‘ Convergence ­ LI and DR

A Strategic Concept ‘
Alan Dubberley
VP Business Development, AQSACOM Pty

ISS World
Prague,  2009
 High Level Requirements: LI+DR
Law Enforcement & National Security Groups Need:
• A solution that allows them access and interrogate data from
LI and DR.
• Solutions that evolve to cover new and evolving services.
• A capability to configure and focus data for analysis.
• Tools that allow data to be mixed or repackaged as new
information is identified.
• Effective Development options.
• Secure Solutions.
Carrier/ISPs Need:
• Systems that meet National Requirements
• Solutions that don’t inhibit products
• Cost effective approach.
!"##$%&'()*'+*!"+,'-$+&$
2 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 LI Network Flow Process with Mediation
B"&() !.?C7.?*?%"@'5'"+'+4 !$+2%()'>$-*?%"@'5'"+'+4*– $4*AA?

ISP 1 ISP 2 ISP n

LI Provisioning
OR
Warrants Warrants Warrants
Operator Operator Operator
Warrants
Operator

Secure Extranet
Internal Function

IRI/CDC

IRI/CDC
CSP  CC/CCC
Network
CC/CCC

Provisioning

Law Enforcement Agencies

ALIS
IRI/CDC
External Function
Probe E I F

CC/CCC

CSP 
Network

!"##$%&'()*'+*!"+,'-$+&$
3 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Overview of a DR Solution – CSP/ISP Focus
B"&() ?%"@'5'"+'+4 !$+2%()'>$-*?%"@'5'"+'+4
ISP 1 ISP 2 ISP n
Provisioning
– By Central 

OR
Operator
– Options within 
Warrants Warrants Warrants regulatory 
Operator Operator Operator framework
Warrants
Operator

Secure Extranet
Legal Request
to CSP/ISP
DR Repository-
DCP Functions

IRI/CDC CSP/ISP

Other defined data
CSP/ISP
Networks

Provisioning

ADRIS Delivery to LEA DR

Repository-
LEA
DCP  Functions
Probe E I F

Analysis/query
Platform- LEA
CSP/ISP 
Networks
Law Enforcement
Agencies
!"##$%&'()*'+*!"+,'-$+&$
4 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 The Objective

Putting Lawful Interception

and Data Retention Together

!"##$%&'()*'+*!"+,'-$+&$
5 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 LI + DR
Two Core Partners for an integrated solution:
- The Carriers/ISP’s
- The Agencies

Overall Solution must:
• Have an integrated architecture, CSP to LEA
• Compatible systems­
• Defined operating interfaces
• Defined Processes
• Effective
• Secure
• Agreed roadmaps

!"##$%&'()*'+*!"+,'-$+&$
./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Roadmaps- Fix Today, Evolve into the Future

LI or DR solutions do not have to be ‘Big-Bang’.
• Fix Todays Requirement
• Identify Evolution Requirements
• Ensure you have Flexibility and Scalability.

Objective is to invest in a solution that can grow and

evolve with the business for both:
• Carrier
• LEA

The ‘business’ on both fronts will change.
!"##$%&'()*'+*!"+,'-$+&$
7 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 System Design Must Be Comprehensive

LI / DR Solution must:
 Interoperate with multiple telecommunication services and
 Support vendor-specific network elements.
Aqsacom approach
Alarms from equipment and services
[AQSA 030213]

Statistics by equipment and services;

LEA invoicing [AQSA 030413, 030414]

Disaster
Enhanced Enhanced Enhanced Fault
Access & Recovery
HI1 HI2 HI3 Tolerance
Transmission By equipment By solution
By service By service By service [in progress]
[AQSA 050575, [AQSA 050575, [AQSA 050575, Security [AQSA 030008]
050577] 050577] 050577]
By equipment
[in progress]

ETSI/3GPP specifications
[ETSI TS 101 671, TS 102 232, TS 102 233, TS 102 234,
R 101 944, DTR LI-00014; 3GPP TS 33.108]

 a secure, reliable, and flexible means of telecommunication surveillance that

will improve the operational efficiencies of investigations

!"##$%&'()*'+*!"+,'-$+&$
8 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Building Blocks­ADRIS Functional Approach

D'52"%'& E.. F$26"%G ?%"0$ HI? J7.

DCP DCP DCP DCP DCP DCP

Tc Tc Tc Tc Tc Tc

FC
Collection & Forwarding
Management

Data
ADRIS

Retention
Data Consultation Repository
(SAN/NAS)
Data Retrieval
HI-1 HI-2

LEA Domain

!"##$%&'()*'+*!"+,'-$+&$
9 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Data Storage­ Considerations 

Data is being captured and stored for multiple

purposes:
• Action NOW- Life and Death
• Action Now- Case in progress
• Action now- Active Investigation
• Store- Possible interest
• Store for Future.

!"##$%&'()*'+*!"+,'-$+&$
./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Storing and Mining Data

Given these ‘Considerations’:

Strategic Framework for Data storage:

• Prioritize/tag data in line with known search profiles.
• Store high priority data to enable instant and effective
mining.
• Store low risk data in a way that balances cost with risk
assessment.

Invest in Solutions that achieve the business need- A

structured approach.

!"##$%&'()*'+*!"+,'-$+&$
11 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Telecommunication Surveillance Solution Architecture

LEA 1 LEA n
Exploitation by LEA:
• Content consultation and analysis
• Traffic qualification
• Service operation

Interface D
Consolidation by LEA:
• Profiling communication & 
subscribers
• Request for qualification of 
Analysis Tools / Rules Engine / Data Mining
new traffic
• Traffic  aggregations
Interface C

Storage by Country:
• Mass storage Device P4 P3 P2 P1
• SAN architecture
• Database  Model Low Priority High Priority
DRI IRI + CC
Interface B
Mediation by Country :
• Gathering of all data
• Pre­filtering process ALIS / ADRIS / Roaming Survey / MobileTrack / …
• Forwarding in a secure and 
reliable mechanism

Interface A
Extraction by Network:
• Communication signalling 
information
• Communication content MOBILE FIX INTERNET SATELLITE

!"##$%&'()*'+*!"+,'-$+&$
12 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 CEMTRIS Global Architecture
Fix GSM UMTS Internet Satellite
Switch/ Networks Networks Networks Networks Networks
Router

ALIS™ /
ADRIS™

CSP
ETSI/3GPP Enhanced Spec.

LEA Central Storage

LEMF Front – End

Warrant ™
Operator APRIS™ CenTore™ ANAIS™

AQSACOM  HI Spec.

Monitoring/ Monitoring/ Monitoring/

LEMF Back – End A nalysis A nalysis A nalysis

Investigators

Drug Dept Terrorism Dept Money Laundering Dept

!"##$%&'()*'+*!"+,'-$+&$
./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Data Storage Principles

• Data will be stored between 6 months and up to 3 years

(if following EU framework). Period varies depending
upon predetermined ‘value’ of data.
• Data is IRI+ for DR and IRI+CC for LI.
• Data captured and stored will have varying value, from
P1 to much lower priorities.
• Storing principles must allow effective mining.
• Anticipate large volumes of data, much of this ‘low 
value’.
• But, some ‘low value’ data may become ‘interesting’ 
later- Must be able to retrieve and raise priority.

!"##$%&'()*'+*!"+,'-$+&$
14 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Data Flow Principles 1

• LEAs do need ALL high priority data. This may

include:
 LI related material
 Associates of people under active LI
 People on ‘high interest’ list.
This data is used for high priority Agency actions
and Agency analysis.
This is expected to be a low % of total available
data.

!"##$%&'()*'+*!"+,'-$+&$
15 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Data Flow Principles 2

Majority of stored data, all DR related, is for:

- General analysis looking for ‘fits’ against defined 
criminal profiles.
- Held for potential later use if ‘new’ areas or 
people of interest are identified.
This data is available to LEAs but doesn’t drive 
day-to-day high priority activities.

!"##$%&'()*'+*!"+,'-$+&$
16 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Action and Analysis -Principles 1
• LEA Treasure Chest:
 Known people and/or services
 Understanding of Criminal Actions (Profiles)
• LEA Stored Data for Analysis/Action
 LI- High Priority (P1)
 Target IRI- High Priority (P2)
 DR High Value Material- Medium Priority (P3)
This material drives direct LEA action and is used
for detailed profile analysis.
Material is stored using easy/quick access principles.
!"##$%&'()*'+*!"+,'-$+&$
17 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Action and Analysis- Principles 2
Stored Data at CSP/ISP:
• All data is DR related
• Data is classified ‘Low Value’, Priority P4 and P5
Due to high volumes, Data is stored using ‘economic’ 
principles that allow data to be mined but with much lower
urgency.
LEA Actions:
• Active analysis using broad profile testing mechanism.
Action- Filter data to assess if a combination of events
have occurred.
• LEAs provided with Alarm/Report if a profile match
occurs.
• Profile is managed /tuned by LEAs
!"##$%&'()*'+*!"+,'-$+&$
18 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 An Integrated LI/DR Solution

Summary:
• An integrated LI/DR solution is achievable and provides
multiple benefits.
• LI and DR analysis together has the potential to provide
a powerful analysis capability.
• Need an effective end-to-end data capture and store
capability.
• A System that balances storage between LEA and CSP
can optimize costs and maintain operational flexibility
• Need Flexible Architecture.
• Establish a Good, Flexible Mining capability.
• Use Profiling
• Effective, flexible Analysis tools.

!"##$%&'()*'+*!"+,'-$+&$
19 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 It Can Work­ Some References …

FRANCE BELGIUM AUSTRALIA PORTUGAL NEW ZEALAND

SOUTH AFRICA UAE ­ DUBAI

NETHERLANDS NORWAY
SWEDEN USA

UNITED KINGDOM

!"##$%&'()*'+*!"+,'-$+&$
20 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=
 Thank You

A QSA C O M A mericas A QSA C O M E urope A QSA C O M Asia-Pacific A QSA C O M M iddle E ast

New Yor k, US Paris, F rance M elbourne, A ustralia Dubai, U A E
Tel: +1 202 315 3943 Tel: +33 1 69 29 84 00 Tel: +61 3 99 09 72 80 Tel: +971 44 35 58 30
Email: sales@aqsacom.com

!"##$%&'()*'+*!"+,'-$+&$
21 ./01$&2*2"*&3(+4$5*6'23"/2*+"2'&$*
7..*8"%)-9 :/+$*;<<=