Lawful Interception

Lawful Interception (LI) is the legally approved surveillance of telecommunication services, and it has become an important tool for law enforcement agencies (LEAs) around the world for investigating and prosecuting criminal activities and terrorism. Most countries have passed laws that require telecommunication service providers to support LEAs with duly authorized requests to identify, monitor, and deliver all of the electronic communication of specified individuals and groups.While regulations and requirements vary from country to country, international standardization bodies like ETSI and ANSI have developed technical standards for LI that will facilitate the work of LEAs and help operators and service providers to minimize their costs. And even though various standards for LI use different terminology, the basic functional model applies to all LI standards and to all network and service types.

The main functions of any LI solution are to access Interception-Related Information (IRI) and Content of Communication sessions (CC) from the telecommunications network and to deliver the information in a standardized format via the handover interface to one or more monitoring centers of law enforcement agencies. Of course, before surveillance can take place interception requests must be approved and appropriately provisioned to the Interception Access Points within the service provider's network, and they must be carefully and accurately terminated after the interception authorization expires. In addition, high security requirements for LI systems are important to prevent possible manipulation and misuse.

Lawful Interception in the 21st Century

The types of communication available to individuals in these early years of the 21st century are versatile, diverse, and based on an expanding range of technologies. Modern telecommunications networks offer access through a tremendous range of technologies, including PSTN, ISDN, xDSL, WLAN, WiMax, GSM, GPRS, UMTS, CDMA, cable, and other technologies based on the Internet Protocol (IP).

Voice communication services have progressed from a fixed network model to encompass wireless technologies, such as cellular telephones, and Internet-based exchanges, such as voice over IP (VoIP). Data services have expanded as well, spanning video, facsimile (fax) services, Short Message Services (SMS), e-mail, image transmissions, and other services. Internet-based communications have become ubiquitous and have grown far beyond the basic capabilities of e-mail to include instant messaging, peer-to-peer (P2P) networking, chat services, and low-cost voice communication through a variety of companies and emerging technologies such as Session Initiation Protocol (SIP). The nature of the Internet also suggests that new applications and innovative tools will be developed in the future to extend communication options in unpredictable ways. Amidst this profusion of communication possibilities, national security organizations and law enforcement agencies need mechanisms and proven techniques to detect criminal activities and terrorist operations.

The need for lawful enforcement solutions is growing even while the dynamics of the market and the legal and regulatory framework continue to evolve. Network operators, ISPs, telephone companies, and others face an unprecedented public and regulatory obligation to adapt their workflow and infrastructure - selectively tapping into the vast flow of information within the telecommunications spectrum to selectively extract targeted data. For example, the interception of a single e-mail message can pose a major challenge to an Internet Service Provider because of the high volume of IP traffic handled by a typical large Internet Exchange, such as the Internet Exchange DE-CIX. This organization calculates the average throughput of the 175 Internet Service Providers it carries at 41.3 gigabits/second, and spikes in traffic range to nearly 70 Gbps. Clearly, state-of-the-art technology is required to handle lawful monitoring activities that involve this level of data throughput.

An Increasing Need for Lawful Interception

This worldwide explosion of communication technologies creates significant challenges for law enforcement agencies and national security organizations responsible for battling various forms of crime and terrorism. The sophistication of criminal enterprises in exploiting emerging communication channels has increased with the rising popularity of these channels, posing a very real challenge to organizations responsible for protecting public safety and reducing the impact of crime on communities. Given the broad availability of communication options and the relative ease with which criminal networks and terrorist groups can exchange information across these channels - by both data and voice communication - the impetus to intercept illicit exchanges and track the operations of criminal enterprises is strong and compelling.

In response to rising threats and worldwide terrorist operations, individual countries and international organizations have created regulations that enable and facilitate lawful interception of communications that take place across the channels discussed earlier in this paper. Although regulations controlling the interception of communications over traditional channels, such as telephones, have been in place for a number of years, many of these regulations have been recently amended to include Internet-based communication, wireless communication, and related forms of voice and data communication. These regulations mandate compliance by telecommunication companies, ISPs, network operators, and service providers who develop or maintain the infrastructures over which the communication takes place. In such cases, solutions are critically needed that can be effectively integrated into the infrastructure and - once implemented - can support lawful interception of a wide range of communication types. To meet the ethical demands and privacy requirements at the core of lawful enforcement, these solutions must prevent any activities involving illegal interception and illegal access at all levels, including - but not limited to - access by internal employees of the service provider.

Regulatory Environment

An overlapping framework of international and national regulations establishes the foundation for the monitoring of telecommunications, implemented to enable law enforcement agencies to intercept messages or information being distributed for illegal purposes.

Regardless of the specific geographic location, the prevailing regulatory environment in your region is likely to include provisions so that lawful interception operations can be performed when requested by an authority. The following list highlights the capabilities of a lawful interception solution that are most relevant to regulatory mandates and legislative requirements.

  • Comprehensive interception capabilities: The LI solution must be able to intercept all applicable communications of a certain target without any gaps in coverage.
  • Reliability and integrity: The LI solution should ensure delivery of precise and accurate results with the highest levels of data integrity. The LI solution must be as reliable as the service to be intercepted.
  • Separation of content: Intercepted communications data should be divisible into individual components; for example, the metadata included in the Interception Related Information (IRI) should be separable from the Communication Content (CC).
  • Transparent surveillance: The monitoring activities performed by the solution must not be detectable by the subscriber.
  • Immediate activation and real-time responsiveness: Following a request for lawful interception, a solution must be able to be immediately activated and provide real-time response in delivering intercepted data.
  • Sufficient capacity: The solution must have adequate capacity to handle the scope and scale of requested surveillance activities.
  • Data security and privacy: Sensitive data must be protected during transmission and the privacy of an individual's records and personal information should be safeguarded. Only authorized personnel should be able to view intercepted data.
  • Decryption: Encrypted data shall be delivered in plain text format if the encryption keys are available to the service provider or network operator.
  • Complete logging of events: All LI-related activities must be recorded and logged as part of a centralized record-keeping procedure.

Utimaco Lawful Interception Management

Legally compliant monitoring of telecommunications services

In almost all countries worldwide, telecommunication service providers are required to cooperate in monitoring (lawful interception) in the context of criminal prosecution and the prevention of terrorism. The conditions for this cooperation are defined by national regulations and local public bodies.

Our Lawful Interception Management Solution (LIMS) has been given approval by many countries as a solution for the legally compliant monitoring of telecommunications services. LIMS can be integrated in existing infrastructures on an individual basis without any effect on performance. To perform monitoring, the solution uses the interfaces present on existing network components and applications, and it controls the monitoring process autonomously.

The Utimaco Lawful Interception Management Solution has been field tested in more than 30 countries since 1994. It integrates current network components and extends applications for the future on an ongoing and non-manufacturer-specific basis. This enables the very latest communication technologies to be introduced and monitored without delay.

Our many years of experience, future-oriented technology, and close contact with leading manufacturers make investment in the LIMS risk-free. The monitoring measures can be incorporated quickly and easily in a graphical user interface. There is no need for technical expertise, to enter the setup details, freeing up the technical staff for their core tasks.

The modular Lawful Interception Management Solution is available for the legally compliant monitoring of Voice over IP, Next Generation Networks (NGN), mobile telephony, fixed network telephony, e-mail, Internet access, and IP.


  • Support of all type of communciation technologies incl. VoIP, NGN, e-mail, SMS, MMS, telephony
  • Fast, easy and seamless integration into the existing infrastructure
  • Compliance with ETSI, TR TKÜ, 3GPP, CALEA, J-STD-25