Published on May 7th, 2020 | by Dr. Keith Bhatia & Syed Hussain
Communication Service Providers (CSPs), including those that provide Over-the-Top (OTT) services, are obligated by law, to provide lawful intercept capabilities. This ensures that when law enforcement agencies (LEAs) issue a court warrant, the providers capture and deliver intelligence for all of their services, including chat, messaging, VPN, etc. Even Media Service Providers (MSPs) like Facebook, Apple, Google etc. need to demonstrate a “best effort” to provide requested intelligence information. However, in the case of chat and messaging, content is generally encrypted.
When a CSP provides OTT services, the standards-compliant intercept platform plays the Mediation role, providing the information the LEA requested. For the MSP however, a standards-based Mediation is less likely because the current OTT providers prefer to provide the information themselves. Meaning, they will build the intercept function internally into their own platforms.
This presents two significant challenges for LEAs. First, how to handle the ever-increasing number of information streams and second how to decrypt and receive data securely and quickly.
Encrypted Data Issues
Encrypted data volumes are growing daily, to the point that over 90% of traffic on a particular link, could be encrypted. As such, the industry is working to bolster standards to assure link security and crypto key management (TLS1.2/1.3). Specifications of how to deliver payload/content decryption keys, for content that has been intercepted, still need to be worked out. 3GPP 33.108 provides some guidance on how to deliver such information to LEAs, however to date, this is not universally applied.
Why is the encryption issue important? As the communication industry moves away from voice to messaging and chat applications, so do the serious “independent” criminals and organized crime groups. Those trying to avoid detection know messages can be encrypted and as such, use them for communication and coordination of serious criminal activities. This creates a much more difficult situation for LEAs as they try to analyze encrypted communications in real time and, in some instances, are simply in the dark.
Note that LEAs receive real time interception of Voice communication, typically within 8 seconds of a targeted call. The real-time delivery of intercepted voice allows LEAs to live listen and react in real time. Encrypted communication, even when decryption keys are delivered out of band, make it very difficult to consume encrypted intercepted content in real time.
In February 2020, the MSP industry and law enforcement agreed to the new ETSI technical standard 103 707 v1.1.1, which will assure all messages are handed to law enforcement. The ETSI 103 707 standard includes a HI1 interface which defines how LEAs intend to make requests into MSPs for targeted interception. Next steps for this new standard, is for it to be implemented and tested by both media service providers, operators and LEAs.
For LEAs, the new standard helps ensure they receive OTT data for evidence/analysis from both CSPs and MSPs, where the content is both encrypted and unencrypted. This also means that their monitoring systems residing at LEAs need to be able to handle multiple data streams in multiple formats. This includes rich information gathered from messaging applications and social media data.
When it comes to the likes of Apple, Google, Facebook, they completely control the information they share, with only the LEA being privy to the mechanism of request and delivery etc. There does not seem to be agreement on a “standard” mechanism, which means monitoring center platforms will need to have the dynamic ability to manage these environments, and analysis all data forms, types and streams – in real time.
Additionally, monitoring center platforms need to handle receiving decryption keys for content payload with both out-of-band delivery methods as well as in-band delivery methods. Currently, the industry is struggling to meet this requirement because application designs are not built to support decryption key reporting in an automatic, standardized manner. Anything standardized is potentially hackable, giving rise to legal, privacy and security concerns. The last thing media service provider want is someone accessing their decryption keys.
SS8, with its global deployment, supports both traditional communication interception with CSPs as well as the modern chat and messaging interception for media service providers, including handling of encrypted payload and decryption keys in both in-band and out-of-band methods. These platforms and have enabled an ecosystem for testing, which is critical. SS8 offers AWS based testing environment for CSP, MSP and LEA to use.
About Dr. Keith Bhatia
As CEO of SS8, Keith combines his broad technical and market knowledge to advance the future of lawful intelligence. In his tenure, he has positioned SS8 as a leader in a world connected by 5G and shaped by increasing digitalization and automation. Keith is impassioned to show how technology can have a positive impact on our world.
About Mr. Syed Hussain
Mr. Hussain has spent 20 years working in the telecommunication industry and brings significant technical expertise to his role as Head of Product Management for Lawful Interception products for SS8. Mr. Hussain represents SS8 in both ETSI and 3GPP standards bodies and at technology summits.
SS8 provides Lawful Intelligence platforms. They work closely with leading intelligence agencies, communication providers, law enforcement agencies and standards bodies. Their technology incorporates the methodologies discussed in this blog and the Xcipio® and Intellego® product portfolios are used worldwide for the capture, analysis and delivery of data for the purposes of criminal investigations.