skip to Main Content
Enhanced Monitoring And Analytics For 5G Lawful Intelligence

Published on July 8th, 2021 | by Kevin Isacks & Jonathan Fong

Enhanced Monitoring and Analytics for 5G Lawful Intelligence

As 5G networks roll out across the world, law enforcement agencies (LEAs) are being forced to reimagine investigation methods related to lawful intelligence. The types of data that traverse public networks—from the Internet of Things to virtual and augmented reality—offer vast new stores of information. At the same time, new layers of complexity have been added to lawful interception, including a large and growing proportion of encrypted communications with additional privacy measures built into 5G. By adapting their approaches to lawful intelligence, LEAs can turn the changing landscape to their advantage.

Handling Intercepted Data with Massive Variation and Scale

One key characteristic of 5G networks is that they move data about 10x faster than their 4G predecessors, with headroom for the technology to get even faster (by far) over the coming years. Another change is that 5G is explicitly designed for both machines as well as people to communicate with each other over public wireless networks. While 5G networks are far more than just “4G on steroids,” both of these factors contribute to making the sheer potential size of the data being intercepted much larger than in previous generations, which can overwhelm existing approaches to analysis.

Even with the availability of cost-effective data storage in the cloud, LEAs will increasingly have to make difficult decisions regarding what data to store and for how long. Aside from the familiar retention limits that agencies have always faced, there are growing practical and financial dimensions to those questions. Likewise, LEAs must be judicious in choosing which data to intercept, as well as being innovative in determining how to detect meaningful information and patterns in huge datasets, including those created for machines rather than humans to understand.

As the number of data sources relevant to a given person of interest or investigation grows, the level of complexity gets exponentially larger. Lawful intelligence may draw on relationships between many data sources, including along axes of both time and location. For example, understanding a subject’s behavior over the course of an afternoon may involve knowing how it does or doesn’t fit into their regular routine, combining voice or text communications, social media activity, proximity to specific other people, and inputs from automatic number plate recognition (ANPR), surveillance cameras, credit-card activity, toll systems, and many others. Analytics across all these dimensions require lawful intelligence tools and tactics at a new level of sophistication.

Advancing Lawful Intelligence in the Face of New Privacy Measures

Across network generations from 2G to 4G, it has been possible to reveal a SIM card’s unique International Mobile Subscriber Identity (IMSI) as a proxy for the user’s identity through the practice of “IMSI catching.” This ability depends on the fact that the IMSI is sent in clear (unencrypted) text across the radio access network in certain situations, including as part of the handshake between user equipment and guest networks. By spoofing the network authentication apparatus, a “man-in-the-middle” approach, either legitimately by LEAs or otherwise by illicit parties, can intercept the IMSI.

To protect identity privacy in such scenarios, 3GPP created the Subscription Permanent Identifier (SUPI) in the 5G specification to replace the IMSI in previous generations. It is never transmitted in clear text; instead, the Subscription Concealed Identifier (SUCI) is used, which encrypts the user-specific portion of the SUPI, concealing the user’s identity. In order for LEAs and other authorized parties to identify individuals based on their SUPI, the specification calls for the network to provide SUCI-to-SUPI mapping.

To make use of that SUCI-to-SUPI mapping, an LEA must have the cooperation of the network carrier that controls it, which effectively limits lawful interception to the use of active measures. Methods based on the insertion of passive probes without the knowledge, participation, or cooperation of carriers are not viable with 5G networks, because that type of mapping would not be available. This limiting factor can pose significant challenges to lawful interception operations in countries that choose not to cooperate, as well as those without legal requirements similar to CALEA in the United States, where it is not mandated for carriers to maintain lawful intercept capabilities on their networks.

In those situations where LEAs have used passive lawful intercept techniques in the past, they must develop new approaches for the advent of 5G. SS8 builds on more than two decades of expertise in arming LEAs with the means to intercept and interpret communications data, and that expertise is now needed more than ever. To advance investigations, investigators need powerful tools and best practices, combined with ease of use that accelerates analytics for greater efficiency and intelligence. As the data sets coming across public networks get larger, more varied, and increasingly opaque, SS8 is an ally to help generate insights that would otherwise remain hidden.


In the fast-changing sphere of lawful intelligence, LEAs face many emerging challenges as they update their investigative techniques. New device types, as well as pervasive encryption and other privacy measures built into 5G, are in the process of eliminating longstanding approaches such as using recorded audio from phone calls as evidence, as well as passive interception practices. But these barriers for LEAs can be overcome.

As the pace of change in telecommunications accelerates, SS8 is accelerating the state of the art in lawful intelligence as well. The added complexity in the types of data to be intercepted and the application of analytics make it more important than ever for LEAs to implement updated tools and techniques. SS8 continues to be on the leading edge of developing ways to lawfully intercept and utilize new dimensions of information that will continue to advance law enforcement on the technology curve, in the near term and beyond.

To learn more about advancing lawful intelligence in the face of new privacy measures, visit the SS8 website.

About Kevin Isacks

Kevin Isacks Head Shot

Kevin joined SS8 in April of 2020 and brings with him more than 20 years of global technology experience in the communications field. Much of that time has been dedicated toward architecting and delivering voice-over-IP (VoIP) products. Prior to joining SS8, Kevin was the Vice President Edge Products at Ribbon Communications. However, Kevin spent a majority of his career with Network Equipment Technologies (NET), which was acquired by Sonus in 2012. At NET he served as the Chief Development Officer and continued on at Sonus for five additional years, leading the development and testing of Sonus hardware and software products. Kevin holds a Bachelors of Science in Electrical and Electronics Engineering from the University of Natal, South Africa.

About SS8

SS8 provides Lawful Intelligence platforms. They work closely with leading intelligence agencies, communication providers, law enforcement agencies and standards bodies. Their technology incorporates the methodologies discussed in this blog and the Xcipio® and Intellego® product portfolios are used worldwide for the capture, analysis and delivery of data for the purposes of criminal investigations.

Tweet Us @SS8                        Follow Us LinkedIn