Intercept laws may force data capture downstream

Australia’s Internet service and carriage providers are staring down the barrel of stiff legislative requirements to provide law enforcement, intelligence agencies and other authorized bodies with the capability to intercept IP traffic for lawful purposes, delegates at the Hack 2003 IT security conference have been told.

While telephone tapping is nothing new, Umar Goldeli, founder of carrier interception technology firm Universal Defence told the audience that authorities, carriers and ISPs ultimately have to come to terms with what lawful IP interception “actually involves at the coalface.”

A significant issue understood to be facing authorities is that in order to obtain useable ‘product’, data streams must be intercepted as close to the source as possible – which effectively means going into ISPs small and large to gain access to traffic.

“The closer you are to the entry point to the network, the higher the quality of the data intercepted. Almost anything can happen between ISP ‘A’ and carrier ‘B’ – like inter-customer traffic, multiple upstreams and asymmetric routing. Half of your (target) traffic might go out through carrier A and come back through carrier B.

“That’s not uncommon, but it is very difficult to co-ordinate (an intercept ordered by a warrant), because it’s taking a completely different path and that means if you only get one side, you miss half of the communication. You have to be able to pull it off closer to the source,” Goldeli says.

While telcos are predictably silent on such issues and argue they never discuss any operational security matters, a senior source at a tier one network and communications supplier familiar with interception issues confirmed that demand for IP interception from the government is indeed growing.

“The pressure is definitely on since S11 (to provide IP intercept capability). There’s a lot going on. With data and wireless it’s a lot more complicated than voice, so people who do voice now have to look at those capabilities. A lot of our customers, large and medium size, who would previously do the bare minimum, are looking at (their IP intercept capabilities). They are getting a lot more pressure to acquiesce,” the source, who agreed to comment on condition of anonymity.

Goldeli argues that a point of difference on the local landscape is that Australian authorities require carriers or ISPs to self-fund any capital investment for government interception requirements, a situation that around 700 smaller ISP are probably yet to grapple with.

“As more communications move to IP, so will the requirements for monitoring at a similar rate. A substantial proportion of criminals and persons or organizations of interest now use IP through ISPs and that will grow because there is a perception that the Internet is anonymous. These requirements are law – if you don’t or can’t comply you can be shut down by the Australian Communications Authority,” Goldeli said.