Published on October 13th, 2020 | by Dr. Keith Bhatia
Evolution of Network Data Records and Their Significance on LEA Investigations
For the last 50 years, the telecom industry has been happily providing technology for people to make voice calls, and to assure proper accounting they have been creating a simple Call Detailed Record (CDR) for each. These records include data fields such as the number called and who called, the duration, billing amount, route the call took, and call type. However, the call “type” has advanced in the last thirty years moving from simple voice to short text messages and has advanced further to include data packets from internet searches and application use. Accountability of who pays how much and why has driven a juxtaposed evolution in record types.
Recent Network Record Types
For instance, when the call ‘type” includes data from applications the resulting records from the network are called Internet Protocol Detailed Records (IPDR). While IPDRs were initially created in the cable industry and evolved to fixed broadband, they have become key in mobile broadband and fixed wireless access networks as well.
Over the same course of time services evolved and people often communicate with others who may be with a different carrier. The need for more detail regarding records between carriers, or the interexchange between carriers or internet service providers (ISP) became essential to handle payments between themselves. The result is the Internet Communication Records (ICR), which provides all the same detail as CDRs and IPDRs, but also includes intercarrier connection summarization with application-level metadata information.
From the simple call which could have four unique flows, to a single web page render which could have over 300 unique flows, the need for more definition in the records became clear. Therefore, a High Definition Record (HDR) was the next evolution in record types. With over a 100 data fields, HDRs are important for detailed accounting and records management.
Additional Data Record Types
In addition to IPDR, some systems create Deep Packet Inspection records (DPI) and Simple Network Management Protocol (SNMP) records. DPI looks at all the traffic on the network and creates records based on specific parameters. SNMP is often thought of as basic data collection for network analysis. Then finally there are Netflow records, introduced by Cisco when routers expanded in the late 1990’s and have been adopted across the industry.
Impact on Lawful Investigations
While the origination was for network and accounting uses, these record types have also become helpful in law enforcement investigations. Unfortunately, monitoring centers and basic data analytic platforms quickly become overwhelmed by the various record types, duplicative data, and the sheer data volumes.
The best systems will be able to ingest unstructured data from any record type, regardless of format or delivery mechanism. They should be able to handle a range of files from simple CSV to JSON, XML etc. This would include data records from encrypted communications, which is becoming the norm for applications including voice (for more details, read our blog on ICRs). And since some record types come with additional information such as destination location, the leading data analytics platform would be able to process this information and provide location visualization with verification of call flows.
The evolution of networks has created an explosion of data to manage and as a result, networks have expansive record types with various formats. To best utilize those records for lawful intercept purposes, law enforcement needs the ability to ingest all records, find the intelligence needed, and see results on a timeline with location visualization in order to quickly solve cases.
As CEO of SS8, Keith combines his broad technical and market knowledge to advance the future of lawful intelligence. In his tenure, he has positioned SS8 as a leader in a world connected by 5G and shaped by increasing digitalization and automation. Keith is impassioned to show how technology can have a positive impact on our world.
About SS8 Networks
SS8 provides Lawful Intelligence platforms. They work closely with leading intelligence agencies, communication providers, law enforcement agencies and standards bodies and their technology incorporates the methodologies discussed in this blog. Xcipio® is already proven to meet the very high demands of 5G and provides the ability to transcode (convert) between lawful intercept handover versions and standard families. Intellego® XT natively supports ETSI, 3GPP and CALEA handovers, as well as national variants. Intellego XT’s MetaHub component is a best-in-class data analytics tool. Both product portfolios are used worldwide for the capture, analysis and delivery of data for the purposes of criminal investigations.