IRI

Intercept Related Information

Security
Introduced in Rel-8
IRI is the metadata and call-associated information collected during lawful interception of telecommunications. It includes details like identities, location, and timestamps, separate from the actual communication content (CC). It is essential for legal compliance and security investigations.

Description

Intercept Related Information (IRI) is a critical component of the Lawful Interception (LI) architecture standardized by 3GPP. It constitutes the set of information or data associated with the telecommunication services of a target subscriber, excluding the actual content of the communication itself. IRI is generated by network functions such as the Mobile Switching Center (MSC), Serving GPRS Support Node (SGSN), or Mobility Management Entity (MME) and is delivered to a Law Enforcement Monitoring Facility (LEMF) via a Mediation Function (MF). The IRI data stream is separate from the Content of Communication (CC) stream, ensuring a clear distinction between call metadata and the actual voice or data payload.

Architecturally, IRI is defined within the Handover Interface (HI) between the network operator's domain and the law enforcement domain. The generation of IRI is triggered by interception warrants and is based on events occurring within the network for the target subscriber. Key network elements involved include the Intercepting Control Element (ICE), which detects the target's activity and generates the raw IRI, and the Mediation Function, which formats and delivers the IRI according to standardized protocols like ETSI standards or the 3GPP-specific ATIS/T1. LI standards. The delivery uses reliable transport mechanisms to ensure the integrity and authenticity of the intercepted data.

The information contained within IRI is extensive and standardized. It typically includes the identity of the intercepted target (e.g., IMSI, MSISDN), the identity of the communicating party, the location of the target (Cell ID, TAI, or more precise location if available), the time and date of the communication event, the type of communication service (e.g., voice call, SMS, packet data session), and the direction of the communication. For data sessions, IRI may include details like PDP context activation, APN used, and IP addresses assigned. This metadata provides the context necessary for law enforcement to understand the 'who, when, where, and how' of a communication without initially accessing the private content, adhering to legal proportionality principles.

IRI plays a fundamental role in ensuring that network operators can comply with national legal requirements for lawful interception in a standardized, secure, and efficient manner. Its strict separation from CC facilitates controlled access and auditing. The standardization of IRI parameters across 3GPP releases ensures interoperability between equipment from different vendors and consistent data presentation to law enforcement agencies globally, which is crucial for multi-national investigations and operator compliance.

Purpose & Motivation

IRI exists to fulfill legal obligations imposed on telecommunications service providers to assist law enforcement and security agencies in criminal investigations and national security matters. Laws in most countries mandate that network operators must have the technical capability to intercept communications upon presentation of a lawful warrant. Before standardization, proprietary and incompatible interception systems created significant challenges for operators with multi-vendor networks and for law enforcement agencies needing to process data from different operators.

The creation of standardized IRI, as part of the broader 3GPP Lawful Interception framework, solves the problem of interoperability and cost. It defines a uniform set of metadata that must be provided, regardless of the underlying network vendor technology. This allows law enforcement to receive information in a consistent format, simplifying their monitoring tools and procedures. It also reduces development and integration costs for network equipment manufacturers and operators, as they can implement a single, well-defined interface.

Furthermore, the separation of IRI from CC addresses privacy and legal concerns by enabling a tiered approach to interception. Authorities can initially receive just the contextual metadata (IRI) to establish facts, and only access the more intrusive communication content (CC) when specifically justified. This architectural principle supports the legal principle of proportionality. The evolution of IRI across 3GPP releases has been driven by new services (VoLTE, VoWiFi, 5G) and the need to include new types of metadata, such as IMS identities, service domain indicators, and enhanced location information, ensuring the interception capability remains effective in modern, IP-based networks.

Key Features

  • Standardized metadata set including target identity, communicating party, and service type
  • Separate delivery stream from Content of Communication (CC) for controlled access
  • Generated by network control elements (ICE) like MME, SGSN, or S-CSCF
  • Delivered via Mediation Function over standardized Handover Interface (HI)
  • Includes critical location information (e.g., Cell ID, Tracking Area)
  • Supports events for circuit-switched, packet-switched, and IMS-based services

Evolution Across Releases

Rel-8 Initial

Introduced the standardized framework for IRI as part of the EPS (LTE) Lawful Interception architecture. Defined IRI for E-UTRAN access, including events from the MME and Serving/Packet Gateways. Established the separation of IRI and CC streams and the basic parameter set for EPS mobility and session management events.

TS 33.106TS 33.107TS 33.108TS 33.126TS 33.127TS 33.128TS 43.033

Defining Specifications

SpecificationTitle
TS 33.106 3GPP TR 33.106
TS 33.107 3GPP TR 33.107
TS 33.108 3GPP TR 33.108
TS 33.126 3GPP TR 33.126
TS 33.127 3GPP TR 33.127
TS 33.128 3GPP TR 33.128
TS 43.033 3GPP TR 43.033