Exploiting US/UK/CAN Phone Numbers — In Compliance with USSID-18 Policy

DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL (S//SI) Exploiting US/UK/CAN Phone Numbers -- In Compliance with USSID-18 Policy FROM: Co-lead VoIP Normalization Working Group (S2S1) Run Date: 01/18/2006 (S//SI) "Pick Your Own Number" services pose many SIGINT challenges. The USSID-18 (USSID SP0018) question, however, has been resolved. (U//FOUO) Have you ever traveled overseas and wanted to make a cheap long distance call back home? Have you seen the catchy commercials about the new Vonage telephony service? Our favorite is the one with the husband dancing around in the background while the wife brags about how she installed Vonage service in a few minutes. (S) Have you ever noticed unusual North American or United Kingdom phone numbers in your metadata but you know your collection is on an Iraqi link? Now you ask... how do cheap phone service, a Vonage commercial and North American and UK phone numbers in my Iraqi collection relate? (U//FOUO) Vonage is an increasingly popular Internet telephony service also known as a "Pick Your Own Number" (PYON) service. PYON services, such as Vonage and Deltathree, are exploding in the global environment as inexpensive and alternative service providers to the fixed line telephone networks. Vonage, a US-based company, offers IP telephony service to customers worldwide. The beauty of Vonage is that it allows customers - regardless of the customer's location - to choose a phone number within a numbering plan area (area code) almost anywhere within the US. Vonage also offers phone numbers - and continues to expand service - in the UK and Canada. (U//FOUO) In addition to the ability for customers to select their own phone number, the phone number and service are portable. The portability allows customers to carry their number with them to another city, state, country, or even continent. Thus, a target may be physically located in Iraq but have a US or UK phone number. (S//SI) The SIGINT challenges presented by PYON are many. The most significant challenge is enabling exploitation of a valid foreign target using a PYON number. To the SIGINT system, a PYON number looks like a US number and USSID-18 (now USSID SP0018) protection rules are applied. The phone number is minimized upon presentation in Fascia and restricted from contact chaining through connected numbers in Mainway. In other words, SIGINT Development is hindered as analysts may be able to connect to a Vonage number but unable to chain through the number to connect to other numbers. To exploit the number, analysts must identify the phone number on a foreign link and input the number into a "maximize" list. (S//SI) Another challenge is developing methods by which to categorize foreign PYON services on a broad scale to avoid the labor-intensive task of individually isolating the phone numbers on foreign links and inputting numbers on a non-restrictive list for further exploitation. More importantly, the mobility and random distribution of UK, CAN, and US phone numbers can easily obscure the target's physical location. (S//SI) Because of the legal ramifications presented by exploiting these phone numbers, the VoIP Normalization Working Group (VNWG) developed methods to automate the process of extracting the phone numbers in compliance with USSID-18 regulations. The VNWG met with the Office of General Counsel (OGC) to secure approval for the process and seek guidance for further SIGDEV of PYON services. As a result of the VNWG's carefully detailed methods for identifying the foreign status of the phone numbers, OGC stated (in short) as long as the phone numbers are identified on foreign links, then isolated as a PYON service, the phone numbers can be classified as foreign and not granted USSID-18

protection. (See the footnote for a full explanation.) Consequently, with the legalities out of the way, analysts can now begin determining more efficient methods to exploit PYON services. (TS//SI) How relevant is PYON service to SIGINT targets? To date here are the countries in which PYON US/UK/CAN phone numbers have been identified in SIGINT: Iran, Iraq, India, Kuwait, UAE, Pakistan, Bahrain, Qatar, Oman, and Sri Lanka. Could your target be using a PYON service? (TS//SI) POC info: the VoIP Normalization Working Group can be contacted through the Global Network Development Activity (GNDA). (For more in-depth reading the subject, see "Pick Your Own Number" VoIP Services by .) (S//SI) Footnote: As a result of the VNWG's carefully detailed methods for identifying the foreign status of the phone numbers, OGC has stated if the PYON phone numbers are identified on foreign links, then isolated as a PYON service, the phone numbers may be classified as foreign and not granted USSID SP0018 protection. Of course, if an analyst subsequently becomes aware of information that would lead to a reasonable belief that a Vonage user located outside the United States is a US person, this presumption would no longer be valid, and collection, retention and dissemination of any information to/from/about that US person would need to be handled in accordance with the relevant portions of USSID SP0018. Analysts must always ensure compliance with USSID SP0018. "(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet without the consent of S0121 (DL sid_comms)." DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108