by Gerald McQuaid and Domenico Raffaele Cione
[vc_row] [vc_column width=”5/6″]Current ETSI activity on Lawful Interception (LI) and Retained Data (RD) is managed mainly by three main standardization committees: ETSI TC LI (the leading LI/RD group), TC CYBER and ISG NFV SEC.
1. ETSI TC LI
During 2016 and beginning of 2017 ETSI TC LI continued to work mainly on the external Handover Interfaces (HIs) between the domain of the Communication Service Provider (CSP) and the Law Enforcement Agency (LEA). TC LI maintains a coordination role in ETSI by defining the LEA requirements for which Technical Specifications (TSs) for LI (TS 101 331 v3.5.1) and RD (TS 101 656 v1.3.1) have been updated to consider implications of 5G on LI and RD requirements.
With reference to the external interfaces HI2 (interface of Intercept Related Information, IRI) and HI3 (interface of Content of Communication, CC), TC LI has published new versions of the IP based delivery HI of TS 102 232-i family which allows to provide LEA with intercepted data of communication services for messaging, internet access, layer 2, IP multimedia, PSTN/ISDN and mobile. The new TS 102 232-1 v3.13.1 has been enriched with new 3GPP services (TS 102 232-7 v3.4.1), recommendation for sequencing data unit delivery whereas all state diagrams for services specifications have been improved. Internet access has been extended to include explicit location notification (TS 102 232-3 v3.5.1) and IP Multimedia to include supplementary services and additional signaling information (TS 102 232-5 v3.7.1).
During 2016 there was a new publication of the Dictionary for common standard parameters, TS 103 280 v1.2.1, which added the definition at XSD and ASN.1 level of all the parameters that are commonly used in the different LI specifications where interfaces are specified. Furthermore, it was guaranteed also the alignment to the ASN.1 object identifies defined in latest LI HI specification by releasing the updated version v1.10.1 of the report TR 102 503.
Retained Data Handover Interface specification was enhanced taking into account of a series of input from LEA’s requesting to add new data in relation to Location, Access information and to enhance the requesting procedures on RD from LEA. TS 102 657 v1.18.1 was published.
The new work item of Internal Network Interfaces for Lawful Interception was significantly progressed with reference to the administrative LI procedures (ref. draft TS 103 221-1 v0.1.7) which were defined to detail all messages and relevant parameters. This TS, named specification for X1 interface, is now planned to be published as first version around mid-2017 and is expected to be beneficial as harmonizing LI solutions with reference to the LI interface between the internal network traffic nodes and the MF/DF system entity for administrative functionalities. TC LI also obtained large support to start new work items to standardize the LI internal interfaces for IRI (X2) and CC (X3).
Since the second quarter of 2016, ETSI TC LI has been working for the new TS 103 462 on a LI / RD Architecture reference model to address the new European Investigation Order (EIO) for criminal matters which specifies that an LEA of a country A shall be able to get intercepted data of a target using a communication service in a CSP network located in a country B. A complete new LEA-LEA HI has been built up and well progressed to plan the publication of the first version of this specification in 2017.
2. TC CYBER on LI
With reference to the current standardization activity in ETSI on Network Function Virtualization (NFV), it was clear that there was a requirement to define a list of base security requirements imposed by lawful interception in the NFV architecture. This action resulted into a new TS in TC CYBER, TS 103 487 v1.1.1, Baseline security requirements regarding sensitive functions for NFV and related platform establishing the fundamental security principles for hardware supporting virtualized network functions and focusing on the LI and RD aspects.
TC CYBER was recognized as the ETSI competent body to examine the information flows and interfaces for RD and LI from a security (confidentiality, integrity and authenticity) perspective and to specify implementation details (technologies, algorithms, options, minimum requirements on keys, etc.). This work resulted into the publication of TS 103 307 v1.2.1.
3. ISG NFV SEC
The NFV SEC sub-group within the Industrial Specification Group (ISG) NFV continues to drive the standardization activity on LI and RD features in the NFV interception domain in coordination with TCLI. LI and RD items were identified as relevant use cases for multi-layer administration and consequently referred in the SEC Group Report GR NFV-SEC009 v1.2.1.
Most NFV SEC activity to address LI requirements (specified in GS NFV SEC004) focused on NFV LI Architecture aspects (GR NFV SEC011). This work item was significantly progressed during the last six months resulting into well advanced draft which addresses primary the LI administrative procedures in NFV. The study is completed with the description of all possible NFV LI architectures evolution from the native legacy LI solution to the pure complete virtualized network elements scenarios. NFV SEC011 is planned to be completed and published by 2017. Then the plan is to start with the stage 3 standardization phase aiming to detail all the interface protocol parameters.
4. Latest published ETSI standard on LI & RD (February 2017)
ETSI TS 102 232-1 V3.13.1 (2017-02)* Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP delivery (by ETSI TC LI)
It refers to handover intercepted information via IP-based networks from a CSP to an LEMF covering the transportation of traffic without specifying any service functionality within CSPs or LEMF.
ETSI TS 102 232-3 V3.5.1 (2017-02)* Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 3: Service-specific details for internet access services (by ETSI TC LI)
It contains a stage 1 description of the interception information in relation to the process of binding a “target identity” to an IP address when providing Internet access and a stage 2 description of when IRI and CC need to be sent, and what information it needs to contain.
ETSI TS 102 232-4 V3.3.1 (2017-02)* Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 4: Service-specific details for Layer 2 services (by ETSI TC LI)
It specifies Lawful Interception for an Access Provider that has access to layer 2 session information and that is not required to have layer 3 information.
ETSI TS 102 232-5 V3.7.1 (2017-02)* Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia Services (by ETSI TC LI)
It details HI IRI and CC in relation to the Internet Protocol (IP) Multimedia (MM) Services based on the Session Initiation Protocol (SIP) and Real Time Transport Protocol (RTP) and Message Session Relay Protocol (MSRP) and IP MM services as described by the Recommendations ITU-T H.323 and H.248.
ETSI TS 102 232-7 V3.4.1 (2017-02)* Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 7: Service-specific details for Mobile Services (by ETSI TC LI)
It specifies an approach for the handover of the lawfully-intercepted information that is defined in the two standards: 3GPP TS 33.108 and ANSI/J-STD-025-B by using the handover techniques defined in ETSI TS 102 232-1.
ETSI TS 101 331 V3.5.1 (2017-02)* Lawful Interception (LI); Requirements of Law Enforcement Agencies (by ETSI TC LI)
In the area of co-operation by network operators, access providers, and service providers it provides a set of requirements relating to handover interfaces for the interception by law enforcement and state security agencies.
ETSI TS 102 656 V1.3.1 (2017-02)* Lawful Interception (LI); Retained Data; Requirements of Law Enforcement Agencies for handling Retained Data (by ETSI TC LI)
It provides a set of requirements relating to handover interfaces for the retained traffic data and subscriber data by law enforcement and other authorized requesting authorities.
ETSI TS 102 657 V1.18.1 (2017-02)* Lawful Interception (LI); Retained data handling; Handover interface for the request and delivery of retained data (by ETSI TC LI)
It contains handover requirements and a handover specification for the data that is identified in national legislations on Retained Data. It defines an electronic interface and considers both the requesting of retained data and the delivery of the results.
ETSI GR NFV-SEC 009 V1.2.1 (2017-01) Network Functions Virtualisation (NFV); NFV Security; Report on use-cases and technical approaches for multi-layer host administration (by ETSI NFV SEC)
It addresses multi-layer administration use cases and technical approaches, an issue identified in the Security Problem Statement, ETSI GS NFV-SEC 001 [i.1]. LI and RD are included as relevant use cases for multi-layer administration.
ETSI TS 103 307 v1.2.1 (2016-10) CYBER; Security Aspects for LI and RD Interfaces (by ETSI TC CYBER)
It considers the list of particular information flows and interfaces for RD and LI and examines them from a security (confidentiality, integrity and authenticity) perspective and specifies implementation details (technologies, algorithms, options, etc.).
ETSI TS 102 232-2 V3.10.1 (2016-08) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 2: Service-specific details for E-mail services (by ETSI TC LI)
It contains a stage 1 like description of the interception information in relation to the process of sending and receiving asynchronous messages. It also contains a stage 2 like description of when IRI and CC need to be sent, and what information it needs to contain.
ETSI TS 103 280 v1.2.1 (2016-08) Lawful Interception (LI); Dictionary for common parameters (by ETSI TC LI)
It defines a dictionary of parameters that are commonly used in multiple TC LI specifications. It represents a reference document to provide technical means for other specifications to use and it is intended to be a reference in the development of new specifications
ETSI TR 102 503 V1.10.1 (2016-08) Lawful Interception (LI); ASN.1 Object Identifiers in Lawful Interception and Retained data handling Specifications (by ETSI TC LI)
It reported the updated overview over the relevant Object IDentifiers (OID) used in Lawful Interception and Retained data handling specifications of ETSI and other specifications from ITU-T and ISO.
ETSI TS 103 487 v1.1.1 (2016-04) CYBER; Baseline security requirements regarding sensitive functions for NFV and related platform (by ETSI TC CYBER)
It defines security baseline requirements for sensitive functions including lawful interception (LI) and retained data (RD) in an NFV hardware/platform environment.
ETSI TS 103 120 v1.2.1 (2016-03) Lawful Interception (LI); Interface for warrant information (by ETSI TC LI)
It defines a standard HI electronic interface for the LI warrant management, e.g. HI1. It is intended to be used also in the new NFV network scenarios.
ETSI TS 101 671 V3.14.1 (2016-03) Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic (by ETSI TC LI)
First ETSI specification defining HI2 (Rose and FTP) and HI3 for GSM, TETRA, GPRS, ISDN, PSTN, fixed NGN (including PSTN/ISDN emulation) and fixed IMS PSTN simulation
Note: * Specification already approved at Technical Body level (2017-02) and now under ETSI publishing phase. ©
Other articles of Gerald McQuaid
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXIX)
This article highlights the relevant ETSI activity on Lawful Interception (LI) and Retained Data (RD) as update to the previous article of February 2017. The 2018th and 2019th period work items are described in the following section.
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVIII)
The ETSI work to provide a Technical Specification (TS) to support the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] had started in 2016 and was carried on during all 2017 and 2018 on all technical aspects of the new interface resulting now finalized with the publication of a first version of the Inter LEMF Handover Interface (ILHI) [4]. This specification provides LEMF’s with all implementation details to allow LI data transferring from one LEMF located in the country B (responding country where a target abroad is requested to be intercepted) to a LEMF located in the country A (requesting country where the request of interception is originated).
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVII)
NFV refers to the replacement of traditional specialised hardware devices with software that can be installed on standardised, off-the-shelf piece of hardware. ETSI work on NFV was initially set to address a requirement to define a list of base security requirements imposed by lawful interception in the NFV architecture.
by Gerald McQuaid and Domenico Raffaele Cione (N. IV_MMXVI)
Imminently, the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] is expected to become part of the EU-nations’ national laws. This EU directive requires each European Member State to transpose the directive into national law by 22 May 2017 (Article 33). This EIO describes the possibilities about lawful interception (LI) of telecommunications and collection of traffic and location retained data (RD) extended to network scenarios out of a pure national network context: an EIO may be issued for the interception of telecommunications by a Member State to obtain intercepted data of a target when using a communication service in a CSP’s network located in another Member State country (ref. Article 30 of [1]).
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVI)
Traditionally the ETSI standardization work was focused on IRI and CC data details by defining, updating and maintaining related data Handover Interfaces (HI-2 and HI-3) specifications. Furthermore, ETSI had defined a dedicated Handover Interface, named HI-1, referred to be also crossing borders between countries based on corresponding international laws or agreements. HI-1 was defined as an interface between LEA and CSP to transport all kind of administrative information being used for the transmission of the request to establish or to remove the interception action from the LEA to the CSP and the acknowledgement message back to the LEA.
by Gerald McQuaid and Domenico Raffaele Cione (N. II_MMXVI)
VoLTE, Voice over Long Term Evolution (LTE), is a standard-based technology used to support voice calls over the LTE technology being now used by 4G wireless networks.
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVI)
This thematic section is intended to inform readers on the latest progress of standardization work items on Lawful Interception (LI) and Retained Data (RD) mainly focusing on European regional level (ETSI). The scope is to cover all relevant LI and RD aspects in terms of requirements, communication service providers architecture and network interfaces/protocols definition.
Other articles of Domenico Raffaele Cione
by Domenico Raffaele Cione (N. IV_MMXXII)
This document highlights the ETSI activity on Lawful Interception (LI) and Retained Data (RD) at end of 2022 as update from Q4 2021 status.
by Domenico Raffaele Cione (N. IV_MMXXI)
This document highlights the ETSI activity on Lawful Interception (LI) and Retained Data (RD) at end of 2021 as update from Q4 2020 status.
by Domenico Raffaele Cione (N. IV_MMXX)
This article highlights the ETSI activity on Lawful Interception (LI) and Retained Data (RD) as update to the previous article of September 2019.
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXIX)
This article highlights the relevant ETSI activity on Lawful Interception (LI) and Retained Data (RD) as update to the previous article of February 2017. The 2018th and 2019th period work items are described in the following section.
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVIII)
The ETSI work to provide a Technical Specification (TS) to support the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] had started in 2016 and was carried on during all 2017 and 2018 on all technical aspects of the new interface resulting now finalized with the publication of a first version of the Inter LEMF Handover Interface (ILHI) [4]. This specification provides LEMF’s with all implementation details to allow LI data transferring from one LEMF located in the country B (responding country where a target abroad is requested to be intercepted) to a LEMF located in the country A (requesting country where the request of interception is originated).
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVII)
NFV refers to the replacement of traditional specialised hardware devices with software that can be installed on standardised, off-the-shelf piece of hardware. ETSI work on NFV was initially set to address a requirement to define a list of base security requirements imposed by lawful interception in the NFV architecture.
by Gerald McQuaid and Domenico Raffaele Cione (N. IV_MMXVI)
Imminently, the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] is expected to become part of the EU-nations’ national laws. This EU directive requires each European Member State to transpose the directive into national law by 22 May 2017 (Article 33). This EIO describes the possibilities about lawful interception (LI) of telecommunications and collection of traffic and location retained data (RD) extended to network scenarios out of a pure national network context: an EIO may be issued for the interception of telecommunications by a Member State to obtain intercepted data of a target when using a communication service in a CSP’s network located in another Member State country (ref. Article 30 of [1]).
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVI)
Traditionally the ETSI standardization work was focused on IRI and CC data details by defining, updating and maintaining related data Handover Interfaces (HI-2 and HI-3) specifications. Furthermore, ETSI had defined a dedicated Handover Interface, named HI-1, referred to be also crossing borders between countries based on corresponding international laws or agreements. HI-1 was defined as an interface between LEA and CSP to transport all kind of administrative information being used for the transmission of the request to establish or to remove the interception action from the LEA to the CSP and the acknowledgement message back to the LEA.
by Gerald McQuaid and Domenico Raffaele Cione (N. II_MMXVI)
VoLTE, Voice over Long Term Evolution (LTE), is a standard-based technology used to support voice calls over the LTE technology being now used by 4G wireless networks.
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVI)
This thematic section is intended to inform readers on the latest progress of standardization work items on Lawful Interception (LI) and Retained Data (RD) mainly focusing on European regional level (ETSI). The scope is to cover all relevant LI and RD aspects in terms of requirements, communication service providers architecture and network interfaces/protocols definition.