Lawful Interception (LI) – Ethics, Transparency and Proof

Many organisations, including large telecommunications, technology companies, and multinational corporations, regularly receive legal demands from law enforcement agencies for the interception or disclosure of communication data and records.

Generally, these companies have the technical capability in place for handling such requests. Over the years these systems have been optimised to efficiently and effectively intercept the traffic of their customers when an agency legally requests this. Sometimes handling such requests is even highly automated, except for the final approval of a person after a validation on the correctness of the request.

While the majority of organisations have policies, procedures, and systems in place for handling such requests, without exception, such solutions focus on the interception processes, but not on the actual decision-making process or the rationale on which the interception of a target was based.

Research has shown that the existing approach to decision-making, when handling requests for interception of communication is implicit, inconsistent, and has risk of human error. Many organisations have organisational and technical practices in place, but do they take account of the ethical aspect of the decision-making process? And do they record the rationale applied to the decision to intercept?

Even if the basis of a request for intercept was legally valid, failing to demonstrate compliance after the fact can lead to severe consequences such as reputational damage or fines being imposed.

The absence of ethical guidelines or a framework for the decision-making process might be the reason that organisations don’t place a focus on this part of the lawful interception process.

To address this problem iTrust Ethics have developed a decision-making framework; iTrust6A™ based on 20+ years’ experience of handling requests from law enforcement agencies. The framework was then coded into Group 2000’s LIMA Workflow Management Software which provides tailor-made client workflows, with a traceable and transparent record of the considerations and steps taken in the decision-making process.

LIMA iTrust6A™ simplifies the complex decision-making process for lawful interception (LI) by defining six principles. Organisations can use these to systematically and comprehensively analyse all considerations involved in deciding whether to intercept the communication of a customer or not. It helps to identify and minimise data protection risks and acts as an accountability tool by creating a compliance mechanism for ensuring that the privacy rights of individuals are upheld.

LIMA iTrust6A™ can be integrated into existing Lawful Interception or can be deployed as a standalone solution. When integrated it can provision the existing lawful interception system with the information received from the authorities and gathered during the decision-making process. Not only does this increase efficiency it also helps avoid human error.

Today customers are more concerned about their privacy than ever. By prioritising ethics and transparency in the handling of interception requests, organisations can demonstrate to their customers that they are trustworthy and transparent and to the regulator that they are compliant and committed to protecting their customers’ privacy.