Pipeline Publishing, Volume 3, Issue 11
This Month's Issue:
The Long Arm of Telecommunications Law
download article in pdf format
last page next page
Staring Down the Compliance Conundrum
back to cover
article page | 1 | 2 | 3 | 4 |

The Lawful Intercept Server is responsible for direct interaction with the Access Points for both Intercept Related Information and Content. This, in fact, should be as best as possible a view of the raw data as provided by the switch, soft-switch, or gateway hardware producing records of the service usage involved.

The Lawful Intercept solution must have an Administrative Function, whereby an operator shall administer the rules pertaining to the network equipment involved and the correlation and business rules for the services deployed. Finally, the Law Enforcement Agencies must have direct access to the system via a Collection Function, with real-time and batch reporting capabilities to adequately address the needs described above.

Operators deploying such solutions note that this is one of many such systems in the environment responsible for network collection, data enhancement, correlation and analysis, and data retention. With other challenges at hand, such as Sarbanes-Oxley, and E911, should operators deploy different solutions for each of these initiatives, or should they try to fulfill each of these requirements with a single system?

The answer is dependent upon each operator’s unique environment. However, there are certain guidelines that may be applied in all cases:

Pure Sources of Data

More than any single factor, the need for pure sources of data dictates that lawful interception and surveillance must be done at the network edge. Data that is enhanced or altered is of less value to law enforcement agencies than data straight from the access network, and in fact many agencies are now mandating that operators deploy solutions to meet this requirement.

In fact, this type of solution is of great benefit to any operator, because a solution capable of collecting from the original raw sources of data can operate upon that data in many ways. For example, while the raw data may be used to execute correlation and business rules for legal authorities, the same data can be enriched and enhanced in a separate parallel thread in order to provide E911 data, as well as accounting data for the operator’s internal systems. Finally, such systems must produce a clear recorded trail of all activities as well, particularly if any business or financial data is involved that may enter the accounting stream.

Data Storage and Retention

Data that is captured is only useful for as long as it is stored. While some information is

provided and used in real-time, the majority of transactions remain historical in nature, meaning data storage is required. An important use of subscriber call records is to identify social network (calling) patterns that may indicate an imminent terrorist threat by subjects of interest. This type of application is not possible without a large database of historical usage. However, not all of the service data need be stored in its raw form. As long as the lawful intercept and surveillance system has access to the raw data, it may then strip down and store only the data for the elements needed in future correlation. For example, it is not essential to retain all of the data packets involved in every picture message, although it might be quite interesting for officials to know that several picture messages are being taken by persons of interest, from the cell in or adjacent to the Sears Tower.

Correlation and Business Rules

The most common activities pertaining to lawful interception, surveillance, and traffic analysis involve the function of mapping common addresses such as phone numbers and e-mail addresses to applicable network identifiers. The emergence of SIP addressing and IP based signaling for VoIP has accelerated the need for more flexible methods for performing extremely fast database lookups in support of real-time enrichment of raw network usage data.

Cross correlation of session and call data information for multiple service types (e.g., voice, email, SMS, MMS, IM, etc.) is greatly increasing the value of actionable intelligence for prevention or apprehension. It is for this reason that solutions supporting both voice and data are in such demand. Of course, as shown above, other initiatives like Sarbanes-Oxley and E911 have also crossed domains, and now involve the attention of wireline, wireless, broadband, and cable providers.

Concluding thoughts

Service providers face greater challenges than ever before to meet the myriad of complex mandates, with increasingly severe consequences of failing to comply. Ultimately, implementing a lawful intercept and surveillance solution and strategy is no longer a choice; it’s a necessity to survive in today’s hotly-competitive market. Forward thinking operators will seek to put solutions in place that solve these problems, in conjunction with other issues and challenges, such as compliance initiatives for E911 and Sarbanes-Oxley. The world’s ability to identify interrelationships amongst the enormous volume of data for communication services grows daily. Operators should view this as an opportunity to implement solutions with internal benefits as well.

article page | 1 | 2 | 3 | 4 |
last page back to top of page next page
 

© 2006, All information contained herein is the sole property of Pipeline Publishing, LLC. Pipeline Publishing LLC reserves all rights and privileges regarding
the use of this information. Any unauthorized use, such as copying, modifying, or reprinting, will be prosecuted under the fullest extent under the governing law.