Keith Bromley
Sr. Manager, Product Marketing at Ixia

Lawful Intercept in Enterprise & Service Provider Networks

June 26, 2018 by Keith Bromley

Lawful Intercept isn’t a new concept but it is becoming a topic of increasing importance to Service Providers and Enterprises worldwide. A couple of new laws, like the 2016 Japanese Act on Communications Interception During Criminal Investigations that went into effect December 1, 2016 and the Malaysia National Security Council Act which went into effect on August 1, 2016, have made it easier for some Asian governments to perform wiretapping.

In the case of the Japanese law, wiretapping scope capabilities were expanded to cover fraud, theft, murder, and arson. In addition, the telecom agencies can now send the data electronically to the law enforcement agency (LEA). Previously, LEA personnel were required to personally visit the service provider’s location to perform the tapping of the target communications. With respect to Malaysia, the new law appears to remove the need for wiretap warrants so that the government can fight terrorism.

How your organization chooses to support government mandated wiretapping can make your life easy or hard.  To help our customers, Ixia has written a new whitepaper that outlines some best practices to help you navigate the lawful intercept waters and maintain network visibility.

For those who are not experts on this subject, legally mandated access to communications is expanding as many of the world’s nations write laws requiring access to all types of user information including: voice, video, data, and even location information. Fortunately, most countries worldwide maintain lawful intercept requirements similar to those of Europe and the U.S. This helps reduce some of the complexity.

Lawful data intercept is the requirement to support a government agency (with an appropriate warrant) in the collection of data communications. What you need to support, and how you need to support, the lawful intercept request depends upon the government agency requesting the information along with your role in the delivery mechanism of the communication information.

There are typically four different entities that lawful intercept requests apply to:

  • Telephony Service providers (wireline, wireless, WiMAX, etc.)
  • Internet Service Providers (ISPs)
  • Government agencies (which need to provide information to law enforcement agencies)
  • Enterprise and Small/Medium Businesses (including colleges)

Regardless of the communication format or provider, most lawful intercept laws (like CALEA in the USA) demand access to the appropriate content and that access must be provided in real-time. According to the Administrative Office of the United States Courts, which writes an annual wiretap report, there were 3,554 intercept applications submitted by the US federal government or state governments during 2014. This chart shows a summary of CALEA requests for the last three years of available data.













(source = Administrative Office of the US Courts)

Lawful intercept orders are also being issued to internet service providers (ISPs). The following data from Google shows one example of intercepts requests that are being issued to ISPs for internet related traffic. The data also shows those intercept requests are on the increase.  Per the Google data, the rate of lawful intercept requests issued to ISP’s is increasing approximately 20% per year as law enforcement agencies worldwide focus on combatting cybercrime.


(source = Google website)

Ixia has extensive knowledge gathered over several years on how to properly filter packet data for private enterprise, service providers and government agencies.  Based upon this knowledge base, we offer the following recommendations in regards to lawful intercept:

  • Use TAPs, not SPANs, as the information collection point
  • Network packet brokers (NPBs) for proper data filtering to capture the necessary content quickly and easily
  • Address your equipment security concerns upfront
  • Make sure you protect the captured evidence

The following diagram shows a brief example of how lawful intercept filtering can be accommodated with the right Taps and network monitoring switches:

Lawful Intercept

Details on these best practices are available in the whitepaper Best Practices for Lawful Intercept in Service Provider and Enterprise Networks.

More information about Ixia network performance, network security and network visibility solutions and how they can help generate the insight needed for your business is available on the Ixia website.