anal­y­sis us­ing mas­sively scal­able com­puter-stor­age clus­ters, where the core on an open plat­form is flooded with petabytes of data on a daily ba­sis. This will also lead to the use of pre­dic­tive an­a­lyt­ics. Use of such tech­niques would lead to, for ex­am­ple, the fol­low­ing ap­pli­ca­tions:

Through a se­ries of it­er­a­tions across the en­tire data set of com­mu­ni­ca­tions, cap­tured data records could help to de­fine a so­cial graph—a way to de­scribe the con- nec­tions that bind peo­ple to­gether. Un­like link anal­y­sis, this leads to defin­ing and struc­tur­ing re­la­tion­ships au­to­mat­i­cally over time that can help to de­tect pop­u­lar­ity, al­pha nodes in a group, anti-so­cial be­hav­ior in clus­ters, de­grees of sep­a­ra­tion be­tween 2 tar­gets, iden­tify their as­so­ci­ates, and more.

Us­ing so­phis­ti­cated iden­tity res­o­lu­tion process, it is also pos­si­ble to cor­re­late phones with sim­i­lar call­ing pat­terns and as­so­ci­ate them to a sin­gle iden­tity.

Cap­tured calls can help to gen­er­ate voice sig­na­tures, which can then use pat­tern-match­ing al­go­rithms to de­tect call­ers us­ing mul­ti­ple SIM cards or across dif­fer­ent me­dia (VOIP) and as­so­ci­ate them to the same node in the so­cial net­work.

Quan­tum Leap Re­quired

To law­fully mon­i­tor such com­mu­ni­ca­tions, the sur­veil­lance in­dus­try to­day needs a quan­tum leap in ca­pa­bil­i­ties to ad­dress the fol­low­ing 7 emerg­ing trends:

Mas­sive growth in voice/mo­bile net­works and ex­plo­sion of the in­ter­net

Daunt­ing chal­lenge to col­lect, store,

and an­a­lyze the im­mense amount of traf­fic travers­ing these net­works

Ex­tract­ing mean­ing­ful in­tel­li­gence from a con­stantly grow­ing sea of data through new ap­pli­ca­tions, viz. Twit­ter, Face­book, ipad, etc

The grad­ual push to­wards the need for a pre­dic­tive be­hav­ioral anal­y­sis

Lack of prod­uct dif­fer­en­ti­a­tion and trans­parency be­tween ven­dors as the LI in­dus­try moves to­wards com­modi­ti­za­tion, fierce com­pe­ti­tion, and tech­no­log­i­cal stag­na­tion

Rise of cloud com­put­ing, open source tech­nolo­gies, and in­creas­ing power of com­mod­ity hard­ware with po­ten­tial to re­place ven­dor-spe­cific pro­pri­etary black boxes

Emer­gence of clus­ters of COTS GPUen­hanced servers re­plac­ing mono­lithic su­per­com­put­ers in HPC ap­pli­ca­tions for the de­fense in­dus­try Con­se­quently, an ideal mon­i­tor­ing sys­tem should be cen­tral­ized and aim for the fol­low­ing:

Be ven­dor neu­tral and de­signed to ac­cept in­puts from any sys­tem

Ex­port data in any doc­u­mented for­mat to an ex­ter­nal sys­tem free of ven­dor con­straints

Source code as a part of knowl­edge trans­fer

API spec­i­fied to ac­cept in­puts and out­puts to/from the third party sys­tems

Be cen­tral­ized for meet­ing data pro­cess­ing needs of all se­cu­rity agen­cies

The vi­sion for such a cen­tral­ized sys­tem should be that of a sin­gle, im­mensely scal­able sys­tem ca­pa­ble of col­lect­ing, stor­ing, and man­ag­ing up to petabytes of data, which al­lows for a real-time anal­y­sis and ex­trac­tion of in­tel­li­gence and in­for­ma­tion from across a vast num­ber of dif­fer­ent data types—voice calls, web pages, mo­bile call, VOIP, SMS, in­stant mes­sen­ger con­ver­sa­tions, in­ter­ac­tions in vir­tual worlds, and emails.

But so far in In­dia, we con­tinue to pro­mote de­ploy­ment of var­i­ous makes of law­ful mon­i­tor­ing so­lu­tions se­lected by our op­er­a­tors, which are not de­signed to sup­port the above chang­ing de­mand for han­dling un­struc­tured con­tent, pro­cess­ing large amount of data or sup­port­ing

The vi­sion for such a cen­tral­ized sys­tem should be that of a sin­gle, im­mensely scal­able sys­tem ca­pa­ble of col­lect­ing, stor­ing, and man­ag­ing up to petabytes of data

a cen­tral­ized sys­tem. Con­se­quently, in a dy­nam­i­cally chang­ing com­mu­ni­ca­tion environmen­t, our LEAS con­tinue to face many hand­i­caps in meet­ing our national se­cu­rity re­quire­ments.

Cur­rent De­ploy­ment Hand­i­caps

Ad­van­tages of pro­posed cen­tral­ized de­ploy­ment vis-à-vis the hand­i­caps be­ing faced with cur­rently de­ployed de­cen­tral­ized law­ful mon­i­tor­ing are as pro­vided in the box:

Pro­cure­ment Process Needs a Rad­i­cal Change

The cur­rent pro­cure­ment of law­ful mon­i­tor­ing is done in­di­vid­u­ally by each op­er­a­tor and each such de­ploy­ment is ap­proved by the DOT fol­low­ing in­stal­la­tion. Since such in­vest­ment gives no re­turns, op­er­a­tors end up mak­ing pur­chases that just about passes the de­fined re­quire­ments. This re­sults in LI de­ploy­ments with dis­ad­van­tages as stated above.

At the same time, where mon­i­tor­ing cen­ter needs to be avail­able with the LEAS, in its ab­sence, its func­tion­al­i­ties are of­ten pushed on to the op­er­a­tor for stor­age and ren­der­ing, which at times com­pro­mises se­cu­rity. Most LEAS do not pos­sess modern mon­i­tor­ing cen­ters that can de­ci­pher—in near real-time—modern means of com­mu­ni­ca­tions.

In some sit­u­a­tions, with the pur­pose of in­di­g­e­niza­tion and avoid­ing a ten­der process of pur­chase, the govern­ment de­pends on C-DOT to meet its re­quire­ments for law­ful mon­i­tor­ing, which works at rein­vent­ing the wheel in a man­ner where their of­fer­ing is of­ten not bench­marked against any in­ter­na­tional stan­dards, viz. in case of IP mon­i­tor­ing de­ployed exclusivel­y by all In­dian ISP op­er­a­tors.

Also, all govern­ment pur­chases from the mar­ket are done through a pub­lic ten­der­ing process that lacks se­crecy and con­fi­den­tial­ity and of­ten re­sults in pur­chase of equip­ment and so­lu­tions at the low­est price, which do not fully meet the se­cu­rity needs.

To over­come these hand­i­caps, the whole pro­cure­ment process for law­ful mon­i­tor­ing needs to be re­de­fined. First, a ros­ter of ven­dors should be pre­pared who have a large ex­pe­ri­ence in pro­vid­ing such law­ful mon­i­tor­ing so­lu­tions glob­ally. Such ven­dors should be legally bound to se­crecy and con­fi­den­tial­ity and there­after the felt tech­nol­ogy based needs for national se­cu­rity should be dis­cussed with them for pro­cure­ment. Only ven­dors who can meet the pre-de­fined re­quire­ments of me­di­a­tion plat­form with stan­dard­ized out­puts (as per ETSI) for in­te­gra­tion with a Cen­tral­ized Mon­i­tor­ing Sys­tem (CMS) should be put through a TEC test process and then short­listed for in­ter­ac­tion with the In­dian op­er­a­tors.

Tiered Struc­ture

Ad­di­tion­ally, the govern­ment should set up a 2-tiered struc­ture as stated be­low:

With the ob­jec­tive of de­ploy­ment, uni­form me­di­a­tion plat­forms for law­ful mon­i­tor­ing by each CSP, a National Se­cu­rity Coun­cil should be set up, of which

For more re­lated ar­ti­cles go to voicen­

each op­er­a­tor’s CTO is a nom­i­nated mem­ber who is re­spon­si­ble for de­ploy­ing a full com­pli­ant me­di­a­tion so­lu­tion on his net­work sourced from any ap­proved ven­dor as stated above. Each CSP funds the de­ploy­ment of the me­di­a­tion plat­form on its net­work that pro­vides ETSI stan­dard based out­puts to CMS.

With the ob­jec­tive of de­ploy­ing and man­ag­ing all me­di­ated con­tent com­ing from each CSP, set up a National Se­cu­rity Au­thor­ity (NSA) for man­ag­ing CMS, which is funded by the govern­ment and will fully man­age an im­mensely scal­able sys­tem pri­vate cloud sys­tem ca­pa­ble of col­lect­ing, stor­ing, and man­ag­ing up to petabytes of data. Se­cu­rity agen­cies should have full ac­cess to NSA’S ser­vices.

De­ploy­ment of CMS

Un­der the above pro­posed pro­cure­ment process, we en­vi­sion the de­ploy­ment of CMS in 3 tiers in In­dia:

National Hub: Lo­cated cen­trally at Delhi (with full re­dun­dancy at an­other lo­ca­tion in In­dia for dis­as­ter re­cov­ery) to which all rel­e­vant data will be back­hauled.

State Hub: Data col­lected from each site in each state will be back­hauled to the state hub, which in turn will be con­nected to the national hub via a WAN.

Site Nodes: Lo­cated at each col­lec­tion point with each op­er­a­tor. These col­lect data from the op­er­a­tor, per­form min­i­mal pro­cess­ing (time stamp, etc) en­crypts, and then back­hauls data on an even­tual con­sis­tency model back to the state hub.

Us­ing Ven­dor Equip­ment

Use of ven­dor-pro­pri­etary equip­ment in this model would be lim­ited to the col­lec­tion de­vices at some of the op­er­a­tors’ site nodes with rest of the sys­tem for CMS be­ing on an open plat­form.

In the next is­sue, I wish to elab­o­rate on the tech­ni­cal ar­chi­tec­ture that we should be work­ing to­wards for en­hanc­ing the se­cu­rity of our coun­try. The author is pres­i­dent,

Span Tech­nolo­gies vad­mail@cy­ber­me­

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.