Published on November 10th, 2020 | by Michael Gebretsadik
Intercepted Location Data Can Help Intelligence Agencies
Having location capabilities in a mobile network was originally an afterthought. The first Global System for Mobile (GSM) network was launched in Finland in 1991 and ushered in a new era of cellular communications. However, there was no built-in location capability. It was not until seven years later that the Radio Resource Location Protocol (RRLP) specification was released. The 3GPP TS 04.31 protocol was developed to fulfill the Wireless Enhanced 911 requirements in the United States. But because it was an extension of an existing Standard, it was severely limited.
Evolution of Location Technology
As the 3GPP Standards evolved to 3G, then 4G, and now 5G, location has become an integral part of the mobile network protocols, as many applications need location information. The most important of these are the regulatory requirements for emergency services such as E911, and also because of revenue generating applications that require location technology. These drivers have pushed location-based services (LBS) and the location technology in smartphones to evolve at a very rapid pace over the last decade.
Now service businesses such as Uber or Doordash exist because of the advancements of Assisted Global Navigation Satellite Systems (A-GNSS) and Wi-Fi location. Almost everyone uses navigation apps on smart phones, or commercial applications such as Uber, which rely on location. However, due to the commercial and public safety demands for even more precise location information, new positioning methods are constantly being developed. With this understanding, the Standards bodies are also working to future proof the specifications by creating placeholders to incorporate these precise methods.
3GPP-compliant location platforms are designed to locate one subscriber at a time, with the primary use-case being E911/E112. Only recently has device location started to play a significant role in the data used for lawful intelligence. Unfortunately, the current location data that mobile operators have for Law Enforcement Agencies (LEA) is very limited in scope. Their location platforms, in addition to serving E911 calls, are only able to fulfill simple location warrants. For instance, the platforms can perform a single location of lookup of a subscriber at a specific time, or a periodic location ping for a set time period. The location data would not provide where a subscriber has been for the past 3 weeks. Or, if law enforcement needed to know what other subscribers a particular subject has been in physical proximity with, the current location platforms would only be able to provide a “last known” location of the subject.
Location Technology for Lawful Interception
Bulk location tracking, the ability to locate thousands or even millions of subscribers simultaneously, has made significant strides in the last few years. It has opened a slew of new use-cases, from commercial (i.e. location-based advertising) to public safety (i.e. mass alerting and contact tracing). However, bulk tracking can only be achieved efficiently, and without detriment to the network, through a method known as Passive Location. Passive location is based on the concept that every device on the network will at some point, generate an event that creates a record of its state and serving Cell ID. Just about any interaction with the network such as origination or termination of a call or text, data session, or call drop will generate such an event. The serving Cell ID and state are recorded within a Call Detail Record (CDR) by the network. (To learn more about CDRs, click here.)
While the implementation of passive location is straightforward, the data science and analytics behind it are quite complex. With passive location, you are capturing traffic events of every device on the network, which is an extraordinary amount of data that would need to be ingested and analyzed. To achieve this, it is necessary to be able to decode the standardized interfaces in between key network nodes (i.e. eNodeBs to MMEs) or capture CDRs as they are generated. In addition to the magnitude of data generated, the rate at which it is generated also creates challenges. A large network can see events being generated on the order of tens or even hundreds of thousands of events per second. Capturing and extracting the location information from each CDR in near real-time is the key to achieving an effective bulk location tracking solution.
Location Technology Enabling Investigations
How does all of this relate to LI? The standards for LI platforms allow for the interception of communication data (voice, chat, SMS, etc.) and the capture of network events that contain location via the metadata in the CDRs. (For more information on Lawful Interception and the rules that govern it, refer to my colleague David Anstiss’ blog here.) LI platforms able to intercept and analyze communication content, while passively and actively locating multiple targets, provide a substantial advantage for public safety and LEAs.
Having visibility into the approximate location of every active device on the network through Passive Location, allows for the creation of geo-fences without interacting in any way or relying on any device application. And, depending on the storage capability of the platform, it can provide historical location queries for a single or several hundred devices.
Geo-fencing can be used in conjunction with lawful interception, which (when legally mandated with judicial oversight) can automate communication and location data interception when individuals or devices of interest enter a particular area. This makes the LI platform significantly more efficient in data volume management, while executing on warrants judiciously. When investigating a crime organization or a terror cell, for example, monitoring just the inter-communications of the members sometimes does not give the full picture. Understanding where the targets are (or were) and how they move during specific communications can provide LEAs with context or evidence that otherwise may have gone undetected.
Location technology in mobile networks enables both life-saving applications like E911 and contact tracing, and also revenue generating applications such as navigation, advertisement, and transportation. As it further evolves, and with proper administration (i.e. strict enforcement of privacy and governing rules of use), it has the capability to transform public safety. Passive location, and the use cases it enables such as geo-fencing, historical tracing, meeting detection, and roaming detection is a transformational technology for LI.
A powerful lawful interception platform that can capture network events in near real-time, combined with an advanced data analytics and monitoring application, can be a formidable tool for LEAs and the intelligence community.
About Michael Gebretsadik
Michael has worked in the telecommunication industry for the better part of two decades, in roles ranging from engineering to product management, and business development. He has been involved with location technology since 2003, when he joined SnapTrack (a Qualcomm subsidiary). Prior to joining SS8 in 2020, Michael was responsible for growing the global Location-Based Services business for Comtech Telecommunications through channel partners and IoT OEMs. You can learn more about Michael on his LinkedIn profile.
About SS8 Networks
SS8 provides Lawful Intelligence platforms. They work closely with leading intelligence agencies, communication providers, law enforcement agencies and standards bodies and their technology incorporates the methodologies discussed in this blog. Xcipio® is already proven to meet the very high demands of 5G and provides the ability to transcode (convert) between lawful intercept handover versions and standard families. Intellego® XT natively supports ETSI, 3GPP and CALEA handovers, as well as national variants. Intellego XT’s MetaHub component is a best-in-class data analytics tool. Both product portfolios are used worldwide for the capture, analysis, and delivery of data for the purposes of criminal investigations.