Start Of Interception

Description

Start Of Interception (SOI) is a fundamental architectural concept defined within the 3GPP specifications for Lawful Interception (LI). It represents the precise logical point within a network node or function where the duplication of intercept-related information (IRI) and content of communication (CC) for a specific target begins. The SOI is not a physical interface but a standardized reference location that ensures consistent implementation across different vendors and network elements. Its definition is crucial for demarcating responsibilities and ensuring that the intercepted data is complete, accurate, and legally admissible.

Architecturally, the SOI sits within the Intercepting Control Element (ICE), which is the network node (e.g., MME, SMF, UPF, AMF) that performs the actual interception. When a lawful authorization is activated for a target, the ICE identifies the relevant communication sessions or events associated with that target. The SOI is the instantiation point where the ICE starts copying the designated IRI (metadata like call records, location) and CC (voice, data, messaging content) from its internal processing paths. This copied data is then formatted and delivered via the Handover Interface (HI) to the Law Enforcement Monitoring Facility (LEMF).

The role of SOI is to provide a clear and unambiguous technical definition for where interception commences. This is vital for network operators to prove compliance with legal frameworks, as it defines the scope of data collection. It ensures that interception is applied correctly only after authorization and that all required data from the point of interception onward is captured without omission. The specifications detailing SOI, such as TS 33.128, provide the framework for its implementation within various 5G network functions, including the User Plane Function (UPF) for content interception and the Access and Mobility Management Function (AMF) for intercept-related information.

Purpose & Motivation

SOI was created to address the need for a standardized, reliable, and legally defensible mechanism to initiate lawful interception within 3GPP-based mobile networks. As telecommunications became essential infrastructure, legal frameworks worldwide mandated that operators provide capabilities for lawful interception to support criminal investigations and national security. Without a standardized definition for where interception starts, implementations could vary, leading to incomplete data capture, challenges in verifying compliance, and potential legal disputes over the admissibility of evidence.

Historically, interception mechanisms were often proprietary and integrated in an ad-hoc manner. The 3GPP standardization of SOI, particularly emphasized from Release 16 onwards with the 5G system, provides a common reference that all network equipment vendors and operators must adhere to. This solves the problem of interoperability and ensures that law enforcement agencies receive a consistent format and complete data stream, regardless of the underlying network vendor. It addresses the technical and legal requirement to precisely define the moment and location of data duplication to maintain the integrity of the interception process from start to finish.

Key Features

• Standardized reference point for initiating data duplication in lawful interception
• Defined within the Intercepting Control Element (ICE) of a network function
• Applicable for both Intercept Related Information (IRI) and Content of Communication (CC)
• Ensures complete capture of target communications from a defined starting point
• Critical for legal compliance and evidence admissibility
• Provides clear demarcation for implementation and testing

Evolution Across Releases

Defining Specifications