Special Topic of Telecommunication Network

Chapter 3

Legal and Technical Standards for Lawful Intercepts

Aris Cahyadi Risdianto23210016

Introduction

The basic functions of lawful intercepts (LIs)

accessing data, processing data, converting data into information, delivering information to handover interfaces (HIs) with law enforcement agencies (LEAs), and securing all communications.

Lawful Intercepts ( LIs) is different at geographical areas

Responsibilities of service providers and LEAs Technical and legal prerequisites very different in different contextsLegal basis for LIs is a very different issue

Principal Group of LIs Issues

Three principal groups of issues to be address

1) Legal background of surveillance

2) Duties of telecommunications service providers (TSPs) (along with access providers, network operators, licensed operators, communications service providers, electronic communications service providers, and telecommunications carriers)

3) Controls and sanctions for noncompliance

LIs powerful standards

North American (J-STD-025) standardsEuropean (ETSI) standards

Legal Background of Surveillance

Basics of Intercept Laws

Legal Guidelines

US FCC established CALEA

France French law forms the basis for intercept regulations

UK The Regulation of Investigatory Power Act (RIPA)

Japan •No laws or acts focusing on LIs•Law "no censorship shall be maintained, or secrecy of any means of communications be violated”

US OCCSSA (wiretap), ECPA (microwave, fax, cordless, etc), CALEA (conference call, call waiting, etc), U.S. Patriot Act (wiretaps, pen register, etc)

France criminal codes :Loi n0 91-636 du 10 juilliet 1991Decret n0 93-119 du 28 janvier 1993

UK RIPA chapter 1 (IOCA), chapter 2

Japan Telecommunication is privacy, no surveillance activity. Related law : CCP for telecom in crime investigation

Legal Background of SurveillanceServices Subject to Surveillance

Objectives of Surveillance

US Oral surveillance : person-to-person communicationsWire surveillance : electronic human voice communications including mobile and satelit communication.Electronic surveillance : includes all other electronic communications exceptf financial transactions.

France All telecommunications services are subject to surveillance

UK person based rather than based on an address or telephone number

Japan voice telephony, facsimile, and e-mail

US not permit general surveillance of communications

France During a trial, both prosecutors and defense can review the intercepted information

UK surveillance results can be used in trials

Japan to fight serious and organized crime (Yakuza mafia and the Aum sect)

Duties of TSPs and OperatorsCooperation with LEA

US •Isolating content of targeted communication•Identifying origin and destination of targeted communication•Provide intercept communication and CII to LEA over line or facilities leased by LEA•Carry out intercepts not be aware by the target.

France ●High rank LEA can assign interceptions tasks to any employee of france telecoms or other operator●In case strategic surveillance, prime minister issues an request

UK ●RIPA applies all TSP offerinf guidelines for data retention●periodic meetings between government and TSPs to discuss the intelligence needs of LEAs●TSPs may seek advice from Technical Advisory Board (TAB) for assistance of complicated technical requests

Japan ●All TSPs must comply with LI legislation and guidelines●Primary prerequisite is that warrants be issued by prosecutors or high-ranking police officers.

Duties of TSPs and OperatorsTechincal Requirements

US ●Summarized in the J-STD-025-A standard

France ●State-of-the-art intercept technology to be used to intercept communication data and content● All data is collected by the Groupe Interministeriel de Controle (GIC), which in turn relays data to LEAs

UK ●Surveillance include all communication, intercepted data provided in real time to interface with LEA●Data transfer support simultaneous content and intercept condition●HI must support international standard (eg. ETSI)●Data should be filtered, only relevant data forwarded●Encrypted data should be decrypt●TSP support surveillance for 0,1 percent of subscriber●TSP use reliable intercept and surveillance equipment

Japan ●LEA can provision devices for LI on case to case basis●Email communication supervised via temporary mailbox which installed and supervised by LEA●National Police Agency approach NTT DoCoMo to develop and install LI surveillance, but it can't be forced

Duties of TSPs and OperatorsOrganizational Requirements

US ●TSP assign LI tasks to experience expert●TSP must specify rules and process in writing●TSP must log their LI action●Protocols and survelannce log must be sign by expert●Protocols and logs must be save for reasonale duration●TSP expected to document and maintain material

France ●High security clearance personel conduct surveillance●Continuity terms of human resources●Log and protocols must be maintained●All privacy rules mut be follow

UK ●All equipment delivered in one working day●Surveillance equipment must be accessible for audit●Surveillance requirement met without notification●Surveillance mut have minimal performance impact

Japan ●Physical present of experts on behalf of TSP for the duration of surveillance●LEA including National Police Agency and Public Prosecutor's Office conduct workshop with TSP on the topic area of LI

Duties of TSPs and OperatorsException

Compliance Control

US ●CALEA, no exception for TSP but may apply individual case

France ●No exception for TSP, ●Doctors, lawyer, and pastor protected

UK ● Exception for TSP under 100000 subscribers, and serve a close community (bank, insurance, financial community, etc)●Special approval for Journalist, doctors, lawyer, and pastor

Japan ●If surveillance technology and human resource are expensive●Required new HW and SW●Company is too small

US ●No Regulation to enforce, TSP self-certification procedure

France ●No specific procedures on technical and organization

UK ● Government may provide handbook guidelines on technical and organization, but not yet

Japan ●Only existing network are used for LI, special procedures are not required

Control and SanctionsControlling Entities

US ●Based Omnibus Crime Control Act, administrative Office of the U.S. Courts is expected to prepare an annual report for Congress, outlining surveillance statistics

France ●National Committee for Lawful Intercepts (CNCIS) handle LI data initiated by government.●CNCIS member : president, senate and national assembly

UK ●Interception of Communications Commissioner (ICC) : independent individual report to the PM,who decide publication of report●Investigatory Powers Tribunal (IPT) : independent court responsible for adjudicating complaints regarding LIs●secret services surveillance are regulated by the Institution of Surveillance Commissioner (ISC).

Japan ●Surveillance activities controlled by physical presence expert TSP and executed by LEA member●Not crime-related data must be deleted

Control and Sanctions

Reporting Duties

US ●Each judges must report each warrant for surveillance to the Administrative Office of the U.S. Courts●Prosecutors report directly to the administrative office in regard to all requested warrants

France ●LEA members must log all activities ●Warrants are maintained locally●National statistics are not maintained

UK ● Involved parties mandatory to follow guidelines from ICC and provide the necessary data for annual reports

Japan ●Members of LEAs must log all surveillance actions

Control and Sanctions

Sanctions for Non-compliance

US ●If TSPs can't provide information, technical assistance to complete interception, they face criminal or civil liability or good faith reliance defense, and will the sanction are enforced on the basis of the Communication Act of 1934

France ●no formal procedures for sanctions●CNCIS issued critics for surveillance decisions, and violates act illegal wiretaps and other action

UK ●Intentional noncompliance is rare, but sanctions are severe●Today, no implementation of sanctions has been reported

Japan ●Sanctions in terms of abuse of surveillance and surveillance instruments● no known sanctions against TSPs who unable or choose not to cooperate with LEAs

CALEA Reference Model

CALEA Reference ModelCALEA Interfaces

1. Surveillance administration system (SAS): performs provisioning and receives alarms to CALEA interfaces

2. Call data channel (CDC): network connection reporting from the switch to the LEA

3. Call content channel (CCC): network connection delivering call content from the switch to the LEA

CALEA Principal Functions

1) Access functions (AFs) (include network elements such MSC, HLR,etc) who provide access to and replication of intercepted traffic.

2) Delivery function (DF) (include target and warrant information, interfaces, intercepted traffic) to CF

3) Collection function (CF) collect and records lawfully authorized intercepted communications and CII for LEAs

ETSI Reference Model

ETSI Reference Model

ETSI Reference Model

ETSI Principal Interfaces

1) HI1 : Interface for Administration InformationTransports administrative information from or to the LEA and NWO/AP/SvP

2) HI2 : Interface for IRITransmit information or data associated with the telecommunications services of the target identity apparent to the network.

3) HI3 : Interface for IRI transports the CC of the intercepted telecommunications service to the LEMF.

Conclusions

ETSI Principal Interfaces

1) HI1 : Interface for Administration InformationTransports administrative information from or to the LEA and NWO/AP/SvP

2) HI2 : Interface for IRITransmit information or data associated with the telecommunications services of the target identity apparent to the network.

3) HI3 : Interface for CC Transports the CC of the intercepted telecommunications service to the LEMF.

Thank youThank you