Lawful Intercept(ion) Primer Part 3 – How?

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!
This entry is part of a wonderful series, Intercept»

In this final blog in the series, I will discuss the How of Lawful Intercept – how it is installed, how it is done, and what is involved in the process.


Firstly, let me clarify that, in the US, the capabilities described herein were mandatory since at least 2007.  In other words – your telecommunications provider MUST have them already in place.


In the beginning, Lawful Intercept, and yes, its unlawful cousin, were both called "wire tapping".  To wire tap you would need access, ideally physical access, to the telecommunication medium.  In other words, you would need to be able to tap into the

  • Phone (or computer) at either (or both) ends;
  • The wire connecting the end points; or
  • The telephony (or network) switch creating the connection.

It worked something like this:

Rotary Phone
Image by AZAdam via Flickr



Someone could have put a "bug" into a telephone set:




Or listen in on the wire (yep, really as simple as this):







Using a device such as a "buttset":









Or simply plug a listening, or a recording, device, into this, old style, telephony switch.





Today, however, things are more complicated.

When technologies such as Voice-over-IP () or cellular G3 and beyond are involved, there are at least two more challenges added to the mix.  These are encryption and path-sharing.

Under the term "encryption", with the rising sensitivity to privacy concerns, quiet a lot of conversations, be they voice or data, are now subject to mechanisms previously only used by governments.    One of the reasons for Lawful Intercept laws is the concern that terrorists or other malefactors will use such technologies to make sure that Law Enforcement will not be able to listen in.  There are mechanisms, such as the ones discussed below, that address this concern.

The term "path sharing" refers to the fact that today, especially under cellular connections, data and voice, and in many times, those data and voice "packets" from very many conversations at once, are sharing the path to the switch.  Imagine the difficulty picking up a single conversation from a commingling of 100,000!  This is clearly only the territory of computers today.

So how is it done?


Under the leadership of a European standards organization called ETSI, a standard for Lawful Interception emerged.  This standard, used virtually everywhere such interception is performed by Law Enforcement, is designed as follows:


ETSI's LI Model



Looking closely at the diagram, lets notice a few elements (from right to left):

  1. Firstly, the column marked "LEA" refers to the network, operated by Law Enforcement officials, and here it is the recipient of the intercepted information.
  2. The broken (or dashed) line marked "handover" is where interface is made between the telecommunications provider and Law Enforcement
  3. The three boxes in the "cloud" represent the "checks and balances" in the system.  In our case, they both serve to assure that no one point collects all information allowing some measure of privacy to the individuals intercepted. (the term CC above refers to the content of and the term IRI to intercept related information for the specific information of the call).

One note of caution.  As you can see from this system, it can support long-term listening.  It can also support automatic processing of data and, using computer technology it can support sorting through many, many calls at the same time, looking for such "keywords" as bomb or kill.

We should cherish living in a free society, where such measures are done by Judicial processes alone.   As we saw, in closed societies such as Iran, not only can the data collected be searched for trigger words such as Mousavi or demonstration but also used to pin point the source of the conversation, its destination, and serve as documentary evidence to prosecute, and indeed persecute, free expression.








Lawful Intercept(ion) Primer Part I – Introduction

This entry is part of a wonderful series, Intercept»

Many readers have asked me to clarify what Lawful Interception is, why it is needed (or not), how it is implemented, and what are my thoughts on the subject. This post series will be a stream of thoughts, facts, and figures about Lawful Interception and any/all discussion is welcome.


To start with, the term Lawful Interception refers to the recording, analysing, or processing of communications.  While historically referring to Telephone calls, especially calls over the Publicly Switched Telephone Network, and thus called "wiretapping", the term today includes communications in any form, including:

  • Telephone calls
  • Cellular telephone calls
  • Internet communication
  • Wi-fi
  • GPS signals
  • and generally any other form of communication (electronic or not).


As in most developed countries, interception of communications in the USA is generally illegal.  It is generally illegal for someone to listen-in on your phone calls, read your email, and open your regular mail.  It is also generally illegal for someone to run network analyzers on your access point or to trace your connections.

Due to the ever-growing need of most States to have more Intelligence, an ever-changing compromise was worked up and eventually codified into Law.  Perhaps the best example of a listening system in the world is the US National Security Agency (NSA), an agency that for years did not "officially" exist, and that was vilified in many movies, stories, books and rumors.

While originally constructed to listen-in on foreign military communications, it is generally presumed that the NSA does listen-in on domestic communication, especially when it does so under permission granted to it by US Law.  This article does not intend to talk much about the NSA, focusing instead on law-enforcement agencies.

In general, in the United States and most western countries, Lawful Interception requires a court order signed by a judge. However, it is important to note that one major exception to this rule is the the allowance to any network services provider to do the needed LI in order to protect their own networks.

In the next blogs in this series, I will discuss why Lawful Interception is needed (or not), how it is implemented, and some of my thoughts on the subject.