Lawful Intercept

D

dmatthysen

Well-Known Member
Joined
Feb 21, 2007
Messages
115
Reaction score
1
Has anyone been involved in an application with media gateways which should/are "lawful intercept" compliant??
 
Not really, although a while back I spent some time developing some LI software (which I didn't see to completion as the commercial viability was eroded by years of delays in governments' implementation - or lack thereof - of LI of IP traffic).

I'm not aware of any media gateways that support LI. The Cisco AS5xxx supports intercept of a specific data port but I don't think it handles VoIP specifically.

The more common approach in this scenario is to use probes.

One probe generally sits in front of the SIP registrar and proxy doing stateful inspection of all SIP packets, identifying dynamic targets through REGISTER and/or INVITE packets as well as identifying ports associated with the target's RTP streams.

Either the same probe or a secondary one then sniffs the RTP to/from the media gateway. (The mediation server will use info provided by the first probe to tell the second probe what to sniff, when.)

Interestingly, it seems that a number of those who've had to implement LI on data have chosen to use probes out of concern over the reliability of running Cisco LI code on their routers. That aside, the fact that we've yet to have a single LI warrant served on an ISP seems to be causing the few ISPs rolling out LI to be favoring a cheaper and more conservative approach of making it easy to rapidly but re-actively deploy probes to various parts of their network rather than pro-actively enabling the entire network for instant online activation of any LI warrant.
 
gmza said:
.
deploy probes to various parts of their network rather than pro-actively enabling the entire network for instant online activation of any LI warrant.
Click to expand...

I would actually assume that any data entering the ISP network is the responsibily of the ISP - now should the CPE situated at the client be catered for?
 
RICA does not provide for interception at customer premises. Doing so would - in most instances - compromise the need to prevent the target from finding out that they're subject of a LI warrant.

All LI should take place on the ISP or TSP network.

Unfortunately, the complexity comes in with the definition of ISP.
http://www.internet.org.za/amended_ricpci.html

"Internet service provider" means any person who provides access to, or any other service related to, the Internet to another person, whether or not such access or service is provided under and in accordance with a telecommunication service licence issued to the first-mentioned person under Chapter V of the Telecommunications Act;

This definition is so broad that it could apply to any businesses whose staff can access the net or even you or I if we happen to let our neighbor surf the net whilst he/she is visiting.

But this is not a unique case of badly drafted legislation. Usually, people take what they consider to be the most reasonable interpretation, until authorities choose to prosecute someone for non-compliance. At that stage, a judge has to read the bad definition and make a reasoned call on it. In cases like this, precedent dictates that the judge cannot use the broadest interpretation of a definition but rather has to look at the intent of the legislation to define the scope of the definition.

It is very clear from RICA overall and the various directives issued in terms of it, that the *INTENT* is that companies/organisations providing telecomms services have the ability to intercept on their networks.

Should authorities try and prosecute an ordinary company for not intercepting its staff's communications, the company would have a strong argument that they were not providing the telecomms service because their ISP or telco was the provider of the service.

The directives for ISPs also has some wording that basically states that it is not a requirement for every element of the network to be able to perform LI, only that traffic crossing any of the ISP's "network links" can be intercepted (ie. not at CPE or even at the access router). I know this, because I personally sat in a meeting at the DoC and then helped draft minor wording changes which ISPA added into its submission and which the DoC - thankfully - incorporated between the draft and final directives. It's one of the lessor known ISPA successes that I'm rather proud of. I'm not as familiar with the exact wording of the directives for other types of telecomms service providers (eg. mobiles, fixed line operators, etc) but am pretty confident that based on the Act itself, CPE would be excluded.

Sorry to make such a long reply of such a small question. Sadly with RICA nothing is simple or straight-forward. Horribly drafted legislation often raises more questions than it answers.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X