The massive data volumes associated with 5G networks can provide critical evidence in support of criminal investigations – if transmitted and stored efficiently and in compliance with regulations. Communication service providers (CSPs) as well as Law Enforcement agencies (LEAs), however, incur significant costs managing large data sets to fulfill warrants and other lawful requests. LEAs similarly struggle to implement and maintain compliant data processing and storage systems. In the European Union, for example, the General Data Protection Regulation (GDPR) has strict guidelines for lawful interception data storage, including limits on retention periods and geographic location. In addition, investigators often face inefficiencies in filtering the data to determine what is useable.
The emerging approach to addressing these issues is for the CSP to store the intercepted data, with the LEA receiving only the information it specifically requests. This approach enables new efficiencies and is the subject of a new set of ETSI standards being developed as guidance for a more sophisticated method of preserving e-evidence for court. CSPs must comply with these new requirements, and LEAs will need the software capabilities to benefit from them.
Emerging Changes to Retention Requirements
The mechanisms for an LEA to request to preserve and transfer specific data, including across national boundaries, are set out in the upcoming ETSI standard. A European Preservation Order Certificate for the Preservation of Electronic Evidence (EPOC-PR) enables judicial authorities to obligate CSPs to preserve specific data legally. By default, preservation is required for 60 days, after which the data must be deleted; that period can be extended to 90 days if requested and may be extended further if the investigation requires it. Systems in use by both CSPs and LEAs must be capable of managing these changing requirements.
The electronic evidence to be preserved includes subscriber, access, and transactional (traffic) data, as well as intercepted and stored communications content (CC) data. The European Production Order Certificate (EPOC) provides the means for LEAs to request specific preserved e-evidence from CSPs. Such requests are to be handled through de-centralized IT systems, and a CSP is obligated to respond to EPOCs within ten days, or eight hours in an emergency.
At a practical level, the EPOC and EPOC-PR workflows must be automated for the sake of efficiency. In addition to the large data volumes involved, an LEA may interact with large numbers of CSPs across multiple jurisdictions in any given case, and many data flows may exist with each of those CSPs. Integration of e-evidence preservation mechanisms with the broader lawful intelligence apparatus is also desirable to help ensure operational efficiency for both LEAs and CSPs, as well as regulatory compliance.
Flexible Lawful Intelligence Approaches to e-Evidence Preservation
The SS8 lawful intelligence platform is well suited to the emerging body of e-evidence preservation requirements for both LEAs and CSPs. Its Xcipio Retained Data Delivery (XCRDD) is a mature product originally developed as a retention mechanism to buffer data and guard against packet loss, especially over undependable networks. XCRDD enables LEAs to use various mechanisms to extract retained data. Adding this product to the lawful intelligence environment accommodates the upcoming e-evidence retention mandates.
The maturity of XCRDD puts it ahead of the curve regarding e-evidence preservation requirements that have yet to be finalized. As part of the broader SS8 platform, it is continually updated, such as with new or expanded APIs to accommodate changes in interfaces to other software. It is delivered using a containerized network function (CNF) cloud-native architecture to optimize flexibility and agility. This architecture helps streamline the integration of preserved e-evidence from XCRDD with other data sources.
To store and consume this entire body of data, XCRDD can interface with SS8’s powerful data fusion solution MetaHub, which provides massive storage capacity for structured and unstructured lawful intelligence data, including metadata from encrypted communications, and helps reveal new insights and patterns of life for investigators. MetaHub can ingest data from an open-ended number of sources—such as location platforms, automated number plate recognition (ANPR) systems, bank records, and open-source intelligence—and treat the whole as a single, coherent data set. It provides advanced, multidimensional querying and data visualization capabilities, and it even supports automated, scheduled analytics that can improve resource efficiency. Xcipio’s transparent level of interoperability also extends to the CSP side. Retention periods are readily configurable, and current production implementations of XCRDD hold data for up to a year before automated controlled deletion.
Emerging requirements for e-evidence preservation illustrate the importance of efficient, compliant products to support lawful and location intelligence. As new standards develop, SS8 customers can be confident they are deploying solutions that incorporate them to offer a scalable, interoperable platform that aligns with both the latest technological innovations and regulatory mandates.
About Baski Mohan
Baski Mohan is a Director of Product Management for SS8’s data mediation platform called Xcipio. He brings over 20 years of experience in Carrier Grade Networking, Application Security, and SaaS technologies. Baski is a passionate believer in the use of technology to solve global problems and has a Master of Science degree in Computer Science from Pondicherry University. You can learn more about Baski on his LinkedIn profile here.
About SS8 Networks
As a leader in Lawful and Location Intelligence, SS8 helps make societies safer. Our commitment is to extract, analyze, and visualize the critical intelligence that gives law enforcement, intelligence agencies, and emergency services the real-time insights that help save lives. Our high performance, flexible, and future-proof solutions also enable mobile network operators to achieve regulatory compliance with minimum disruption, time, and cost. SS8 is trusted by the largest government agencies, communications providers, and systems integrators globally.
Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.
LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.
Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.
To learn more, contact us at info@ss8.com.