As always, the evolution of technologies, standards, and regulations gives us clues about the future while leaving room for the unexpected. This article takes stock of some new dimensions to familiar themes in lawful intelligence, including developments in AI, international standards, and measures to overcome encryption. It also comments on the new, dramatic uptick in use of surveillance technologies and malware-based offensive interception measures by authorities.
Generative AI without Heavy Infrastructure
The rise of generative AI (GenAI) is part of nearly every technology conversation heading into 2025, as chatbots and automated assistants proliferate. To function at scale, the large language models (LLMs) behind GenAI have required massive compute resources, using data center GPUs that can drive up the cost per server significantly. Subscription payment models from cloud providers have made this technology financially viable for mainstream business usages, but public cloud resources are inappropriate for highly protected and closed lawful intelligence networks.
More recently, the computing industry has been retooling to use lighter-weight AI models that are less resource-intensive, making it possible to run on mainstream local servers or high-end PCs. This trend is gathering momentum as it monetizes helping organizations avoid the costs, latency, and security exposure of long-haul data transmission to and from the cloud. Local operation without requirements for internet or cloud connectivity sets the stage for GenAI-powered tools to deliver long-term benefits for lawful intelligence.
Natural language processing (NLP) is an aspect of GenAI with potential near-term promise for lawful intelligence applications. Speech-to-text processing can make large amounts of audio indexable and searchable, auto-summarization can make it accessible, and machine translation can make it understandable. NLP can also potentially provide insights such as speakers’ identities or emotional states. In the medium term, lawful intelligence will also use AI to interpret images and videos, finding patterns and anomalies that humans would miss.
High-Definition 5G with Voice over New Radio
As progress continues toward true 5G networks, communication service providers (CSPs) are shifting voice traffic away from their legacy 4G (or older) cores to use a stand-alone 5G new radio (NR) core. Unlike earlier implementations that overlaid a 5G access network over an older core, voice over new radio (VoNR) takes full advantage of the bandwidth, latency, and other advantages of 5G. As the technology continues to mature, this transition improves scalability and spectral efficiency for the CSP, creating financial advantages that ensure it will continue.
The shift to VoNR has significant implications for lawful intelligence operations. Along with the interception of packet switched data instead of traditional calls, massive numbers of connections to the mobile network from novel online devices will become possible. The mediation environment will be further complicated by increased adoption of video calling, file sharing, and real-time translation.
The highest-profile result of VoNR adoption—to the public and to lawful intelligence practitioners—will be the dramatic improvements in voice quality made possible by the high-speed stand-alone 5G core. High-resolution voice can provide clearer, more accurate recordings of intercepted communications, even the background audio in noisy environments. Spatial audio made possible by VoNR provides three-dimensional directional cues that help identify call context and speaker positions. The richer data provided by these improvements also directly benefits emerging NLP usage models.
Key Escrow for Authorized Forced Decryption
Over-the-top (OTT) communication applications such as Skype, Zoom, Telegram, and WhatsApp—which continue to grow in popularity—implement end-to-end encryption of voice, video, and message contents. While authorities have shifted their interception focus toward other information sources such as metadata and location information, the lack of direct access to communication content (CC) is a prominent gap. Gaining access to encryption keys by serving subpoenas or warrants on CSPs can be complicated or impossible, especially across international boundaries.
The majority of OTT communications use various signaling protocols, or variations of them, for end-to-end encryption, which uses a central key-distribution method to maintain user identities and ephemeral keys. Building on that architecture, research is underway toward defining a 3GPP-compliant key escrow mechanism to provide decryption keys to law enforcement agencies (LEAs) with proper authorization. These session keys would each allow for a specific scope of message decryption while keeping the master keys secret. In addition to being built explicitly for authorized access by LEAs, the standards-based mechanism would provide all day-to-day key request and generation services for OTT applications.
The mechanism is based on a new network entity called the Trusted Key Authority (TKA), which would operate with a similar level of trustworthiness to that of a certificate authority (CA). The TKA operates at the application level within the lawful interception apparatus to forward cryptographic credentials to the LEA, as authorized by the warrant-management functionality of the lawful interception platform. Using the session key, the LEA is able to encrypt the CC while protecting privacy through existing warrant and other authorization processes. Further development in this area could dramatically improve the value of lawfully intercepted communications.
The Escalating Threat of Surveillance Technologies
Surveillance technologies deployed by adversaries within U.S., U.K., and allied territories are advancing at an alarming pace, posing significant threats to national security and public confidence. Compounding these concerns is the emergence of sophisticated cyber surveillance operations, which further emphasizes the need for enhanced counter-surveillance measures. The approach to investigating such threats is especially critical when they occur within these territories or involve those citizens due to privacy protections.
The passage of the Chinese spy balloon over sensitive military installations in late 2023 represented an adversarial attempt to collect intelligence on critical US infrastructure and defense operations. In 2024, the discovery of IMSI catchers targeting Ukrainian troops at a U.S. base in Germany demonstrated the sophistication and persistence of adversarial surveillance. These devices, capable of intercepting and manipulating mobile communications, exemplify how modern surveillance tools blur the lines between physical espionage and cyber intrusion. More recently, the appearance of unidentified drones over critical infrastructure in New Jersey further highlighted concerns about the potential for modern surveillance technologies to perform mass data collection or even cyber infiltration.
The Salt Typhoon hacking campaign further underscored the evolving cyber surveillance landscape. This sophisticated operation, attributed to a state-sponsored actor, targeted a range of sectors by exploiting vulnerabilities in cloud services and supply chains, disrupting critical national infrastructure and accessing sensitive information. The event highlights the need for integrating cyber defense strategies with lawful intelligence to ensure that threats are mitigated before they can cause widespread harm.
The increasing prevalence of surveillance technologies from adversarial nations demands a robust and adaptive response that includes proactive, comprehensive counter-surveillance systems. This requires the integration of advanced lawful and location intelligence technologies that can identify such operations early without infringing on personal privacy, allowing them to be neutralized and offenders prosecuted. By investing in cutting-edge solutions, fostering international cooperation, and maintaining a commitment to civil liberties, the United States can better protect its homeland from evolving surveillance threats while preserving public trust and confidence.
Growth of Offensive Measures for Intelligence Gathering
Malware continues to become more sophisticated, following the trend of decades. The subset that is funded and deployed by state actors and law enforcement is becoming far more prevalent at the same time it is becoming more capable. This trend reflects the urgency and high stakes of interrupting growing threats such as civil unrest, terrorism, and serious and organized crime, in the context of the regulatory restrictions that authorities place on intelligence gathering methods.
Some of the U.S. law enforcement agencies recently purchased multi-million dollar phone-hacking spyware software built to breach encrypted OTT messaging applications. Such intelligence-gathering methods are referred to as “offensive” due to their aggressive mode of operation, as opposed to the “defensive” nature of lawful interception. While mitigating the dangers of obfuscated messaging is vital, active collection measures may compromise privacy and public confidence in the rule of law.
Moreover, global experience confirms that the burgeoning market in offensive intelligence gathering techniques lacks accountability controls and is ripe for misuse. In that context, SS8 reaffirms its commitment to produce defensive measures exclusively. By advancing the state of the art in lawful intelligence, we explicitly intend to reduce the need for and role of offensive measures, extending investigation and enforcement while unimpeachably protecting society.
About Dr. Cemal Dikmen
As SS8’s CTO, Cemal plays an integral role in the company’s strategic direction, development, and future growth. A renowned expert and thought leader in the legal compliance and communications analysis domain, he has been a frequent speaker at various industry conferences over the past 10 years. Cemal holds BS, MS, and PhD degrees in Electrical Engineering. You can learn more about Cemal on his LinkedIn profile by clicking here.
About David Anstiss
David Anstiss is Director of Solution Engineering at SS8 Networks. He has been with SS8 since 2015 and has significant experience in critical network architecture technology and advanced data analytics. He currently works as part of the Technical CTO Group under the leadership of Dr. Cemal Dikmen and is responsible for leading engagement with both intelligence agencies and Communication Service Providers (CSPs) around the world. He has been instrumental in helping them transition to 5G, defining system requirements to meet regulatory compliance. As a member of ETSI, he represents SS8 to ensure the adoption of cloud-native infrastructure is met with industry best practices and to guarantee that compliance of lawful interception is maintained. Learn more about David here on his LinkedIn profile.
About Kevin McTiernan
Kevin McTiernan is a seasoned professional with over 20 years of experience in the security industry. His extensive expertise spans big data, cybersecurity, network security analysis, and regulatory compliance. As Vice President of Government Solutions at SS8, Kevin specializes in the implementation of advanced intelligence solutions for the U.S. Government, law enforcement, and the Five Eyes alliance. He is an accomplished public speaker and an adamant supporter and volunteer for the National Child Protection Task Force. You can learn more about Kevin on his LinkedIn profile.
About SS8 Networks
As a leader in Lawful and Location Intelligence, SS8 helps make societies safer. Our commitment is to extract, analyze, and visualize the critical intelligence that gives law enforcement, intelligence agencies, and emergency services the real-time insights that help save lives. Our high performance, flexible, and future-proof solutions also enable mobile network operators to achieve regulatory compliance with minimum disruption, time, and cost. SS8 is trusted by the largest government agencies, communications providers, and systems integrators globally.
Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.
LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.
Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.
To learn more, contact us at info@ss8.com.
