It is being increasingly demanded by legislators that operators of data networks provide functions enabling the exchange of data between individual users to be monitored if required.
Different solutions are currently available for carrying out this so-called “lawful interception” of data streams in data networks such as the Internet.
One known method consists in disposing external sniffers (analyzers) in a LAN segment of the interception subject which analyze the entire packet data stream and filter out the monitored party's traffic, duplicate it and submit it to the relevant agency. The main disadvantage of this method is that time-limited, physical intervention in the network is required. With increased mobility of the interception subject, this method is virtually unusable.
Another method used primarily for intercepting/monitoring e-mail traffic provides for the implementation on one or more mail servers of an automatic forwarding function which makes both incoming and outgoing e-mails available to the relevant authority, e.g. a law enforcement agency. Voice mail, etc. is handled similarly. With this method it is necessary for all the e-mail servers to be set up to identify an instance of interception/monitoring and forward the communication to the relevant authority, which may involve a high degree of administrative complexity.
WO 0042742 describes a monitoring method and a monitoring system for carrying out lawful interception in a packet-oriented network such as the GPRS or UMTS network. For this purpose a first network element which is controlled by a second network element is provided with data packet monitoring functionality. The intercepted (monitored) data is passed via a gateway which constitutes an interface to an intercepting authority. The main disadvantage of this method is that data streams of users that are not to be monitored are also carried by the network element, thereby considerably increasing the technical and administrative complexity of this method.
For lawful interception in the Internet see, for example, ETSI TR 101 750 V1.1.1.
Not to be disregarded are the very high costs which generally accrue for a network operator for providing the abovementioned interception/monitoring functionality which are caused primarily by a high degree of administrative complexity.