LEA

Law Enforcement Agency

Security
Introduced in Rel-8
LEA refers to the authorized government or law enforcement body that requests and receives lawful interception data from telecommunications operators. In 3GPP, it defines the external entity for which standardized interfaces and procedures are implemented to support legal surveillance requirements on mobile networks.

Description

Within the 3GPP architecture, a Law Enforcement Agency (LEA) is not a network function but an external administrative and legal entity. It is the government-authorized body (e.g., police, intelligence services) that, under a specific legal warrant or order, is permitted to intercept telecommunications traffic and related information. The 3GPP system defines the functional requirements, interfaces, and data formats necessary for a network operator's Lawful Interception (LI) system to deliver intercepted content and intercept-related information (IRI) to one or more LEAs. The LEA itself resides outside the trusted boundary of the 3GPP network.

Architecturally, the interaction with an LEA is mediated through several standardized points. The network operator deploys internal interception functions: the Administration Function (ADMF), which manages interception warrants and LEA identities, and the Delivery Functions (DF2 and DF3). The DF2 delivers Intercept Related Information (IRI—data about the call/communication such as parties, time, location), and the DF3 delivers the Content of Communication (CC—the actual voice, video, or data payload). These Delivery Functions connect to one or more Mediation Functions (MF), which adapt the internal 3GPP formats (e.g., based on 3GPP TS 33.108) into a standardized handover interface format (HI2 for IRI, HI3 for CC) specified for delivery to the LEA. The LEA operates a Collection Function (CF) that receives these HI2 and HI3 flows.

How this works in practice involves a secure and auditable process. When a valid interception warrant is activated in the ADMF, it configures the relevant network nodes (e.g., MSC, SGW, PGW, AMF, SMF) to duplicate the target subscriber's traffic. The internal LI system collects this data, packages it with metadata, and the Mediation/Delivery Functions securely transmit it to the LEA's premises. The 3GPP specifications, such as the 33.1xx series, meticulously define the protocols (e.g., ETSI-standardized handover interfaces), data models, and security requirements (encryption, authentication) for this exchange to ensure integrity, confidentiality, and that only authorized data is delivered. The role of the LEA in the 3GPP context is thus as the defined endpoint for a complex, regulated data delivery pipeline that balances legal obligations with subscriber privacy.

Purpose & Motivation

The formal definition and architectural consideration of the Law Enforcement Agency within 3GPP standards exist to fulfill legal obligations imposed on network operators in most countries. These obligations require operators to have the technical capability to assist law enforcement with authorized interception of communications. Prior to standardization, each country or operator might develop proprietary interfaces, leading to interoperability problems, high costs for equipment vendors, and potential inconsistencies in fulfilling legal orders. The purpose of 3GPP's LI work is to create a unified, technology-agnostic framework that can be implemented globally, ensuring networks are 'interception-ready' by design.

The motivation for its creation, particularly from Rel-8 onwards with increased focus, was the evolution of network technology from circuit-switched voice to packet-based all-IP networks (IMS, LTE). Traditional interception methods tied to circuit switches were becoming obsolete. 3GPP needed to define how to intercept VoIP, messaging, and data sessions in a consistent manner across diverse network architectures (GSM, UMTS, EPS, 5GS). This addressed the limitation of previous ad-hoc approaches and ensured that lawful interception capabilities kept pace with service innovation, preventing communication services from becoming 'dark' to law enforcement.

Furthermore, standardizing the LEA interface provides clear separation of concerns. It defines a strict boundary between the operator's network and the government agency. This protects the operator's internal network details and other subscribers' data while providing the LEA with a predictable, secure feed. It also enables a multi-vendor environment where LEA-side collection equipment from one vendor can interoperate with mediation systems from another, fostering competition and reducing costs for governments. The evolution through releases continually adapts these interfaces to new services like VoLTE, RCS, and 5G network slicing.

Key Features

  • External entity defined as the recipient of lawful interception data
  • Interfaces via standardized Handover Interfaces HI2 (for IRI) and HI3 (for CC)
  • Requires a secure, authenticated, and confidential connection from the operator's network
  • Operates a Collection Function (CF) to receive and process interception feeds
  • Interaction governed by legal warrant processed by the operator's Administration Function (ADMF)
  • Specifications ensure isolation from the core network to protect other subscriber data

Evolution Across Releases

Rel-8 Initial

Formally integrated the LEA as the external entity within the enhanced Lawful Interception architecture for Evolved Packet System (EPS/LTE). Introduced the standardized Handover Interface (HI) specifications for packet-based delivery of IRI and Content to the LEA's Collection Function, moving beyond legacy circuit-switched interfaces.

TS 33.106TS 33.107TS 33.108TS 33.126TS 33.127TS 33.128TS 41.033TS 43.033

Defining Specifications

SpecificationTitle
TS 33.106 3GPP TR 33.106
TS 33.107 3GPP TR 33.107
TS 33.108 3GPP TR 33.108
TS 33.126 3GPP TR 33.126
TS 33.127 3GPP TR 33.127
TS 33.128 3GPP TR 33.128
TS 41.033 3GPP TR 41.033
TS 43.033 3GPP TR 43.033