Lawful interception (LI) is obtaining communications network data pursuant to lawful authority for the purpose of analysis or evidence. Such data generally consist of signalling or network management information or, in fewer instances, the content of the communications. If the data are not obtained in real-time, the activity is referred to as access to retained data (RD).
There are many bases for this activity that include infrastructure protection and cybersecurity. In general, the operator of public network infrastructure can undertake LI activities for those purposes. Operators of private network infrastructures have an inherent right to maintain LI capabilities within their own networks unless otherwise prohibited.
One of the bases for LI is the interception of telecommunications by law enforcement agencies (LEAs), regulatory or administrative agencies, and intelligence services, in accordance with local law. Under some legal systems, implementations—particularly real-time access to content—may require due process and receiving proper authorization from competent authorities—an activity that was formerly known as "wiretapping" and has existed since the inception of electronic communications. The material below primarily treats this narrow segment of LI.
With the legacy public switched telephone network (PSTN), wireless, and cable systems, lawful interception (LI) was generally performed by accessing the mechanical or digital switches supporting the targets' calls. The introduction of packet switched networks, softswitch technology, and server-based applications the past two decades fundamentally altered how LI is undertaken.
Almost all countries have LI capability requirements and have implemented them using global LI requirements and standards developed by the European Telecommunications Standards Institute (ETSI), 3rd Generation Partnership Project (3GPP), or CableLabs organisations—for wireline/Internet, wireless, and cable systems, respectively. In the USA, the comparable requirements are enabled by the Communications Assistance for Law Enforcement Act (CALEA), with the specific capabilities promulgated jointly by the Federal Communications Commission and the Department of Justice. In the USA, Lawful Intercept technology is currently patented by a company named Voip-pal.com under the USPTO Publication #: 20100150138.
The governments require all phone service providers to install a Legal Interception Gateway (LIG), along Legal Interception Nodes (LIN), which allow them to intercept in real-time the phone calls, SMS-es, emails and some file transfers or instant messages. These LI measures for governmental surveillance have been in place since the beginning of digital telephony.
To prevent investigations' being compromised, LI systems may be designed in a manner that hides the interception from the telecommunications operator concerned. This is a requirement in some jurisdictions.
To ensure systematic procedures for carrying out interception, while also lowering the costs of interception solutions, industry groups and government agencies worldwide have attempted to standardize the technical processes behind lawful interception. One organization, ETSI, has been a major driver in lawful interception standards not only for Europe, but worldwide.
This architecture attempts to define a systematic and extensible means by which network operators and law enforcement agents (LEAs) can interact, especially as networks grow in sophistication and scope of services. Note this architecture applies to not only “traditional” wireline and wireless voice calls, but to IP-based services such as Voice over IP, email, instant messaging, etc. The architecture is now applied worldwide (in some cases with slight variations in terminology), including in the United States in the context of CALEA conformance. Three stages are called for in the architecture:
- collection where target-related “call” data and content are extracted from the network
- mediation where the data is formatted to conform to specific standards
- delivery of the data and content to the law enforcement agency (LEA).
The call data (known as Intercept Related Information or IRI in Europe and Call Data or CD in the US) consists of information about the targeted communications, including destination of a voice call (e.g., called party’s telephone number), source of a call (caller’s phone number), time of the call, duration, etc. Call content is namely the stream of data carrying the call. Included in the architecture is the lawful interception management function, which covers interception session set-up and tear down, scheduling, target identification, etc. Communications between the network operator and LEA are via the Handover Interfaces (designated HI). Communications data and content are typically delivered from the network operator to the LEA in an encrypted format over an IP-based VPN. The interception of traditional voice calls still often relies on the establishment of an ISDN channel that is set up at the time of the interception.
As stated above, the ETSI architecture is equally applicable to IP-based services where IRI (or CD) is dependent on parameters associated with the traffic from a given application to be intercepted. For example, in the case of email IRI would be similar to the header information on an email message (e.g., destination email address, source email address, time email was transmitted) as well as pertinent header information within the IP packets conveying the message (e.g., source IP address of email server originating the email message). Of course, more in-depth information would be obtained by the interception system so as to avoid the usual email address spoofing that often takes place (e.g., spoofing of source address). Voice-over-IP likewise has its own IRI, including data derived from Session Initiation Protocol (SIP) messages that are used to set up and tear down a VOIP call.
ETSI LI Technical Committee work today is primarily focussed on developing the new Retained Data Handover and Next Generation Network specifications, as well as perfecting the innovative TS102232 standards suite that apply to most contemporary network uses.
USA interception standards that help network operators and service providers conform to CALEA are mainly those specified by the Federal Communications Commission (which has both plenary legislative and review authority under CALEA), CableLabs, and the Alliance for Telecommunications Industry Solutions (ATIS). ATIS's standards include new standards for broadband Internet access and VoIP services, as well as legacy J-STD-025B, which updates the earlier J-STD-025A to include packetized voice and CDMA wireless interception.
To ensure quality of evidence, the Commission on Accreditation for Law Enforcement Agencies (CALEA) has outlined standards for electronic surveillance once a Title III surveillance application is approved:
- STEP 1: Ensure clear access to all data without any loss of information or impact on the network being monitored
- STEP 2: Create a filter to adhere to warrant parameters – time span, types of communications that can be monitored, evidence to be collected, etc.
- STEP 3: Set the lawful intercept device to capture and/or store data according to the warrant parameters.
- STEP 4: Deliver data directly from the source to the mediation device without any human intervention or packet loss
Generic global standards have also been developed by Cisco via the Internet Engineering Task Force (IETF) that provide a front-end means of supporting most LI real-time handover standards. All of these standards have been challenged as "deficient" by the U.S. Dept of Justice pursuant to CALEA.
The principal global treaty-based legal instrument relating to LI (including retained data) is the Convention on Cybercrime (Budapest, 23 Nov 2001). The secretariat for the Convention is the Council of Europe. However, the treaty itself has signatories worldwide and provides a global scope.
Individual countries have different legal requirements relating to lawful interception. The Global Lawful Interception Industry Forum lists many of these, as does the Council of Europe secretariat. For example, in the United Kingdom the law is known as RIPA (Regulation of Investigatory Powers Act), in the United States there is an array of federal and state criminal law, in Commonwealth of Independent States countries as SORM.
In the European Union, the European Council Resolution of 17 January 1995 on the Lawful Interception of Telecommunications (Official Journal C 329) mandated similar measures to CALEA on a pan-European basis. Although some EU member countries reluctantly accepted this resolution out of privacy concerns (which are more pronounced in Europe than the US), there appears now to be general agreement with the resolution. Interestingly enough, interception mandates in Europe are generally more rigorous than those of the US; for example, both voice and ISP public network operators in the Netherlands have been required to support interception capabilities for years. In addition, publicly available statistics indicate that the number of interceptions in Europe exceed by many hundreds of times those undertaken in the U.S.
Europe continues to maintain its global leadership role in this sector through the adoption by the European Parliament and Council in 2006 of the far reaching Data Retention Directive. The provisions of the Directive apply broadly to almost all public electronic communications and require the capture of most related information, including location, for every communication. The information must be stored for a period of at least six months, up to two years, and made available to law enforcement upon lawful request. The Directive has been widely emulated in other countries. On 8 April 2014, the Court of Justice of the European Union declared the Directive 2006/24/EC invalid for violating fundamental rights.
United States of America
In the United States, three Federal statutes authorize lawful interception. The 1968 Omnibus Crime Control and Safe Streets Act, Title III pertains mainly to lawful interception criminal investigations. The second law, the 1978 Foreign Intelligence Surveillance Act, or FISA, as amended by the Patriot Act, governs wiretapping for intelligence purposes where the subject of the investigation must be a foreign (non-US) national or a person working as an agent on behalf of a foreign country. The Administrator of the U.S. Courts annual reports indicate that the federal cases are related to illegal drug distribution, with cell phones as the dominant form of intercepted communication.
During the 1990s, as in most countries, to help law enforcement and the FBI more effectively carry out wiretap operations, especially in view of the emerging digital voice and wireless networks at the time, the U.S. Congress passed the Communications Assistance for Law Enforcement Act (CALEA) in 1994. This act provides the Federal statutory framework for network operator assistance to LEAs in providing evidence and tactical information. In 2005, CALEA was applied to public broadband networks Internet access and Voice over IP services that are interconnected to the Public Switched Telephone Network (PSTN).
In the 2000s, surveillance focus turned to terrorism. NSA warrantless surveillance outside the supervision of the FISA court caused considerable controversy. It was revealed in 2013 mass surveillance disclosures that since 2007, the National Security Administration has been collecting connection metadata for all calls in the United States under the authority of section 215 PATRIOT Act, with the mandatory cooperation of phone companies and with the approval of the FISA court and briefings to Congress. The government claims it does not access the information in its own database on contacts between American citizens without a warrant.
Lawful interception can also be authorized under local laws for state and local police investigations.
Police ability to lawfully intercept private communications is governed by Part VI of the Criminal Code of Canada (Invasion Of Privacy).
Due to Yarovaya Law, law enforcement is entitled to stored private communication data.
Most countries worldwide maintain LI requirements similar to those Europe and the U.S., and have moved to the ETSI handover standards. The Convention on Cybercrime requires such capabilities.
As with many law enforcement tools, LI systems may be subverted for illicit purposes, producing a violation of human rights, as declared by European Court of Human Rights in the case Bettino Craxi III v. Italy . It occurred also in Greece during the 2004 Olympics: the telephone operator Vodafone Greece was fined US$100,000,000 in 2006  (or 76 Million Euro) for failing to secure its systems against unlawful access.
- Lumme, Martti; Eloranta, Jaana; Jokinen, Hannu (Apr 25, 2002), Interception system and method, retrieved 2016-02-13
- "Inside North Korea's cell network: ex-Koryolink technical director reveals all | NK News - North Korea News". NK News - North Korea News. Retrieved 2016-02-13.
- Penttinen, Jyrki T. J. (2015-03-16). The Telecommunications Handbook: Engineering Guidelines for Fixed, Mobile and Satellite Systems. John Wiley & Sons. ISBN 9781119944881.
- EUR-Lex - 31996G1104 - EN
- The deviant behaviors (...) were ignored as useful to prepare the public to an anticipated judgment incriminating: Buonomo, Giampiero (2003). "Caso Craxi, come l'Italia non difese il suo diritto alla riservatezza". Diritto&Giustizia edizione online. – via Questia (subscription required)
- "Greek scandal sees Vodafone fined". BBC News. 15 December 2006. Retrieved 7 May 2010.
- Poropudas, Timo (December 16, 2006). "Vodafone fined EUR 76 million in Greece". Nordic Wireless Watch. Retrieved 2007-11-25.
- Secrecy of correspondence
- Telecommunications data retention
- Network Monitoring Interface Card
- SS7 probe
- Mass surveillance
- Mass surveillance in the United Kingdom
- ETSI, Handover interface for the lawful interception of telecommunications traffic, ETSI TS 101 671[dead link], version 3.6.1, August 2010. (PDF-File, 868 KB)
- ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP delivery, ETSI TS 101 232-1, version 3.7.1, 2014-07-25. (PDF, Word & zip)
- ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 2: Service-specific details for E-mail services, ETSI TS 101 232-2, version 3.7.1, 2014-02-21. (HTML, Word, & zip)
- ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 3: Service-specific details for internet access services, ETSI TS 102 232-3[dead link], version 2.2.1, January 2009. (PDF-File, 430 KB)
- ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 4: Service-specific details for Layer 2 services, ETSI TS 102 232-4[dead link], version 2.3.1, August 2010. (PDF-File, 254 KB)
- ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia Services, ETSI TS 102 232-5[dead link], version 2.4.1, April 2010. (PDF-File, 193 KB)
- ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 6: Service-specific details for PSTN/ISDN services, ETSI TS 102 232-6[dead link], version 2.3.1, March 2008. (PDF-File, 90 KB)
- ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 7: Service-specific details for Mobile Services, ETSI TS 102 232-7[dead link], version 2.1.1, August 2008. (PDF-File, 66 KB)
- ETSI, Handover interface for the request and delivery of retained data, ETSI TS 102 657[dead link], version 1.7.1, October 2010. (PDF-File, 561 KB)
- Handover Interface for the Lawful Interception of Telecommunications Traffic, ETSI ES 201 671, under Lawful Interception, Telecommunications Security, version 3.1.1, May 2007.
- 3rd Generation Partnership Project, Technical Specification 3GPP TS 33.106 V5.1.0 (2002–09), “Lawful Interception Requirements (Release 5),” September 2003.
- 3rd Generation Partnership Project, Technical Specification 3GPP TS 33.107 V6.0.0 (2003–09), “Lawful interception architecture and functions (Release 6),” September 2003.
- 3rd Generation Partnership Project, Technical Specification 3GPP TS 33.108 V6.3.0 (2003–09), “Handover interface for Lawful Interception (Release 6),” September 2003.
- PacketCable Electronic Surveillance Specification, PKT-SP-ESP-I03-040113, Cable Television Laboratories Inc., 13 January 2004.
- T1.678, Lawfully Authorized Electronic Surveillance (LAES) for Voice over Packet Technologies in Wireline Telecommunications Networks.
- Lawfully Authorized Electronic Surveillance, ATIS/TIA joint standard, document number J-STD-025B, December 2003 (although challenged as deficient).
- White Paper on Interception of Voice over LTE (VoLTE) Networks
- White Paper on Interception of IP Networks
- White Paper on Interception of 3G and 4G Wireless Networks
- 3GPP Lawful Interception requirements for GSM
- Guide to the one party consent exception to the rule against interception of private communications in Canada
- Global LI Industry Forum, an overview of laws and standards
- Lawfull Intercept of WiMAX Signals
- Airangel talk about Lawful Intercept and the impact on Hotels
- Hand-held, self contained device for field Packet Capture, Tap and Recording
- Lawful Intercept: Ensuring the Credibility of Wiretap Evidence