Vice President of Verint Systems Inc., Todd McDermott’s primary focus is on U.S. carrier surveillance market and specialized access and delivery systems. He informs major switch manufacturers about surveillance solutions, and exploring future trends and technological developments. He also interacts with numerous law enforcement agencies and telecom service providers and provides engineering services to assist with the development of COLEA solutions (the U.S. lawful access provisions). McDermott is a retired RCMP officer who led all the research and development in support of technical aspects in support of electronic aspects of surveillance equipment and systems throughout Canada for around 15 years. He’s acted as an expert witness on all aspects of electronic surveillance, chaired a Canadian law enforcement committee on electronic surveillance, and hosted and chaired the annual Internet snow law enforcement committee on electronic surveillance. He provides the law enforcement perspective on the Canadian ‘Lawful Access’ proposals.
I am now in private business and making money on Lawful Access so this may seem a little bit biased.
One of my jobs in the RCMP was to create technical means to conduct electronic surveillance….to provide the means to intercept packet communications. The reason is predicated on the fact that the investigations these are being used on are very high profile: drug trafficking, murders, organized crime. The whole security umbrella falls under this type of investigative technique. The type of investigation is one that’s used as a last ditch effort. You look at parts of the Criminal Code of Canada, and US legislation…when law enforcement goes to seek the authorization to do a wire-tap they have to prove to the court that they have exhausted all conventional means of investigation before they can potentially seek a wire tap.
They can’t just go…there’s no fishing expeditions allowed with the existing legislation both in Canada and the U.S. And I don’t see that changing ever. Because there are a lot of strict regulations that you have to meet before you can go ahead with seeking the order. It’s a very successful investigative tool.
As one of my major functions in the RCMP, I was involved in electronic surveillance. I saw a lot of wiretaps in action and it’s a very difficult thing to conduct. It’s very manpower intensive and there’s a lot of work that has to be done associated to creating evidence. Lawful access is the beginning of the road.
The end point is evidence…evidence that you can bring to court and use for prosecution. And that’s the intent. It’s not to go out and listen to everybody’s calls, because they don’t care if you’re calling Pizza Pizza. They are trying to get that smoking gun evidence that they can bring into court so that they can get a conviction. The Canadian government activities (Phillipa has a slide on this)….again, I’m not from PSEPC.
I know, obviously, what PSEP has put forward with respect to the consultative process, and my personal feeling as a Canadian is…and seeing what happened with U.S. legislation and seeing how COLEA evolved into a feeling of dictatorial legislation levied on carriers, I think bringing carriers – or the constituents, the people who will be affected by the legislation as well as privacy advocates and privacy groups – into the fold to get preliminary comment, is something that wasn’t done in the U.S. and it created a large stalemate from Day 1 when COLEA was enacted.
I think the process we’re doing is fair. It’s interesting that they’re seeking industry comments to ensure there’s nothing industry would see as a result of legislation…there’s no surprises. And I think that’s important to all the carrier constituents and to the entire telecom industry in Canada. You don’t want to see a surprise requirement pop out of a legislation put forward. That’s going to cost you big bucks.
If anyone’s followed CALEA, they gave $500 million US, to try and reimburse the costs of doing CALEA. There’s still US$20 million sitting in that fund, 11 years later. Because to get the money out of the government is like getting money out of any government. I used to get money out of the government – it’s not that easy. It was a good idea to create a methodology to reimburse. But that was part of the dictatorial sense. You’re going to do it. And we’ve got some cash. Was that the best idea. Everybody in this room, including myself, will say: “No, perhaps there are better ways to do it.”
The new Act in Canada is being considered – along with company regulations etc – to be universal across telecom carriers: wireless, wireline, satellite etc. That’s also very important. There can’t be any competitive advantage or disadvantage created by this type of legislation activity. Obviously the technology will be a little bit different, but the high-level requirements should be the same.
The intent of the legislation is to try to shift the cost of trying to build and maintain the infrastructure necessary, and to make sure that costs are reasonable.
Obviously the intent here as far as I’m concerned – as a vendor of this type of equipment who would sell to the Bell Canadas, the wireless carriers, the ISPs, the cable carriers – is trying to be fair.
Lawful access challenges
The first bullet is up there because this was my job. My job in the RCMP in nine years of service was to try to figure out how to overcome technological burdens that would impact lawful access. When I started doing lawful intercepts the most technologically advanced problem I had was touchtone telephones (DTMS). Because 60 per cent Canadians were still using rotary pulse dialing, which was a mechanical-electrical thing…when the digital world came that became more difficult than touchtone.
I hate to make an analogy with CALEA, because everyone hates it. But 11 years later, I can say that my customer carriers in the U.S. market have made the transition from fighting the requirement to put lawful access in to making it a mandatory thing…as mandatory as 911 services. Some of my major Tier 1 carriers will not launch any commercial services without the ability to provide lawful access.
I personally feel that the whole point of CALEA was to get to this point where the carriers, the manufacturers…the Nortels, the Ciscos of the world, the Lucents, the Junipers are thinking about it in the back of their minds. Because – and as an engineer I can attest to this – it is much more cost-effective to engineer a solution in with the engineering of the system rather than trying to retrofit a lawful access system into that later.
Worldwide trends
Just relating to lawful access…intercept capability implementations in Australia, France, Germany, U.K. New Zealand, the U.S….there are regulations for legislation that mandate the carriers, before they can offer commercial service, to have lawful access; and to be able to demonstrate lawful access to whoever the regulatory bodies are.
So it’s not something unique that Canada is trying to attempt. It’s something that’s been done in many countries around the world.
It’s predicated (on the previous slide) on technological advances creating the challenges and the inability to conduct lawful intercepts. And I can testify to the fact that the first people to buy cell phones (which were $3K bricks) were the bad guys.
I remember doing one case in Montreal and his job was to drive around in his car and make all his drug deals from his 3K cell phone. Because he knew without a shadow of a doubt that law enforcement could not intercept those communications. His only reason for that 3K investment was to undermine the capabilities of law enforcement.
That has never changed. There are a lot more newspaper articles about Al-Queida using emails to communicate. These are all things we take for granted. There is serious technological turmoil that security services have to undergo to intercept those emails.
Lawful access standards
The telecom industry has published a standard called the J (??) standard. If you follow any of this COLEA stuff, you know the Chase standard. The interesting revolution created by the TIA is that they are now adopting European standards for things like VoIP. They have decided not to reinvent the wheel.
They are using pre-developed standards from EDSI and other associations around the world and they are embodying those into domestic standards for North America.
Manufacturers – like me… our business is to make technology that does this. We provide equipment to around 25 countries around the world to be able to provide lawful access, based on domestic requirements, Canada being the same.
Is there a technological challenge to this that would necessarily undermine the Government of Canada or [allow us to] make an exorbitant amount of money? I wish for the second, because the stock in my company would go up. Realistically speaking a lot of the solutions that could be deployed by the carriers in Canada are pretty much off the shelf, because they are deployed in Europe. We just have to change them from 220 volts to 110. That’s just changing the connector on the electrical supply.
Solutions are being developed now for next-generation technologies like 3G, VoIP, VoIP over cable, broadband access, broadband data services…there are standards being developed to address technologies like 3G and CDMA.
There’s also competition in this market. I have competitors. I don’t have a monopoly in this market. That makes [a carrier like] Bell Canada very happy. Because they know now that people will compete for their business. They get the best bang for the buck. So [solutions] are going to be critically looked at by carriers. Because there are solutions that are engineered to meet their operational requirements and will lead them to future technologies. Because that’s where the evolution is going.