RIPA s 12(7)

Peter Fairbrother zenadsl6186 at
Sun Jun 22 14:23:25 BST 2014

On 21/06/14 20:46, Ian Batten wrote:
> On 21 Jun 2014, at 01:26, Peter Fairbrother <zenadsl6186 at> wrote:
>>   after all, you can't buy telephone equipment which doesn't have interception capability these days
> You can't buy telephone _service_ which doesn't have interception capability, surely?
> There's nothing stopping me gluing my own service together with Asterix (or whatever),
> some over-the-counter ATAs and some IPSec tunnels, after all.

Yes of course, there is no law preventing that (unless you operate a 
public telecomms service).

Though I'd just point out that Asterisk has "lawful interception" 
capability built-in ...

I'm sorry if I wasn't clear - what I meant was that nobody makes 
large-scale traditional pstn hardware equipment like class 4/5 switches 
(or cellphone core equipment) without built-in interception capability.

Thus you can't buy them - not because it would be illegal, but because 
no-one actually sells them.

The (international) market is such that there is no demand for them - 
almost every public telephone service provider throughout the world has 
to implement law-enforcement interception capability, and has had to do 
so for decades.

For IP-based stuff, as opposed to traditional switched circuit 
telephony, there is usually a mirror port facility on large-scale 
multiplexers, switches, routers etc which is provided and/or dedicated 
for interception purposes  - though hardware taps are also used.

[ the output from the mirror or tap is then fed to an analyser, and in 
the EU at least the service provider operates the analyser, selecting 
traffic which is to be intercepted from the total stream, then passing 
only that selected traffic on to the LEA.

Who operates the analyser is a big deal, present EU policy says that 
LEAs must get the service providers to do it for them. This doesn't 
apply to non-EU traffic however.

As far as I am aware the present inclusion of UK-EU traffic in the RIPA 
ss.8(4) catch-all category breaches EU policy on this matter, but is a 
matter of competencies so little can be done about it. ]

-- Peter F

More information about the ukcrypto mailing list