Collecting cybercriminal data from different telecom networks is a big challenge for law enforcement staff and law makers all over the world. The critics of such cyber data collection operations are ever present in the mass media, and across the internet. How to balance security with privacy, as we see, is a hot topic not only among lobbyists and representatives in the halls of parliament, but its pitch also echoes among the debates between the accused and the prosecution in court. For all of us, the questions are frequently asked: What are the issues that underscore private vs public security, and how can we strike a reasonable balance among them?

First, from the viewpoint of human rights protection, it is a natural privilege for humankind to have freedom of expression. But on the other hand, it is the duty of law enforcement staff to protect our society from harms caused by such free expression. There must be a boundary agreed upon by the general populace on the scope of freedom of expression. This consensus has been accepted and written into the criminal code in most countries, i.e. the scope of individual freedom of expression is under protection of state - unless there is a risk that such freedom poses a threat to the interests of the society. This is the bottom line that allows (and often requires) law enforcement staff to carry out cyber data collection operations on telecom networks.

Another critical issue is how to make sure that law enforcement staff (LEA) always act within the law during these operations. Most will agree that there must be a standard operation procedure (SOP) to follow during cyber data collection, and proper auditing procedures should always be implemented based on this SOP. Such auditing procedures can be carried out using activity log files which are collected by SOP. If standard procedures are not followed, the acquired data may be rendered inapplicable in court, and any prosecution will be aborted.    

All the devices used for cyber data collection must adhere to the requirements of standard operation procedures and this auditing process. The SOP for cyber data collection must be followed by both telecom service providers and law enforcement agencies. In other words, such data collection should not impact the regular service delivered by telecom service providers - and LEA staff should undertake such operations to monitor designated targets only under approval of the local court or parliament.

All the details of these required procedures are now well defined under a global standard from the European Telecommunications Standards Institute (ETSI), which is a standard setting body for telecommunications of TETRA, DVB, GSM, GPRS, CDMA, LTE, and Fixed Network…etc. Based on the standards of ETSI, cyber data collection can be performed using common protocols for all parties - including telecom equipment suppliers, telecom operators, system integrators, law enforcement staff, court officials and others. This standard operation is called lawful interception, and it is based on a series of common standards. Of course, in different countries, there are variations on ETSI standards. In the US, it is known as the CALEA standard (Commission on Accreditation for Law Enforcement Agencies), whereas in Federal Russia, it is part of SORM-2 standard (Standard Organization and Regulations Manual). No matter how it is customized in different localities, its base scheme is the same.   

“For the past ten years, Decision Group lawful interception solutions have been widely adopted by many states as core LI systems.” said Casper Chang, CEO of Decision Group, “We fully understand how important the global ETSI standard is for deployment of a state LI system in terms of targeted communication interception, warrant management, data analysis and auditing procedures.”

Decision Group’s lawful interception suite consists of several systems that offer different functions for cyber investigation operations. These functions are fully in compliance with the data collection requirements of telecom service providers, LEA, and the courts (or parliament). They address targeted traffic interception, warrant management, data analysis and retention, and these functions can be also used for the auditing process based on ETSI or CALEA standards.

These systems in the Decision Group LI suite are well defined and deployed in different domains for the above functions. Some systems can be customized based on existing warrant management or criminal codes, and some of systems can be expanded for data mining or big data analysis. It is all up to customer requirements. The detailed information on systems in the Decision Group LI suite is below:

1. iMediator – the role of iMediator is to coordinate the LI request between iMonitor in LEA side and the AAA (Authentication, Authorization, and Accounting) systems in Telecom centers. It can mediate all target traffic from telecom networks to iMonitor.
2. iMonitor – iMonitor is our core system for hosting functions of data collection, warrant management, auditing procedure, data analysis and reporting. Investigators can send requests to iMonitor for these functions. The system connects with frontend systems of iMediator and iMedia Gateway, and the backend systems of EDDM and data retention system as well.
3. EDDM – EDDM is the major system for protocol analysis and content reconstruction of digital IP data. Administrators in the LEA center can choose to target major online services, reconstructing and retaining the original contents for cybercrime investigations.
4. iMedia Gateway – iMedia Gateway is deployed as a voice interception system with conversion from SS7/ISUP to VoIP – or used direct with VoIP. It can easily work with TDM, MCG, MSC, and MMSC, or as a PSTN gateway through E1/T1 directly.
5. Data Retention Management – Data retention management is our critical system for criminal data analysis, with a data reservoir of both raw data and reconstructed data. Based on the state LI Act, the duration of data retention should be documented under strict auditing procedures set by a court or parliament. On the other hand, some data can be used for forensic research into criminal behavior patterns (modus operandi) and on the backend big data analysis platform (Hadoop) through specific data export interface.
6. Tactic Lawful Interception Pack –There are 2 different kinds of systems for lawful interception on wired and wireless networks:
1. For wired network – a trolley system with integrated functions of data access, collection, reconstruction and management for short term lawful interception operation by LEA.
2. For wireless network – a portable system with multiple WiFi interfaces and WEP/WPA breaking capability, to intercept targeted wireless packet network within a limited range.
7. HTTPS-Detective – HTTPS-Detective can be deployed in telecom networks as HTTPS proxy similar to function as a content delivery network (CDN) service in order to intercept target HTTPS online services.

In order to provide better service, Decision Group also provides several levels of training programs based on customer requirements. These programs are delivered by qualified instructors, senior cybercrime investigators, or scholars from LEA and university:

1. Cybercrime Investigation Training (CCIT) – Decision Group co-works with National Taiwan Central Police University and Taiwan CIB to offer training for cybercrime investigation skills and theory for LEA staff.
2. Lawful Interception Training (LIT) – Decision Group professional staff delivers training on lawful interception planning, deployment and operation with practical drills.
3. Network Packet Forensic Analysis Training (NPFAT) - Decision Group professional staff delivers training on how to interpret intercepted data and conduct data link analysis.
4. Cyber Intelligence Training (CIT) – Decision Group professional staff delivers training on cyber intelligence deployment and delivery for national security.

As a leading lawful interception solution provider, Decision Group welcomes partners and LEA clients to contact us with requests for LI technical material or suggestions for deployment and operation. Please also check out our website: http://www.edecision4u.com for more product sales, technical and service information. Wherever you are, if you need more information about our products and services, please contact decision@decision.com.tw. We’ll be glad to give you our utmost support service.

Decision Group has launched Network Investigation Toolkit (NIT) since 2010, and it has been adopted by more than few thousands of customers around the world. For the past 5 years, along with advance of wireless network technology, Decision Group NIT was also upgraded for those existing clients year by year. Now Decision Group provides a new version of NIT 2.0 for customers. In this new version, Decision Group enhances the capability of wireless RF and HTTPS interception as well as more friendly user interface for operation and administration. The target intercepted online service list has been expanded from common web services into popular mobile APPs, whereas more statistic reports on online traffic situation are available for user reference during operation. The most important improvement is the enhancement of system performance by a totally brand new core protocol analysis engine.

For new version of NIT 2.0, Decision Group has tested it in early adoption customer site for more than 6 months. Now it is available with great maturity. If you are interested in this new product or you want to upgrade your current NIT system to the new version, we welcome for your request. Please contact with decision@decision.com.tw or you may check out the URL: http://www.edecision4u.com. We will answer for your request upon receiving it.  

About Decision Group, Inc.
Decision Group is a company focused on worldwide renowned DPI application of E-Detective.  Decision Group, established in Taipei, Taiwan since 1986, is one of the leaders in manufacturing of PC-Based Multi-Port RS232/422/425 Serial Cards, Data Acquisition & Measurement Products and Industrial Automation and Control Systems.
Decision Group, in the year 2000, started a new line involved in designing and developing equipment and software for Internet Content Monitoring and Network Forensics Analysis Solutions. Now, Decision Group has positioned itself as a total-solution provider with a full-spectrum of products in its portfolio for network forensic and lawful interception.

More Information and Contact by Email: decision@decision.com.tw
URL: www.edecision4u.com (Global), www.internet-recordor.com.tw (Taiwan), www.god-eyes.cn (China), www.decisionjapan.com (Japan) ,
www.e-detective.de (Germany), www.edecision4u.fr (France), www.edecision4u.es (Spain and Latin America)