Lawful Intercepts
Minimum price
Suggested price

Lawful Intercepts

System Deployment from Requirement, Designing and Planning to Delivery and Operation

About the Book

For a long time, there is a veil covering lawful intercept. Most of people are thinking it as a tool by police and national security staff to carry on surveillance on ordinary civil people. In reality, lawful interception is an important mean to prevent crimes and terrorism spreading in cyber world now. In order to better present lawful interception at different angles for different readers, like technical staff and LEA planning officers with different working agendas, the organization of this book is divided in to 5 parts:

·       The first part is the basic introduction on lawful interception operation with its restriction and boundaries in terms of network surveillance, difference from cyber intelligence, LI readiness with support of legal background, ETSI framework with compliant LI systems for practical deployment.

·       The second part is the LI process in LEA side in terms of crime investigation process, cyber evidence acquisition, warrant management for auditing, and network forensic basics for data analysis and presentation.

·       The third part is the review of LI systems in terms of law enforcement monitoring management (LEMF) system with warrant management, mediation device, protocol analyzer for content reconstruction, and media gateway for conversion between signaling and media. In this part, IT system planning of some common requirement, such as system sizing, information security, system resilience and business continuity…etc., will be also addressed. Though I worked for LI solution vendor for more than 7 years, I will not particularly specify the brand and model of any solution vendor. What I try to do is to provide the explanation on the de facto functions and feature those LI system should be. This can be reference for those solution vendors and LEA planning officers for the off the shelf products in market.  

·       The fourth part is the data access at different telecom networks in terms of network infrastructure with both user data plane and control plane of TDM, GSM, GPRS, IMS, Fixed Network, and 4G/5G networks. This part is quite important for LEA and system integrator to negotiate with telecom network administration team to deploy, manage and operate LI systems.

·       The fifth part is the project management in terms of project planning, labor planning, budget/cost planning, customer acceptance test, training planning and maintenance planning. Though the focus of this part is at LI system delivery, most of content can be also applied to LI system customization during negotiation between LEA users and solution developers.

·       The last part is case study with six true investigation cases handled by LEA through LI process in different countries. I have tried my best to omit the confidential part and present it with the best usage of LI systems in crime investigation.

Expected Readers in the Market

For my job, I have met lot of IT planning staff from LEA department and judicial staff of prosecutor and judge offices in many different countries. From my conversation with them, I understand even those work with crime investigation and legal proceeding everyday still have lots of misunderstanding and regard LI as black box processing, it is quite nature for ordinary civilians to have great fears and prejudice on lawful interception.  

Due to some background knowledge needed for understanding LI, this book is written for those who want to know more details about LI operation for their works, such as:

—    Officers of LEA in charge of planning, purchase, and deployment of LI systems, and front-end field investigator and lab analysts.

—    Telecom network administrators in charge of network management involved with LI process.

—    System integrator in charge of LI system deployment and maintenance.

—    Solution providers in charge of LI system development and customization.

—    Judicial officials in charge of crime legal proceeding.

—    People who work with civil right and speech freedom on internet want to know more about LI to eliminate the necessary fearsome and fantasy.

Though some of confidential and sensitive information related to cyber crime detail process in designated cases, LI deployment in some designated TSP data centers, or specific investigation tools used in target telecom networks, I have carefully reviewed it and tried my best to hide these confidential details. Some of my LEA friends also give me advice on it to modify those details.  

About the Author

Ted Chao
Ted Chao

Ted Chao is an IT consultant working on lawful interception and cyber intelligence projects worldwide. He has worked in a Taiwan LI solution company - Decision Group Inc. as technical consultant and chief project leader for more than 8 years since 2010. For the past 30 years, he worked as system integration manager, SAP basis consultant, project manager, technical product manager, product development team leader and technical consultant at Acer, Compaq, HP, Lucent Technologies, and Institute of Information Industry in Taiwan, Singapore, ASEAN and Middle East countries. During his profession period, he was also involved in many large deployment projects of SAP, cross border enterprise and municipal networks, lawful interception and cyber intelligence in many different countries.

Table of Contents

Table of Contents


Chapter 1. Introduction           

Section I. Lawful Interception as One of Cyber Intelligence Methods     

Chapter 2. A Glance at Network Surveillance

2.1.       History of Intercept on telecom facility  

2.2.       Difference between Lawful Interception and Cyber Intelligence  

Chapter 3. National LI Mandates      

3.1.       LI Acts in Different Countries      

3.2.       General LI Process Flow in LEA side         

3.3.       Type of Lawful Intercept              

3.4.       Admissibility of evidence from LI by Court            

Chapter 4. LI Framework       

4.1.       Data Access / Intercept Access Point (IAP)            

4.2.       Data Delivery     

4.3.       Data Collection 

4.4.       Law Enforcement Monitoring Facility      

4.5.       LI Standard in Different Countries            

Chapter 5. Practical Deployment for Lawful Interception    

5.1.       LI Intercept at TSP side  

5.2.       HI1 Interface under ETSI              

5.3.       HI2 Interface under ETSI              

5.4.       HI3 Interface under ETSI              

5.5.       File Transferring between Mediation Device and LEMF   

5.6.       Technical Document with Definition of LI Protocols          

5.7.       Function of Mediation Device    

5.8.       HTTPS Traffic under ETSI             

5.9.       Common LI Systems in the Set of LEMF  

5.10.     Systems for LI Process   

Section II. Lawful Interception for Cyber Investigation Process and e-Evidence Collection

Chapter 6. Nature and Model of Cybercrimes          

6.1.       Type of Cybercrimes       

6.2.       Model of Cybercrime     

Chapter 7. Cyber Investigation with Evidence Management and Analysis  

7.1.       International Guidelines of Common Standards  

7.2.       Requirement of Digital Evidence Collection from LI Systems         

7.3.       Compliance of LI Systems with Guidelines of Digital Evidence Management              

Chapter 8. LI Case Establishment and Final Report Format 

8.1.       Items for Approval of Lawful Intercept   

8.2.       Investigation Report      

Chapter 9. Network Forensics for Investigation and Data Analysis 

9.1.       Data Transmission through Network       

9.2.       Deep Packet Inspection Tool      

9.3.       Link Analysis      

9.4.       Time Line Chart

9.5.       Content Analysis              

9.6.       Structure Analysis           

Section III. LI Systems    

Chapter 10. Law Enforcement Monitor Facility (LEMF): LI Monitor 

10.1.     LI Monitor          

10.2.     Subsystem components of LI monitor     

10.3.     Data Processing with HI2 and H3 files     

10.4.     General Product Specification of LI Monitor         

Chapter 11. Mediation Device          

11.1.     Mediation device            

11.2.     Subsystems of mediation device

11.3.     Data Flow of mediation device   

11.4.     Product Specification of mediation device            

Chapter 12. Media Gateway 

12.1.     Function of Mediation Device    

12.2.     The position of media gateway in LI process        

12.3.     Media Gateway Products in Market        

Chapter 13. Protocol Analyzer and Content Reconstruction System

13.1.     Position of Protocol Analyzer in LI Process            

13.2.     Protocol Analyzer System            

13.3.     Data Flow of Protocol Analyzer  

13.4.     General Specification of Protocol Analyzer           

Chapter 14. Tactic Wi-Fi Interceptor 

14.1.     Position of Tactic Wi-Fi Interceptor in LI process 

14.2.     General Specification of Tactic Wi-Fi Interceptor

Chapter 15. System Capacity and Sizing Planning    

15.1.     Choices of Hardware, Network and Middleware for LI platform   

15.2.     Mediation System           

15.3.     Media Gateway System 

15.4.     Protocol Analyzer system            

15.5.     LI Monitor system           

15.6.     Data Center Planning for LI system          

Chapter 16. Business Resilience        

16.1.     Viewpoints at Hardware Platform and OS Level  

16.2.     Shared Storage within Cluster    

16.2.     Network level   

16.3.     Link level            

16.4.     Disaster Recovery           

16.5.     Backup/Archive 

16.6.     Vulnerability Assessment             

16.8.     Prevention from External Probing            

Chapter 17. Virtual Machine for LI Deployment on VMware vSphere         

17.1.     The Mechanism of Virtualization Platform            

17.2.     Functionalities of Virtualization Platform by Hypervisor of VMware vSphere              

17.3.     Clustering Mechanism of VMware vSphere          

17.4.     Virtualization Planning for LI Deployment             

17.5.     Suggested Specification of LI Systems on vSphere Platform           

17.6.     Conclusion         

Section IV. Telecom Network Infrastructure for LI  

Chapter 18. Starting Point of LI Process at Telecom Network          

18.1.     The Network Environment and Concerns in TSP Site        

18.2.     LI Requirements in LEA side        

18.3.     Evolution of Telecom Network Technologies       

18.4.     Choice of Intercept Access Point

18.5.     Subscriber ID    

18.6.     Type of Intercepted Data             

18.7.     Role of Mediation Device            

Chapter 19. LI at Terrestrial Telecom Networks       

19.1.     Circuit Switch and Softswitch Network   

19.2.     IP Media Subsystem Network (IMS)         

19.3.     Fixed Data Network       

Chapter 20. LI at Wireless Telecom Networks          

20.1.     GSM Network   

20.2.     GPRS Network  

20.3.     LTE network      

20.4.     Proposed LI Deployment at 5G Network

Chapter 21. LI on HTTPS Traffic         

21.1.     HTTPS Mechanism          

21.2.     Global Governance on Certificates           

21.3.     The Need of Intermediate PKI Certificate for Lawful Interception

21.4.     Deployment of LI System on HTTPS for Cybercrime Investigation

21.5.     The Proposed Availability of PKI Certificate for LI

Section V. Plans for LI Deployment Project  

Chapter 22. LI Project Preparation   

22.1.     Objective for LI Deployment and Development   

22.2.     LI Project Preparation Task List  

22.1.     Work Scope Definition   

22.2.     Cost Estimation

22.3.     Scheduling          

22.4.     Cost of Labor Planning for Project            

Chapter 23. Management for Project Delivery         

23.1.     Management Functions

23.2.     System Test       

23.3.     Customer Acceptance Testing    

Chapter 24. LI Deployment Planning after Project Delivery 

24.1.     Training program            

24.1.1. On-site Training

24.1.2. Off-site Training              

24.2.     Maintenance Service     

Chapter 25. Software Development Planning          

25.1.     Product Design Process 

25.2.     Product Development Tool         

Section VI. Case Study with Lawful Interception Operation        

Chapter 26. Case 01: LI Deployment in the Data Center of APP Service Provider   

26.1.     Objective            

26.2.     Background       

26.3.     Common Backend of Social Communication Service         

26.4.     LI Deployment for ETSI Compliance         

26.5.     Concerns of High Availability       

Chapter 27. Case 2: LI Deployment Integrated with both Circuit Switching and Packet Switching Networks   

27.1.     Objective            

27.2.     Background       

27.3.     Conceptual Implementation based on ETSI          

27.4.     Requirement and Network Environment in the Case        

27.5.     LI deployment   

Chapter 28. Case 3: Investigation on VoIP Phishing 

28.1.     Objective            

28.2.     Background

28.3.     Track down by Local Investigation            

28.4.     Track by Lawful IRI Records         

Chapter 29. Case 4: Conduct Lawful Intercept at Radio Access Network of 3G/4G Network         

29.1.     Objective            

29.2.     Background       

29.3.     Object Positioning on Mobile Phone       

29.4.     Positioning Calculation by GPS in the Lab             

29.5.     RF Positioning   

29.6.     Measurement of BTS by Mobile Tracking Device

Chapter 30. Case 5: Tactic LI Application – Crime Investigation on Drug Dealing Case by Wi-Fi Interceptor       

30.1.     Objective            

30.2.     Background       

30.3.     Passive lawful Wi-Fi Intercept     

30.4.     Active lawful Wi-Fi Intercept       

30.5.     Distributed Wi-Fi Interception    

30.6.     Case of drug dealing investigation in Internet Café           

30.7.     Data integrated into ETSI compliance LI process 

Chapter 31. Case 6: Lawful Interception on Breach Trust of Former Employee in High Tech Company           

31.1.     Objective            

31.2.     Background       

31.3.     Digital Criminal Data Collection 

31.4.     Legal Procedure and Final Sentence        

Chapter 32. Conclusion         

32.1.     Telecom Technologies   

32.2.     APPs Used by Cyber Criminals    

32.3.     Juristic Environment       

32.4.     IoT Platform      

32.5.     Data Analysis     

32.6.     Investigation Process     

32.7.     IT Security Requirement due to Virtualization      

Appendix A – Building a Simulated Lawful Interception Lab

A.1.       Objective of Simulated LI Lab     

A.2.       The Deployment of LI Simulation Lab      

A.3.       The Operation Procedure            

A.4.       The Target Simulated Service Network   

A.5.       The Role of Each LI Device           

A.6.       Simulated Lawful Interception Procedure             

A.7.       Data Analysis     

A.8.       Equipment List for LI Simulation Lab       

A.9.       The Conceptual Deployment       

A.10.     Conclusion         

Appendix B - LI Ready Country List   

Appendix C - XML and Its Application in Lawful Interception          

Appendix D - Introduction on ASN.1 

Appendix E - Acronym List     


The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

80% Royalties. Earn $16 on a $20 book.

We pay 80% royalties. That's not a typo: you earn $16 on a $20 sale. If we sell 5000 non-refunded copies of your book or course for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earnedover $13 millionwriting, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub