This morning the Electronic Frontier Foundation will be releasing the first installment of many hundreds of scanned pages concerning the FBI's DCS-3000 surveillance Data Collection System. Most of the documents, which were obtained through a Freedom of Information Act (FOIA) lawsuit filed by the EFF, are heavily (almost laughably) redacted user manuals and internal FBI memos, with many pages almost entirely devoid of text. Nonetheless, what remains provides a rare, if fragmented and cryptic, glimpse of the state of FBI surveillance technology in general and CALEA wiretapping in particular.
Ryan Singel has a nice summary of the documents in his article on Wired's web site. It will take time to digest the huge volume of incomplete and jargon-laden material in the documents, but interesting tidbits emerge even from a cursory reading.
Contrary to previous speculation, DCS-3000 is much more than an updated version of the FBI's Carnivore Internet interception and collection device first disclosed seven years ago. Instead, the DCS system appears to be a comprehensive software suite for managing and collecting data from a variety of Title III (law enforcement) surveillance technologies, including Internet wiretaps, wireline voice telephony, cellular, "push-to-talk", and maybe others. The system provides a single interface for managing and collecting evidence from all the different kinds of wiretaps the FBI uses, connected via a "DCSNet" for getting tapped traffic to any FBI field office in the US. There are references to several other FBI systems as well, most notably the Bureau's ill-fated Trilogy case management system, and also something called DCS-5000, which is described as an analogous system for managing FISA (national security) taps. The software is definitely large and complex -- there are mentions of multi-week training courses for the agents who use it.
That complexity itself raises some difficult security questions. As my colleague Steve Bellovin points out, the new documents suggest that the FBI may have failed to adequately secure the system against an insider threat. But aside from the usual risks that the software could be subverted or abused, in a wiretapping system there's also the problem of ensuring that intercepted evidence is faithfully recorded. And that, it turns out, can be harder than it sounds.
Two years ago, my graduate students and I discovered basic flaws in the in-band signaling mechanisms used for many years in older analog voice telephone wiretaps. The flaws allow a wiretap target to interfere with a phone tap by playing special tones that cause interception equipment to shut down prematurely or record misleading call data. We speculated, based on the documents available to us then, that the CALEA-based interception system now used by the FBI might suffer from similar problems. The FBI denied this at the time, claiming that only a few systems remain vulnerable to our attacks. But sure enough, the EFF's new documents refer in several places to continued support for in-band "C-tone" signaling in voice line taps (for example, on page 53 of this pdf document). No doubt, these features were included to provide backward compatibility with older equipment. And the result is backward compatibility with older bugs.