OpenLI: Lawful Intercept Without the Massive Price Tag
Lawful intercept (LI) obligations for Internet service providers have changed significantly in the past few years. Whereas law enforcement agencies were previously willing to accept a simple pcap trace of customer traffic (typically delivered some number of hours or days of delay) for the requested time period as a valid intercept, new standards for LI, such as the ETSI LI standards, are much more onerous for operators to comply with. Specifically, intercepted traffic must be delivered to the agencies in real time, encapsulated within LI-specific headers and delivered alongside additional meta-data records that describe how and when the target was interacting with the operator's infrastructure (i.e. RADIUS servers, SIP servers, etc.). In New Zealand, all Internet service providers that have at least 4000 subscribers must be capable of delivering an ETSI-compliant intercept (live-streamed) upon receipt of a warrant from a law enforcement agency. Many hardware vendors offer licenses that will enable LI capabilities in their devices, but the cost of these licenses is extremely high. This creates a problem for smaller network operators: how can they meet their LI obligations without bankrupting themselves on vendor licenses? The OpenLI project is a collaboration between the WAND Network Research Group at the University of Waikato and a group of New Zealand network operators aimed at providing an alternative (and much cheaper) way for operators to meet their lawful intercept requirements as defined in New Zealand law. WAND provides the experience and programming expertise to develop an ETSI-compliant software solution that can be used by the operators to meet their LI obligations. In turn, the operators each contribute a relatively small sum of money to cover the cost of the programmer's time and provide access to realistic deployment environments and traffic workloads for testing. The eventual finished software will be released as open-source under a GPL license. This talk will cover a number of relevant topics, including: * The ETSI LI standards and why pcaps aren't good enough anymore. * The LI landscape in New Zealand specifically and how it led to OpenLI being started. * Why hasn't anyone tried to solve LI with OSS before? * Overview of other OSS that OpenLI is built upon. * Design and structure of the OpenLI software. * Interesting anecdotes about tricky problems we've had so far and how we've solved them. * Where the project is at right now. * What you can do to help out, if you are that way inclined.