Guidance

Interception and monitoring prohibitions in sanctions made under the Sanctions and Anti-Money Laundering Act 2018: technical guidance

Updated 17 October 2023

UK sanctions on Russia, Belarus, Myanmar (Burma), Iran, Syria and Venezuela include prohibitions in relation to items that could be used to intercept communications, as well as related services.

This guidance provides further information on the meaning of specific terms used in the schedules to these regulations. If in doubt, exporters should seek appropriate technical and legal advice on whether their activity is prohibited.

The schedules in the legislation cover goods and software which can perform the following functions:

1. Deep packet inspection

This includes firewalls or security appliances that can filter or block communications based on the content of the communication, or ‘what is being said’.

Whereas a conventional firewall can block communications based on the destination address (or ‘where it is going’) a firewall with deep packet inspection can block communications based on either the destination address or the content.

2. Network interception

This includes interception management equipment, data retention equipment and other interception methods used in a mobile network for surveillance or lawful interception. It also includes related management and data retention systems.

3. Radio frequency monitoring

This includes any equipment that can collect radio signals and store them for later processing or examination. It also includes equipment designed to perform the monitoring and characterisation itself, such as radio frequency survey equipment.

4. Network and satellite jamming

This covers equipment that can jam:

  • devices or signals selectively
  • all radio signals in a frequency range

Any radio signal jammer specifically designed for working in mobile telecommunications or satellite communications frequencies meets this definition, as does equipment that recognises the communications protocols and is capable of denying service to individual subscribers.

5. Remote infection

This includes any equipment that is designed to deliver software that has the purpose of providing access to, or degrading the security on, any information and communication technology (ICT) device.

6. Speaker recognition

This includes any equipment for use in a system (whether comprised of a single device or multiple devices) that is designed to perform voice recognition or comparison. This includes:

  • voice biometrics
  • voice based authentication systems

7. IMSI, MSISDN, IMEI and TMSI interception and monitoring

This includes equipment that is designed to intercept and monitor mobile communications to identify mobile subscriber identities. This is usually, but not always, a combination of a small cell (femtocell or picocell) that mimics a mobile phone mast and specially designed software to perform these functions

8. Tactical SMS, GSM, GPS, GPRS, UMTS, CDMA and PSTN interception and monitoring

For SMS, GSM, GPRS, UMTS and CDMA, this includes smaller and more capable variants of equipment in the above category. The addition is the GPS monitoring and the PSTN monitoring. GPS equipment would include trackers that can be covertly placed. PSTN includes interception equipment that can be connected to a user’s landline.

9. DHCP, SMTP and GTP information interception and monitoring

This includes telecommunications network monitoring tools designed to monitor the health and operation of a mobile network. This includes equipment that can monitor whether parts of the network are functioning and, if so, how much spare capacity they have and what speed they are running at.

10. Pattern recognition and pattern profiling

This includes equipment that is designed to perform statistical analysis to identify patterns in anything from medical data to social media analytics for monitoring selected groups of people.

11. Remote forensics

This includes equipment designed to access remote IT systems and bring back all the information stored on them for subsequent investigation. It includes equipment designed to bring back and store information about the state of the machine in question that can be used to determine where security may be broken.

12. Semantic processing

This includes semantic processing engines and other equipment designed to extract and process the content and intent of language (either spoken or written).

13. WEP and WPA code breaking

This includes any equipment designed to break the security of wifi networks.

14. VoIP interception (proprietary and standard protocol)

An example of equipment included in this category would be monitoring and recording tools a business may have on their internal phone systems for staff dealing with customers, such as for:

  • recording calls to produce evidence of a contract
  • quality control
  • training purposes