A communication service provider (CSP) was in search of automated testing solutions. Like most providers, they wanted to verify speed and performance for voice and data on 2G, 3G, LTE, and 5G.
They were also interested to learn about how automated testing could validate compliance with lawful interception (LI) requirements. They had recently received an LI warrant from a law enforcement agency and were unable populate all the required data quickly, putting them at risk for fines and penalties.
They wanted to utilize active testing to avoid future infractions. By periodically generating the LI reference data, they could confirm that it transferred accurately to the related LI systems.
So often, a CSP is focused performance and doesn’t necessarily recognize the criticality of LI compliance until it isn’t working. And law enforcement agencies can’t wait days for you to pull the required data. Every second counts.
Telecommunications technology is constantly evolving with new devices, services and radio signals. Providers are under immense pressure to be competitive, providing top quality and performance while complying with legal and regulatory requirements.
Read on to learn about the components of lawful interception, why compliance must be a priority, and considerations for 5G going forward.
What Is Lawful Interception?
Law enforcement agencies issue warrants for telecommunications data to fight crime, prevent terrorism and ensure national security. Lawful interception (LI) refers to the technical capabilities of CSPs to collect, store and transfer communications data to law enforcement databases.
LI global standardization has been led by the ETSI (European Telecommunications Standards Institute) and the 3GPP (Third Generation Partnership Project). Specifically, in the United States, LI standards are detailed by CALEA (Communications Assistance for Law Enforcement Act).
Multiple European countries, Australia, New Zealand, Canada and the US have worked together to define today’s LI standards. The objective of LI laws is to safeguard the public’s right to privacy while helping law enforcement perform investigations and ensure public safety.
LI regulations pertain to meta data, web browsing history, call detail records (CDR) and actual communications over voice, SMS text, emails, and other messaging apps. A law enforcement agency can issue a warrant for ongoing surveillance or historical data.
Why Is LI Compliance Critical?
It’s our civic responsibility to support the efforts of law enforcement agencies as they investigate crimes and prevent terrorist plots. Non-compliance with LI regulations can result in hefty penalties and risks to licensing. Finally, in some countries, LI can be a substantial revenue stream if local authorities pay fees to the CSP for every observation.
LI Compliance Is Complex
Years ago, LI was simply about wire-tapping phones. Today, criminals can employ a broad range of technology, communication channels, and encryption methods to cover their tracks. As a result, compliance with LI regulations and supporting the efforts of law enforcement agencies has become increasingly complex.
CSPs must first have the administrative processes necessary to effectively validate and implement LI warrants. The volume of lawful interception court orders has substantially increased over the last decade. It’s crucial to keep operational costs down with streamlined processes.
Technical capabilities are another critical aspect. CSPs must store historical data, be able to perform ongoing surveillance, identify relevant data, and transfer the information securely to law enforcement agency databases. Security procedures and controls are vital to safeguard the privacy of non-suspects and prevent detection of the investigation.
And finally, continuous monitoring is essential. Ongoing automated testing verifies that technical capabilities are sustained and compliant throughout upgrades and migrations.
LI Compliance Must Be Quick and Flawless
Immediate response is required when a law enforcement agency issues a court order for LI to a CSP. Law enforcement can’t wait multiple days for CSP to pull the requested data or begin surveillance.
Meanwhile, the meta-data and communication content must be complete and accurate. The CSP must avoid inadvertently providing unnecessary data that could confuse the investigation or violate the privacy of non-suspects.
CSPs must perform ongoing testing as upgrades, transitions and migration occur. Not only to validate performance and speed for their customers, but also to avoid gaps their ability to provide LI data quickly and accurately to upon receipt of LI court orders from law enforcement
5G Implications of Lawful Interception
Everyone agrees that 5G is a gamechanger for individuals and industries. We are still discovering how 5G will transform our lives. With unprecedented speeds and decreased latency, society will benefit from innovative connected experiences, the Internet of things, and the Fourth Industrial Revolution.
How does 5G impact LI compliance? This is a critical consideration as CSPs take steps to future proof their testing operations and ensure regulatory compliance.
Interoperability is a top concern whenever a network undergoes any type of update, upgrade or overhaul. Countless hours are spent testing and validating network speed, performance and interoperability across radio signals to ensure a seamless experience for customers.
Likewise, radio signal handovers must be flawless when law enforcement agencies perform surveillance and evaluate data. Records and data must be retained and distributed in the same format for efficient analysis.
As architecture is migrated from 4G to 5G, there will be a series of stages and transitions. LI compliance is a critical aspect to consider at every step along the way to ensure data is available, accurate and consistent.
The number of connected devices is expected to grow 100 times from 4G to 5G due to the Internet of things and increased connectivity opportunities. This massive surge will result in more observations. CSPs must have tools and technology capabilities to sort and filter data to provide relevant information to law enforcement agencies.
Meanwhile, law enforcement agencies must ensure that lawful interception maintenance systems (LIMS) are equipped to accept, store and classify data. Agencies will be able to save on storage and analysis resources if they can effectively delete unnecessary data.
There are significantly more encrypted device and network interfaces in the 5G architecture compared to 4G.
Overall, this is a positive change and reduces security vulnerabilities. However, it presents additional layers of complexity and interoperability intricacies between 4G and 5G interfaces CSP staff and law enforcement monitoring systems to navigate.
How SEGRON Can Help You Maintain LI Compliance
It’s crucial to verify compliance with lawful interception regulations to avoid infractions with the law while assisting law enforcement agencies.
SEGRON’s Automated Testing Framework (ATF) helps you verify compliance with LI regulations. With each update and migration, the ATF facilitates a series of test scripts to generate the reference data that interfaces to the law enforcement agency’s LIMS.
Ongoing automated testing and continuous monitoring verify everything is operating as it should. When concerns are identified, alerts and notifications are sent to the appropriate personnel immediately. Tools for reporting and evaluation enable rapid troubleshooting, so issues can be resolved before they cause problems.
Reference data can be generated by the ATF for audio calls, SMS text, fax, downloaded data, and files transferred over the Internet. All network technologies can be intercepted — 2G/3G, LTE/VoLTE, VoWifi, 5G, PSTN, WLAN, ISDN and VoIP. Powerful functionality driven by SEGRON’s Beyond End2End features ensure compliance with ETSI/3GPP LI standards.
SEGRON’s active testing solutions can help you monitor LI compliance and future proof your test bench. Contact us to discover how.