Communication service provider (CSP) networks are becoming more dynamically defined and more distributed, particularly as 5G networks and the internet of things (IoT) are further integrated. Many workloads are executed at the network edge by cloud-native, virtualized network functions. This shift means call and message data traffic paths are becoming less deterministic and predictable, which complicates lawful interception operations.
The traditional hub-and-spoke network topology, where data was collected by nodes such as packet data gateways and aggregated at the network core, has been all but replaced by more distributed architectures. To reduce bandwidth costs and latency, most data is no longer backhauled to a central point. Lawful intercept must therefore be conducted on distributed network nodes, meaning the function itself must also be distributed.
However, the international gateways that connect a nation’s communications network to the rest of the world are a notable exception to the broader shift toward decentralized data processing and unpredictable call and message paths. They control major arteries that carry the entirety of international traffic as multiplexed message streams, enabling LEAs to leverage proven interception techniques at a known, relatively localized point – if they can process the massive data volumes.
Passive Interception on Fiber Networks
Deploying lawful intercept measures can be difficult, however, in international jurisdictions where law enforcement agencies (LEAs) lack the cooperation or commitment of government agencies, CSPs, and other stakeholders. Using passive probes as opposed to active interception measures is a longstanding approach to lawful intelligence gathering that reduces or eliminates the need for the cooperation of unfriendly neighboring governments or communication service providers. It can also protect the integrity of investigations if there are concerns that individuals within a government or CSP might alert a subject of interest to the LEA’s efforts.
Passive interception involves tapping into communication circuits at known data aggregation points – under the authority of a warrant or other legal mandate – and obtaining requested information without interfering with the data flows. The edge-based processing of 5G networks significantly limits the effectiveness of passive lawful interception, by eliminating known points in the network through which specific call and message data must pass. International gateways provide an important exception by passing all international communications to or from a given country through one or a small number of points, allowing LEAs to continue to gather intelligence even in hostile geographies. However, to monitor and analyze data volumes of this scale, investigators require powerful lawful intercept solutions to extract data and advanced analytic tools for lawful intelligence.
The Growing Density of Call Data per Circuit
A core challenge of lawful intercept using international gateways is to identify specific data for the subject of interest within the massive, bi-directional flows. While the monitoring solution processes all of the communication data, only the legally authorized portion is handed over to law enforcement. It’s important to note that, this traffic is becoming increasingly encrypted. Analysts need leading solutions that can extract all types of data, including metadata and location data to expedite their investigation results.
The longstanding Synchronous Transport Module (STM) data transmission standard is still in widespread use across international gateways. The standard defines STM-1 as approximately a 155 Mbps raw bit rate, with STM-4, STM-16, STM-64, and STM-256 each carrying a bandwidth equal to the associated multiple of STM-1. An international gateway using the STM-64 specification operates using links with an ideal bit rate 64 times that of STM-1, or about 10 Gbps. Dense wavelength division multiplexing (DWDM) is a newer technology and further increases capacity in existing fiber. It does this by assigning incoming optical signals to a unique frequency (color) of light, allowing them to pass simultaneously through the network without interfering with each other.
The lawful intercept solution must obtain and inspect each individual packet in these vast data flows to determine if it corresponds to an authorized subject of interest. SS8 lawful intercept systems parse and inspect these traffic flows according to a range of targeting criteria. Once the authorized data is collected and handed over to LEAs, it can be queried using parameters such as character strings, message type, or directory number.
The aggregated traffic streams converging at international gateways present unique opportunities for lawful interception by overcoming challenges associated with distributed network processing and reducing or eliminating the reliance on, and security concerns with, foreign governments and CSPs. Because of the extraordinary transmission speeds and highly-multiplexed channels of the fiber networks passing through them, however, parsing out authorized data of interest for interception can be challenging.
SS8 builds on more than two decades of leadership in lawful intelligence to meet the requirements of LEAs gathering evidence from international gateways. Drawing on the entirety of its product portfolio, SS8 works with governments, LEAs, and CSPs worldwide to implement effective parsing, filtering, interception, and handover of call and message data from these gateways while protecting the lawful integrity of the process.
About Baski Mohan
Baski Mohan is a Director of Product Management for SS8’s data mediation platform called Xcipio. He brings over 20 years of experience in Carrier Grade Networking, Application Security, and SaaS technologies. Baski is a passionate believer in the use of technology to solve global problems and has a Master of Science degree in Computer Science from Pondicherry University. You can learn more about Baski on his LinkedIn profile here.
About SS8 Networks
SS8 provides Lawful Intelligence platforms. They work closely with leading intelligence agencies, communication providers, law enforcement agencies and standards bodies. Their technology incorporates the methodologies discussed in this blog and the Xcipio® and Intellego® XT product portfolios are used worldwide for the capture, analysis, and delivery of data for the purposes of solving criminal investigations.