Partner content: Meeting the new requirements efficiently and cost effectively
The massive data volumes associated with 5G networks can provide critical evidence to support criminal investigations – if transmitted and stored efficiently, in compliance with regulations. Communication service providers (CSPs) as well as law enforcement agencies (LEAs) incur significant costs managing large data sets to fulfil warrants and other lawful requests.
LEAs struggle to implement and maintain compliant data processing and storage systems. In the European Union, for example, the General Data Protection Regulation (GDPR) has strict guidelines for lawful interception data storage, including limits on retention periods and geographic location. In addition, investigators often face inefficiencies in filtering the data to determine what is useable.
The emerging approach to addressing these issues is for the CSP to store the raw, full body of intercepted data, with the LEA receiving only the information it specifically requests. This approach enables new efficiencies and is the subject of a new set of ETSI standards being developed as guidance for a more sophisticated method of preserving e-evidence for court. CSPs must comply with these new requirements, and LEAs will need the software capabilities to benefit from them
Changes to retention
The mechanisms for an LEA to request to preserve and transfer specific data, including across national boundaries, are set out in the upcoming ETSI standard. A European Preservation Order Certificate for the Preservation of Electronic Evidence (EPOC-PR) enables judicial authorities to obligate CSPs to preserve specific data legally.
By default, preservation is required for 60 days, after which the data must be deleted. That period can be extended to 90 days if requested and may be extended further if the investigation requires it. Systems in use by both CSPs and LEAs must be capable of managing these changing requirements.
The electronic evidence to be preserved includes subscriber, access, and transactional (traffic) data, as well as intercepted and stored communications content (CC) data. The European Production Order Certificate (EPOC) provides the means for LEAs to request specific preserved e-evidence from CSPs. Such requests are to be handled through de-centralised IT systems, and a CSP is obligated to respond to EPOCs within ten days, or eight hours in an emergency.
At a practical level, the EPOC and EPOC-PR workflows must be automated for the sake of efficiency. In addition to the large data volumes involved, an LEA may interact with large numbers of CSPs across multiple jurisdictions in any given case, and many data flows may exist with each of those CSPs.
Integration of e-evidence preservation mechanisms with the broader lawful intelligence apparatus is also desirable to help ensure operational efficiency for both LEAs and CSPs, as well as regulatory compliance.
Preserving e-Evidence
The SS8 lawful intelligence platform is well suited to the emerging body of e-evidence preservation requirements for both LEAs and CSPs. Its Xcipio Retained Data Delivery (XCRDD) is a mature product originally developed as a retention mechanism to buffer data and guard against packet loss, especially over undependable networks.
XCRDD enables LEAs to use various mechanisms to extract retained data. Adding this product to the lawful intelligence environment accommodates the upcoming e-evidence retention mandates.
The maturity of XCRDD puts it ahead of the curve regarding e-evidence preservation requirements that have yet to be finalised. As part of the broader SS8 platform, it is continually updated, such as with new or expanded APIs to accommodate changes in interfaces to other software.
It is delivered using a containerised network function (CNF) cloud-native architecture to optimise flexibility and agility. This architecture helps streamline the integration of preserved e-evidence from XCRDD with other data sources.
Store and consume
To store and consume this entire body of data, XCRDD can interface with SS8’s powerful data fusion solution MetaHub, which provides massive storage capacity for structured and unstructured lawful intelligence data, including metadata from encrypted communications, and helps reveal new insights and patterns of life for investigators.
MetaHub can ingest data from an open-ended number of sources—such as location platforms, automated number plate recognition (ANPR) systems, bank records, and open-source intelligence—and treat the whole as a single, coherent data set. It provides advanced, multidimensional querying and data visualisation capabilities, and it even supports automated, scheduled analytics that can improve resource efficiency.
Xcipio’s transparent level of interoperability also extends to the CSP side. Retention periods are readily configurable, and current production implementations of XCRDD hold data for up to a year before automated controlled deletion.
Emerging requirements for e-evidence preservation illustrate the importance of efficient, compliant products to support lawful and location intelligence. As new standards develop, SS8 customers can be confident they are deploying solutions that incorporate them to offer a scalable, interoperable platform that aligns with both the latest technological innovations and regulatory mandates.
About the author
Baski Mohan is a Director of Product Management for SS8’s data mediation platform, Xcipio. He brings over 20 years’ experience in carrier grade networking, application security and SaaS technologies. He is a passionate believer in the use of technology to solve global problems and has a Master of Science degree in Computer Science from Pondicherry University.
