Interception Access Point

Description

The Interception Access Point (IAP) is a standardized network function defined by 3GPP for the purpose of Lawful Interception (LI). It serves as the technical interface within the operator's network where the actual interception of telecommunications occurs. The IAP is responsible for duplicating both the Communication Content (CC) – the voice call, SMS, or packet data session payload – and the Interception Related Information (IRI) – the call-associated data like numbers, time, location – of a targeted subscriber. This duplicated information is then formatted and securely transmitted to the Law Enforcement Monitoring Facility (LEMF) via standardized interfaces (HI2 for IRI, HI3 for CC).

Architecturally, the IAP is not a single physical node but a functional role that can be implemented within various network elements depending on the service being intercepted. For example, in a 5G network, the IAP function for packet data interception might reside in the User Plane Function (UPF), where it can duplicate user plane packets. For voice calls over IMS, the IAP function could be within the Media Gateway or a specific Media Resource Function. The IAP receives activation commands from an internal administrative function (the ADMF), which is triggered by a lawful warrant. Once activated, the IAP silently begins duplicating the targeted traffic without impacting the subscriber's service.

The IAP works in conjunction with other LI entities: the Administration Function (ADMF), which manages interception warrants and hides the existence of multiple simultaneous interceptions from the network; the Delivery Function (DF), which handles the secure delivery to the LEMF; and the Collection Function (CF) at the LEMF. The IAP's operation is defined in detail in 3GPP TS 33.108, which specifies the handover interfaces (HI1, HI2, HI3), the data formats, and the security requirements. The IAP must ensure the integrity, confidentiality, and reliability of the intercepted data, providing strong guarantees that only authorized interceptions take place and that the data is delivered accurately to the correct authority.

Purpose & Motivation

The IAP exists to fulfill legal obligations placed upon telecommunications service providers by national laws, which require operators to assist law enforcement and security agencies with lawful interception of communications. Its creation was motivated by the need for a standardized, secure, and reliable technical mechanism that works across different vendor equipment and network generations (2G to 5G). Without a standardized IAP, each operator and vendor would implement proprietary interception solutions, making it difficult and costly for law enforcement to access intercepted data consistently, potentially hindering investigations.

The problem it solves is twofold: technical implementation and regulatory compliance. Technically, it provides a well-defined point and procedure for accessing real-time network traffic without degrading service for other users. From a compliance perspective, it ensures that interception is performed according to strict legal and procedural safeguards, maintaining a clear audit trail. The historical context involves the evolution of telecommunications from simple circuit-switched voice to complex IP-based multimedia services, which required interception capabilities to evolve accordingly. The 3GPP LI standards, including the IAP concept, address the limitations of earlier, non-standardized interception methods by providing a future-proof, technology-agnostic framework that protects user privacy outside of lawful mandates and ensures interoperability between network operators and law enforcement agencies.