IETF taking on 911 problem within VoIP

PROGRESS REPORT: ECRIT

The Internet engineering community is making progress on the thorny issue of how best to route emergency communications such as 911 calls over the Internet.

This yearlong effort is important for companies and government agencies that are migrating to VoIP and must ensure that police and firefighters can locate and respond to 911 calls placed from IP phones in their office buildings.

The IETF hopes to have a technical solution for the 911 problem ready for testing by year-end. The IETF effort is called ECRIT for Emergency Context Resolution with Internet Technologies.

"From a societal perspective, ECRIT is one of the most important problems that the IETF is undertaking right now," says Henning Schulzrinne, chair of the department of computer science at Columbia University and author of several documents under consideration by the ECRIT working group.

The ECRIT effort will have a major impact on service providers, which will bear most of the cost required to retrofit IP networks to determine the location of IP-based 911 calls and deliver them to the closest emergency call center. Experts anticipate upgrades for ECRIT will cost wireline and wireless carriers millions of dollars, which they can recoup from consumers.

"Nobody is expecting carriers to do this for free," Schulzrinne says. "They are already collecting money for 911 services. . . . They'll have to spend some money, but there is a funding stream available."

The Public Switched Telephone Network is configured to recognize numbers such as 911 as a call for emergency services. Carriers know the physical location of the originator of these calls.

The Internet, however, was not designed with emergency communications in mind. Until last November, VoIP service providers were not required by law to provide 911 services.

"What consumers don't know is that if you buy a VoIP system, you may not be connected to the 911 system. It's on a case-by-case basis," explains Greg Rohde, executive director of the E911 Institute in Washington, D.C. "The situation with VoIP is that providers started offering service to customers without any requirement that they connect to 911. . . . Now we're in the process of bootstrapping the system."

The FCC issued an order last June that gave VoIP carriers until Nov. 28, 2005, to provide 911 services.

"No carriers are 100% compliant yet," Rohde says. "A lot of credit is due the VoIP carriers, who have been doing a massive effort over the last six months to meet the FCC order."

What the ECRIT working group will provide is a standard approach to handling IP-based emergency calls. The IETF approach will support not only voice calls made over the Internet but also text messaging and video transmissions.

"There's a definite need for a standards-based approach to this problem," Rohde says. "It would have been nice if it was done a couple years ago, but it's still incredibly important work."

The ECRIT group plans to produce documents that outline requirements, terminology and security issues. The documents will explain how to identify IP-based emergency calls, how to associate these calls with physical locations, how to route them based on physical locations, and how to discover the media stream types available from the caller.

The stickiest point is how to map IP-based emergency calls from a particular geographic location to the nearest public safety call center. The working group is debating whether to use a protocol developed by domain name registries or Web services to handle this mapping function.

This is how ECRIT will work: When an IP phone dials 911, the IP phone will obtain its location information, such as a street address or office number. The IP phone will query a database using a new mapping protocol that will take its location information and find the appropriate emergency call center. The IP phone will then place a call to that emergency call center. The call will be marked so that IP equipment can recognize it as an emergency call and route it correctly. The emergency call center will receive the IP-based 911 call along with the location of the caller.

One new development with ECRIT is the creation of a global identifier for emergency calls such as 911 in the United States or 112 in Germany.

"There are over 60 emergency calls globally, and we need to converge them into one identifier," explains Marc Linsner, chair of the ECRIT working group and a consulting engineer with Cisco. "If a person comes from Europe to the U.S., he can call for emergency services on his IP cell phone. All routing identities will identify the emergency call and flag it."

Many components at the edges of IP networks must be upgraded to support ECRIT. IP phones must be enhanced to acquire their location information. They will pass that location information on to call routing proxy servers, run by service providers, which must be upgraded to support the new ECRIT mapping protocol. Emergency call centers also must be upgraded to receive IP-based calls.

"The major component that will require the most investment is on the ISP side because they have to provide the location information," Schulzrinne says. "The system is not going to work unless the ISP is able to hand the customers information about where they are currently. Service providers know this information today because they send out bills and repair crews, but now they will have to share that information."

ECRIT is designed for enterprises, too. Companies that run VoIP systems will need to upgrade their IP phones and IP PBXs to handle ECRIT. They'll also need to create a database with the location of every IP address on their networks.

"My advice to enterprise IT managers is to make sure your wiring database is in good shape," Schulzrinne says. "You need to know which Ethernet jack and which port is in each office."

Jon Peterson, a NeuStar fellow and a member of the IETF leadership who is advising the ECRIT working group, says enterprises may end up using DHCP to acquire the physical locations of IP addresses. "It's very simple to provide DHCP mapping to push location information down to the phone," Peterson says.

Until ECRIT standards are available, service providers and enterprises are using proprietary workarounds to handle emergency calls over IP networks.

"We sell a service today where we offer an API, and the VoIP service provider hooks up to us. They give the 911 call to us, and we give the mapping information back to them," says Roger Marshall, editor of one of the ECRIT working group documents and senior member of the technical staff at TeleCommunications Systems, which supports Vonage and other VoIP carriers.

"ECRIT comes up with a more standard way to identify a [Public Safety Answer Point], one with less variability in options and one that is more ubiquitous. And ECRIT is scalable to a global level compared to what is available today," Marshall says.

The Food and Drug Administration (FDA) uses Cisco's Emergency Responder System on its White Oak Campus in Montgomery County, Md. The system alerts on-campus security staff as well as the county's emergency call center when a 911 call is made from the all-VoIP White Oak buildings.

Glenn Rogers, deputy CIO of the FDA, says three things happen when a 911 call is made from the campus: An e-mail is sent to designated personnel with information about the user, phone number and location of the caller; the system places a phone call to on-campus designated phone numbers and informs personnel of the extension where the call was made; and an alert pops up on the monitoring system that security personnel access. This alert must be acknowledged before it will stop the notification process.

Rogers says the ECRIT standards "are important, but the challenge for determining a physical location is great for those who use [wireless] LAN cards in laptops or if it is dependent on the user keeping their location information updated on their home PCs."

IETF leaders say it will be several years before ECRIT systems are widely deployed.

"This is not something that is going to get changed overnight," Peterson says. "What we're trying to do is focus on the pieces of the puzzle that we know are going to need to be there."

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies