The idea of a government being able to intercept its citizens’ communications is that of an Orwellian novel. In reality, to a degree, communication interception is a possibility. In contrast to 1984, for government bodies to intercept data, there is a strict set of guidelines and procedures put in place. In the UK, the penalty for unlawful interception is up to two years imprisonment or an uncapped fine. Before LI (Lawful Intercept) can occur, a warrant outlining the purpose of the interception, what data is going to be obtained, and the dates which it will be obtained between must be provided and approved by a legal body. Figure 1 provides a list of warrant types that are relevant to LI in 5G:
Data collected under these warrants follows strict handling and storage protocols to protect individuals’ privacy. The balance between effective law enforcement and privacy rights is debated, requiring safeguards like judicial authorisation, time limits, and scope restrictions to prevent abuse.
So, we’ve identified the types of warrants which can be utilised; the next stage is to understand how they initiate the LI process in 5G. Figure 2 outlines the end-to-end process of LI in 5G, highlighting the essential functions.
To begin with, the LEA (Law Enforcement Agency) sends the warrant to one (or many) CSP (Communication Service Providers), specifically to the ADMF (Administration Function). The ADMF handles many different warrants at a time and is the control function for the LI process within the 5G Core. At the ADMF, provisioning information is generated, which is used to (believe it or not) provision other network functions in the 5G Core. NFs (Network Functions) will be provided with what specific data they are required to capture; we will explore these different data types in the next section. Additionally, NFs are told the address of the MDF (Mediation and Delivery Function), which will collate all of this data and package it to be ready for delivery to the LEMF (Law Enforcement Monitoring Facility). The LEMF is the endpoint of the LI process and handles all received data in a structured manner:
Now, let’s talk about the different data types that can be obtained. There are two flavours of intercept data: IRI (Intercept Related Information) and CC (Content of Communication)
IRI Data contains a broad range of metadata that can provide insight into communication patterns and provide context. Examples of this type of information include CDRs (Call Detail Records), session initiation and termination times, location-based information, and IP (Internet Protocol) addresses.
CC Data encompasses communication content, including voice recordings, internet browsing data, social media interactions, and file transfers. This provides the actual substance of communication that can support investigations. It’s important to remember that nowadays, the majority of our CC data is encrypted, especially when using OTT (Over-The-Top) applications such as WhatsApp or the Internet. Therefore, this data type is often not as helpful as IRI Data.
In conclusion, while lawful interception allows governments to access and analyse communication data under specific warrants, strict legal frameworks and procedures exist to protect citizens’ privacy. Various warrant types, such as targeted, bulk interception, and mutual assistance warrants, serve distinct roles in criminal investigations and national security. The 5G Lawful Intercept process involves precise coordination among network functions and law enforcement agencies to ensure specific data is captured, processed, and analysed effectively while adhering to strict procedures. Additionally, the distinction between IRI and CC highlights the importance of metadata in investigations, particularly as encryption continues to limit the accessibility of direct communication content.
If you would like to learn more about how 5G and other cellular technologies support lawful interception, check out our course on Lawful Interception, which can be viewed on-demand or presented live by our expert instructors.