By Carmine Rizzo, 3GPP MCC

Lawful Interception (LI) work in mobile networks is undertaken by the subgroup SA3-LI. SA3-LI standards provide technical capabilities to allow 3GPP networks and services to comply with national  lawful interception regulations. The standards ensure that Communications Service Providers (CSPs) can maintain regulatory compliance in an efficient, secure and effective manner. While the standards provide a set of capabilities to allow compliance, the applicability of specific parts of the standards depend on national law and actual services offered by each CSP.

The 3GPP™ Technical Specifications on Lawful Interception cover 2G, 3G, 4G and 5G, and address: requirements, architecture and functions, protocol and procedures.

Figure 1 below provides the high-level generic LI architecture. The various functional entities within the figure are explained thereafter.

Figure 1: A high-level generic view of LI architecture

The Law Enforcement Agency (LEA) is responsible for submitting the warrant to the CSPs, although in some countries the warrant may be provided by a different legal entity (e.g. judiciary).

The Mediation and Delivery Function (MDF) delivers the Interception Product to the Law Enforcement Monitoring Facility (LEMF).

The Point of Interception (POI) detects the target communication, derives the intercept related information or communications content from the target communications and delivers the POI output to the MDF. Multiple POIs may have to be involved in executing a warrant.

The Triggering Function (TF) is responsible for triggering POIs in response to network and service events matching the criteria provisioned by the Lawful Interception Provisioning Function (LIPF). The TF detects the target communications and sends a trigger to the associated triggered POI.

The Administration Function (ADMF) provides the CSP's administrative and management functions for the LI capability. This includes overall responsibility for the provisioning/activating, modifying, and de-activating/de-provisioning the Points Of Interception (POIs), Triggering Functions (TFs), and the Mediation and Delivery Functions (MDFs).

The System Information Retrieval Function (SIRF) is responsible for providing the LIPF with the system related information for Network Functions (NFs) that are known by the SIRF (e.g. service topology).

Figure 2 below illustrates two variations of the MDF: MDF2 and MDF3. MDF2 generates the Intercept Related Information (IRI) messages from the xIRI and sends them to one or more LEMFs. The MDF3 generates the Communication Content (CC) from the xCC and delivers it to one or more LEMFs.

Figure 2: communication flow through MDF2 and MDF3

The MDF2 and MDF3 are provisioned by the LIPF with the intercept information necessary to deliver the IRI and/or CC to one or more LEMFs.

The LI_MDF interface between MDF2 and MDF3 enables them to exchange information.

POIs are divided into two types based on the type of data they send to the MDF:

• IRI-POI delivers xIRI to the MDF2.
• CC-POI delivers xCC to the MDF3.

The MDF2 generates the IRI messages from the xIRI and sends them to one or more LEMFs. The MDF3 generates the CC from the xCC and delivers it to one or more LEMFs.

More details are available in the SA3-LI specifications listed at the bottom of this page.

Acronyms:

ADMF                    Administration Function

CC                          Communication Content

CSP                        Communications Service Provider

IRI                          Intercept Related Information

LEA                        Law Enforcement Agency

LEMF                     Law Enforcement Monitoring Facility

LI                           Lawful Interception

LICF                       Lawful Interception Control Function

LIPF                       Lawful Interception Provisioning Function

MDF                      Mediation and Delivery Function

NF                         Network Function

POI                        Point of Interception

SIRF                      System Information Retrieval Function

TF                          Triggering Function

3GPP Work Plan:

See a listing of all work & study items here:  https://www.3gpp.org/ftp/Information/WORK_PLAN/ and search for ‘Lawful Interception’ in the Excel sheet there.

Working Groups:

SA3-LI: Services and System Aspects 3 (Security) – Lawful Interception

See also:

• TS 33.126: Lawful Interception requirements.
• TS 33.127: Lawful Interception architecture and functions.
• TS 33.128: Protocol and procedures for Lawful Interception.

IMPORTANT NOTE: Please be aware that these pages are snapshot of the work going on in 3GPP. The full picture of all work is contained in the Work Plan (https://www.3gpp.org/ftp/Information/WORK_PLAN/)