Published on October 27th, 2020 | by David Anstiss
There are two broad types of surveillance capabilities and they are classified as Targeted Intercept and Bulk (Mass) Intercept. Targeted interception, or targeted surveillance, is focused on individuals or a Subject of Interest (SoI) with government or judicial oversight and can be carried out overtly or covertly. Each surveillance is completed for a specific investigation or operation. Targeted interception is usually reserved to combat serious and organised crime including terrorism and significant threat to life and will typically fall into three main guises: Lawful Interception, Tactical Identification and Tactical Equipment Interference. These intercept methodologies encompass the interception of all communication and location data.
Mass, or bulk, surveillance is sometimes referred to as “passive” or “undirected” surveillance. It is not targeted at any individual, but rather it gathers large volumes of information for possible future reference.
Lawful Interception, Tactical Identification and Tactical Equipment
Lawful Interception is the ability for Government mandated Law Enforcement officers or suitable approved Agents, to apply for a judicial warrant to enable the real time targeted interception of communication data. The interception is covert and, in this instance, is specific to a single SoI and their devices. This capability is tightly regulated in each country allowing for no collateral intrusion of other persons not mandated by the judicial warrant and is a rich source of intelligence.
Tactical Identification is another tool in the targeted intercept arena and usually comes in two forms. The first is a technique that allows for a locally deployed tactical system to scan targeted communication devices. Once a device is detected and located, the data is reported. This then enables the identification of the individual(s) in possession of the device. The second part of tactical identification are International Mobile Subscriber Identity (IMSI) grabbers. IMSI grabbers provide the localized identification of mobile communication equipment that people are carrying. This is slightly more intrusive, as it covers a wider area. The collateral intrusion must be considered against the crime or threat posed by the SoI.
The final targeted intercept comes in the form of Tactical Equipment Interface. This method allows warranted agents, to leverage cyber investigative capabilities against devices of interest. This may include the deployment of malware and worms, and enables the targeted extraction of location information, subject identification, monitoring and disruption of the targeted devices.
Bulk Interception is the ability to collect mass data on all devices connected to a network or geographical region. The vastness and richness of the data can range from basic communication metadata, phone records, to location and cell tower information.
The key use of bulk interception analysis is the ability to historically analyse pattens-of-life. For example, in a murder investigation a Subject of Interests (SoI) phone records can be subpoena along with the cell tower data to help prove or disprove if the SoI had contact with the victim or was in the local area at the time of the incident. The difference here between Target and Bulk, is the bulk phone records show a call, but not the content. Whereas targeted interception would have captured the communication in full.
Smart mass (bulk) interception can currently be used to record only metadata such as Call Detail Record (CDR) or Internet Protocol Detail Record (IPDR). Trying to record a complete carrier grade IP network is very expensive and often not commercially viable. Whilst storage capacity is increasing and the price per byte continues to decrease, network speeds are also increasing. It is going to be extremely difficult to record all traffic or the entire IP network.
However, low bandwidth and high value applications can be recorded in mass. These applications include voice, SMS, chat, and email. There is no need to record people using streaming services such as Netflix videos, but identifying applications is relatively easy to then ingest and retain.
Open Source Intelligence (OSINT) is the collection and analysis of information that is gathered from public, or open sources. This falls predominantly into the mass interception segment. Though due to the sheer volume of data, the analysis of such data needs to be very refined.
Targeted Interception and some Bulk (mass) Interception provide Law Enforcement the tools needed to maintain a safer society. Both types have a place and provide benefits in their application, given proper regulation oversight and firm security. Interception is and will remain a vital and necessary resource in the fight against terrorism and serious and organized crime.
Prior to joining SS8 in 2015, David held a variety of management positions within the telecommunication industry including Vodafone, 3UK and Ericsson, where he was responsible for all UK Core Network Systems. David went on to represent Allot Communications in both Europe and Asia, and specialised in Deep Packet Inspection and Video Optimisation. You can learn more about David on his LinkedIn profile.
About SS8 Networks
SS8 provides Lawful Intelligence platforms. They work closely with leading intelligence agencies, communication providers, law enforcement agencies and standards bodies and their technology incorporates the methodologies discussed in this blog. Xcipio® is already proven to meet the very high demands of 5G and provides the ability to transcode (convert) between lawful intercept handover versions and standard families. Intellego® XT natively supports ETSI, 3GPP and CALEA handovers, as well as national variants. Intellego XT’s MetaHub component is a best-in-class data analytics tool. Both product portfolios are used worldwide for the capture, analysis, and delivery of data for the purposes of criminal investigations.