When law enforcement officials need help with an investigation, they’ll often lean on Internet service providers to collect information from network transmissions. As a result, ISPs commonly use technology known as lawful intercept to gather data that could further the cause.
But not all lawful intercept technologies are created equally, as an IBM researcher demonstrated at the Black Hat security conference. eSecurity Planet takes a look at the potential vulnerability in the system.
Various jurisdictions around the world have legal requirements to ensure that voice and data traffic can be wiretapped in the interest of public safety and national security. According to an IBM researcher, that same requirement for wiretapping, or lawful intercept of data, could potentially be abused by an attacker.
IBM Internet Security Systems researcher Tom Cross today detailed during a live Black Hat Webcast event some of the specific issues he uncovered looking into a lawful-intercept implementation developed by Cisco. Cisco’s architecture for lawful intercept is now used by more than 15 vendors.
In the U.S., lawful intercept capabilities on Internet infrastructure are a legal requirement under the Communications Assistance for Law Enforcement Act (CALEA). Cross noted that many ISPs meet their CALEA compliance obligations by implementing Cisco’s lawful intercept technology. The Cisco architecture is published as Internet RFC 3924, and provides a mechanism for a network to send data to law enforcement, but is not a blanket ‘sniffing’ of all traffic, according to Cross.
“There are other architectures for lawful intercept and some of them involve putting a fiber optic splitter in the network and taking all the content and moving it over to law enforcement,” Cross said in a response to a question from InternetNews.com. “The difference between that approach and the Cisco one is that there is no involvement from the ISP in the process of determining whether or not the law-enforcement agency had the permission to access the content they are accessing.”