The Security Blog

In this final blog in the series, I will discuss the How of Lawful Intercept – how it is installed, how it is done, and what is involved in the process.

 

Firstly, let me clarify that, in the US, the capabilities described herein were mandatory since at least 2007.  In other words – your telecommunications provider MUST have them already in place.

 

In the beginning, Lawful Intercept, and yes, its unlawful cousin, were both called "wire tapping".  To wire tap you would need access, ideally physical access, to the telecommunication medium.  In other words, you would need to be able to tap into the

• Phone (or computer) at either (or both) ends;
• The wire connecting the end points; or
• The telephony (or network) switch creating the connection.

It worked something like this:

 

 

Someone could have put a "bug" into a telephone set:

 

 

Or listen in on the wire (yep, really as simple as this):

 

 

 

 

 

Using a device such as a "buttset":

 

 

 

 

 

 

 

Or simply plug a listening, or a recording, device, into this, old style, telephony switch.

 

 

 

 

Today, however, things are more complicated.

When technologies such as Voice-over-IP () or cellular G3 and beyond are involved, there are at least two more challenges added to the mix.  These are encryption and path-sharing.

Under the term "encryption", with the rising sensitivity to privacy concerns, quiet a lot of conversations, be they voice or data, are now subject to mechanisms previously only used by governments.    One of the reasons for Lawful Intercept laws is the concern that terrorists or other malefactors will use such technologies to make sure that Law Enforcement will not be able to listen in.  There are mechanisms, such as the ones discussed below, that address this concern.

The term "path sharing" refers to the fact that today, especially under cellular connections, data and voice, and in many times, those data and voice "packets" from very many conversations at once, are sharing the path to the switch.  Imagine the difficulty picking up a single conversation from a commingling of 100,000!  This is clearly only the territory of computers today.

So how is it done?

 

Under the leadership of a European standards organization called ETSI, a standard for Lawful Interception emerged.  This standard, used virtually everywhere such interception is performed by Law Enforcement, is designed as follows:

 

 

 

Looking closely at the diagram, lets notice a few elements (from right to left):

1. Firstly, the column marked "LEA" refers to the network, operated by Law Enforcement officials, and here it is the recipient of the intercepted information.
2. The broken (or dashed) line marked "handover" is where interface is made between the telecommunications provider and Law Enforcement
   
3. The three boxes in the "cloud" represent the "checks and balances" in the system.  In our case, they both serve to assure that no one point collects all information allowing some measure of privacy to the individuals intercepted. (the term CC above refers to the content of and the term IRI to intercept related information for the specific information of the call).

One note of caution.  As you can see from this system, it can support long-term listening.  It can also support automatic processing of data and, using computer technology it can support sorting through many, many calls at the same time, looking for such "keywords" as bomb or kill.

We should cherish living in a free society, where such measures are done by Judicial processes alone.   As we saw, in closed societies such as Iran, not only can the data collected be searched for trigger words such as Mousavi or demonstration but also used to pin point the source of the conversation, its destination, and serve as documentary evidence to prosecute, and indeed persecute, free expression.

 

 

 

 

Permalink

 

Two further, conflicting, usages of electronic data are emerging in the Iranian situation.  In the first, a website is using digital picture evidence to show how Lebanese, arabic-speaking, and non-Iranian-military forces are being use to repress the freedom seeking protesters in Iran.

 

The site lebasshakhsi.blogspot.com/ is providing pictorial evidence (some examples above) of "security forces" who are Lebas-Shakhsi (without uniform) beating peaceful demonstrators.  It follows those pictures with documentary evidence to the foreign nature of those forces.    Being foriegn here, in addition to the terms emphasised above means a few different things.  For example:

• That the regime was prepared ahead of time for "troubles" with these elections and even expecting trouble;
  
• That the regime believed it could not reliably call on its own, Persian, forces to fire on their fellow citizens;
  
• That the Lebanese-based Hizballah forces were willing to potentially sacrifice their own fighters to do favors for the Iranian regime; and
  
• That Hizballah has no particular like to the average Persian in the street, and willing to beat them and kill them.
  

[-----------------------------------------------------]

On the opposite side, the Iranian Regime has sites, such as xxxxx (name withheld per request) that use a technique called "crowdsourcing" to show faces of individual protesters and to ask the public to "come and tell us who they are".  Of course, using language such as

Unfortunately,… hypocrites, monarchists and counter-revolutionary and terrorist groups in cyberspace and the media are nothing but [trying to] disrupt the country social security and not for any other purpose to achieve this aim to …"

to try and encourage voluntary snitching on protesters.  That, if followed by a "call to their national responsibility"

Therefore, all users hereby and Iranian families are expected if [they know of] the personal data of any of the following photos and any news and information including photos, films, articles, news, email, web address, or complaints about the flow of disturbance of trade and [of the ] demand of each group in cyberspace actions [which] are destructive to stimulate activity through the site [...should email the information to the authorities]

Conflicting use of digital information.

 

Permalink