Sponsored: Profound changes in networks make call and message data traffic paths less deterministic and predictable, complicating lawful interception operations
Communication service providers’ (CSPs’) networks are becoming more dynamically defined and more distributed, particularly as 5G networks and IoT are further integrated. Many workloads are executed at the network edge by cloud-native, virtualized network functions.
Traditional hub-and-spoke network topology, where data was collected by nodes such as packet data gateways and aggregated at the network core, has been all but replaced by more distributed architectures. To reduce bandwidth costs and latency, most data is no longer backhauled to a central point. Lawful intercept must therefore be conducted on distributed network nodes, meaning the function itself must also be distributed.
However, the international gateways that connect a nation’s communications network to the rest of the world are a notable exception to the broader shift toward decentralized data processing and unpredictable call and message paths. They control major arteries that carry all international traffic as multiplexed message streams, enabling law enforcement agencies (LEAs) to leverage proven interception techniques at a known, relatively localized point – if they can process the massive data volumes.
Passive interception on fiber networks
Deploying lawful intercept measures can be difficult, however, in international jurisdictions where LEAs lack the cooperation or commitment of government agencies, CSPs, and other stakeholders. Using passive probes as opposed to active interception measures is a longstanding approach to lawful intelligence gathering as it reduces or eliminates reliance on unfriendly neighboring governments or CSPs. It can also protect the integrity of investigations if there are concerns that individuals within a government or CSP might alert a subject of interest to the LEAs’ efforts.
Passive interception involves tapping into communication circuits at known data aggregation points – under the authority of a warrant or other legal mandate – and obtaining requested information without interfering with the data flows. The edge-based processing of 5G networks significantly limits the effectiveness of passive lawful interception, by eliminating known points in the network through which specific call and message data must pass.
International gateways provide an important exception by passing all international communications to or from a given country through one or a small number of points, allowing LEAs to continue to gather intelligence even in hostile geographies. However, to monitor and analyze data volumes of this scale, investigators require powerful lawful intercept solutions to extract data and advanced analytic tools for lawful intelligence.
Growing density of call data per circuit
A core challenge of lawful intercept using international gateways is to identify specific data for the subject of interest within the massive, bi-directional flows. While the monitoring solution processes all the communication data, only the legally authorized portion is handed over to law enforcement. This traffic is increasingly encrypted, so analysts need solutions that can extract all types of data, including metadata and location data, to expedite their investigation results.
The long-established Synchronous Transport Module (STM) data transmission standard is still in widespread use across international gateways. It defines STM-1 as approximately a 155 Mbps raw bit rate, with STM-4, STM-16, STM-64, and STM-256 each carrying a bandwidth equal to the associated multiple of STM-1. An international gateway using the STM-64 specification operates using links with an ideal bit rate 64 times that of STM-1, or about 10 Gbps.
Dense wavelength division multiplexing (DWDM) is a newer technology that increases the capacity of existing fiber by assigning incoming optical signals to a unique frequency (color) of light. This allows them to pass simultaneously through the network without interfering with each other.
The lawful intercept solution must obtain and inspect each individual packet in these vast data flows to determine if it corresponds to an authorized subject of interest. SS8 lawful intercept systems parse and inspect these traffic flows according to a range of targeting criteria. Once the authorized data is collected and handed over to LEAs, it can be queried using parameters such as character strings, message type, or directory number.
Conclusion
The aggregated traffic streams converging at international gateways present unique opportunities for lawful interception by overcoming challenges associated with distributed network processing and reducing or eliminating the reliance on, and security concerns about, foreign governments and CSPs. Due to the extraordinary transmission speeds and highly multiplexed channels of the fiber networks passing through them, however, parsing out authorized data of interest for interception can be challenging.
SS8 builds on more than two decades of leadership in lawful intelligence to meet the requirements of LEAs gathering evidence from international gateways. Drawing on the entirety of its product portfolio, SS8 works with governments, LEAs, and CSPs worldwide to implement effective parsing, filtering, interception, and handover of call and message data from these gateways while protecting the lawful integrity of the process.
About the author
Baski Mohan is a Director of Product Management for SS8’s data mediation platform, Xcipio. He brings over 20 years of experience in carrier-grade networking, Application Security, and SaaS technologies. Baski is a passionate believer in the use of technology to solve global problems and has a Master of Science degree in Computer Science from Pondicherry University. You can learn more about him on his LinkedIn profile