Lawful interception

Lawful interception

Lawful interception (aka wiretapping) is the interception of telecommunications by law enforcement agencies (LEA's) and intelligence services, in accordance with local law and after following due process and receiving proper authorization from competent authorities.

With the existing Public Switched Telephone Network (PSTN), Wireless, and Cable Systems, Lawful Interception (LI) is generally performed by accessing the digital switches supporting the target's calls in response to a warrant from a Law Enforcement Agency (LEA). However, mobile phone and Voice over IP (VoIP) technologies have enabled the mobility of the end-user, which have introduced new challenges.

Whilst the detailed requirements for LI differ from one jurisdiction to another, the general requirements are the same. The LI system must provide transparent interception of specified traffic only, and the subject must not be aware of the interception. The service provided to other users must not be affected during interception.

Technical description

Almost all countries have LI requirements and have adopted global LI requirements and standards developed by the European Telecommunications Standards Institute (ETSI) organization. In the USA, the requirements are governed by the Communications Assistance for Law Enforcement Act (CALEA).

In order to prevent investigations being compromised, LI systems may be designed in a manner that hides the interception from the telecommunications operator concerned. This is a requirement in some jurisdictions.

To ensure systematic procedures for carrying out interception, while also lowering the costs of interception solutions, industry groups and government agencies worldwide have attempted to standardize the technical processes behind lawful interception. One organization, ETSI, has been a major driver in lawful interception standards not only for Europe, but worldwide. The following figure provides a generalized view of the lawful interception architecture as proposed by ETSI:

This architecture attempts to define a systematic and extensible means by which network operators and law enforcement agents (LEAs) can interact, especially as networks grow in sophistication and scope of services. Note this architecture applies to not only “traditional” wireline and wireless voice calls, but to IP-based services such as Voice over IP, email, instant messaging, etc. The architecture is now applied worldwide (in some cases with slight variations in terminology), including in the United States in the context of CALEA conformance. Three stages are called for in the architecture: 1) collection where target-related “call” data and content are extracted from the network; 2) mediation where the data is formatted to conform to specific standards; and 3) delivery of the data and content to the law enforcement agency (LEA).

The call data (known as Intercept Related Information or IRI in Europe and Call Data or CD in the US) consists of information about the targeted communications, including destination of a voice call (e.g., called party’s telephone number), source of a call (caller’s phone number), time of the call, duration, etc. Call content is namely the stream of data carrying the call. Included in the architecture is the lawful interception management function, which covers interception session set-up and tear down, scheduling, target identification, etc. Communications between the network operator and LEA are via the Handover Interfaces (designated HI). Communications data and content are typically delivered from the network operator to the LEA in an encrypted format over an IP-based VPN. The interception of traditional voice calls still often relies on the establishment of an ISDN channel that is set up at the time of the interception.

As stated above, the ETSI architecture is equally applicable to IP-based services where IRI (or CD) is dependent on parameters associated with the traffic from a given application to be intercepted. For example, in the case of email IRI would be similar to the header information on an email message (e.g., destination email address, source email address, time email was transmitted) as well as pertinent header information within the IP packets conveying the message (e.g., source IP address of email server originating the email message). Of course, more in-depth information would be obtained by the interception system so as to avoid the usual email address spoofing that often takes place (e.g., spoofing of source address). Voice-over-IP likewise has its own IRI, including data derived from Session Initiation Protocol (SIP) messages that are used to set up and tear down a VOIP call.

USA interception standards that help network operators and service providers conform to CALEA are mainly those specified by the CableLabs, the Alliance for Telecommunications Industry Solutions (ATIS), and the Telecommunications Industry Association (TIA). TIA's standards include J-STD-025B which updates the earlier J-STD-025A to include packetized voice and CDMA wireless interception, although it has recently been challenged as "deficient" by the U.S. Dept of Justice. Generic global standards have also been developed by the Internet Engineering Task Force (IETF) that provide a front-end means of supporting most LI handover standards. Although the terms are different, the concepts behind the interception architecture resemble those formulated under ETSI. More recent standards address packetized voice and data (e.g., ETSI TS102232 et seq, ATIS T1.678, T1.IAS) and interception for PacketCable. Interception standardization efforts for wireless networks are primarily overseen by the 3rd Generation Partnership Project (3GPP).

Laws

Various countries have different rules with regards to lawful interception. In the United Kingdom the law is known as RIPA (Regulation of Investigatory Powers Act), in United States there is an array of federal and state criminal law, in Commonwealth of Independent States countries as SORM. A subset of LI law deals with the ability of communication providers to support interception handovers.

United States of America

In the United States, two laws cover most of the governance of lawful interception. The 1968 Omnibus Crime Control and Safe Streets Act, Title III pertains mainly to lawful interception criminal investigations. The second law, the 1978 Foreign Intelligence Surveillance Act, or FISA, governs wiretapping for intelligence purposes where the subject of the investigation must be a foreign (non-US) national or a person working as an agent on behalf of a foreign country. Most of the congressionally mandated wiretap records indicate that the cases are related to illegal drug distribution, with cell phones as the dominant form of intercepted communication.

During the 1990s, to help law enforcement and the FBI more effectively carry out wiretap operations, especially in view of the emerging digital voice and wireless networks at the time, the US Congress passed CALEA in 1994 [ [http://www.askcalea.com AskCALEA ] ] . This act provides broad guidelines to network operators on how to assist the LEAs in setting up interceptions and the types of data to be delivered. CALEA does not, as many believe, provide specific implementation directives on interception. More recently, the US Federal Communications Commission (FCC) mandated that CALEA be extended to include interception of publicly-available broadband networks and Voice over IP services that are interconnected to the Public Switched Telephone Network (PSTN).

As a response to the terrorist events of 9/11, the US Congress incorporated various provisions related to enhanced electronic surveillance in the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism” Act (USA Patriot Act). These wiretap provisions are mainly updates to those expressed under the FISA law.

Europe

In the European Union, the European Council Resolution of 17 January 1995 on the Lawful Interception of Telecommunications (Official Journal C 329) mandated similar measures to CALEA on a pan-European basis. [ [http://europa.eu.int/eur-lex/lex/LexUriServ/LexUriServ.do?uri=CELEX:31996G1104:EN:HTML EUR-Lex - 31996G1104 - EN ] ] Although some EU member countries reluctantly accepted this resolution out of privacy concerns (which are more pronounced in Europe than the US), there appears now to be general agreement with the resolution. Interestingly enough, interception mandates in Europe are generally more rigorous than those of the US; for example, both voice and ISP public network operators in the Netherlands have been required to support interception capabilities for years.

Elsewhere

Most countries worldwide maintain LI requirements similar to those in the US and Europe, and have moved to the ETSI handover standards.

Illegal Use

As with many law enforcement tools, LI systems may be subverted for illicit purposes. This occurred in Greece during the 2004 Olympics. The telephone operator concerned was fined US$1,000,000 in 2006 [ [http://news.bbc.co.uk/1/hi/business/6182647.stm BBC NEWS | Business | Greek scandal sees Vodafone fined ] ] for failing to secure its systems against unlawful access.

Notes

References

*Handover Interface for the Lawful Interception of Telecommunications Traffic, ETSI ES-201-671, under Lawful Interception, Telecommunications Security, version 3.1.1, May 2007.
*Handover Specification for IP delivery, ETSI TS-102-232-1, under Lawful Interception, Telecommunications Security, version 2.1.1, December 2006.
*Lawfully Authorized Electronic Surveillance, T1P1/T1S1 joint standard, document number J-STD-025B, December 2003.
*3rd Generation Partnership Project, Technical Specification 3GPP TS 33.106 V5.1.0 (2002-09), “Lawful Interception Requirements (Release 5),” September 2003.
*3rd Generation Partnership Project, Technical Specification 3GPP TS 33.107 V6.0.0 (2003-09), “Lawful interception architecture and functions (Release 6),” September 2003.
*3rd Generation Partnership Project, Technical Specification 3GPP TS 33.108 V6.3.0 (2003-09), “Handover interface for Lawful Interception (Release 6),” September 2003.
*PacketCable Electronic Surveillance Specification, [http://www.cablelabs.com/specifications/archives/PKT-SP-ESP-I03-040113.pdf PKT-SP-ESP-I03-040113] , Cable Television Laboratories Inc., 13 January 2004.
*T1.678, Lawfully Authorized Electronic Surveillance (LAES) for Voice over Packet Technologies in Wireline Telecommunications Networks.
*RFC 2924, Cisco Architecture for Lawful Intercept in IP Networks

ee also

* Secrecy of correspondence
* Telecommunications data retention
* Network Monitoring Interface Card
* SS7 probe
* SIGINT

External links

* [http://www.newport-networks.com/whitepapers/lawful-intercept1.html An Overview Paper on the Lawful Interception architecture for Voice over IP calls]
* [http://www.aqsacomna.com/us/articles/LIPatriotact%5Famendments%5Fwiretap%2Dv1.pdf Application of the US PATRIOT Act in wiretapping]
* [http://www.aqsacomna.com/us/articles/LIIPWhitePaperv21.pdf White Paper on Interception of IP Networks]
* [http://www.aqsacomna.com/us/articles/LI3GWhitePaperv4.pdf White Paper on Interception of 3G Wireless Networks]
* [http://www.3gpp.org/ftp/Specs/latest/R1999/01_series/0133-800.zip 3GPP Lawful Interception requirements for GSM]
* [http://www.legaltree.ca/node/908 Guide to the one party consent exception to the rule against interception of private communications in Canada]
* [http://www.gliif.org Global LI Industry Forum, an overview of laws and standards]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Lawful Interception — Telekommunikationsüberwachung – abgekürzt auch TÜ oder TKÜ genannt – ist die im Strafverfahrensrecht und Polizeirecht übliche Bezeichnung für die Überwachung von Telekommunikationsvorgängen und inhalten. Dazu zählen das Abhören von… …   Deutsch Wikipedia

  • lawful interception — noun wiretapping …   Wiktionary

  • Interception (disambiguation) — Interception may refer to:*Interception (football), a situation when a quarterback s pass is caught by a player on the opposing team *Interception (water), the interception of precipitation by vegetation *Telephone tapping, the interception of a… …   Wikipedia

  • Legal Interception — Telekommunikationsüberwachung – abgekürzt auch TÜ oder TKÜ genannt – ist die im Strafverfahrensrecht und Polizeirecht übliche Bezeichnung für die Überwachung von Telekommunikationsvorgängen und inhalten. Dazu zählen das Abhören von… …   Deutsch Wikipedia

  • Telekommunikationsüberwachung — Dieser Artikel oder Absatz stellt die Situation in Deutschland dar. Hilf mit, die Situation in anderen Ländern zu schildern …   Deutsch Wikipedia

  • Network switching subsystem — (NSS) (or GSM core network) is the component of a GSM system that carries out call switching and mobility management functions for mobile phones roaming on the network of base stations. It is owned and deployed by mobile phone operators and… …   Wikipedia

  • Greek telephone tapping case 2004-2005 — The Greek telephone tapping case of 2004 2005, also referred to as Greek Watergate, [cite web | first = Dina | last = Kyriakidou |title = Greek Watergate Scandal Sends Political Shockwaves | publisher = Reuters | date = March 2, 2006 | url = http …   Wikipedia

  • Telephone tapping — Wiretap redirects here. For the radio program, see WireTap (radio program). Telephone tapping (also wire tapping or wiretapping in American English) is the monitoring of telephone and Internet conversations by a third party, often by covert means …   Wikipedia

  • Communications Assistance for Law Enforcement Act — The Communications Assistance for Law Enforcement Act (CALEA) is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton (Pub. L. No. 103 414, 108 Stat. 4279, codified at 47 USC 1001 1010). In its own words, the… …   Wikipedia

  • Telesoft Technologies — Infobox Company company name = Telesoft Technologies company company type = Limited Company genre = Corporate histories foundation = 1989 location = Blandford, UK key people = Rob Downham, Chairman Bruce Markham, CEO Phil Lewis, Finance… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”