Lawful Interception (LI) regulations are a major source of stress for smaller network operators. Increasingly, law enforcement agencies require that any intercepted communications be delivered in real-time, without loss, over an encrypted channel, and conforming to a standardized format. Commercial systems that meet these requirements are extremely expensive, yet the operator may only need to perform a handful of intercepts each year. On the other hand, non-compliance with an intercept request can also result in hefty penalties, so purposefully ignoring LI obligations is not a sensible option either.
Fortunately, there is an alternative solution; OpenLI is the world’s first open-source LI software solution and provides network operators with a low-cost alternative for complying with the LI requirements in their jurisdiction.
The OpenLI software has been developed by the WAND Network Research group at the University of Waikato. I’ve spoken about the history and core capabilities of OpenLI in a previous blog post. In this post, I will provide an update on how the OpenLI project has progressed over the past two years and indicate where we plan to go with OpenLI in the future.
From local to global
The OpenLI project gratefully received a generous grant from ISIF Asia in their 2020 funding round to assist us with our goal of encouraging further uptake of OpenLI in the APNIC region. Thanks to this funding, we have been able to achieve three key aims and have laid some valuable groundwork for the future growth and improvement of OpenLI.
Our first aim was to raise awareness of OpenLI in other economies outside of New Zealand. To achieve this, I have presented talks about OpenLI remotely at a number of NOG and APNIC events in 2020, including APRICOT, bdNOG, PacNOG, and MMNOG. I also participated in a panel discussion on LI with the Cooperation SIG at APNIC 50. Unfortunately, travel restrictions due to the COVID-19 pandemic prevented us from attending events in person, which meant we were not able to network directly with conference attendees but hopefully this will become an option for us again soon. We have also re-designed the OpenLI website to appear more professional and appealing to potential users.
Our second aim was to smooth the learning curve for operators who are encountering lawful intercept and OpenLI for the first time. Despite our best efforts to simplify the deployment process, the OpenLI system is still quite complex. It can be difficult for operators to learn how to integrate OpenLI into their network and validate that interceptions are being performed correctly.
To aid with this, we have developed a comprehensive series of tutorial lessons that teach network operators about lawful interception, packet capture and the use of OpenLI. Our tutorial includes a containerized virtual lab environment where operators can work through guided hands-on exercises to learn the basics of OpenLI and gain experience in using and configuring the software. The lab itself has no special hardware requirements and can run on any laptop that can host Linux Docker containers. Each tutorial lesson is currently available as a pre-recorded video, but we also intend to offer live interactive versions of the OpenLI training at future NOG events in the APNIC region.
Our third aim was to continue to maintain and improve the OpenLI software, as well as incorporate any suggestions or requirements revealed by engaging with operators outside of New Zealand. There have been nine releases of OpenLI since September 2020 — aside from the usual assortment of bug fixes, we have also made significant improvements in terms of security, performance, and standards compatibility. Importantly, potential users can see that the software is being actively maintained and therefore have confidence that any investment of time and resources into deploying OpenLI is unlikely to be wasted.
Looking forward
The OpenLI team is focused on ensuring that the project is sustainable in the long term and not reliant on one-off grants. The project needs to generate a reliable income stream to ensure that the costs of maintaining and supporting the software are met, while still ensuring that the software itself remains free and open-source. Otherwise, we run the risk of losing our development resources to other projects and maintenance of OpenLI will become erratic or cease entirely.
To this end, we now offer commercial software support packages that allow clients to get priority assistance with software- or configuration-related issues. Support customers also have increased input into which features our developers will add to future releases of the software. Many existing OpenLI users have purchased a support package already, which has been a great help to us, but we need to continue to expand our customer base to ensure that OpenLI is self-sustaining in the long run. Thankfully, our promotional efforts over the past two years now mean that we are receiving regular enquiries from operators around the world, and we are working hard to try and turn those enquiries into active users.
If you are interested in learning more about OpenLI, take a look at our website. You can also browse the OpenLI source code and tutorials via Github. If you want to contact the OpenLI team to ask about support, training, or anything else, email us.
Shane Alcock is the lead developer of OpenLI and has worked for the WAND network research group at the University of Waikato as a research programmer for over 15 years.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.