Lawful Interception
Lawful Interception (LI) describes the lawfully
authorized interception and monitoring of telecommunications
pursuant to an order of a government body, to obtain the
forensics necessary for pursuing wrongdoers. LI has existed from
the times of short range telegraphy to today’s world spanning
Next-Generation Networks (NGNs). This article studies the
technical concepts underlying LI, and describes existing
standardization done in this field.
Technical Aspect of Lawful Intercept
authorized interception and monitoring of telecommunications
pursuant to an order of a government body, to obtain the
forensics necessary for pursuing wrongdoers. LI has existed from
the times of short range telegraphy to today’s world spanning
Next-Generation Networks (NGNs). This article studies the
technical concepts underlying LI, and describes existing
standardization done in this field.
Technical Aspect of Lawful Intercept
The establishment of the international Telecommunication union ITU 17 may 1865, was closely linked with the invention of the telegraph. Already some 20 years earlier. Samuel Morse has sent the first public message over a 61km telegraph line between Washington and Baltimore, and through that simple act, he ushered in the telecommunication age.
Since those early days of electronic communication, communicating parties have come to expect that their messages one to another will remain private. Indeed ITU treaties provides the basic legal texts incorporated into the national legislation of many countries that establishes the principle of secrecy of telecommunication. But the ITU basic texts also provide the legal basis for lawful interception forensics in order to apply national laws and international conventions, which we intend to examine, Lawful Interception and Wiretapping in different eras of Telecommunication .
Telegraph era
Telecommunication technologies were first created around 1840, and one of the earliest
instances of telegraphic interception reportedly occurred in 1867, when a Wall Street stockbroker collaborated with Western Union telegraph operators to intercept telegraph dispatches sent to Eastern newspapers by their correspondents in the West. The intercepted messages were then replaced by counterfeit ones which reported bankruptcies and other financial disasters supposedly befalling companies whose stock was traded on the New York Stock Exchange. When the share prices were driven down, the wiretappers then purchased their victim’s stock. Talk of wiretapping for mischief and it is still happening today but both organized criminal groups and well established business bodies.
Digital network era
During the 1990s, law enforcement struggled with the large-scale conversion of telecommunications to digital formats and equipment, including internet platforms. This resulted significant new legislation, standards cooperation and products in nearly every country and region to provide the forensic capabilities that previously existed.
In this report, Lawful Interception (LI) describes the lawfully authorized interception and monitoring of telecommunications pursuant to an order of a government body, to obtain the forensics necessary for pursuing wrongdoers. It is a need that has existed from the times of short-range telegraphy to today’s world spanning Next-Generation Networks (NGNs).
LI and the question how to deal with this topic have recently been discussed in
different ITU-T Study Groups. I will focus on the technical concepts underlying LI, and describes existing standardization done in this field. Briefly let’s look some underlying legal issues.
When is Interception Lawful?
For interception to be lawful, it must be conducted in accordance with national law, following due process after receiving proper authorization from competent authorities. Typically, a national Law Enforcement Agency (LEA) issues an order for LI to a specific network operator, access provider, or network service provider, which is obliged by law to deliver the requested information to a Law Enforcement Monitoring Facility (LEMF: See Figure 1).
This however must be done in accordance with well established legal framework that allows this kind of operation.
For instance: Is LI support part of the established technical framework in the bidding documents for an operator licensing that NCC issues out in the case of Nigeria?
Are operators legally bound to provide the necessary interconnecting interfaces for such operation free of charge or as a social responsibility service? Or should the LEA pay for such interconnection? How do we prevent an abuse of such operation from LEA? These kinds of questions must clearly be answered within a legal document. In some countries, you will require a legislative backing before such operations could be carried out.
Fig 1. Organization Flow Chart for LI
Generally speaking, the Network operator can be either A Telecoms Network operator, an Access Provider or an Internet service provider.
The Law enforcement monitoring facility is always housed within the law enforcement agency. Commonly, in a modern network, this is a super computer that interfaces the Network operator’s switching and routing systems.
In order to prevent investigations being compromised, national law usually requires that LI systems hide the interception data or content from operators and providers concerned. Whilst the detailed requirements for LI differ from one jurisdiction to another, the general requirements are similar: The LI system must provide transparent interception of specified traffic only, and the intercept subject must not be aware of the interception. Additionally, the service provided to other uninvolved users must not be affected during interception. The term subject, as used here, can refer to one person, a group of persons, or equipment acting on behalf of persons, whose telecommunications are to be intercepted. Lawful interception also implies that the subject benefits from domestic legal protection. However, protections are complicated by cross-border interception. Decades ago, LI was typically performed by applying a physical ‘tap’ on the targeted telephone line, usually by accessing digital switches of service providers. As the infrastructure converted to new digital network and services formats, LI standards and systems were adapted to keep pace with the new deployments. In bringing about this transition, the principal concern of operators was the question of “who pays?” Different nations have chosen means appropriate to their environment.
LI may target two types of data: the actual contents of communications (CC)which may include voice, video or text message contents, and Intercept Related Information (IRI, Call Data (CD) in the United States). IRI consists of information about the targeted communication itself: signaling information, source and destination telephone numbers, IP or MAC addresses, etc), frequency, duration, time and date of communications. On mobile networks, it may also be possible to trace the geographical origin of the call. Network operators have always been collecting some IRI for billing and network management purposes and so it is relatively easy for law enforcement agencies to gain access to this information, under subpoena. The act of LI – independent of the type of communication to be intercepted – may logically be thought of as a process with three distinct steps:
1. Capture – CC and IRI related to the subject are extracted from the network.
2. Filtering – information related to the subject that falls within the topic of the inquiry is separated from accidentally gathered information, and formatted to a pre-defined delivery format
3. Delivery – requested information is delivered to the LEMF. Capture and filtering may be facilitated by the use of the latest speech technologies: Speaker identification, along with language and gender recognition, combined with real-time keyword-spotting, such keyword spotting could be bombs, kill, assassinate, etc. And such words can be in a language of choice ,such as IBO, Huasa or Yoruba in Nigeria, it can also be a combination of such words or code words of interest. This can be performed by specialized servers devoted to collecting, analyzing and recording millions of incoming calls as soon as they are intercepted. Such massive computer deployment are not normally an operator responsibility but that of LEA, which can free operators to carry out more specialized tasks requiring a higher level of identification and analysis.
However, enabling secure private communications for its customers still remains the primary purpose of service providers. To prevent this service being adversely affected by LI, the network architecture requires that there be distinct separation between the Public Telecom Network (PTN) and the Law Enforcement Network, with standardized interfaces that manage the hand-over of data between both networks. Three functions are responsible for the work within the PTN:
• The Administration Function (ADMF) receives interception orders from the LEA and hands them over to
• Internal Intercept Functions (IIF), which are located tactically within network nodes and generate the two desired types of information, CC and IRI.
• Meditation Functions (MF) take charge of delineation between the two networks. They implement Internal Network Interfaces (INI), which may be proprietary, to communicate within the PTN, and standardized interfaces, to deliver requested information to one or more LEMFs.
The Law enforcement monitoring facility is always housed within the law enforcement agency. Commonly, in a modern network, this is a super computer that interfaces the Network operator’s switching and routing systems.
In order to prevent investigations being compromised, national law usually requires that LI systems hide the interception data or content from operators and providers concerned. Whilst the detailed requirements for LI differ from one jurisdiction to another, the general requirements are similar: The LI system must provide transparent interception of specified traffic only, and the intercept subject must not be aware of the interception. Additionally, the service provided to other uninvolved users must not be affected during interception. The term subject, as used here, can refer to one person, a group of persons, or equipment acting on behalf of persons, whose telecommunications are to be intercepted. Lawful interception also implies that the subject benefits from domestic legal protection. However, protections are complicated by cross-border interception. Decades ago, LI was typically performed by applying a physical ‘tap’ on the targeted telephone line, usually by accessing digital switches of service providers. As the infrastructure converted to new digital network and services formats, LI standards and systems were adapted to keep pace with the new deployments. In bringing about this transition, the principal concern of operators was the question of “who pays?” Different nations have chosen means appropriate to their environment.
LI may target two types of data: the actual contents of communications (CC)which may include voice, video or text message contents, and Intercept Related Information (IRI, Call Data (CD) in the United States). IRI consists of information about the targeted communication itself: signaling information, source and destination telephone numbers, IP or MAC addresses, etc), frequency, duration, time and date of communications. On mobile networks, it may also be possible to trace the geographical origin of the call. Network operators have always been collecting some IRI for billing and network management purposes and so it is relatively easy for law enforcement agencies to gain access to this information, under subpoena. The act of LI – independent of the type of communication to be intercepted – may logically be thought of as a process with three distinct steps:
1. Capture – CC and IRI related to the subject are extracted from the network.
2. Filtering – information related to the subject that falls within the topic of the inquiry is separated from accidentally gathered information, and formatted to a pre-defined delivery format
3. Delivery – requested information is delivered to the LEMF. Capture and filtering may be facilitated by the use of the latest speech technologies: Speaker identification, along with language and gender recognition, combined with real-time keyword-spotting, such keyword spotting could be bombs, kill, assassinate, etc. And such words can be in a language of choice ,such as IBO, Huasa or Yoruba in Nigeria, it can also be a combination of such words or code words of interest. This can be performed by specialized servers devoted to collecting, analyzing and recording millions of incoming calls as soon as they are intercepted. Such massive computer deployment are not normally an operator responsibility but that of LEA, which can free operators to carry out more specialized tasks requiring a higher level of identification and analysis.
However, enabling secure private communications for its customers still remains the primary purpose of service providers. To prevent this service being adversely affected by LI, the network architecture requires that there be distinct separation between the Public Telecom Network (PTN) and the Law Enforcement Network, with standardized interfaces that manage the hand-over of data between both networks. Three functions are responsible for the work within the PTN:
• The Administration Function (ADMF) receives interception orders from the LEA and hands them over to
• Internal Intercept Functions (IIF), which are located tactically within network nodes and generate the two desired types of information, CC and IRI.
• Meditation Functions (MF) take charge of delineation between the two networks. They implement Internal Network Interfaces (INI), which may be proprietary, to communicate within the PTN, and standardized interfaces, to deliver requested information to one or more LEMFs.
Figure 2 provides a more comprehensible overview of networks, functions, and interfaces within a generalized LI architecture. For calls made over IP networks rather than the PSTN, things look slightly different : Each call consists of one or more call signaling streams that control the call, and one or more call-media streams which carry the call’s audio, video, or other content, along with information concerning how that data is flowing across the network. Together, these streams make up a so called “session”. As individual packets of
data within a session might take different paths through the network, they may become hard to relate with each other. In Voice over Internet Protocol (VoIP) networks, a device named a Session Border Controller (SBC) plays the role of exerting influence over the data streams that make up one or more sessions. The word Border in SBC refers to the demarcation line between one part of a network and another, which is a strategic point to deploy Internal Intercept Functions, as both targeted types of data – IRI and the corresponding CC – pass through it. This architecture is equally applicable to other IP-based services, where the IRI contains parameters associated with the type of traffic from a given application to be intercepted. In the case of e-mail, IRI conforms to the header information of an e-mail message. The header usually contains the source and destination e-mail addresses and information about the time the e-mail was sent.
The Challenge
Now these complexities of a lawful intercept technology and the capital requirement for its deployment, are not normally within the reach of most third government agencies. Very advance deployment are found in UK and US and the western Europe where the development of such technologies are within reach.
Another major challenge for third world countries is how to justify such massive fund being deployed to LI in the face of groaning unemployment and poverty where such funds could better find use value.
Of course giving the dictatorial tendencies of most African countries, such deployments can easily find use in caging opposition and silencing dissenting voices.
In my mind, one of the greatest challenge to LI implementation in democratic African countries like Nigeria, Ghana etc, will be finding an acceptable legal framework that will allow this within the bounds of civility, privacy as well as civil liberty. The key question therefore are:
Are the fundamentals in place to implement LI?
Can we justify the funds that will be allocated to this as per its use value?
Are there enough internal treats and treats within the fringes of our borders to justify this?
Are the operators ready, technically and commercially, their roles clearly defined?
Having being involved in a small scale to help security operators trace the path of crime I think, the answers to these posers are by no means trivial.
Thank you again as I hope to get your feedback on the these posers.
data within a session might take different paths through the network, they may become hard to relate with each other. In Voice over Internet Protocol (VoIP) networks, a device named a Session Border Controller (SBC) plays the role of exerting influence over the data streams that make up one or more sessions. The word Border in SBC refers to the demarcation line between one part of a network and another, which is a strategic point to deploy Internal Intercept Functions, as both targeted types of data – IRI and the corresponding CC – pass through it. This architecture is equally applicable to other IP-based services, where the IRI contains parameters associated with the type of traffic from a given application to be intercepted. In the case of e-mail, IRI conforms to the header information of an e-mail message. The header usually contains the source and destination e-mail addresses and information about the time the e-mail was sent.
The Challenge
Now these complexities of a lawful intercept technology and the capital requirement for its deployment, are not normally within the reach of most third government agencies. Very advance deployment are found in UK and US and the western Europe where the development of such technologies are within reach.
Another major challenge for third world countries is how to justify such massive fund being deployed to LI in the face of groaning unemployment and poverty where such funds could better find use value.
Of course giving the dictatorial tendencies of most African countries, such deployments can easily find use in caging opposition and silencing dissenting voices.
In my mind, one of the greatest challenge to LI implementation in democratic African countries like Nigeria, Ghana etc, will be finding an acceptable legal framework that will allow this within the bounds of civility, privacy as well as civil liberty. The key question therefore are:
Are the fundamentals in place to implement LI?
Can we justify the funds that will be allocated to this as per its use value?
Are there enough internal treats and treats within the fringes of our borders to justify this?
Are the operators ready, technically and commercially, their roles clearly defined?
Having being involved in a small scale to help security operators trace the path of crime I think, the answers to these posers are by no means trivial.
Thank you again as I hope to get your feedback on the these posers.
very attractive post, thanks for sharing.Lawful Intercept
ReplyDelete