Intercept architecture

Interfaces in RED should be standard to allow interoperability; HIn = Handover Interfacen

The existence of Intercepts should be transparent to both the subject and other LEAs!
The dotted links (probably SNMPv3) must be secured to prevent Unauthorized Creation and Detection of intercepts - while solid red links must be secured to protect intercept-related information (IRI) [RFC 3924]
Intercept [Access] Point (IAP): router, PSTN gateway, SIP proxy, RADIUS server, …

Slide Notes

Fred Baker, Bill Foster, and Chip Sharp, “Cisco Architecture for Lawful Intercept In IP Networks”, IETF RFC 3924, October 2004 http://www.ietf.org/rfc/rfc3924.txt Links to an external site.

Transcript

[slide391] But basically, in the end, you get an architecture that looks like this. The authorities get a warrant from a court for lawful interception. They provide that to the provisioning and operations support at the network provider. The service provider uses these tunnels to set up the interception point to get the call contents, or the interception point to get the call details. They get that information, and they deliver it to the law enforcement agency who presented them with the warrant. All of those interfaces in red are encrypted. And one of the requirements is that one law enforcement agency should not be able to see even the existence of another law enforcement agency who's also getting lawful intercept. Why don't you want them to know about each other? Because if you had someone who was a bad cop in one of them, they could inform other people, hey, there's this other agency that's collecting information about your communications. Maybe you should do something else. So they purposely put into the law and the technology so you can't see that these intercepts are taking place. This is one of the things that IETF argued was a bad idea.