- Lawful interception
Lawful interception (aka
wiretapping ) is the interception of telecommunications by law enforcement agencies (LEA's) and intelligence services, in accordance with local law and after following due process and receiving proper authorization from competent authorities.With the existing
Public Switched Telephone Network (PSTN), Wireless, and Cable Systems, Lawful Interception (LI) is generally performed by accessing the digital switches supporting the target's calls in response to a warrant from a Law Enforcement Agency (LEA). However,mobile phone andVoice over IP (VoIP) technologies have enabled the mobility of the end-user, which have introduced new challenges.Whilst the detailed requirements for LI differ from one jurisdiction to another, the general requirements are the same. The LI system must provide transparent interception of specified traffic only, and the subject must not be aware of the interception. The service provided to other users must not be affected during interception.
Technical description
Almost all countries have LI requirements and have adopted global LI requirements and standards developed by the European Telecommunications Standards Institute (ETSI) organization. In the USA, the requirements are governed by the Communications Assistance for Law Enforcement Act (CALEA).
In order to prevent investigations being compromised, LI systems may be designed in a manner that hides the interception from the telecommunications operator concerned. This is a requirement in some jurisdictions.
To ensure systematic procedures for carrying out interception, while also lowering the costs of interception solutions, industry groups and government agencies worldwide have attempted to standardize the technical processes behind lawful interception. One organization,
ETSI , has been a major driver in lawful interception standards not only for Europe, but worldwide. The following figure provides a generalized view of the lawful interception architecture as proposed by ETSI:This architecture attempts to define a systematic and extensible means by which network operators and law enforcement agents (LEAs) can interact, especially as networks grow in sophistication and scope of services. Note this architecture applies to not only “traditional” wireline and wireless voice calls, but to IP-based services such as
Voice over IP , email, instant messaging, etc. The architecture is now applied worldwide (in some cases with slight variations in terminology), including in the United States in the context ofCALEA conformance. Three stages are called for in the architecture: 1) collection where target-related “call” data and content are extracted from the network; 2) mediation where the data is formatted to conform to specific standards; and 3) delivery of the data and content to the law enforcement agency (LEA).The call data (known as Intercept Related Information or IRI in Europe and Call Data or CD in the US) consists of information about the targeted communications, including destination of a voice call (e.g., called party’s telephone number), source of a call (caller’s phone number), time of the call, duration, etc. Call content is namely the stream of data carrying the call. Included in the architecture is the lawful interception management function, which covers interception session set-up and tear down, scheduling, target identification, etc. Communications between the network operator and LEA are via the Handover Interfaces (designated HI). Communications data and content are typically delivered from the network operator to the LEA in an encrypted format over an IP-based VPN. The interception of traditional voice calls still often relies on the establishment of an ISDN channel that is set up at the time of the interception.
As stated above, the ETSI architecture is equally applicable to IP-based services where IRI (or CD) is dependent on parameters associated with the traffic from a given application to be intercepted. For example, in the case of email IRI would be similar to the header information on an email message (e.g., destination email address, source email address, time email was transmitted) as well as pertinent header information within the IP packets conveying the message (e.g., source IP address of email server originating the email message). Of course, more in-depth information would be obtained by the interception system so as to avoid the usual email address spoofing that often takes place (e.g., spoofing of source address). Voice-over-IP likewise has its own IRI, including data derived from Session Initiation Protocol (SIP) messages that are used to set up and tear down a VOIP call.
USA interception standards that help network operators and service providers conform to CALEA are mainly those specified by the
CableLabs , the Alliance for Telecommunications Industry Solutions (ATIS), and the Telecommunications Industry Association (TIA). TIA's standards include J-STD-025B which updates the earlier J-STD-025A to include packetized voice and CDMA wireless interception, although it has recently been challenged as "deficient" by the U.S. Dept of Justice. Generic global standards have also been developed by the Internet Engineering Task Force (IETF) that provide a front-end means of supporting most LI handover standards. Although the terms are different, the concepts behind the interception architecture resemble those formulated under ETSI. More recent standards address packetized voice and data (e.g., ETSI TS102232 et seq, ATIS T1.678, T1.IAS) and interception for PacketCable. Interception standardization efforts for wireless networks are primarily overseen by the 3rd Generation Partnership Project (3GPP).Laws
Various countries have different rules with regards to lawful interception. In the United Kingdom the law is known as RIPA (Regulation of Investigatory Powers Act), in
United States there is an array of federal and state criminal law, inCommonwealth of Independent States countries asSORM . A subset of LI law deals with the ability of communication providers to support interception handovers.United States of America
In the
United States , two laws cover most of the governance of lawful interception. The 1968 Omnibus Crime Control and Safe Streets Act, Title III pertains mainly to lawful interceptioncriminal investigation s. The second law, the 1978Foreign Intelligence Surveillance Act , or FISA, governs wiretapping for intelligence purposes where the subject of the investigation must be a foreign (non-US) national or a person working as an agent on behalf of a foreign country. Most of the congressionally mandated wiretap records indicate that the cases are related to illegal drug distribution, withcell phone s as the dominant form of intercepted communication.During the 1990s, to help law enforcement and the
FBI more effectively carry out wiretap operations, especially in view of the emergingdigital voice andwireless network s at the time, the US Congress passed CALEA in 1994 [ [http://www.askcalea.com AskCALEA ] ] . This act provides broad guidelines tonetwork operator s on how to assist the LEAs in setting up interceptions and the types of data to be delivered. CALEA does not, as many believe, provide specific implementation directives on interception. More recently, the USFederal Communications Commission (FCC) mandated that CALEA be extended to include interception of publicly-availablebroadband networks andVoice over IP services that are interconnected to thePublic Switched Telephone Network (PSTN).As a response to the terrorist events of
9/11 , the US Congress incorporated various provisions related to enhanced electronic surveillance in the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism” Act (USA Patriot Act). These wiretap provisions are mainly updates to those expressed under the FISA law.Europe
In the
European Union , theEuropean Council Resolution of 17 January 1995 on the Lawful Interception of Telecommunications (Official Journal C 329) mandated similar measures to CALEA on a pan-European basis. [ [http://europa.eu.int/eur-lex/lex/LexUriServ/LexUriServ.do?uri=CELEX:31996G1104:EN:HTML EUR-Lex - 31996G1104 - EN ] ] Although some EU member countries reluctantly accepted this resolution out of privacy concerns (which are more pronounced in Europe than the US), there appears now to be general agreement with the resolution. Interestingly enough, interception mandates in Europe are generally more rigorous than those of the US; for example, both voice andISP public network operators in theNetherlands have been required to support interception capabilities for years.Elsewhere
Most countries worldwide maintain LI requirements similar to those in the US and Europe, and have moved to the ETSI handover standards.
Illegal Use
As with many law enforcement tools, LI systems may be subverted for illicit purposes. This occurred in Greece during the 2004 Olympics. The telephone operator concerned was fined US$1,000,000 in 2006 [ [http://news.bbc.co.uk/1/hi/business/6182647.stm BBC NEWS | Business | Greek scandal sees Vodafone fined ] ] for failing to secure its systems against unlawful access.
Notes
References
*Handover Interface for the Lawful Interception of Telecommunications Traffic, ETSI ES-201-671, under Lawful Interception, Telecommunications Security, version 3.1.1, May 2007.
*Handover Specification for IP delivery, ETSI TS-102-232-1, under Lawful Interception, Telecommunications Security, version 2.1.1, December 2006.
*Lawfully Authorized Electronic Surveillance, T1P1/T1S1 joint standard, document number J-STD-025B, December 2003.
*3rd Generation Partnership Project, Technical Specification 3GPP TS 33.106 V5.1.0 (2002-09), “Lawful Interception Requirements (Release 5),” September 2003.
*3rd Generation Partnership Project, Technical Specification 3GPP TS 33.107 V6.0.0 (2003-09), “Lawful interception architecture and functions (Release 6),” September 2003.
*3rd Generation Partnership Project, Technical Specification 3GPP TS 33.108 V6.3.0 (2003-09), “Handover interface for Lawful Interception (Release 6),” September 2003.
*PacketCable Electronic Surveillance Specification, [http://www.cablelabs.com/specifications/archives/PKT-SP-ESP-I03-040113.pdf PKT-SP-ESP-I03-040113] , Cable Television Laboratories Inc., 13 January 2004.
*T1.678, Lawfully Authorized Electronic Surveillance (LAES) for Voice over Packet Technologies in Wireline Telecommunications Networks.
*RFC 2924, Cisco Architecture for Lawful Intercept in IP Networksee also
*
Secrecy of correspondence
*Telecommunications data retention
*Network Monitoring Interface Card
*SS7 probe
*SIGINT External links
* [http://www.newport-networks.com/whitepapers/lawful-intercept1.html An Overview Paper on the Lawful Interception architecture for Voice over IP calls]
* [http://www.aqsacomna.com/us/articles/LIPatriotact%5Famendments%5Fwiretap%2Dv1.pdf Application of the US PATRIOT Act in wiretapping]
* [http://www.aqsacomna.com/us/articles/LIIPWhitePaperv21.pdf White Paper on Interception of IP Networks]
* [http://www.aqsacomna.com/us/articles/LI3GWhitePaperv4.pdf White Paper on Interception of 3G Wireless Networks]
* [http://www.3gpp.org/ftp/Specs/latest/R1999/01_series/0133-800.zip 3GPP Lawful Interception requirements for GSM]
* [http://www.legaltree.ca/node/908 Guide to the one party consent exception to the rule against interception of private communications in Canada]
* [http://www.gliif.org Global LI Industry Forum, an overview of laws and standards]
Wikimedia Foundation. 2010.