World Class Standards
ETSI activities on Retained Data handling and Lawful Interception standardisation
Peter van der Arend 1 Chairman ETSI/TC LI (Technical Committee on Lawful Interception)
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 1 European Telecommunications Standards Institute TETRA
ATTM TISPAN
Handover Interfaces for transport of Lawful Interception and Retained Data are standardised by Technical Committee Lawful Interception
Lawful Interception Retained Data
2 Security LI & RD environment
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 2 Intro on ETSI q A European standards organization, created in 1988, active in all areas of telecommunications � including radio communications, broadcasting and Information Technology q Supporting EU and EFTA regulation and initiatives q Favours international collaboration q A not-for-profit organization q Members: Administrations, Administration Bodies and NSOs Network Operators, Service Providers, Manufacturers, Users q Creates different deliverables to meet market needs q All publications freely available! Downloadable from ETSI Website
http://pda.etsi.org/pda/queryform.asp 3
http://portal.etsi.org
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 3 ETSI Members per country (March 2008) Albania 1 Great Britain 123 Poland 5 Andorra 1 Greece 8 Portugal 2 Australia 3 Hungary 6 Qatar 1 Austria 11 Iceland 1 Romania 4 Belgium 22 India 7 Russia 8 Bosnia Herzegovina 2 Iran 1 Serbia 1 Bulgaria 3 Ireland 12 Singapore 1 Brazil 2 Israel 8 Slovakia 3 Canada 9 Italy 28 Slovenia 3 China 8 Japan 7 South Africa 3 Croatia 4 Jordan 1 Spain 15 Cyprus 2 Korea 1 Sweden 24 Czech Republic 4 Latvia 2 Switzerland 20 Denmark 20 Lesotho 1 Taiwan 11 Egypt 1 Lichtenstein 1 Turkey 5 Estonia 2 Lithuania 1 Ukraine 1 Finland 15 Luxembourg 5 United Arab Emirates 2 France 71 Malaysia 1 United States 465 FYROM (Macedonia) 1 Malta 2 Uzbekistan 1 Georgia 1 Netherlands 29 Yemen 1 Germany 90 Norway 8 62 countries 707 Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 4 Global Standards Collaboration (China) Interregional collaboration on selected standardization subjects between partners (Japan)
(Canada)
(Japan)
(USA)
(Korea)
5 (USA) (International) Communication Alliance (Australia) Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 5 Partnership Project 3rd Generation Partnership Project specifying a W-CDMA system based on an evolution of the GSM core network, a member of ��e IT��s IMT-2000 family http://www.3gpp.org
Organizational Partners: ETSI (Europe) CCSA (China) ARIB (Japan) ATIS (USA) TTA (Korea) TTC (Japan)
6
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 6 Main body in ETSI for Lawful Interception Standards development and Retained Data handover Standardisation is ETSI/TC LI Technical Committee on Lawful Interception
7
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 7 Intro on ETSI/TC LI . q Created as stand-alone TC in October 2002 q Meetings � Three plenary meetings a year are organised (35-84 participants) � De�ica�e� Ra��or�eur�s mee�ings can be organise� on a s�ecific issue q The meetings can be attended by ETSI members � Non-ETSI members can participate by invitation of the chairman � Next meeting: ETSI/TC LI#21, 29 June � 1 July 2009 q Dedicated TC LI e-mail server and document server � Open to all (registered) ETSI members q Producing reports and specifications � On Lawful Interception and Retained Data
� Mainly on the Handover Interface 8 q Promoting globally ETSI Lawful Interception and Data Retention standards amongst operators and national bodies
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 8 Delivarables of ETSI/TC LI q ETSI/Technical Committee Security (TC SEC) � Working Group Lawful Interception (SEC-WGLI) (1997) � on LI: TR 102 053 v1.1.1 ES 201 158 v1.2.1 q ETSI/Technical Committee Lawful Interception (TC LI) � Established as stand-alone TC in October 2002 � on Lawful Interception: � TR 101 943 v2.2.1 TR 102 503 v1.4.1 TR 102 519 v1.1.1 � TR 102 528 v1.1.1 � TS 101 331 v1.2.1 TS 101 671 v3.4.1 ES 201 671 v3.1.1 � TS 102 232-1 v2.4.1 TS 102 232-2 v2.3.1 TS 102 232-3 v2.2.1 � TS 102 232-4 v2.1.1 TS 102 232-5 v2.3.1 TS 102 232-6 v2.3.1 � TS 102 232-7 v2.1.1 9 � on Data Retention: TS 102 656 v1.2.1 TS 102 657 v1.2.1 � Security Report on LI and DR: TR 102 661 v1.1.1
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 9 Terms of Reference ETSI/TC LI q To capture the requirements of �La� �nforcemen� Agencies� �on Lawful Interception and Data Retention) and translating those into requirements to be applied to Technical Specifications q To develop and publish handover interfaces, and rules for the carriage of technology specific interception across these interfaces q To develop a set of standards that allow ETSI standards to support industry compliance to the requirements of national and international law
10
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 10 Participation in ETSI/TC LI q Law Enforcement Agencies / Governments organisations / Research organisations � NL, UK, DE, AS, S, GR, ES, FR, RU, FIN, IT, NO, CY, HU, UA � AU, CA, USA, KR q Communication Service Providers � Vodafone, KPN (NL), BT (UK), DT (DE), TeliaSonera (S), Telstra (AU) Inmarsat, UPC, Telenor, RIM, Telecom Italia, T-Mobile, Swisscom Wind, TDC (DK) q Manufacturers (switch / mediation / LEA equipment) � Nokia Siemens Networks, Siemens, Ericsson, Cisco, Alcatel-Lucent Pine Digital Security, Aqsacom, ETI, VeriSign, Nortel, GTEN, AREA Verint, Detica, Thales, NICE Systems, Utimaco Safeware, Iskratel ATIS Systems, SS8, Spectronic, Group 2000, ZTE, HP, IPS, Sunte1c1h Manufacturers may be active in more areas
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 11 �T� LI�- companies also active in ISS World
&
12
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 12 Activities in ETSI/TC LI on Retained Data Handover Interface
13
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 13 Why study on Retained Data in EU
15th of March 2006: the European Parliament and the Council of the European Union adopted Directive 2006/24/EC on Data Retention
Data generated or processed in connection with the provision of publicly available electronic communications services or of
public communications networks 14 need to be retained
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 14 Applicability Directive q The content of the communication is not part of the directive q Data to be Retained � Successful and unsuccessful communication attempts � Wireline network telephony / Wireless network telephony � Internet access / Internet e-mail / Internet telephony q Categories of data to be retained � data to trace and identify the source of a communication � data to identify the destination of a communication � data to identify the date, time and duration of a communication � data to identify the type of communication � data to identify users' communication equipment or what purports to be their equipment � data to identify the location of mobile communication equipment q Proportional requirements shall be defined by each Member State15 in its national law
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 15 The Data Authorised Communication Retention Puzzle Organisation Service Cost Political Provider
Business Request Legal Retrieval Analysis
process Handover
Relations Storage 16 ETSI/TC LI
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 16 Why standardisation of RD handling q Easier to define own storage and delivery mechanism � No need to define/invent complete own delivery / receiving system � National options are possible q ���ea�er� �ro�uc�s � Manufacturers need to develop one basic product � National options are additional q Data Retention result is meeting international and national requirements q RD Standards in ETSI are actively developed in good harmonization and are approved by all involved parties q Common way for all involved parties q Continuous increase in types of Retained Data
� Use of the telecommunication 17 � Number of different services used � Number of different access networks used
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 17 Functional Model Authorised Communication Service Provider Organisation
Administrative Handover Interface HI-A Issuing Data Function Authority Collection administrative Network Function elements
Handover Interface HI-B Data store Receiving Management transmission RD Authority Function material
HI-A: various kinds of administrative, request and response information from/to the Issuing Authority and the responsible organization at the CSP for RD matters1. 8 HI-B: retained data information from the CSP to the Receiving Authority HI-A and HI-B may be crossing borders between countries: subject to corresponding national law and/or international agreements.
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 18 Retained Data Specifications in ETSI/TC LI q ETSI TS 102 656 (v1.2.1) Requirements of LEAs for handling Retained Data � guidance and requirements for the delivery and associated issues of retained data of telecommunications and subscribers � set of requirements relating to handover interfaces for retained traffic and subscriber data � requirements to support the implementation of Directive 2006/24/EC � freedom for national regulations, procedures and processes q ETSI TS 102 657 (v1.2.1) Handover interface for the request and delivery of Retained Data � handover requirements and handover specification for the data that is identified in EU Directive 2006/24/EC on Retained Data and in national legislations as defined in TS 102 656 � considers both the requesting of retained data and the delivery of the results 19 � defines an electronic interface
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 19 Retained Data Handover Signalling principle CSP Successful delivery AO
REQUEST: Request for Retained Data (HI-A) REQUEST(ACK): Acknowledge request message (HI-A)
Response: Results of RD request (HI-B)
RESPONS(ACK): Acknowledge response message (HI-A) q Data exchange techniques � ��irec� T��� �i�� ��R enco�ing �erive� from ��e AS��� � ��TT�� �i�� �ML enco�ing 20 � on top of the standard TCP/IP stack � choice of technique is a national option
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 20 Modular approach RDHI specification
Framework for Retained Data Handover Interface
Asynchronous Synchronous Network Telephony message Multi-media Access services services services services
PSTN/ISDN E-mail chat Internet GSM/UMTS-cs webmail GPRS 21 SMS UMTS-ps
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 21 Schematic representation of top level ASN.1
RetainedDataRecord
telephonyRecord networkAccess messageRecord
telephonySubscriber naSubscriber msgSubscriber
telephonyBillingDetails naServiceUsage msgServiceUsage
telephonyServiceUsage naDevic e telephonyDevice naNetworkElement
22 telephonyNetworkElement
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 22 TelephonyRecord: Subscriber and ServiceUsage telephonySubscriber telephonyBillingDetails subscriberID subscriberID GENERIC SUBSCRIBER INFO serviceID telephonySubscriberInfo billingAddress subscribedTelephonyServices billingIdentifier SubscribedTelephonyServices billingRecords serviceID BillingRecords providerID time timeSpan place registeredNumbers amount registeredICCID currency serviceType method installationAddress connectionDate iMSI carrierPreselect 23 lineStatus
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 23 TelephonyRecord: ServiceUsage, Device and NetworkElement telephonyServiceUsage partyInformation PartyInformation telephonyDevice partyRole partyNumber telephonyDeviceID subscriberID deviceID deviceIDType locations communicationTime iCCID telephonyNetworkElement iMSI natureOfAddress telephonyNetworkID forwardingTransferredNumber terminatingTransferredNumber cellInformation communicationTime eventInformation EventInformation time type party location endReason 24 communicationType bearerService smsInformation ringingDuration Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 24 Generic Subscriber Information details GenericSubscriberInfo organizationInfo name contactDetails nationalRegistration individualInfo name contactAddress dateOfBirth gender identificationNumber 25 authenticationInfo
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 25 Security Report q ETSI TR 102 661 Security framework in Lawful Interception and Retained Data environment � defining a security framework for securing Lawful Interception and Retained Data environment of the CSP and the Handover of the information
� Advice on Security measurements � Advice on Physical security
CSP= Communication Service Provider
26
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 26 ��a��s ne��� q ETSI/TC LI is keeping a close working relation with the ��/���er�s �rou� �T�e �la�form on �lec�ronic Da�a Re�en�ion for ��e Inves�iga�ion� De�ec�ion an� �rosecu�ion of Serious �rime� q ETSI/TC LI will maintain the Retained Data standards � Add synchronous multi-media services � Add new internet services as technology progress � Add new parameters in line with national requirements q ETSI/TC LI can organise an interoperability test, if required � ETSI Plugtest for checking the specifications
q ETSI/TC LI is encouraging widespread use of the RD standards!27 � The use of the Handover standard is already promoted in international conferences and workshops
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 27 Details on ETSI Lawful Interception Standardisation
28
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 28 Why Lawful Interception implementation in EU
17th January 1995: EU Council of Ministers adopted resolution COM 96/C329/01 on Lawful Interception
The providers of public telecommunications networks and services are legally required to make available to the authorities the information necessary to enable them to investigate telecommunications
29
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 29 Why standardisation of LI handling q Easier to define own LI mechanism � Guidance is given for network architecture � No need to define/invent complete own LI system � National options are possible q ���ea�er� LI �ro�uc�s � Manufacturers need to develop one basic product � National options are additional q Intercepted result is meeting international requirements by Law Enforcement Agencies q LI Standards in ETSI/TC LI are actively developed in good
harmonization and are approved by all involved parties 30
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 30 LEA requirements (step 1) q ETSI TS 101 331 Requirements of Law Enforcement Agencies � Provides guidance in the area of co-operation by network operators/service providers with the lawful interception of telecommunications � Provides a set of requirements relating to handover interfaces for the interception
31
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 31 Types of Lawful Intercepted data (TS 101 331) q Intercept Related Information (IRI) � Collection of information or data associated with telecommunication services involving the target identity: � communication associated information or data (including unsuccessful communication attempts) � service associated information or data (e.g. service profile management by subscriber) � location information q Content of Communication (CC) � Information exchanged between two or more users of a telecommunications service
32
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 32 General network arrangements (TS 101 331)
netw ork H andover Interface C ontent of C om m unication interception com m unication interface (internal) associated inform ation result of interception service (IR I + C C ) associated inform ation location Law E nforcem ent inform ation 33 M onitoring Facility�
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 33 General on security of LI feature q Parties in the communications � Neither the target nor the other parties involved in the communications should be able to detect that interception is (de)activated or that interception is taking place q Other users � Other users of any telecommunications service should not be able, by any means, to detect that any interception facility has been (de)activated or that interception is taking place q Protection of Target information � Protection of Rooms, Systems, Connections q Local staff � Only authorised personnel may have knowledge that interception has been activated on a target 34 � Unauthorised persons shall not be able to detect that any interception is active on certain subscribers
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 34 LI requirements Network (step 2) q ETSI ES 201 158 Requirements for Network Functions � Provision of lawful interception, with particular reference to the Handover Interface � To make available results of interception, related to specific identities � Functional role model and involved parties � Description of Handover Interfaces � Guidance on Performance and quality � Guidance on Security aspects � Guidance on Billing and Charging
35
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 35 LI Handover Interface (step 3) q ETSI TS 101 671 (ETSI ES 201 671) Handover Interface for the Lawful Interception of Telecommunications Traffic � Generic flow of information and procedures and information elements, applicable to any future telecommunication network or service � Circuit switched and packet data � Covered technologies: PSTN, ISDN, GSM, UMTS (CS), GPRS, TETRA wireline NGN (including PSTN/ISDN emulation) wireline IMS PSTN simulation
q ETSI TR 102 053 36 Notes on ISDN LI functionalities � Implementation advice of TS 101 671 for operators
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 36 Handover Interface ports (TS 101 671) q HI1: for Administrative Information � Request for lawful interception: target identity, LIID, start/duration, IRI or IRI+CC, IRI delivery address, CC delivery address, ... � Management information q HI2: for delivery of Intercept Related Information � All data related to establish the telecommunication service and to control its progress � Correlation information q HI3: for delivery of Content of Communication 37 � Transparent en-clair copy of the communication � Correlation information
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 37 Handover Interface Concept (TS 101 671)
38
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 38 Details on HI2 Interface (IRI) (TS 101 671) q IRI data is defined according ASN.1 description � ITU-T Recommendation X.680 (Abstract Syntax Notation One) q IRI Communication Associated Information � IRI-Begin � At first event of the communication attempt � IRI-Continue � Any time during the communication (attempt) � IRI-End � At the end of the communication (attempt) q IRI Service Associated Information � IRI-Report 39 � For any non-communication related events
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 39 Parameters in IRI records (TS 101 671) q LI related identities � LIID, target, network operator, network element, call ID, ... q Timestamp q Intercepted call direction (to / from target) q Intercepted call state (in progress, connected) q Address: Calling party / Called party / Forwarded-to-party / .. � ������ T�I� IMSI� IM�I� MSISD�� SI� �RI� … q Ringing tone duration / conversation duration q Type of intercept: � PSTN, ISDN, GSM (CS), TETRA, GPRS (PD), UMTS (CS) q Supplementary service information q Location information q National parameters q IRI record type (Begin, Continue, End, Report) 40 q ....
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 40 Management Authorisation Interception network Authority / System Warrant Law ISDN/PSTN Services Enforcement AI Agency step-by-step HI1
Administration INI1 I/O Function 1 Law Enforcement Data Monitoring Mediation Facility Function 2 IIF Switching functions INI2 HI2 Call Content ISDN Mediation (IRI) Function 3 IIF INI3 ISDN Mediator HI3 (CC) INI HI IRI: Intercept Related Information (TS 101 671) 41 CC: Content of Communication HI: Handover Interface INI: Internal Network Interface HI1: Administration IIF: Internal Intercepting Function HI2: Intercept Related Information AI: Administrative Interface HI3: Content of Communication Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 41 Architecture Reports from TC LI q ETSI TR 101 943 Concepts of Interception in a Generic Network Architecture � High-level informative overview and principles regarding implementation of LI for telecommunications q ETSI TR 102 528 Interception domain Architecture for IP networks � High level reference architecture for supporting lawful interception for IP networks � High level description of Internal Network Functions and Interfaces � Application of the reference model to voice and multimedia over IP services, data layer 3 and layer 2 services � Reference model in the network operator and communication servic42e provider (CSP) domain ��
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 42 Reference model for LI in IP networks (TR 102 528)
CSP Domain H I L E A Domain H I1 L I Administration Function Authorisation (A F) authority / INI1b INI1a INI1c Law Enforcement Intercept Related Agency Information INI2 Internal Interception Function (IRI-IIF) CCTI Content of Lawful Law Communication Interception Enforcement Trigger Function Mediation Monitoring (CCTF) CCCI Function H I2 Facility (M F) (IRI) Content of Communication INI3 43 H I3 Internal Interception (C C) Function (CC- IIF) (TS 102 232-xx)
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 43 Handover of LI via IP Networks (step 3) q ETSI TS 102 232 part 01 (formerly TS 102 232) Delivery of IP based interception � General aspects of handover for HI2 and HI3 (as defined by TS 101 671) where the underlying transport system is based on the Internet Protocol stack. � Modular approach used for specifying IP based handover interfaces � Header(s) to be added to IRI and CC sent over the HI2 and HI3 interfaces � Protocols for the transfer of IRI and CC across the handover interfaces � To be used in conjunction with other deliverables that define the service-specific IRI data formats � Protocol is defined according ASN.1 description 44 ITU-T Recommendation X.680 (Abstract Syntax Notation One)
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 44 Generic header information (TS 102 232-1) q Generic header information to be added to HI2 and HI3 traffic � LIID � Authorization country code � Communication Identifier � Sequence number � Timestamp � Payload direction � Payload type � Interception Type � IRI record type (Begin, Continue, End, Report) � ...
45
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 45 IP service-specific details (applications) q ETSI TS 102 232 part 02 (formerly TS 102 233) Service-specific details for E-Mail Services � Description for handover of E-mail messages; MTP, POP3, IMAP4 q ETSI TS 102 232 part 03 (formerly TS 102 234) Service-specific details for Internet Access Services � Handover of Internet Access Information and TCP/IP info; DHCP, RADIUS q ETSI TS 102 232 part 04 (formerly TS 102 815) Service-specific details for Layer 2 Services q ETSI TS 102 232 part 05 Service-specific details for IP Multimedia Services � Based on SIP and RTP, and services described by ITU-T H.323, H.248 q ETSI TS 102 232 part 06 Service-specific details for PSTN/ISDN Services 46 q ETSI TS 102 232 part 07 Service-specific details for Mobile Services
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 46 TS 102 232 IP HO Family SSD SSD SSD SSD SSD SSD for for for for for for Application Internet IP PSTN/ E-mail Layer 2 ISDN Mobile Access Multimedia Services Services Services Services Services Services part 02 part 03 part 04 part 05 part 06 part 07
SSD -> Service-Specific Details on top Presentation Generic Headers
Handover manager Session Delivery session Transport layer Transport Network layer Network and 47 below Delivery network TS 102 232 part 01
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 47 Authorisation Authority / LI possibility on a VoIP platform Law Enforcement Agency Management Warrant System Law Enforcement MGW Monitoring SIP Facility Administration Mediation Server IRI Function Function CC
SIP rtp 1 1 SIP LI rtp 2 Switch Interception switch + (SPAN) MGW 2 Function 3 cmd HI RG rtp 3 TS 102 232-xx SBC 1) All SIP messages are copied over SPAN ports (or via mirrors) via the LI Switch to the Interception Fun4ct8 ion SBC 2) All rtp is copied to the LI Switch and if needed to the IF 3) If needed rtp to be intercepted (local SBC traffic) is copied from the SBC to the Interception Function Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 48 ASN.1 Object Tree for LI root ETSI TR 102 503
ASN.1 Object Identifiers in itu-t (0) iso (1) Lawful Interception
Specifications identified-organization (4) identified-organization (3) membe-br ody (2)
dod (6) ETSI domain etsi (0) US (840)
internet (1) tia (113737)
ts101909 (1909) en301040 (1040) securityDomain (2) private (4) laes (2)
ETSI/TC TETRA enterpris(1e )
part20 (20) fraud (1) lawfulIntercept (2) cable-Television tr45 (0) Laboratorise-Inc (4491)
j-std-025 (0) clapProject (6) subpart (1)subpart (2) hi1 (0) hi2 (1) hi3 (2) him (3) three-GPP (4) li-ps (5) clapProjPacketCable (2) 49 pktcLawfulIntercept (5) t1 (1) ETSI/TC AT ETSI/TC LI 3GPP/SA3-LI ETSI/TC LI specific version pcesp (1) T1-678 (0) ATIS PTCS LEAS Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 49 LI specifications in 3GPP (UMTS) q ETSI TS 133 106 (3GPP TS 33.106) Lawful interception requirements � provides basic interception requirements � partly based on ETSI TS 101 331 q ETSI TS 133 107 (3GPP TS 33.107) Lawful interception architecture and functions q ETSI TS 133 108 (3GPP TS 33.108) Handover interface for Lawful Interception
50
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 50 NGN Lawful Interception q ETSI TS 187 005 (TC TISPAN) NGN Lawful Interception; Lawful Interception functional entities, information flow and reference points � Specification is developed in cooperation between TC TISPAN WG7, TC LI and 3GPP/SA3-LI ETSI TS 101 331 LEMF LI-requirements
ETSI TS 101 671 LI-CS-handover
ETSI TS 187 005 NGN-R1-LI ETSI TS 102 232-xx NGN-R2-LI LI-IP-handover
51 3GPP TS 33.108 3GPP TS 33.108 LI-3G-handover InterceptDomain
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 51 ��a��s ne��� q Development of Dynamic Triggering and CCTF Standardisation � At the moment operators need tailor made integration to keep the complete service interceptable � There is a need for rules how the Network is performing Basic LI for IP related services � Also rules for triggering between networks are needed � International Dynamic Triggering might become an issue in the future
52
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 52 Relationships with other bodies q 3GPP/SA3-LI (LI for UMTS & GSM) q ETSI/EP TETRA (LI for Tetra system) q ETSI/TC TISPAN (LI for fixed NGN & fixed IMS) q ETSI/TC ATTM (LI for IPCableCom) q ETSI/TC SES (LI for satellite systems) q ETSI/TC PLT (LI for Powerline Communications)
53 q National and Regional Law Enforcement Agencies and STC/ILETS q ATIS/PTCS LAES SC (T1.678 v1 / J-STD-025-B)
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 53 More details on ETSI/TC LI can be found on:
http://portal.etsi.org/li/Summary.asp
Chairman TC LI: [email protected] 54 [email protected]
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 54 55
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 55 56
Track 3 � 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception 56