Blog Careers Support +1 408 944 0250

Data Engineering of Streaming Sources for Lawful Intelligence

Assortment od

The growing complexity of the digital world has been driving the evolution from lawful interception to lawful intelligence for many years. This transition reflects massive growth in the scale and diversity of data and traffic flows at the same time that pervasive encryption is obscuring the contents of most communications. This is an enabler for anyone with criminal intent.

Moreover, 5G networks continuously collect certain bulk data from mobile devices, rather than being limited to specific calls that include a subject of interest. That streaming data includes a large proportion of entertainment content that is of limited value to law enforcement, such as Netflix or YouTube. The size of this universe of collected, real-time data – and the sparseness of valuable information within it – make it hard for analysts to interpret. Yet within this stream are nuggets of critical information that are helpful to analysts.

To transform collected data into actionable intelligence, analysts need to index and differentiate what is valuable from what is not. For example, the SS8 platform provides a range of capabilities that effectively reduce the amount of data monitored and stored without compromising its integrity and lawful intelligence value. In addition, robust data fusion provides context for intercepted data, augmenting it with additional sources including real-time and stored data from intercepted sources, open-source intelligence, and many more. Making the SS8 platform more capable in both these areas represents key vectors in its ongoing development.

Mechanisms to Optimize Streaming Traffic Collection

Today, about two thirds of fixed broadband traffic and more than one third of mobile traffic is made up of real-time entertainment content. While such services take up significant bandwidth, they are not generally relevant to lawful intelligence. Filtering out that data from traffic of interest is therefore helpful in reducing the amount of noise, increasing analyst efficiency, and lowering the total cost of ownership for law enforcement agencies (LEAs). Likewise, other traffic elements such as web advertisements and network switching and routing protocols offer little or no forensic value.

The SS8 platform offers a range of filtering mechanisms to separate extraneous data from traffic of interest. Filtering based on Layer 3 or Layer 4 attributes of flows, for example, allows analysts to differentiate traffic based on subnet, IP address range, or port address range. Deep packet inspection enables SS8 sensors to be application- and protocol-aware. The SS8 platform also uses heuristic pattern matching to classify traffic based on flow content, a mechanism that remains effective even when subjects employ tunneling or other obfuscation methods. SS8 offers even finer control of filtering based on content analysis, such as identifying animated advertising content.

A single online interaction by a user—such as sending a message or watching a video—creates a large, complex sequence of events that spans many packets, flows, and servers. Internet communication records (ICRs) are an industry-standard mechanism for providing digests of online activity and are limited only to events of interest and flow-level statistics. SS8 builds on that efficiency by inspecting the first few packets of each ICR or IPDR to determine whether it should be included or excluded, then providing a summary of that universe of ICRs or IPDRs and tracking changes to it over time. Analysts can easily control and configure the attributes of interest to be extracted from these flows.

Augmenting the Value from Traffic of Interest

The powerful mechanisms that filter away extraneous data for investigators must be accompanied by tools to streamline analysis of the remaining information. Collating data from unrelated sources as quickly as possible is a key requirement. SS8’s MetaHub unifies and combines data sources, independent of their structures, so they transparently enrich each other. Thus, MetaHub can fuse data from ICRs, IPDRs, location intelligence, open-source intelligence, and automated number plate recognition (ANPR) systems into a single coherent data set for analysts to query against.

In addition, MetaHub can be instrumental when attributing traffic to a specific individual. For example, network packets exchanged during a WhatsApp message provide IP addresses for participants. But, because communication service providers (CSPs) often use private IP networks, LEAs must use network address translation (NAT) records to correlate those addresses with the users’ “real” IP addresses. Using ICR records, the SS8 platform can then identify the subscriber to which the CSP had assigned the relevant IP address at the relevant time.

The capabilities of the SS8 platform relieve operators of cumbersome, repetitive functions so they can focus instead on tasks with higher investigative value. Over time, our solution will continue to automate and enhance workflows, including the use of machine learning for actions such as low-level pattern recognition. Such algorithmic complements to human analysis will continue to advance lawful intelligence in the evolving communications landscape.

About Dr. Keith Bhatia

Dr. Keith Bhatia Color Headshot - CEO of SS8 Networks

Dr. Keith Bhatia was named CEO of SS8 in 2020, previously serving as COO. In his tenure, he has positioned SS8 as a leader in a 5G world shaped by increasing digitalization and automation. Keith combines broad technical and market expertise to advance the future of lawful intelligence and is impassioned to show how technology positively impacts our world. In a nearly 30-year career, he has held management and executive positions at public and private telecom companies domestically and abroad. He has a proven track record of driving profitable growth by accelerating international expansion, advancing product development, and leading strategic acquisitions. You can learn more about Keith here.

About Dr. Cemal Dikmen

Cemal Dikmen -SS8 Networks -Color

As SS8’s CTO, Cemal plays an integral role in the company’s strategic direction, development, and future growth. A renowned expert and thought leader in the legal compliance and communications analysis domain, he has been a frequent speaker at various industry conferences over the past 10 years. Cemal holds BS, MS, and PhD degrees in Electrical Engineering. You can learn more about Cemal on his LinkedIn profile by clicking here.



About SS8 Networks

As a leader in Lawful and Location Intelligence, SS8 helps make societies safer. Our commitment is to extract, analyze, and visualize the critical intelligence that gives law enforcement, intelligence agencies, and emergency services the real-time insights that help save lives. Our high performance, flexible, and future-proof solutions also enable mobile network operators to achieve regulatory compliance with minimum disruption, time, and cost. SS8 is trusted by the largest government agencies, communications providers, and systems integrators globally.

Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.

LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.

Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.

To learn more, contact us at

Follow Us LinkedIn       Tweet Us @SS8

SS8 Newsletter



How to Ingest, Filter and Query 5G Volumes

Webinar Presented by Kevin McTiernan

CLICK HERE to watch!