Lawful Intercept – Existing Global Models

 

Several key global reference models for Lawful Interception are found in the reports, technical specifications, and standards of the European Telecommunication Standards Institute.  Essentially all national implementations follow these models in-so-far as communications provider and associated Law Enforcement Agency functions are concerned.

 

Overall LI Model[1]

 

1)     A LEA requests lawful authorization from an authorization authority, which may be a court of law.

2)     The authorization authority issues a lawful authorization to the LEA.

3)     The LEA passes the lawful authorization to the communications provider. The communications provider determines the relevant target identities from the information given in the lawful authorization.

4)     The communications provider causes interception facilities to be applied to the relevant target identities.

5)     The communications provider informs the LEA that the lawful authorization has been received and acted upon.  Information may be passed relating to the target identities and the target identification.

6)     Information Related Information (IRI) and Content of Communication (CC) are passed from the target identity to the communications provider.

7)     IRI and Content of Communication are passed from the communications provider to the Law Enforcement Monitoring Facility (LEMF) of the LEA.

8)     Either on request from the LEA or when the period of authority of the lawful authorization has expired the communications provider will cease the interception arrangements.

9)     The communications provider announces this cessation to the LEA.

 

 

Communication Provider Functions[2]

 

The communication of data elements from the Communication Provider to the Law Enforcement Monitoring Facility are described in terms of three types of Handover Interfaces.

HI1 - Administration

The administration interface will have to be standardized towards the authorities that issue orders for interception, in order for the interception management to work smoothly. National laws will have provisions for this. The HI1 interface is often paper-based, but it can be anticipated that electronic transfer of data and automated activation/deactivation of interceptions will become more common in the future. There is also a need to find a standard for translation between external HI1 protocols and the internal network interfaces towards vendor-specific equipment. Many operators use equipment from several vendors and it is in their interest to be able to handle this in a uniform way, through a common management system.

HI2 - Intercept Related Information

IRI is sent to the LEMF as a result of LI-related events in the communication. Such events may also lead to establishment or disconnection of a content delivery channel on the HI3 interface.

HI3 - Contents of Communication

Delivery of call contents is initiated and discontinued based on specific LI-related events in the communication. The communication contents data stream will correspond to the intercepted identity. If for instance an e-mail address is used as target for interception, the contents will be delivered to the LEMF as e-mail. If the interception triggers on ATM channel identity, an ATM data stream will be delivered.

Communications Provider – LEA Interfaces[3]

 

The generic Handover Interface adopts a three port structure such that administrative information (HI1), intercept related information (HI2) and the Content of Communication (HI3) are logically separated.  The figure above shows a block diagram with the relevant entities for Lawful Interception. The outer circle represents the Communication Providers domain with respect to lawful interception. It contains the network internal functions, the internal network interface (INI), the administration function and the mediation functions for IRI and CC. The inner circle contains the internal functions of the network (e.g. switching, routing, handling of the communication process). Within the network internal function the results of interception (IRI, CC) are generated in the IIF.

The internal interception functions (IIF) provide the Content of Communication (CC) and the intercept related information (IRI), respectively, at the internal network interface INI. For both kinds of information, mediation functions may be used, which provide the final representation of the standardized Handover Interfaces at the Communication Provider’s domain boundary.

Within the Communication Provider’s administration centre, the LI related tasks, as received via interface HI1, are translated into man machine commands for the provider’s equipment.