Lawful Interception - Technical Description

Technical Description

Almost all countries have LI capability requirements and have implemented them using global LI requirements and standards developed by the European Telecommunications Standards Institute (ETSI), 3rd Generation Partnership Project (3GPP), or CableLabs organisations—for wireline/Internet, wireless, and cable systems, respectively. In the USA, the comparable requirements are enabled by the Communications Assistance for Law Enforcement Act (CALEA), with the specific capabilities promulgated jointly by the Federal Communications Commission and the Department of Justice.

To prevent investigations' being compromised, LI systems may be designed in a manner that hides the interception from the telecommunications operator concerned. This is a requirement in some jurisdictions.

To ensure systematic procedures for carrying out interception, while also lowering the costs of interception solutions, industry groups and government agencies worldwide have attempted to standardize the technical processes behind lawful interception. One organization, ETSI, has been a major driver in lawful interception standards not only for Europe, but worldwide.

This architecture attempts to define a systematic and extensible means by which network operators and law enforcement agents (LEAs) can interact, especially as networks grow in sophistication and scope of services. Note this architecture applies to not only “traditional” wireline and wireless voice calls, but to IP-based services such as Voice over IP, email, instant messaging, etc. The architecture is now applied worldwide (in some cases with slight variations in terminology), including in the United States in the context of CALEA conformance. Three stages are called for in the architecture:

1. collection where target-related “call” data and content are extracted from the network
2. mediation where the data is formatted to conform to specific standards
3. delivery of the data and content to the law enforcement agency (LEA).

The call data (known as Intercept Related Information or IRI in Europe and Call Data or CD in the US) consists of information about the targeted communications, including destination of a voice call (e.g., called party’s telephone number), source of a call (caller’s phone number), time of the call, duration, etc. Call content is namely the stream of data carrying the call. Included in the architecture is the lawful interception management function, which covers interception session set-up and tear down, scheduling, target identification, etc. Communications between the network operator and LEA are via the Handover Interfaces (designated HI). Communications data and content are typically delivered from the network operator to the LEA in an encrypted format over an IP-based VPN. The interception of traditional voice calls still often relies on the establishment of an ISDN channel that is set up at the time of the interception.

As stated above, the ETSI architecture is equally applicable to IP-based services where IRI (or CD) is dependent on parameters associated with the traffic from a given application to be intercepted. For example, in the case of email IRI would be similar to the header information on an email message (e.g., destination email address, source email address, time email was transmitted) as well as pertinent header information within the IP packets conveying the message (e.g., source IP address of email server originating the email message). Of course, more in-depth information would be obtained by the interception system so as to avoid the usual email address spoofing that often takes place (e.g., spoofing of source address). Voice-over-IP likewise has its own IRI, including data derived from Session Initiation Protocol (SIP) messages that are used to set up and tear down a VOIP call.

ETSI LI Technical Committee work today is primarily focussed on developing the new Retained Data Handover and Next Generation Network specifications, as well as perfecting the innovative TS102232 standards suite that apply to most contemporary network uses.

USA interception standards that help network operators and service providers conform to CALEA are mainly those specified by the Federal Communications Commission (which has both plenary legislative and review authority under CALEA), CableLabs, and the Alliance for Telecommunications Industry Solutions (ATIS). ATIS's standards include new standards for broadband Internet access and VoIP services, as well as legacy J-STD-025B, which updates the earlier J-STD-025A to include packetized voice and CDMA wireless interception. All of these standards have been challenged as "deficient" by the U.S. Dept of Justice pursuant to CALEA.

Generic global standards have also been developed by Cisco via the Internet Engineering Task Force (IETF) that provide a front-end means of supporting most LI real-time handover standards.