AFP seeks upgrades to telco interception and surveillance device monitoring tool

The Australian Federal Police (AFP) has plans to enhance and upgrade its Law Enforcement Monitoring Facility (LEMF), with a big part of the process requiring a new telecommunication interception and surveillance device monitoring and collection platform.

LEMF, the AFP explained, is an international term used to denote the transmission destination for lawfully intercepted communications and call-associated data.

"Whilst the term 'facility' extends to the site where monitoring/recording equipment is located, this generally consists of computer infrastructure that will accept, acknowledge, store, process, and present intercepted products in compliance with international interception data exchange and standards protocols," the AFP wrote in a statement of requirement (SOR).

"The rapid advance of communications in IP networks has enabled multiple means of communication via SMS, email, messaging apps, and social media platforms.

"Many of these platforms provide encrypted communication meaning that the content is not readily intelligible."

The AFP said in addition, data and metadata collected from sources such as surveillance devices (SD) and open-source intelligence (OSINT) could be combined with telecommunication interception (TI) products to "provide a more complete picture for intelligence and investigation teams".

"These additional data sources bring further challenges for TI monitors and other AFP teams due to the large volume of data available," it said. "Additional capabilities such as advanced searching algorithms and AI tools (including object detection, facial and automated transcription and translation) provide an opportunity to enrich data to aid monitors and investigators."

The current LEMF architecture, the SOR explains, has several limitations, such as limited access to the LEMF data layer. It said APIs are provided by the current platform but do not provide a full range of access to functionality of the platform. There is also a lack of integration with the AFP's internal compliance systems and multiple points of entry for configuration of TI product and historical telecommunications data and stored communications are collected and managed in separate processes and need to be manually ingested into the LEMF.

The AFP said video surveillance and operational surveillance data are stored in siloed systems and are not transferred to the LEMF and there is a lack of common process for producing TI and SD evidentiary material.

The next-generation LEMF (NG-LEMF), the AFP said, will enable "end-to-end lifecycle management" for TI and surveillance device-collected data such as audio, video, location data, SMS, intercept related information, IP data and associated metadata, and a framework to deliver advanced monitoring and data visualisation.

The AFP expects it will also ingest additional product types such as video and historical telecommunications metadata into the underpinning data layer to allow linking with collected TI and SD product.

The SOR, however, is just for the TI collection capability and the front-end applications used by monitors and investigators to view and analyse TI and SD product.

"In summary, the desired future state is for a loosely-coupled solution consisting of modular components that interact via well-defined interfaces. The benefit of this approach is that UI components, data enrichment services, and applications can be upgraded/replaced relatively easily," the AFP wrote.

"It also de-couples the TI and SD product and other data sources from the end-user applications and services. The AFP's intent is that the solution will be an open platform that is able to be integrated into the future state as part of the overall modular approach to delivering the NG-LEMF."

The new solution, due to be awarded in December, is required to ingest large amounts of TI and SD product from carriage service providers, technical and electronic surveillance devices, and OSINT.

The platform, either cloud-based or on-premise, should also allow API integration with the upgraded Electronic Surveillance Warrants and Authorisations Management System to support compliance by reducing manual entry and process duplication, the SOR explains.

"The solution should make use of open-source software where possible and be able to be modified to satisfy additional requirements without changing core design," the AFP adds. "It is essential that the data handling aspects of the solution can demonstrate and enforce compliance with legislative requirements."

See also: Ombudsman finds unlawful metadata access by ACT cops on 1,704 occasions

The AFP said the successful vendor should assume there are two agencies using the solution, with the AFP given the discretion to add further "partners".

The SOR lists 117 user interface requirements, such as the platform being capable of identifying a user's social media and messaging use, such as Facebook, Instagram, Twitter, Messenger, WhatsApp, LinkedIn, Tumbler, and Pinterest from intercepted IP data.

The AFP has also published a second tender, this time to replace the existing secure internet gateway service due to end of life considerations.

The AFP has a current gateway services contract, which provides services to AFP, ACIC, CDPP, FFMA, and Austrac, and under this arrangement, each agency has its own dedicated infrastructure and service requirements. It hopes the Future Secure Internet Gateway (FSIG) service will deliver a more innovative and agile solution than is currently in place.

The telecommunication interception and surveillance device platform SOR closes 13 September 2021, while responses to the FSIG tender will be accepted until 9 September 2021.

MORE FROM THE FEDS

• Cops are the only ones being lawful on the dark web, AFP declares
• Australian law enforcement used encryption laws 11 times last year
• AFP used controversial encryption laws in its 'most significant operation in policing history'
• AFP issues search warrant following alleged dodgy tech support scheme
• Commissioner touts reach of AFP's 'tentacles' as he rejects calls for end-to-end encryption