IRI

Intercept Related Information

Security →
Introduced in Rel-8 Also in: Security

IRI is the metadata and call-associated information, such as identities, location, and timestamps, collected during lawful interception of telecommunications, separate from the actual communication content.

Category
Security
Introduced
Rel-8
Where
Core Network › 5G Core
Also touches
1 segments
Specifications
7 specs
IRI Description Purpose Detected Changes Specifications

Description

Intercept Related Information (IRI) is a critical component of the Lawful Interception (LI) architecture standardized by 3GPP. It constitutes the set of information or data associated with the telecommunication services of a target subscriber, excluding the actual content of the communication itself. IRI is generated by network functions such as the Mobile Switching Center (MSC), Serving GPRS Support Node (SGSN), or Mobility Management Entity (MME) and is delivered to a Law Enforcement Monitoring Facility (LEMF) via a Mediation Function (MF). The IRI data stream is separate from the Content of Communication (CC) stream, ensuring a clear distinction between call metadata and the actual voice or data payload.

Architecturally, IRI is defined within the Handover Interface (HI) between the network operator's domain and the law enforcement domain. The generation of IRI is triggered by interception warrants and is based on events occurring within the network for the target subscriber. Key network elements involved include the Intercepting Control Element (ICE), which detects the target's activity and generates the raw IRI, and the Mediation Function, which formats and delivers the IRI according to standardized protocols like ETSI standards or the 3GPP-specific ATIS/T1. LI standards. The delivery uses reliable transport mechanisms to ensure the integrity and authenticity of the intercepted data.

The information contained within IRI is extensive and standardized. It typically includes the identity of the intercepted target (e.g., IMSI, MSISDN), the identity of the communicating party, the location of the target (Cell ID, TAI, or more precise location if available), the time and date of the communication event, the type of communication service (e.g., voice call, SMS, packet data session), and the direction of the communication. For data sessions, IRI may include details like PDP context activation, APN used, and IP addresses assigned. This metadata provides the context necessary for law enforcement to understand the 'who, when, where, and how' of a communication without initially accessing the private content, adhering to legal proportionality principles.

IRI plays a fundamental role in ensuring that network operators can comply with national legal requirements for lawful interception in a standardized, secure, and efficient manner. Its strict separation from CC facilitates controlled access and auditing. The standardization of IRI parameters across 3GPP releases ensures interoperability between equipment from different vendors and consistent data presentation to law enforcement agencies globally, which is crucial for multi-national investigations and operator compliance.

Purpose & Motivation

IRI exists to fulfill legal obligations imposed on telecommunications service providers to assist law enforcement and security agencies in criminal investigations and national security matters. Laws in most countries mandate that network operators must have the technical capability to intercept communications upon presentation of a lawful warrant. Before standardization, proprietary and incompatible interception systems created significant challenges for operators with multi-vendor networks and for law enforcement agencies needing to process data from different operators.

The creation of standardized IRI, as part of the broader 3GPP Lawful Interception framework, solves the problem of interoperability and cost. It defines a uniform set of metadata that must be provided, regardless of the underlying network vendor technology. This allows law enforcement to receive information in a consistent format, simplifying their monitoring tools and procedures. It also reduces development and integration costs for network equipment manufacturers and operators, as they can implement a single, well-defined interface.

Furthermore, the separation of IRI from CC addresses privacy and legal concerns by enabling a tiered approach to interception. Authorities can initially receive just the contextual metadata (IRI) to establish facts, and only access the more intrusive communication content (CC) when specifically justified. This architectural principle supports the legal principle of proportionality. The evolution of IRI across 3GPP releases has been driven by new services (VoLTE, VoWiFi, 5G) and the need to include new types of metadata, such as IMS identities, service domain indicators, and enhanced location information, ensuring the interception capability remains effective in modern, IP-based networks.

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (111 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-8, normative work from Rel-15.

Rel-15 25 changes

In Release 15, the IRI function was enhanced with new capabilities including Cell Site Information reporting with Handover details, the interception of terminating CS calls during outbound roaming, and the delivery of PTC (Push-to-Talk over Cellular) Encryption information. It also introduced Lawful Interception for Non-IP Data Delivery via the SCEF and clarified procedures for in-bound roaming interception at anchor UPFs. Furthermore, the release provided corrections and additions for reporting Media Bearer information for S8HR and for handling Secondary RAT information.

  • Adding of the abbreviations and Network Function Architecture for Cell site Information reporting plus Handover details TS 33.107CR0276
  • Interception of terminating CS calls when outbound roaming TS 33.107CR0295
  • PTC Encryption information delivery TS 33.107CR0297
  • Lawful Interception for Non-IP Data Delivery with SCEF TS 33.107CR0306
  • Cell Site Supplemental Information Reporting-Handover Details TS 33.108CR0395
  • Delivery of PTC Encryption information TS 33.108CR0400

+ 19 more changes

Rel-16 15 changes

In Release 16, key enhancements to the Intercept Related Information (IRI) function included the introduction of IRI fields for the new ATSSS (Access Traffic Steering, Switch and Splitting) capability and clarifications for IRI types across multiple network functions like the SMF, UPF, SMSF, UDM, LALS, and AMF. The release also provided updates to the general interception lifecycle model and addressed specific procedural gaps, such as ensuring the inclusion of session establishment time in SMF IRI records and clarifying the contents of the IRI TargetIdentifiers field. Furthermore, it introduced considerations for artificial intelligence in network automation related to lawful interception within the framework of TS 33.126.

  • Artificial Intelligence in network automation: draft rules related to LI in TS 33.126 TS 33.126CR0006
  • IRI fields for ATSSS TS 33.128CR0075
  • Extension of alarm-information OCTET String Size TS 33.108CR0425
  • General interception lifecycle and model TS 33.126CR0015
  • IMS LI: Alternate option has potentially missing IRI-POI for certain scenarios TS 33.127CR0110
  • IMS LI: Separate LI_X1 to CC-TF and IRI-POI when in the same NF TS 33.127CR0112

+ 9 more changes

Rel-17 12 changes

In Release 17, the IRI function was updated with clarifications and enhancements including the precise reporting of the time of registration or session establishment in start-of-interception xIRIs, corrections to the IRI types table, and alignment of packet header information reporting. It also introduced interception at the combined SMF+PGW-C node and addressed the handling of special media application in IMS. Furthermore, the release provided clarifications on payload direction for UDM-related xIRI and on triggering procedures for Lawful Access Location Services (LALS) with the LMISF-IRI.

  • IMS: Addressing the interception due to the application of special media TS 33.127CR0119
  • Update to start of interception with registered UE record at the AMF TS 33.128CR0253
  • Update of stage 2 language for packet header information reporting TS 33.127CR0144
  • Wrong stage 2 normative text of identifier association xIRI for the IRI-POI in the AMF and MME TS 33.127CR0152
  • UDM: clarification on the payload direction field for UDM related xIRI TS 33.128CR0184
  • Update of stage 3 language and alignment of packet header information reporting TS 33.128CR0228

+ 6 more changes

Rel-18 37 changes

In Release 18, the IRI function was enhanced with new reporting capabilities and record types. Key additions included support for location information requests aligning with TS 33.128, the introduction of Start of Intercept and De-Registration records from the UDM, and new IRI events for reporting PDN connection events from a combined SMF+PGW-C. The release also expanded reporting for RCS sessions, NTN, and cell site information, while introducing mechanisms for the redaction of unauthorized information from encapsulated messages.

  • Support of location information request for both T2P and P2T requests in alignment with TS 33.128 TS 33.127CR0180
  • Addition of UDM Start of Intercept and De-Reg Records Stage 2 TS 33.127CR0185
  • IRI Events for reporting PDN Connection events from the combined SMF+PGW-C TS 33.128CR0373
  • Addition of UDM Start of Intercept and De-Reg Records TS 33.128CR0428
  • Enhancement of LI notification message related to non-local ID indicator TS 33.128CR0526
  • Addition of RCS Session Related Records TS 33.128CR0550

+ 31 more changes

Rel-19 22 changes

In Release 19, the IRI function was enhanced with new capabilities for Location Dependent Interception in Non-Terrestrial Networks (NTN) and for Mission Critical Services (MCX), alongside the addition of specific IRI for AKMA using TLS 1.3 and DTLS. The release also introduced detailed Intercept Related Information for Integrated Access and Backhaul (IAB) nodes, including mobile IAB indicators in procedures like the Initial Context Setup Request, and added Cell Radio Information to location structures. Furthermore, it provided clarifications for SIP and IMS Data Channel interception, and introduced mechanisms for proxying information between lawful interception functions.

  • Location Dependent Interception for NTN and MBSR TS 33.126CR0032
  • Extra IAB information in stage 2 related to Downlink NAS transport and to UE CONTEXT MODIFICATION REQUEST TS 33.127CR0255
  • LI for MCX (stage 2) without any changes on existing LI clauses related to MCPTT TS 33.127CR0289
  • LI for MCX (stage 3) without any changes on existing LI clauses related to MCPTT TS 33.128CR0752
  • Adding TLS 1.3 IRI for AKMA LI TS 33.128CR0674
  • Mobile IAB Authorized Indicator and UE differentiation information in Initial Context Setup Request, NAS transport initial Information with mobile IAB TS 33.128CR0678

+ 16 more changes

Explore further

Broader topics and technologies where IRI plays a role.

Topics
Authentication (5G-AKA, EAP)IMS & Voice (VoLTE, VoNR)MEC (Edge Computing)Privacy (SUPI, SUCI)LTE / LTE-AdvancedLawful Intercept
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference IRI, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 33.106 vj00 Lawful Interception Requirements (Pre-Rel-15) Rel-19
TS 33.107 vj00 Lawful Interception Architecture & Functions Rel-19
TS 33.108 vj00 LI Handover Interface Specification Rel-19
TS 33.126 vj30 Lawful Interception Requirements Rel-19
TS 33.127 vj50 Lawful Interception Architecture and Functions Rel-19
TS 33.128 vj50 3GPP TS 33.128: Lawful Interception Protocols Rel-19
TS 43.033 vd00 Lawful Interception Stage 2 for GSM/GPRS Rel-13