With the increased attention to information privacy in recent years, a majority of electronic communications are now encrypted. Having that information irretrievably hidden creates novel challenges for law enforcement. Being unable to access the main content of a message or phone conversation, requires an adjustment in focus to other information the message can carry, such as metadata and its relationship with other data sources. Thus, even when the human-oriented portion of communications is encrypted, the machine-to-machine portion carries a wealth of context that may have investigative value. As a result of this encryption, today’s lawful intelligence tools and techniques have shifted dramatically toward improvements in data analysis.
Additionally, “privacy by design” has been a fundamental precept in the development of 5G, and compliant networks will continue to enforce end-to-end encryption of user-plane data in the future. With the adoption of 5G in the next few years, the encrypted proportion of network-based communications will move closer and closer toward 100%, accelerating the importance of improved data analytics. The interconnections between data from multiple sources will become central to its value. Forward-looking law enforcement agencies (LEAs) are shifting from a view of intercepted communications as first-order evidence, to one of the multiple data points that need to be combined and then interpreted to draw out insight.
An Elevated Role for Metadata
When transmission content is made cryptographically inaccessible, the metadata and other context attached to it naturally becomes more important. For example, although the content of communications among a group of subjects of interest (SOIs) is hidden due to encryption, investigators know what parties are involved in sending each message, as well as their geographical locations when they do so. In fact, because the radius served by a 5G base station is an order of magnitude smaller than that of a 4G base station, the location information provided by communications with user equipment (UE) is more granular.
Mapping the communications among a group of people—even in the absence of knowing the content of the communications—provides insights into the behaviors and relationships among those individuals. Communication behavior among SOIs may also reveal other individuals and locations that should be added to the scope of an investigation. Moreover, identifying devices of interest that were communicating with each other at the time, or in the geographic area where an actual crime was committed, can reveal provide crucial pieces of the narrative.
Establishing a Focus on Data Fusion
The dramatic proliferation of devices expected as 5G reaches maturity—including from IoT—represents billions of potential new data sources to help build a composite view of an SOI, a crime, or even an organization. The challenge in drawing value from this datasphere is both to integrate all the sources together, and to discover interconnections and relationships among them. As the diversity and volume of that data continue to grow, so do the challenges.
Future-ready lawful intelligence platforms must provide the ability to gather and fuse data from sources that range from text messages and data intelligence feeds to surveillance cameras and license plate data. Although encryption renders a significant amount of context unavailable, LEAs will still be able to extract and unify these diverse elements to track dynamic digital profiles for SOIs. Doing so enables the entire investigation to proceed as a coherent whole, on a single platform. By eliminating the need to analyze multiple siloed environments, investigations can proceed more quickly, with the benefit of better evidence.
Novel Investigative Roles for Lawful Intelligence
Lawful intelligence techniques often include the use of metadata gathered by lawful interception as a means of working towards gathering evidence, rather than serving as the evidence itself. For example, the encryption keys being used for a specific message may reveal the application or service associated with it, such as Skype, WhatsApp, etc. LEAs can then use that information as the basis for a subpoena, or similar order, to the appropriate vendor, who is legally obligated in most cases to provide an unencrypted version of the communication. The added step in this scenario adds time and complexity over one that doesn’t involve encryption, but it provides access to communications that would otherwise be missing.
Likewise, lawful intelligence can help investigators determine where to look for open-source intelligence that will contribute to a case. For example, encrypted communications may show that an SOI posted to social media near the time and place where a crime was committed. Working from that information, investigators would know where to look on public social media to find that post, which could be valuable as evidence. The ability to tie open sources into lawful intelligence tools is, therefore, a critical capability.
Conclusion
Instead of focusing on user-plane data associated with communications, new techniques leverage metadata, data fusion, and improved analytics. Methods central to the task of transforming intercepted, encrypted communications into lawful intelligence. Investigations are evolving. In part due to the wholesale content-encryption coming with 5G, data science has become an indispensable aspect of drawing law enforcement value from communications.
For more than two decades, SS8 has provided lawful intelligence tools for communication service providers and LEAs. SS8 enables LEAs with sophisticated capabilities to look more deeply into information obtained through lawful intercept, revealing hidden insights as well as supporting subpoenas and court orders to advance investigations, where necessary. Intellego XT provides streamlined workflows for investigators to interpret the metadata layer of encrypted communications, knit together multiple data sources, and overcome the challenges to law enforcement created by widespread encryption.
Learn more about Intellego XT, a scalable real-time analytics solution that provides actionable intelligence into a subject of interest.
About Dr. Cemal Dikmen
As SS8’s CTO, Cemal plays an integral role in the company’s strategic direction, development, and future growth. A renowned expert and thought leader in the legal compliance and communications analysis domain, he has been a frequent speaker at various industry conferences over the past 10 years. Cemal holds BS, MS, and PhD degrees in Electrical Engineering. You can learn more about Cemal on his LinkedIn profile by clicking here.
About SS8 Networks
SS8 provides Lawful Intelligence platforms. They work closely with leading intelligence agencies, communication providers, law enforcement agencies and standards bodies and their technology incorporates the methodologies discussed in this blog. Xcipio® is already proven to meet the very high demands of 5G and provides the ability to transcode (convert) between lawful intercept handover versions and standard families. Intellego® XT natively supports ETSI, 3GPP and CALEA handovers, as well as national variants. Intellego XT’s MetaHub component is a best-in-class data analytics tool. Both product portfolios are used worldwide for the capture, analysis and delivery of data for the purposes of criminal investigations.