Description
The Lawful Interception Identifier (LIID) is a critical parameter within the 3GPP lawful interception (LI) architecture, defined in the Handover Interface (HI) specifications. It serves as a unique, persistent reference for a specific interception task or target within the network operator's domain. When a Law Enforcement Agency (LEA) issues a lawful interception warrant, it includes a LIID which is then used in all subsequent communications between the LEA's Monitoring Facility (MF) and the network operator's Administration Function (ADMF) and Delivery Functions (DF). The LIID is generated by the LEA or the network operator (as per national regulations) and is included in every Interception Related Information (IRI) and Content of Communication (CC) report sent to the LEA. This allows the LEA to correlate all intercepted data—call metadata, SMS details, IP session information, and actual voice/data content—back to the original warrant and the specific target. Technically, the LIID is carried within the standardized HI2 and HI3 interfaces using protocols like X.500/X.509 and IP-based transport. Its presence ensures that even if a target changes their IMSI, MSISDN, or IP address during the interception period, all intercepted data can still be correctly associated with the same warrant and target instance, maintaining the integrity and continuity of the interception operation.
Purpose & Motivation
The LIID was introduced to address significant operational challenges in pre-3GPP Release 8 lawful interception systems. Earlier implementations often relied solely on dynamic identifiers like IMSI or MSISDN to identify the target within interception reports. However, these identifiers can change (e.g., SIM swap, number portability) or be temporarily unavailable, causing intercepted data to be misassociated or lost, potentially jeopardizing an investigation. Furthermore, without a unique, warrant-specific identifier, it was difficult for Law Enforcement Agencies to manage multiple concurrent interceptions for the same target under different warrants or to accurately audit which data belonged to which legal authorization. The LIID solves these problems by providing a stable, warrant-level identifier that persists for the duration of the interception order, independent of the target's network identifiers. This was motivated by the increasing complexity of telecommunications, including the rise of IP-based services (VoIP, messaging apps) and multi-device users, which made tracking targets based solely on traditional identifiers insufficient. The LIID thus enhances the precision, reliability, and legal defensibility of lawful interception operations in modern networks.
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (15 CRs across 4 releases). Complements the general historical overview above with the evidence-based evolution of this function.
Studied in Rel-8, normative work from Rel-15.
In Release 15, the LIID (Lawful Interception Identifier) function was newly introduced as a standardized identifier for a particular interception. This introduction provided a clear definition within the lawful interception architecture, distinguishing it from other identifiers like the network identifier or network element identifier.
- Correction of the Network Identifier parameter referenced server in clause 15.3 MMS within Table 15.3.6.1.2 TS 33.108CR0403
In Release 16, key enhancements for the Lawful Interception Identifier (LIID) function included the introduction of specific functional requirements for logging at the Administration Function (ADMF), clarifications on the usage of the LIID and other parameters for targeting, and the ability for the ADMF to use a non-local ID directly as a target type. These updates refined the procedures for managing and identifying a particular interception measure more precisely.
- Identifier Association TS 33.127CR0097
- ADMF descriptive details TS 33.127CR0060
- ADMF LI Function Targeting TS 33.127CR0094
- Usage of LIID and other parameters TS 33.127CR0010
- Missing functional requirements on logging at ADMF TS 33.127CR0092
- Corrections to specify non-local ID as a target type rather than as target identifier TS 33.127CR0095
In Release 17, the LIID function was updated to correct and clarify target identifier handling, including the description of the IMEI identifier and the porting of MME target identifiers from EPC. It also addressed normative text for identifier association in the AMF and MME, and considered interception scenarios involving special media in the IMS.
- IMS: Addressing the interception due to the application of special media TS 33.127CR0119
- Port of EPC MME Target Identifiers TS 33.127CR0109
- Wrong stage 2 normative text of identifier association xIRI for the IRI-POI in the AMF and MME TS 33.127CR0152
- Correction of IMEI Target Identifier description TS 33.127CR0171
In Release 19, the LIID function was updated to support new service types including email to MMS translation interception and IMS Data Channel start of interception. The release also introduced the capability for identifier deassociation within the xIRI report to ensure alignment with stage 3 specifications. Furthermore, corrections and alignment were made for handling the target identifier within Rich Communication Services (RCS).
Explore further
Broader topics and technologies where LIID plays a role.
Defining Specifications
3GPP specifications that define or reference LIID, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TS 33.108 vj00 | LI Handover Interface Specification | Rel-19 |
| TS 33.127 vj50 | Lawful Interception Architecture and Functions | Rel-19 |