Description
The Lawful Interception Identifier (LIID) is a critical parameter within the 3GPP lawful interception (LI) architecture, defined in the Handover Interface (HI) specifications. It serves as a unique, persistent reference for a specific interception task or target within the network operator's domain. When a Law Enforcement Agency (LEA) issues a lawful interception warrant, it includes a LIID which is then used in all subsequent communications between the LEA's Monitoring Facility (MF) and the network operator's Administration Function (ADMF) and Delivery Functions (DF). The LIID is generated by the LEA or the network operator (as per national regulations) and is included in every Interception Related Information (IRI) and Content of Communication (CC) report sent to the LEA. This allows the LEA to correlate all intercepted data—call metadata, SMS details, IP session information, and actual voice/data content—back to the original warrant and the specific target. Technically, the LIID is carried within the standardized HI2 and HI3 interfaces using protocols like X.500/X.509 and IP-based transport. Its presence ensures that even if a target changes their IMSI, MSISDN, or IP address during the interception period, all intercepted data can still be correctly associated with the same warrant and target instance, maintaining the integrity and continuity of the interception operation.
Purpose & Motivation
The LIID was introduced to address significant operational challenges in pre-3GPP Release 8 lawful interception systems. Earlier implementations often relied solely on dynamic identifiers like IMSI or MSISDN to identify the target within interception reports. However, these identifiers can change (e.g., SIM swap, number portability) or be temporarily unavailable, causing intercepted data to be misassociated or lost, potentially jeopardizing an investigation. Furthermore, without a unique, warrant-specific identifier, it was difficult for Law Enforcement Agencies to manage multiple concurrent interceptions for the same target under different warrants or to accurately audit which data belonged to which legal authorization. The LIID solves these problems by providing a stable, warrant-level identifier that persists for the duration of the interception order, independent of the target's network identifiers. This was motivated by the increasing complexity of telecommunications, including the rise of IP-based services (VoIP, messaging apps) and multi-device users, which made tracking targets based solely on traditional identifiers insufficient. The LIID thus enhances the precision, reliability, and legal defensibility of lawful interception operations in modern networks.
Key Features
- Uniquely identifies a specific lawful interception warrant and target within the operator's system
- Persists for the duration of the interception order, independent of changes to subscriber identifiers
- Included in all Interception Related Information (IRI) and Content of Communication (CC) reports
- Ensures correlation of all intercepted data across multiple sessions and communication types
- Supports audit trails by linking intercepted data to a specific legal authorization
- Facilitates handling of multiple concurrent interceptions for the same target
Evolution Across Releases
Initial introduction of the LIID concept within the 3GPP lawful interception architecture. Defined its role in the HI2 and HI3 interfaces for uniquely identifying the interception task, establishing it as a mandatory parameter in interception activation and subsequent reports.
Defining Specifications
| Specification | Title |
|---|---|
| TS 33.108 | 3GPP TR 33.108 |
| TS 33.127 | 3GPP TR 33.127 |