Interception and monitoring prohibitions in sanctions made under the Sanctions and Anti-Money Laundering Act 2018: technical guidance
Updated 17 October 2023
© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/interception-and-monitoring-prohibitions-in-sanctions-technical-guidance/interception-and-monitoring-prohibitions-in-sanctions-made-under-the-sanctions-and-anti-money-laundering-act-2018-technical-guidance
UK sanctions on Russia, Belarus, Myanmar (Burma), Iran, Syria and Venezuela include prohibitions in relation to items that could be used to intercept communications, as well as related services.
This guidance provides further information on the meaning of specific terms used in the schedules to these regulations. If in doubt, exporters should seek appropriate technical and legal advice on whether their activity is prohibited.
The schedules in the legislation cover goods and software which can perform the following functions:
1. Deep packet inspection
This includes firewalls or security appliances that can filter or block communications based on the content of the communication, or ‘what is being said’.
Whereas a conventional firewall can block communications based on the destination address (or ‘where it is going’) a firewall with deep packet inspection can block communications based on either the destination address or the content.
2. Network interception
This includes interception management equipment, data retention equipment and other interception methods used in a mobile network for surveillance or lawful interception. It also includes related management and data retention systems.
3. Radio frequency monitoring
This includes any equipment that can collect radio signals and store them for later processing or examination. It also includes equipment designed to perform the monitoring and characterisation itself, such as radio frequency survey equipment.
4. Network and satellite jamming
This covers equipment that can jam:
- devices or signals selectively
- all radio signals in a frequency range
Any radio signal jammer specifically designed for working in mobile telecommunications or satellite communications frequencies meets this definition, as does equipment that recognises the communications protocols and is capable of denying service to individual subscribers.
5. Remote infection
This includes any equipment that is designed to deliver software that has the purpose of providing access to, or degrading the security on, any information and communication technology (ICT) device.
6. Speaker recognition
This includes any equipment for use in a system (whether comprised of a single device or multiple devices) that is designed to perform voice recognition or comparison. This includes:
- voice biometrics
- voice based authentication systems
7. IMSI, MSISDN, IMEI and TMSI interception and monitoring
This includes equipment that is designed to intercept and monitor mobile communications to identify mobile subscriber identities. This is usually, but not always, a combination of a small cell (femtocell or picocell) that mimics a mobile phone mast and specially designed software to perform these functions
8. Tactical SMS, GSM, GPS, GPRS, UMTS, CDMA and PSTN interception and monitoring
For SMS, GSM, GPRS, UMTS and CDMA, this includes smaller and more capable variants of equipment in the above category. The addition is the GPS monitoring and the PSTN monitoring. GPS equipment would include trackers that can be covertly placed. PSTN includes interception equipment that can be connected to a user’s landline.
9. DHCP, SMTP and GTP information interception and monitoring
This includes telecommunications network monitoring tools designed to monitor the health and operation of a mobile network. This includes equipment that can monitor whether parts of the network are functioning and, if so, how much spare capacity they have and what speed they are running at.
10. Pattern recognition and pattern profiling
This includes equipment that is designed to perform statistical analysis to identify patterns in anything from medical data to social media analytics for monitoring selected groups of people.
11. Remote forensics
This includes equipment designed to access remote IT systems and bring back all the information stored on them for subsequent investigation. It includes equipment designed to bring back and store information about the state of the machine in question that can be used to determine where security may be broken.
12. Semantic processing
This includes semantic processing engines and other equipment designed to extract and process the content and intent of language (either spoken or written).
13. WEP and WPA code breaking
This includes any equipment designed to break the security of wifi networks.
14. VoIP interception (proprietary and standard protocol)
An example of equipment included in this category would be monitoring and recording tools a business may have on their internal phone systems for staff dealing with customers, such as for:
- recording calls to produce evidence of a contract
- quality control
- training purposes