2. Introduction
The basic functions of lawful intercepts (LIs)
accessing data, processing data, converting data into information,
delivering information to handover interfaces (HIs) with law
enforcement agencies (LEAs), and securing all communications.
Lawful Intercepts ( LIs) is different at geographical areas
Responsibilities of service providers and LEAs
Technical and legal prerequisites very different in different contexts
Legal basis for LIs is a very different issue
3. Principal Group of LIs Issues
Three principal groups of issues to be address
1) Legal background of surveillance
2) Duties of telecommunications service providers (TSPs) (along
with access providers, network operators, licensed operators,
communications service providers, electronic communications
service providers, and telecommunications carriers)
3) Controls and sanctions for noncompliance
LIs powerful standards
North American (J-STD-025) standards
European (ETSI) standards
4. Legal Background of Surveillance
Basics of Intercept Laws
US FCC established CALEA
France French law forms the basis for intercept regulations
UK The Regulation of Investigatory Power Act (RIPA)
Japan •No laws or acts focusing on LIs
•Law "no censorship shall be maintained, or secrecy of any
means of communications be violated”
Legal Guidelines
US OCCSSA (wiretap), ECPA (microwave, fax, cordless, etc),
CALEA (conference call, call waiting, etc), U.S. Patriot Act
(wiretaps, pen register, etc)
France criminal codes :Loi n0 91-636 du 10 juilliet 1991
Decret n0 93-119 du 28 janvier 1993
UK RIPA chapter 1 (IOCA), chapter 2
Japan Telecommunication is privacy, no surveillance activity.
Related law : CCP for telecom in crime investigation
5. Legal Background of Surveillance
Services Subject to Surveillance
US Oral surveillance : person-to-person communications
Wire surveillance : electronic human voice communications
including mobile and satelit communication.
Electronic surveillance : includes all other electronic
communications exceptf financial transactions.
France All telecommunications services are subject to surveillance
UK person based rather than based on an address or telephone
number
Japan voice telephony, facsimile, and e-mail
Objectives of Surveillance
US not permit general surveillance of communications
France During a trial, both prosecutors and defense can review the
intercepted information
UK surveillance results can be used in trials
Japan to fight serious and organized crime (Yakuza mafia and the
Aum sect)
6. Duties of TSPs and Operators
Cooperation with LEA
US •Isolating content of targeted communication
•Identifying origin and destination of targeted communication
•Provide intercept communication and CII to LEA over line or
facilities leased by LEA
•Carry out intercepts not be aware by the target.
France ●High rank LEA can assign interceptions tasks to any
employee of france telecoms or other operator
●In case strategic surveillance, prime minister issues an
request
UK ●RIPA applies all TSP offerinf guidelines for data retention
●periodic meetings between government and TSPs to discuss
the intelligence needs of LEAs
●TSPs may seek advice from Technical Advisory Board (TAB)
for assistance of complicated technical requests
Japan ●All TSPs must comply with LI legislation and guidelines
●Primary prerequisite is that warrants be issued by
prosecutors or high-ranking police officers.
7. Duties of TSPs and Operators
Techincal Requirements
US Summarized in the J-STD-025-A standard
●
France ●State-of-the-art intercept technology to be used to intercept
communication data and content
● All data is collected by the Groupe Interministeriel de
Controle (GIC), which in turn relays data to LEAs
UK ●Surveillance include all communication, intercepted data
provided in real time to interface with LEA
●Data transfer support simultaneous content and intercept
condition
●HI must support international standard (eg. ETSI)
●Data should be filtered, only relevant data forwarded
●Encrypted data should be decrypt
●TSP support surveillance for 0,1 percent of subscriber
●TSP use reliable intercept and surveillance equipment
Japan ●LEA can provision devices for LI on case to case basis
●Email communication supervised via temporary mailbox
which installed and supervised by LEA
●National Police Agency approach NTT DoCoMo to develop
and install LI surveillance, but it can't be forced
8. Duties of TSPs and Operators
Organizational Requirements
US ●TSP assign LI tasks to experience expert
●TSP must specify rules and process in writing
●TSP must log their LI action
●Protocols and survelannce log must be sign by expert
●Protocols and logs must be save for reasonale duration
●TSP expected to document and maintain material
France ●High security clearance personel conduct surveillance
●Continuity terms of human resources
●Log and protocols must be maintained
●All privacy rules mut be follow
UK ●All equipment delivered in one working day
●Surveillance equipment must be accessible for audit
●Surveillance requirement met without notification
●Surveillance mut have minimal performance impact
Japan ●Physical present of experts on behalf of TSP for the duration
of surveillance
●LEA including National Police Agency and Public Prosecutor's
Office conduct workshop with TSP on the topic area of LI
9. Duties of TSPs and Operators
Exception
US CALEA, no exception for TSP but may apply individual case
●
France ●No exception for TSP,
●Doctors, lawyer, and pastor protected
UK ● Exception for TSP under 100000 subscribers, and serve a
close community (bank, insurance, financial community, etc)
●Special approval for Journalist, doctors, lawyer, and pastor
Japan ●If surveillance technology and human resource are expensive
●Required new HW and SW
●Company is too small
Compliance Control
US No Regulation to enforce, TSP self-certification procedure
●
France No specific procedures on technical and organization
●
UK ●Government may provide handbook guidelines on technical
and organization, but not yet
Japan ●Only existing network are used for LI, special procedures are
not required
10. Control and Sanctions
Controlling Entities
US ●Based Omnibus Crime Control Act, administrative Office of
the U.S. Courts is expected to prepare an annual report for
Congress, outlining surveillance statistics
France ●National Committee for Lawful Intercepts (CNCIS) handle
LI data initiated by government.
●CNCIS member : president, senate and national assembly
UK ●Interception of Communications Commissioner (ICC) :
independent individual report to the PM,who decide
publication of report
●Investigatory Powers Tribunal (IPT) : independent court
responsible for adjudicating complaints regarding LIs
●secret services surveillance are regulated by the Institution
of Surveillance Commissioner (ISC).
Japan ●Surveillance activities controlled by physical presence expert
TSP and executed by LEA member
●Not crime-related data must be deleted
11. Control and Sanctions
Reporting Duties
US ●Each judges must report each warrant for surveillance to the
Administrative Office of the U.S. Courts
●Prosecutors report directly to the administrative office in
regard to all requested warrants
France ●LEA members must log all activities
●Warrants are maintained locally
●National statistics are not maintained
UK ● Involved parties mandatory to follow guidelines from ICC and
provide the necessary data for annual reports
Japan ● Members of LEAs must log all surveillance actions
12. Control and Sanctions
Sanctions for Non-compliance
US ●If TSPs can't provide information, technical assistance to
complete interception, they face criminal or civil liability or
good faith reliance defense, and will the sanction are enforced
on the basis of the Communication Act of 1934
France ●no formal procedures for sanctions
●CNCIS issued critics for surveillance decisions, and violates
act illegal wiretaps and other action
UK ●Intentional noncompliance is rare, but sanctions are severe
●Today, no implementation of sanctions has been reported
Japan ●Sanctions in terms of abuse of surveillance and surveillance
instruments
● no known sanctions against TSPs who unable or choose not
to cooperate with LEAs
14. CALEA Reference Model
CALEA Interfaces
1. Surveillance administration system (SAS): performs provisioning
and receives alarms to CALEA interfaces
2. Call data channel (CDC): network connection reporting from the
switch to the LEA
3. Call content channel (CCC): network connection delivering call
content from the switch to the LEA
CALEA Principal Functions
1) Access functions (AFs) (include network elements such MSC,
HLR,etc) who provide access to and replication of intercepted traffic.
2) Delivery function (DF) (include target and warrant information,
interfaces, intercepted traffic) to CF
3) Collection function (CF) collect and records lawfully authorized
intercepted communications and CII for LEAs
17. ETSI Reference Model
ETSI Principal Interfaces
1) HI1 : Interface for Administration Information
Transports administrative information from or to the LEA and
NWO/AP/SvP
2) HI2 : Interface for IRI
Transmit information or data associated with the telecommunications
services of the target identity apparent to the network.
3) HI3 : Interface for IRI
transports the CC of the intercepted telecommunications service to
the LEMF.
18. Conclusions
ETSI Principal Interfaces
1) HI1 : Interface for Administration Information
Transports administrative information from or to the LEA and
NWO/AP/SvP
2) HI2 : Interface for IRI
Transmit information or data associated with the telecommunications
services of the target identity apparent to the network.
3) HI3 : Interface for CC
Transports the CC of the intercepted telecommunications service to
the LEMF.