Lawful interception
Technical description
Almost all countries have LI capability requirements and have implemented them using global LI requirements and standards developed by the European Telecommunications Standards Institute (ETSI), 3rd Generation Partnership Project (3GPP), or CableLabs organizationsor wireline/Internet, wireless, and cable systems, respectively. In the USA, the comparable requirements are enabled by the Communications Assistance for Law Enforcement Act (CALEA), with the specific capabilities promulgated jointly by the Federal Communications Commission and the Department of Justice.
In order to prevent investigations being compromised, LI systems may be designed in a manner that hides the interception from the telecommunications operator concerned. This is a requirement in some jurisdictions.
To ensure systematic procedures for carrying out interception, while also lowering the costs of interception solutions, industry groups and government agencies worldwide have attempted to standardize the technical processes behind lawful interception. One organization, ETSI, has been a major driver in lawful interception standards not only for Europe, but worldwide.
This architecture attempts to define a systematic and extensible means by which network operators and law enforcement agents (LEAs) can interact, especially as networks grow in sophistication and scope of services. Note this architecture applies to not only raditional wireline and wireless voice calls, but to IP-based services such as Voice over IP, email, instant messaging, etc. The architecture is now applied worldwide (in some cases with slight variations in terminology), including in the United States in the context of CALEA conformance. Three stages are called for in the architecture: 1) collection where target-related all data and content are extracted from the network; 2) mediation where the data is formatted to conform to specific standards; and 3) delivery of the data and content to the law enforcement agency (LEA).
The call data (known as Intercept Related Information or IRI in Europe and Call Data or CD in the US) consists of information about the targeted communications, including destination of a voice call (e.g., called party telephone number), source of a call (caller phone number), time of the call, duration, etc. Call content is namely the stream of data carrying the call. Included in the architecture is the lawful interception management function, which covers interception session set-up and tear down, scheduling, target identification, etc. Communications between the network operator and LEA are via the Handover Interfaces (designated HI). Communications data and content are typically delivered from the network operator to the LEA in an encrypted format over an IP-based VPN. The interception of traditional voice calls still often relies on the establishment of an ISDN channel that is set up at the time of the interception.
As stated above, the ETSI architecture is equally applicable to IP-based services where IRI (or CD) is dependent on parameters associated with the traffic from a given application to be intercepted. For example, in the case of email IRI would be similar to the header information on an email message (e.g., destination email address, source email address, time email was transmitted) as well as pertinent header information within the IP packets conveying the message (e.g., source IP address of email server originating the email message). Of course, more in-depth information would be obtained by the interception system so as to avoid the usual email address spoofing that often takes place (e.g., spoofing of source address). Voice-over-IP likewise has its own IRI, including data derived from Session Initiation Protocol (SIP) messages that are used to set up and tear down a VOIP call.
ETSI LI Technical Committee work today is primarily focussed on developing the new Retained Data Handover and Next Generation Network specifications, as well as perfecting the innovative TS102232 standards suite that apply to most contemporary network uses.
USA interception standards that help network operators and service providers conform to CALEA are mainly those specified by the Federal Communications Commission (which has both plenary legislative and review authority under CALEA) CableLabs, and the Alliance for Telecommunications Industry Solutions (ATIS). ATIS’s standards include new standards for broadband Internet access and VoIP services, as well as legacy J-STD-025B which updates the earlier J-STD-025A to include packetized voice and CDMA wireless interception. All of these standards have been challenged as “deficient” by the U.S. Dept of Justice pursuant to CALEA.
Generic global standards have also been developed by Cisco via the Internet Engineering Task Force (IETF) that provide a front-end means of supporting most LI real-time handover standards.
Laws
The principal global treaty-based legal instrument relating to LI (including retained data) is the Convention on Cybercrime (Budapest, 23 Nov 2001). The secretariat for the Convention is the Council of Europe. However, the treaty itself has signatories worldwide and provides a global scope.
Individual countries have different legal requirements relating to lawful interception. The Global Lawful Interception Industry Forum lists many of these, as does the Council of Europe secretariat. For example, in the United Kingdom the law is known as RIPA (Regulation of Investigatory Powers Act), in United States there is an array of federal and state criminal law, in Commonwealth of Independent States countries as SORM.
Europe
In the European Union, the European Council Resolution of 17 January 1995 on the Lawful Interception of Telecommunications (Official Journal C 329) mandated similar measures to CALEA on a pan-European basis. Although some EU member countries reluctantly accepted this resolution out of privacy concerns (which are more pronounced in Europe than the US), there appears now to be general agreement with the resolution. Interestingly enough, interception mandates in Europe are generally more rigorous than those of the US; for example, both voice and ISP public network operators in the Netherlands have been required to support interception capabilities for years. In addition, publicly available statistics indicate that the number of interceptions in Europe exceed by many hundreds of times, those undertaken in the U.S.[citation needed]
Europe continues to maintain its global leadership role in this sector through the adoption by the European Parliament and Counsel in 2006 of the far reaching Data Retention Directive. The provisions of the Directive broadly to almost all public electronic communications and require the capture of most related information, including location, for every communication. The information must be stored for a period of at least six months up to two years and made available to law enforcement upon lawful request. The Directive has been widely emulated in other countries.
United States of America
In the United States, two Federal statutes apply to half of the lawful interception. The other half occur pursuant to local law. The 1968 Omnibus Crime Control and Safe Streets Act, Title III pertains mainly to lawful interception criminal investigations. The second law, the 1978 Foreign Intelligence Surveillance Act, or FISA, as amended by the Patriot Act, governs wiretapping for intelligence purposes where the subject of the investigation must be a foreign (non-US) national or a person working as an agent on behalf of a foreign country. The Administrator of the U.S. Courts annual reports indicate that the cases are related to illegal drug distribution, with cell phones as the dominant form of intercepted communication.
During the 1990s, as in most countries, to help law enforcement and the FBI more effectively carry out wiretap operations, especially in view of the emerging digital voice and wireless networks at the time, the US Congress passed CALEA in 1994 . This act provides the Federal statutory framework for network operator assistance to LEAs in providing evidence and tactical information. In 2005, CALEA was applied to public broadband networks Internet access and Voice over IP services that are interconnected to the Public Switched Telephone Network (PSTN).
Elsewhere
Most countries worldwide maintain LI requirements similar to those Europe and the U.S., and have moved to the ETSI handover standards. The Convention on Cybercrime requires such capabilities.
Illegal Use
As with many law enforcement tools, LI systems may be subverted for illicit purposes. This occurred in Greece during the 2004 Olympics. The telephone operator Vodafone Greece was fined US$1,000,000 in 2006 for failing to secure its systems against unlawful access.
Notes
^ EUR-Lex – 31996G1104 – EN
^ AskCALEA
^ BBC NEWS | Business | Greek scandal sees Vodafone fined
See also
Secrecy of correspondence
Telecommunications data retention
Network Monitoring Interface Card
SS7 probe
SIGINT
References
Handover interface for the request and delivery of retained data, ETSI TS 102 657, version 1.4.1, December 2009. (PDF-File, 467 KB)
Handover Interface for the Lawful Interception of Telecommunications Traffic, ETSI ES-201671, under Lawful Interception, Telecommunications Security, version 3.1.1, May 2007.
Handover Specification for IP delivery, ETSI TS102232-1, under Lawful Interception, Telecommunications Security, version 2.1.1, December 2006. (See also the entire suite of TS101232 standards.)
3rd Generation Partnership Project, Technical Specification 3GPP TS 33.106 V5.1.0 (2002-09), awful Interception Requirements (Release 5), September 2003.
3rd Generation Partnership Project, Technical Specification 3GPP TS 33.107 V6.0.0 (2003-09), awful interception architecture and functions (Release 6), September 2003.
3rd Generation Partnership Project, Technical Specification 3GPP TS 33.108 V6.3.0 (2003-09), andover interface for Lawful Interception (Release 6), September 2003.
PacketCable Electronic Surveillance Specification, PKT-SP-ESP-I03-040113, Cable Television Laboratories Inc., 13 January 2004.
T1.678, Lawfully Authorized Electronic Surveillance (LAES) for Voice over Packet Technologies in Wireline Telecommunications Networks.
Lawfully Authorized Electronic Surveillance, ATIS/TIA joint standard, document number J-STD-025B, December 2003 (although challenged as deficient).
External links
An Overview Paper on the Lawful Interception architecture for Voice over IP calls. See also the Global Lawful Interception Industry Forum’s counter paper.
Application of the US PATRIOT Act in wiretapping
White Paper on Interception of IP Networks
White Paper on Interception of 3G Wireless Networks
3GPP Lawful Interception requirements for GSM
Guide to the one party consent exception to the rule against interception of private communications in Canada
Global LI Industry Forum, an overview of laws and standards
Lawfull Intercept of WiMAX Signals
Airangel talk about Lawful Intercept and the impact on Hotels
Categories: Privacy of telecommunications | Surveillance | VoIP terminology & concepts | Law enforcement agency powersHidden categories: Articles to be merged from June 2009 | All articles to be merged | All articles with unsourced statements | Articles with unsourced statements from July 2009
I am an expert from China Manufacturers, usually analyzes all kind of industries situation, such as h11 hid kit , h7 xenon bulb.
Processing your request, Please wait....
