Anyone who watches The Wire and other police dramas knows that obtaining an admissible wiretap starts with detectives making a case against a suspected criminal and getting judicial buy-in. Once they collect the evidence, prosecutors go to court and move for a conviction.

Of course there’s more to it in the real world.

Wiretapping Guidelines for Law Enforcement

Now that defense attorneys have wised up to the principles behind networking, the technology used to obtain evidence is being called into question to debunk cases. To ensure quality of evidence, the Commission on Accreditation for Law Enforcement Agencies (CALEA) has outlined standards for electronic surveillance once a Title III surveillance application is approved:

• STEP 1: Ensure clear access to all data without any loss of information or impact on the network being monitored
• STEP 2: Create a filter to adhere to warrant parameters – time span, types of communications that can be monitored, evidence to be collected, etc.
• STEP 3: Set the lawful intercept device to capture and/or store data according to the warrant parameters.
• STEP 4: Deliver data directly from the source to the mediation device without any human intervention or packet loss

Smart defense attorneys are well versed in exploring all possible Title III wiretapping violations – from Forth Amendment abuses to technical issues that could make it seems as if the data was incomplete, altered or unrelated to the defendant. When motions to suppress are upheld, all evidence obtained is considered fruit of the poison tree and is no longer admissible in court.

Proving Evidentiary Chain of Custody

All good defense attorneys thoroughly interrogate law enforcement on their evidence gathering methods. When it originates with an electronic surveillance program, they look to impeach the data collection process by discovering possible:­­

• Packet loss
• Delays and inaccurate time stamps
• Disruptions in real-time communications
• Human intervention in the transfer process

For example, organizations often connect intercept devices to SPAN ports on network switches to get a copy of all traffic traveling over the network. Unfortunately, this configuration will invalidate the evidence obtained – when traffic spikes there is not enough capacity within the switch to copy the data so the switch just drops it. Cisco, a leading switch provider, recognizes this fact and even warned users that their switch treats SPAN data with a lower priority than regular port-to-port data.

New FBI Surveillance Protocols Start with a Network TAP

After having major cases dismissed due to technicalities and dropped packets within the intercept process, the FBI sought a better approach. Today, their lawful intercept initiatives are anchored by a network TAP featuring link speed synchronization. These purpose built hardware devices were originally designed to ensure that mission-critical IT security and monitoring applications can always see 100% of the traffic flowing through the network. This approach eliminates many of the reasons for having evidence suppressed by ensuring that:

• No bit, byte or packet is lost during the surveillance period
• Lawful intercept devices are automatically synchronized with the network being monitored
• Real-time communications (Skype calls, video chats, etc.) are not distorted
• Time stamps are accurate

Building a case is difficult enough – having key evidence suppressed for technical reasons makes it all that harder to prosecute. Therefore it’s important to ensure that electronic surveillance solutions keep pace with the evolving technologies they are tasked with monitoring. Because network TAPs automatically mitigate issues between networks and intercept devices, they help law enforcement agencies eliminate many of technicalities that can compromise their work.

Need more information on designing protocols for lawful intercept programs? Let our network designers show you how to create highly defensible surveillance solutions. Contact us today.

Read more about lawful intercept in our free white paper, What's Your Network Missing: 7 Tools to TAP