Legal and Technical Standards for Lawful Intercepts
-
Upload
aris-risdianto -
Category
Documents
-
view
329 -
download
1
description
Transcript of Legal and Technical Standards for Lawful Intercepts
Special Topic of Telecommunication Network
Chapter 3
Legal and Technical Standards for Lawful Intercepts
Aris Cahyadi Risdianto23210016
Introduction
The basic functions of lawful intercepts (LIs)
accessing data, processing data, converting data into information, delivering information to handover interfaces (HIs) with law enforcement agencies (LEAs), and securing all communications.
Lawful Intercepts ( LIs) is different at geographical areas
Responsibilities of service providers and LEAs Technical and legal prerequisites very different in different contextsLegal basis for LIs is a very different issue
Principal Group of LIs Issues
Three principal groups of issues to be address
1) Legal background of surveillance
2) Duties of telecommunications service providers (TSPs) (along with access providers, network operators, licensed operators, communications service providers, electronic communications service providers, and telecommunications carriers)
3) Controls and sanctions for noncompliance
LIs powerful standards
North American (J-STD-025) standardsEuropean (ETSI) standards
Legal Background of Surveillance
Basics of Intercept Laws
Legal Guidelines
US FCC established CALEA
France French law forms the basis for intercept regulations
UK The Regulation of Investigatory Power Act (RIPA)
Japan •No laws or acts focusing on LIs•Law "no censorship shall be maintained, or secrecy of any means of communications be violated”
US OCCSSA (wiretap), ECPA (microwave, fax, cordless, etc), CALEA (conference call, call waiting, etc), U.S. Patriot Act (wiretaps, pen register, etc)
France criminal codes :Loi n0 91-636 du 10 juilliet 1991Decret n0 93-119 du 28 janvier 1993
UK RIPA chapter 1 (IOCA), chapter 2
Japan Telecommunication is privacy, no surveillance activity. Related law : CCP for telecom in crime investigation
Legal Background of SurveillanceServices Subject to Surveillance
Objectives of Surveillance
US Oral surveillance : person-to-person communicationsWire surveillance : electronic human voice communications including mobile and satelit communication.Electronic surveillance : includes all other electronic communications exceptf financial transactions.
France All telecommunications services are subject to surveillance
UK person based rather than based on an address or telephone number
Japan voice telephony, facsimile, and e-mail
US not permit general surveillance of communications
France During a trial, both prosecutors and defense can review the intercepted information
UK surveillance results can be used in trials
Japan to fight serious and organized crime (Yakuza mafia and the Aum sect)
Duties of TSPs and OperatorsCooperation with LEA
US •Isolating content of targeted communication•Identifying origin and destination of targeted communication•Provide intercept communication and CII to LEA over line or facilities leased by LEA•Carry out intercepts not be aware by the target.
France ●High rank LEA can assign interceptions tasks to any employee of france telecoms or other operator●In case strategic surveillance, prime minister issues an request
UK ●RIPA applies all TSP offerinf guidelines for data retention●periodic meetings between government and TSPs to discuss the intelligence needs of LEAs●TSPs may seek advice from Technical Advisory Board (TAB) for assistance of complicated technical requests
Japan ●All TSPs must comply with LI legislation and guidelines●Primary prerequisite is that warrants be issued by prosecutors or high-ranking police officers.
Duties of TSPs and OperatorsTechincal Requirements
US ●Summarized in the J-STD-025-A standard
France ●State-of-the-art intercept technology to be used to intercept communication data and content● All data is collected by the Groupe Interministeriel de Controle (GIC), which in turn relays data to LEAs
UK ●Surveillance include all communication, intercepted data provided in real time to interface with LEA●Data transfer support simultaneous content and intercept condition●HI must support international standard (eg. ETSI)●Data should be filtered, only relevant data forwarded●Encrypted data should be decrypt●TSP support surveillance for 0,1 percent of subscriber●TSP use reliable intercept and surveillance equipment
Japan ●LEA can provision devices for LI on case to case basis●Email communication supervised via temporary mailbox which installed and supervised by LEA●National Police Agency approach NTT DoCoMo to develop and install LI surveillance, but it can't be forced
Duties of TSPs and OperatorsOrganizational Requirements
US ●TSP assign LI tasks to experience expert●TSP must specify rules and process in writing●TSP must log their LI action●Protocols and survelannce log must be sign by expert●Protocols and logs must be save for reasonale duration●TSP expected to document and maintain material
France ●High security clearance personel conduct surveillance●Continuity terms of human resources●Log and protocols must be maintained●All privacy rules mut be follow
UK ●All equipment delivered in one working day●Surveillance equipment must be accessible for audit●Surveillance requirement met without notification●Surveillance mut have minimal performance impact
Japan ●Physical present of experts on behalf of TSP for the duration of surveillance●LEA including National Police Agency and Public Prosecutor's Office conduct workshop with TSP on the topic area of LI
Duties of TSPs and OperatorsException
Compliance Control
US ●CALEA, no exception for TSP but may apply individual case
France ●No exception for TSP, ●Doctors, lawyer, and pastor protected
UK ● Exception for TSP under 100000 subscribers, and serve a close community (bank, insurance, financial community, etc)●Special approval for Journalist, doctors, lawyer, and pastor
Japan ●If surveillance technology and human resource are expensive●Required new HW and SW●Company is too small
US ●No Regulation to enforce, TSP self-certification procedure
France ●No specific procedures on technical and organization
UK ● Government may provide handbook guidelines on technical and organization, but not yet
Japan ●Only existing network are used for LI, special procedures are not required
Control and SanctionsControlling Entities
US ●Based Omnibus Crime Control Act, administrative Office of the U.S. Courts is expected to prepare an annual report for Congress, outlining surveillance statistics
France ●National Committee for Lawful Intercepts (CNCIS) handle LI data initiated by government.●CNCIS member : president, senate and national assembly
UK ●Interception of Communications Commissioner (ICC) : independent individual report to the PM,who decide publication of report●Investigatory Powers Tribunal (IPT) : independent court responsible for adjudicating complaints regarding LIs●secret services surveillance are regulated by the Institution of Surveillance Commissioner (ISC).
Japan ●Surveillance activities controlled by physical presence expert TSP and executed by LEA member●Not crime-related data must be deleted
Control and Sanctions
Reporting Duties
US ●Each judges must report each warrant for surveillance to the Administrative Office of the U.S. Courts●Prosecutors report directly to the administrative office in regard to all requested warrants
France ●LEA members must log all activities ●Warrants are maintained locally●National statistics are not maintained
UK ● Involved parties mandatory to follow guidelines from ICC and provide the necessary data for annual reports
Japan ●Members of LEAs must log all surveillance actions
Control and Sanctions
Sanctions for Non-compliance
US ●If TSPs can't provide information, technical assistance to complete interception, they face criminal or civil liability or good faith reliance defense, and will the sanction are enforced on the basis of the Communication Act of 1934
France ●no formal procedures for sanctions●CNCIS issued critics for surveillance decisions, and violates act illegal wiretaps and other action
UK ●Intentional noncompliance is rare, but sanctions are severe●Today, no implementation of sanctions has been reported
Japan ●Sanctions in terms of abuse of surveillance and surveillance instruments● no known sanctions against TSPs who unable or choose not to cooperate with LEAs
CALEA Reference Model
CALEA Reference ModelCALEA Interfaces
1. Surveillance administration system (SAS): performs provisioning and receives alarms to CALEA interfaces
2. Call data channel (CDC): network connection reporting from the switch to the LEA
3. Call content channel (CCC): network connection delivering call content from the switch to the LEA
CALEA Principal Functions
1) Access functions (AFs) (include network elements such MSC, HLR,etc) who provide access to and replication of intercepted traffic.
2) Delivery function (DF) (include target and warrant information, interfaces, intercepted traffic) to CF
3) Collection function (CF) collect and records lawfully authorized intercepted communications and CII for LEAs
ETSI Reference Model
ETSI Reference Model
ETSI Reference Model
ETSI Principal Interfaces
1) HI1 : Interface for Administration InformationTransports administrative information from or to the LEA and NWO/AP/SvP
2) HI2 : Interface for IRITransmit information or data associated with the telecommunications services of the target identity apparent to the network.
3) HI3 : Interface for IRI transports the CC of the intercepted telecommunications service to the LEMF.
Conclusions
ETSI Principal Interfaces
1) HI1 : Interface for Administration InformationTransports administrative information from or to the LEA and NWO/AP/SvP
2) HI2 : Interface for IRITransmit information or data associated with the telecommunications services of the target identity apparent to the network.
3) HI3 : Interface for CC Transports the CC of the intercepted telecommunications service to the LEMF.
Thank youThank you