EXCLUSIVE: newly released FBI document reveals phone intercept preparation procedures
ELSUR= Electronic Surveillance.
The Electronic Frontier Foundation has just published a motherlode of technology-related national security documents it has obtained via a series of Freedom of Information Act requests.
I've been poring over these documents. One especially caught my eye. It bears the title of "Interim Solutions for Telecommunications Intercepts," and has been issued by the U.S. Federal Bureau of Investigation.
I flipped through this 112-page PDF until I reached pages 30 and 31. It was there that I found two detailed flow charts that explain the FBI's procedures for preparing to intercept phone calls.
If you've come this far with me, I know you are interested. So lets look at each page and we'll explore what the included information means.
What we see here is a procedure that involves:
Acquisition and installation of DCS-3000 software to aid in interception activities;
Identification of the carrier or carriers likely to serve the territory where the call or calls to be interecepted are located;
Familiarization with the specific interconnection characteristics of the carrier's network;
Coordinating technical and legal permission levels and procedures to greenlight the intercept;
Ensure the equipment location, power supply management, as well as access and security measures that are to be implemented as part of the intercept(s).
Not shown, but on the same page; identifying the hardware and software (workstations, routers, cables) necessary to perform the intercepts.
But that's just for starters. Let's look at page 31 of this document, and see where an FBI call intercept effort would carry forward from the steps I have just outlined.
Next, the intercepting agency would need to confirm the connections, as well as order the interconnect circuits;
Identification and authentication of IP addresses for Ethernet and serial ports on routers would come next;
Installation of monitoring facility hardware and software would be performed, in tandem with the service provider who carries the calls that would need to be intercepted;
Carrier facility hardware installaiton would come next, ideally with human management procedures nailed down.
Finally, before the intercept procedures actually go live, connectivity and handset-based testing procedures need to be initiated and then evaluated.
Hopefully, the actual intercepts that flow from the preparatory steps I have outlined will catch some real bad guys.