Re: EVERY vendor has to provide Lawful Interception software. BY LAW.
Errrr…..you seem to be very confused about the network architecture.
The UDM is clearly part of Core Network. And IMS, is either PDN Gateway, which is beyond the Serving Gateway (the definition of Core Network), or IMS which is arguably not part of the LTE network at all. But either way, definitely not Access Network. The point is, entities which provide Radio Access Network units, have no Legal Intercept capability, or indeed any non-legal intercept theoretical access.
If you’re saying “many European telecom operators have put Huawei elements in the core”, then I’m more than surprised, because it’s *literally written into the 3GPP spec* that there are security domains, what those domains are there for. And that as an operator you are *expected and required* to take the advice of your national security service, as to which companies may provide CN functions. And several of the companies you quote (Deutsche Telekom, Vodafone), were the ones who stood up in 3GPP meetings and made submissions to embed that wording into the spec.
But, irrespective, all MNOs should have been doing as their national security services advised. In the U.K., this decision is made by CESG (part of GCHQ), and was passed down to all MNOs back in 2016. I cannot *for one moment believe* that CESG would have accepted that BT Legal Intercept capability was provided on a Huawei box. Because they own access to that interface, it’s not something far off in the distance, they have to sign off every single installation. If “it’s in the news”, you should have no problem providing a link to something that actually says that.
I think you’ve just really misunderstood the network details. Yes “Huawei customers in Europe include Altice, DT, etc”. But unless somebody *violated the law* (which I can’t say), nothing with Legal Intercept on it. If you’re saying you have direct knowledge, as part of an MNO, that they have installed any Core Network boxes with Legal Intercept capability, which have not been individually signed off by CESG, then you are in possession of knowledge of *criminal* act. Not civil. This isn’t about company policy or the actions of a manager, this puts you as an accessory. You need to whistleblow. There is a simple anonymous link to do so, and if you don’t that’s on you.
https://www.mi5.gov.uk/contact-us