On the heels of the year’s much discussed email phishing campaigns, cyber attacks, and data breaches came one of the biggest security conferences of 2011: ISS World, Kuala Lumpur. ISS World presents methodologies as well as tools that help bridge the chasm between how intercepted data is lawfully gathered to using this information for actionable intelligence. Attendees of the conference commonly include law enforcement, intelligence and interior security analysts, as well as telecom operators who perform, manage, and address the lawful interception of network data for electronic criminal investigations. Top sessions for 2011’s conference included “Top Ten Internet Challenges Facing Law Enforcement and The Intelligence Community” and “Guru Panel on Best Practices for Deploying Intelligence Probes and DPI for Lawful Interception”.
Aside from its predominance at ISS World, Lawful Interception has been a hot topic since its inception in 1968, back in the Plain Old Telephone Service (POTS) era, with the Omnibus Criminal Control and Safe Streets Act of 1968 (this pertains only to the US). Today, with human rights groups and occasionally governments fearing that the technology used in Lawful Interception has the potential ionto be detrimental to both individuals and countries, i.e. this technology can easily be misused by totalitarian regimes, and for a cyber-arms race, the use of Lawful Interception by law enforcement agencies has been hotly contested.
So, then, what is Lawful Interception?
Lawful Interception (LI) allows law enforcement agencies (authorized by judicial or administrative order) to conduct surveillance of circuit and packet-mode communications. The operators of public network infrastructures can undertake LI activities for the purpose of Cyber Security; people within private network infrastructures have the right to maintain LI capabilities within their own networks unless otherwise prohibited. Network operators acting under orders from law enforcement agents can perform lawful interception on “traditional” (POTS) wireline and wireless voice calls as well as IP-based services such as Voice over IP, email, and instant messaging.
There are three stages in Lawful Interception – and these have been standardized by industry groups and government agencies worldwide.
Collection: Data collection typically takes two forms. The first is signalling and network management data (sometimes referred to as “Pen” data), and includes the “structure” of the communication - the originator of the communication, the parties involved and the time and duration of the communication - but NOT the content. The content of the communication is the second type of data collected, and typically involves a second judicial or administrative order based on analytical results from the Pen data.
Mediation: This is the process where the data is formatted to ensure that it is consistent with the specification of the judicial or administrative order, no more and no less.
Delivery: The data and/or content are sent to the law enforcement agency (LEA) for analysis.
From a network engineering perspective the communications service provider is typically responsible for intercepting, but not necessarily deciphering, the data that traverses a path through the operator’s network equipment. And the definition of a communications service provider is a bit looser than you might think. An update to the Omnibus Criminal Control and Safe Streets Act of 1968, called CALEA, was passed in 1994 and reinterpreted in 2005. CALEA defines a telecommunications carrier as “a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the [FCC] finds that such a service is a replacement for a substantial portion of the local telephone exchange service …”. Given that most companies and universities have moved to internal VoIP solutions, and provide extensive internal networks for Internet access, a loose interpretation of CALEA can make almost any organization a telecommunications carrier.
So how does this impact the typical network engineer? Knowing and keeping up to speed with lawful intercept technology, and continuously monitoring how these regulations are being interpreted, is of the utmost importance. You may one day be faced with a lawful intercept warrant, and you will need to have the capability in place to capture packet-level communications in compliance with said warrant. Whether you agree or not with the reach of lawful intercept regulations, knowing the different technologies on the market that can meet the requirements of lawful interception will keep you ahead of the game when it comes to your capabilities for lawful interception and understanding the benefits, or threats, these tools might pose on your network, and to your users.
Author Profile - Jay Botelho is the Director of Product Management at WildPackets, Inc., a leading network analysis solutions provider for networks of all sizes and topologies. Jay holds an MSEE, and is an industry veteran with over 25 years of experience in product management, product marketing, program management and complex analysis. From the first mobile computers developed by GRiD Systems to modern day network infrastructure systems, Jay has been instrumental in setting corporate direction, specifying requirements for industry-leading hardware and software products, and growing product sales through targeted product marketing.
Recent Comments