Having written several of these systems, there is nothing special about this software (NP databases). They maintain records of where a phone number is homed, nothing else. There is more information in the white pages.<p>In fact, NP databases typically won't have access to all phone numbers anyways, only those for customers who have changed providers. Everything else would be covered by the default routing rules.<p>In the US, the central database is not involved in call control (I've never seen a design that was). Since phone companies are very risk averse, they don't generally allow software they don't control into the middle of their interactions with the customer. Phone companies will have their own mirrors of the database and purchase (typically bespoke, typically outsourced) systems to perform the in-call lookups.<p>Reading up how the US works, it's an exception based system, with records only for ported numbers [1]. A typical record will look like:<p>(408) 555 1212 -> (715) 555 1212<p>The destination number is not a phone number, and has the granularity of a single switch. No names, or anything else.<p>I'm guessing this isn't about information leakage, because there's no information to leak. This isn't about DOS because the national database isn't involved in call control. This isn't about serving warrants either, it's operated locally.<p>I can only imagine that this is a trade barrier masquerading as security, since switch software is produced offshore, and that's riskier.<p>[1]<a href="https://www.npac.com/number-portability/how-lnp-works" rel="nofollow">https://www.npac.com/number-portability/how-lnp-works</a>
> Now Telcordia, a Swedish-owned firm, is being compelled to rewrite the database computer code — a massive undertaking — to assuage concerns from officials at the FBI and Federal Communications Commission that foreign citizens had access to the project. These officials fear that if other countries gain access to the code, they could reap a counterintelligence bonanza, learning the targets of U.S. law enforcement and espionage investigations.<p>I hope they didn't use an open source database because otherwise the bad guys will have access to that too!<p>Seriously how stupid are the people in charge of this kind of thing if they can't differentiate between programs and data? Now having a fear that there may be back doors somewhere in there is a valid concern, but the answer to that is sunlight on the code and layers of least privilege on the execution environment.
The "database computer code" they are talking about is not the actual database software (e.g. oracle, postgres, or whatever). It's the proprietary code used to keep the data in the database accurate, up to date, distributed, etc. And the code used for communicating with the service providers, co-ops, LSMSs, etc.<p>This may seem a small thing and may be somewhat conceptually similar to DNS. But in reality it is an entire ecosystem of it's own with complexities that are not readily apparent. The incumbent (Neustar) has no obligation to share it's IP with Telcordia.<p>"The database is significant because it tracks nearly every phone number in North America, making it a key tool for law enforcement agencies seeking to monitor criminal or espionage targets."<p>This statement is potentially very misleading. The NPAC does not "live" route telephone calls. The NPAC is the database of ported phone number and various characteristics about them. The database is replicated to LSMS databases at the service providers. When you make a call it does not route through the NPAC. It routes through the service providers, period.<p>While the NPAC could be helpful to law enforcement for knowing which SP manages a particular number and various other characteristics about that number, it would not be helpful as some sort of one-stop shop for wire tapping.<p>From the NPAC site:
"LSMS (Local Service Management System): The system owned by a service provider and which receives data broadcast from the NPAC/SMS. The LSMS provisions the service provider's downstream systems, such as its LNP call routing database. The LSMS is a mechanized system used (primarily) to receive data broadcasts from the NPAC/SMS."
And I'm sure you can't pay an American to do those evil things foreigners could do.<p>I mean seriously what could any person do to such a project. You can't add a backdoor because your code gets reviewed (if it doesn't, then that's where you should start worrying about the integrity of the program). Furthermore, I hope that the programmers (foreign or not) do not have access to any real data.
Perhaps I don't understand the number portability system enough, but it sure sounds a bit like the DNS system (in that the number portability system is used to refer queries to specific phone numbers). If I'm right, isn't the DNS worked on by people who are not U.S. nationals? Ah well.