Blog Careers Support +1 408 944 0250

Enabling Lawful Intelligence at the Network Edge

Enabling Lawful Intelligence at the Network Edge - SS8 Networks

The evolution of wide-area networking continues to drive processing out to the network edge. That trend first gained traction with widespread cloud adoption, and it accelerated as the global build-out of IoT began. Now, 5G’s massive increases in traffic rates and volume are leading more communication service providers (CSPs) than ever to build out multi-access edge computing (MEC) infrastructures. Going forward, edge-based distributed services and traffic processing will be key enablement strategies to mitigate traffic congestion and safeguard application performance.

As more data-processing elements are placed at the network edge, capabilities for lawful interception must logically follow. Significant business benefits are also possible from the efficiencies available by distributing lawful intercept capabilities at the edge using modern, cloud-native software practices such as continuous integration and continuous deployment.

The Shifting Landscape of Lawful Interception

The traditional approach of hosting the mediation function for lawful interception at the network core has served the industry well for decades. A hub and spoke topology simply aggregated necessary data from nodes such as session border controllers (SBCs) to fulfill lawful intelligence requirements. But that approach is increasingly unviable.

With data speeds increasing by an order of magnitude or more relative to 4G, 5G potentially creates massive requirements for high-volume data backhaul intercepted at the edge. Adding to the challenge are the encryption requirements associated with 5G, which are particularly stringent in the case of lawful intercept. This combination of factors makes it difficult or impossible to continue the use of centralized approaches to lawful interception while meeting regulatory requirements, particularly for near-real-time delivery of lawful intelligence to law enforcement agencies (LEAs).

Likewise, conventional infrastructure designs were predicated on the idea that edge nodes were almost entirely devoted to their primary functions such as vRAN (virtual Radio Access Networks) or vMEC (virtual MEC). They dedicated only small amounts of resources to lawful interception and handover, which are becoming obsolete as backhaul of 5G’s large data sets over long distances would create significant challenges. By contrast, lawful intercept nodes placed at the edge can offload that work from the primary nodes, meeting network traffic and lawful intelligence requirements simultaneously.

Emerging Requirements for Distributed Networks

Lawful interception at the edge in highly distributed networks requires first that mediation resources can be deployed flexibly, close to various points of interface (POIs) at the network edge, far edge, or core, such as user plane function (UPF), packet gateway (PGW), and system architecture evolution gateway (SAE-GW) nodes. Ideally, they should be deployable across bare-metal, virtual infrastructure, and cloud-native models such as microservices.

Within that distributed environment, mediation solutions must support active, passive, and hybrid configurations to meet the broadest possible range of situations and requirements. (Active configurations integrate with POIs to take advantage of network elements such as routers and switches, while passive ones don’t require POI integration, using discrete passive probes instead; hybrid approaches combine both.)

Lawful intercept mediation nodes placed at the edge must be able to handle and ingest large data flows with sufficient performance to ensure compliance with regulatory requirements for on-time content delivery. Likewise, active configurations must create efficiencies for POI nodes by consuming only minimal resources on them to deliver intercepted content to a local mediation node.

Drawing Efficiency Benefits from Modernized Workflows

Best practices call for mediation nodes and other lawful interception elements to be deployable as cloud resources, allowing them to be fully integrated with other services and applications that CSPs are deploying to the edge. This approach enables the lawful intercept components to participate in the broader cloud orchestration environment and its benefits in terms of elasticity, agility, and OpEx optimization.

CSPs also gain economies of scale through reuse of scripts and other measures to reproduce past successful deployments, using them to propagate lawful interception workloads across the cloud, without sending teams out to remote sites. Cloud workflows for lawful interception can benefit from DevOps initiatives and other cloud-native processes, such as continuous deployment, aligning them with broader IT strategic efforts.

Software images for lawful interception and orchestration details for their deployment can be stored in a repository and then instantiated as needed across edge locations in the network using continuous deployment tools. This architecture creates reproducible results and consistency across the network, in addition to its efficiency benefits. Likewise, automation dramatically streamlines both implementation and ongoing maintenance, compared to traditional on-premises implementations.

Safeguarding Service Requirements for Lawful Interception at the Edge

Regional regulatory environments—as well as individual agreements between CSPs and relevant authorities—set forth specific requirements that CSPs must satisfy in the context of lawful interception. For example, quality of service requirements typically specify the maximum allowable delay of intercepted data to LEAs, relative to true-real-time delivery. The scope of that data typically incudes the content of communications (CC) as well as intercept related information (IRI) of the target and services related to the target (e.g., call forwarding).

CSPs need assurances that they can meet those service levels for lawful interception and handover consistently, even across jurisdictions with varying requirements. SS8 applies domain expertise developed over two decades to handle the most complex call flows under the most demanding network conditions. Resources deployed to the edge offload the processing overhead associated with lawful intelligence, avoiding resource contention with the network’s primary communications functions.

SS8 is an ally to CSPs as they navigate the accelerating pace of change. The SS8 white paper, “Impact of 5G on CSPs Regarding Lawful Interception” explores the challenges CSPs are facing as they transition from 4G to 5G, including lawful interception platform integration, data filtering at 5G speeds, handoff protocols, and security.


As 5G accelerates the transition of compute to the network edge in the coming years, CSPs need to shift lawful intelligence mediation and handover to the edge as well. In the face of massive increases to data speeds and volumes, SS8 provides the expertise and assurance that CSPs will continue to be able to meet regulatory requirements wherever they operate for data access and mediation. Contact SS8 to learn more about our lawful interception solutions. 

About Dr. Cemal Dikmen

Dr Cemal Dikmen Head Shot SS8

As SS8’s CTO, Cemal plays an integral role in the company’s strategic direction, development, and future growth. A renowned expert and thought leader in the legal compliance and communications analysis domain, he has been a frequent speaker at various industry conferences over the past 10 years. Cemal holds BS, MS, and PhD degrees in Electrical Engineering. You can learn more about Cemal on his LinkedIn profile by clicking here.

About Mr. Syed Hussain

Mr. Hussain has spent 20 years working in the telecommunication industry and brings significant technical expertise to his role as Head of Product Management for Lawful Interception products for SS8. Mr. Hussain represents SS8 in both ETSI and 3GPP standards bodies and at technology summits.

About SS8

SS8 provides Lawful Intelligence platforms.  They work closely with leading intelligence agencies, communication providers, law enforcement agencies and standards bodies. Their technology incorporates the methodologies discussed in this blog and the Xcipio® and Intellego® product portfolios are used worldwide for the capture, analysis and delivery of data for the purposes of criminal investigations.

Tweet us at @SS8

SS8 Newsletter



How to Ingest, Filter and Query 5G Volumes

Webinar Presented by Kevin McTiernan

CLICK HERE to watch!