Re: Would be ironic
"Can you point to any documents from anyone like Cisco, bluecoat/Symantec, juniper, Citrix, VMware"
Cisco - This is not a complete list - the number of different options has increased significantly since the good old days of IOS with different feature releases where the Lawful Intercept option was obvious.
For an ASR 9000, a PIE software activation module is required:
https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-3/security/configuration/guide/b_syssec_cg43xasr9k/b_syssec_cg43asr9k_chapter_0110.pdf
Juniper - no software version details as I understand that an additional flow-tap/capture vision is a licensed item:
https://www.juniper.net/documentation/software/junos/junos82/swconfig82-services/html/flow-tap-config.html
For the others, look for CALEA (Communications Assistance for Law Enforcement Act) solutions for the respective products.
"I’m guessing your trying to conflate troubleshooting tools that monitor and record traffic with lawful intercept which are 2 different things"
I'm trying to suggest that there are multiple ways of achieving traffic monitoring. The troubleshooting tools that are used by admins to do their jobs can just as easily be used by a third party with access to systems to monitor traffic illegally. Network taps in third-party data centres can be implemented such that system administrators aren't even aware they are there.
Providers using lawful intercept equipment are typically doing so to comply with legal requirements, not through choice - being aware of what can be done and what legal requirements must be met is the first step to understanding the level of threat lawful intercept presents and what legal frameworks exist to force the implementation.
"Monitoring without telling is spying & unlawful."
Which is why the point of the various lawful intercept systems is to record the monitoring and ensure there is legal oversight.
Otherwise you take the Chinese/Five Eyes approach and just monitor everything. The great firewall of China effectively acts as a centralised location for Internet access, controlled by security services. Five Eyes, to the best of my knowledge, installs cable taps into and out of respective countries.
I know which of those approaches worries me more.