ETSI ETR 331-1996 Security Techniques Advisory Group (STAG) Definition of User Requirements for Lawful Interception of Telecommunications Requirements of the Law Enforcement Agenci_1.pdf

1、- ETSI 1 ECHNICAL REPORT ETR 331 December 1996 Source: ETSI TC-STAG Reference: DTWNA-00231 O ICs: 33.020 Key words: Security Security Techniques Advisory Group (STAG); Definition of user requirements for lawful interception of telecommunications; Requirements of the law enforcement agencies ETSI Eur

2、opean Telecommunications Standards Institute ETSI Secretariat Postal address: F-O6921 Sophia Antipolis CEDEX - FRANCE Office address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE X.400: c=fr, a=atlas, p=etsi, s=secretariat - internet: secretariatQetsi.fr Tel.: +33 4 92 94 42 O0 - Fa

3、x: +33 4 93 65 47 16 Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. 6 European Telecommunications Standards Institute 1996. All rights reserved. STD*ETSI ETR 331-ENGL 177b

4、3400855 OLbOOBO 40T M Page 2 ETR 331 : December 1996 Whilst every care has been taken in the preparation and publication of this document, errors in content, typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to “ETSI Editing and Committee Support Dept.

5、“ at the address shown on the title page. STD.ETSI ETR 331-ENGL L77b 3q00855 LbOO1 3qb Page 3 ETR 331 : December 1996 Contents Foreword . 5 Scope 7 References 7 Abbreviations and Definitions 7 3.1 Abbreviations . 7 3.2 Definitions 7 General Introduction 9 Architecture . 10 User (LEA) requirements 10

6、 6.2 Result of interception . 11 6.3 Location information 12 6.4 Time constraints 12 6.5 Non disclosure . 12 6.5.1 6.5.2 Manufacturers . 13 6.6 Information transmission and information protection requirements . 13 6.7 Internal security 13 6.8 Unchanged state of service. etc 14 6.9 Technical handover

7、 interfaces and format requirements 14 6.10 6.1 1 6.12 6.1 3 6.1 General requirements 11 Network operator/service provider 12 Independence of the network operator or service provider . 15 Temporary obstacles to transmission 15 Multiple interception measures 16 Identification of the identity to be in

8、tercepted . 15 Annex A: A.l A.2 Service providers . 17 A.3 Home country service from a foreign territory . 18 A.4 Identification of a target service . 20 Annex B: History 22 Explanatory diagrams . 17 General network arrangements . 17 Draft requirements for interception across national frontiers 21 S

9、TD-ETSI ETR 331-ENGL L99b 3q00855 O1b0082 282 Page 4 ETR 331 : December 1996 I Blank page STD-ETSI ETR 331-ENGL L77b w 3400855 OLb0083 117 Page 5 ETR 331 : December 1996 Foreword This ETSI Technical Report (ETR) has been produced by the Security Techniques Advisory Group (STAG) of the European Telec

10、ommunications Standards Institute (ETSI) in view of the growing need of standardization in the area of lawful interception of telecommunications. This ETR describes in general the user requirements regarding to an irterception handover interface which, in a !ater stage, will be translated into the t

11、echnical design of this interface in the form of an European Telecommunication Standard (ETS). Page 6 ETR 331 : December 1996 Blank page STD*ETSI ETR 331-ENGL 177b m 3400855 O1b0085 T7L m Page 7 ETR 331 : December 1996 1 Scope This ETSI Technical Report (ETR) provides guidance for ETSI bodies in the

12、 area of co-operation by network operatordservice providers with the lawful interception of telecommunications. It provides a set of requirements relating to handover interfaces for the interception by law enforcement and state security agencies. Requirements with regard to telecommunications servic

13、es provided from areas outside nztional frontiers are not fully developed yet and therefore only some preliminary requirements have been annexed for information. This ETR describes the requirements from an Law Enforcement Agencys (LEAS) point of view only. Pending national legislation not all requir

14、ements need necessarily be applicable in one individual nation. These requirements will be used to derive specific network requirements and furthermore to standardize handover i nterfaces. 2 References For the purposes of this ETR, the following references apply: ETR 330: “Security Techniques Adviso

15、ry Group (STAG); A guide to legislation, recommendations this is done in several steps. Step 1 Step 1 is the definition of user requirements with the LEAS being the users and therefore will be done in close co-operation with the law enforcement and state security agencies. An ETSI STAG ad hoc group

16、on legal interception has produced this ETR being part of step 1. Step 2 In a further step the network requirements will be derived from the step 1 document. This may be done with assistance from (S)TCs concerned. This step is the Stage 1 description of the lawful interception handover interface(s).

17、 The aim is to establish one set of harmonized network requirements. This step will also be done by STAG, but in close co-operation with (S)TCs concerned. It is planned to publish the results as an ETS. Step 3 This step encompasses the Stage 2 and Stage 3 descriptions of the interface). It will lead

18、 to one (or more) concrete models, supporting the abstract model for specific products and services. The number of handover interface(s) should be limited. This work should be carried out by (S)TC Security or Plenary Groups concerned rather than by STAG. The definition of a handover interface for th

19、e delivery of the results of lawful interception should allow the technical facilities to be provided: - with reliability; - with accuracy; - at low cost; - with minimum disruption; - most speedily; in a secure manner; - as part of business as usual. STD-ETSI ETR 331-ENGL 177b 3400855 0160088 7T0 Pa

20、ge 10 ETR 331 : December 1996 5 Architecture This clause provides some high level explanatory information on possible examples of handover interfaces and their relation to the abstract handover interface (see figure 1). The interface would take a two layer form: - - an abstract model of the handover

21、 and the administration of lawful interception; a minimum set of concrete interfaces which support the abstract model for specific products and services, or combinations, such as: 64 kbit digital bearers (speech, digital data, etc.); low bit-rate bearers; Switched Multimegabit Data Service (SMDS) be

22、arers (very high bit-rate); Asynchronous Transfer Mode (ATM) (whole families of bit rates); point-to-point calls; broadcast calls; store-and-forward services; etc. Such a form allows rapid development of the enhancements required as networks and their associated services grow and evolve. All network

23、s will use the same abstract model, but the concrete interfaces will be enhanced to cope with new networks features, such as the use of Intelligent Network (IN) Intelligent Peripherals (IPS). POTS handover handover interface CAMEL: POTS Plain Ordinary Telephone Service Customized Applications for Mo

24、bile networks Enhanced Logic Figure 1 : Relationship of possible handover interfaces 6 User (LEA) requirements This clause presents the user requirements related to the lawful interception of telecommunications with the LEA being the user. The relevant terms are defined in subclause 3.2. These user

25、requirements are subject to national law and international treaties and should be interpreted in accordance with applicable national policies. The following list of requirements is a collection of items, where several requirements might not correspond to national laws and regulations of the individu

26、al countries. The handover interface(s) should be configured in such a way that it (they) will comply with the appropriate national requirements. A lawful authorization will specify a subset of requirements to be delivered on a case-by-case basis. 6.1 ,I) 6.2 The 1) STD.ETS1 ETR 331-ENGL L77b m 3Li0

27、0855 OLb0089 b37 m Page 11 ETR 331 : December 1996 General requirements The obligation of the network operator/service provider as to which telecommunications traffic shall be intercepted is subject to national laws. In accordance with the relevant lawful authorization a network operator/service pro

28、vider shall ensure that: a) b) the entire content of communication associated with a target identity being intercepted can be intercepted during the entire period; any content of communication associated with a target identity being intercepted which is routed to technical storage facilities or is r

29、etrieved from such storage facilities can be intercepted during the entire period; if the results of interception can not be delivered immediately to the relevant LEMF, then the content of communication and/or the intercept related information shall be buffered until they can be delivered; he shall

30、not monitor or permanently record the results of interception. c) d) The ability to intercept telecommunications shall be provided relating to all interception subjects operating permanently within a telecommunications system (e.g. a PSTN subscriber). The ability to intercept telecommunications shal

31、l be provided relating to all interception subjects operating temporarily within a telecommunications system (e.g. a visiting mobile subscriber). The results of interception relating to a target service shall be provided by the network operator/service provider in such a way that any telecommunicati

32、ons that do not fall within the scope of the lawful authorization shall be excluded by the network operator/service provider. All results of interception provided at the handover interface shall be given a unique identification relating to lawful authorization. Result of interception network operato

33、r or service provider shall, in relation to each target service: provide the content of communication, relating to each successful establishment of telecommunication. remove any service coding or encryption which has been applied to the content of communication (.e. en clair) and the intercept relat

34、ed information at the instigation of the network operator or service provider. provide the LEA with any other decryption keys whose use include encryption of the content of communication, where such keys are available. Intercept related information shall be provided: a) b) c) d) on change of status;

35、 e) f) on change of location. NOTE: when a call setup is attempted; when a call is established; when no successful call is established; on change of service or service parameter (e.9. activation of call forwarding); In this ETR, service should be taken to include so-called supplementary services. ST

36、D.ETS1 ETR 332-ENGL L77b m 3400855 OLb0090 357 m Page 12 ETR 331: December 1996 I 5) Intercept related information shall contain: a) b) c) d) information relating to status; e) time stamps. the identities that have attempted telecommunications with the target identity, successful or not; identities

37、used by or associated with the target identity; details of services used and their associated parameters; 6) The conditions mentioned above also apply to multi-party or multi-way telecommunication (e.g. conference calls) if and as long as the target identity participates. 6.3 Location information An

38、 LEA may request location information relating to locations, in a number of forms: 1) the current geographic, physical or logical location of the target identity, when telecommunications activity (involving a call or a service) is taking place; 2) the current geographic, physical or logical location

39、 of the target identity, irrespective of whether telecommunications activity (involving a call or a service) is taking place or not; 3) the current geographic, physical or logical location of an identity temporarily associated with a target service because of successful telecommunication or an unsuc

40、cessful attempt to establish telecommunication; 4) the current geographic, physical or logical location of an identity permanently associated with a target service. NOTE: This information is expected to be made available from normal network operation. An example of geographic location might be a cel

41、l identity in mobile networks, an example of physical location might be a subscriber access number in a fixed network and an example of a logical location might be a UPT number associated with a physical location. 6.4 Time constraints 1) A network operator/service provider shall make the necessary a

42、rrangements to fulfil his obligation to enable the interception and delivery of the result of interception from the point in time when the telecommunication installation commences commercial service. 2) The above requirement applies accordingly to the introduction of modifications to the telecommuni

43、cation installation or to new operational features for existing telecommunications services to the extent of their impact on existing interception capabilities. 3) When a lawful authorization is presented a network operator/service provider shall co-operate immediately. 4) After a lawful authorizati

44、on has been issued, provision of the results of interception of a target identity shall proceed on a real-time or near real-time basis. In the case of near real-time the LEA should be able to force real-time (by means of emptying any buffers involved) if necessary. 6.5 Non disclosure 6.5.1 Network o

45、perator/service provider a) Information on the manner in which interception measures are implemented in a given telecommunication installation shall not be made available to unauthorized persons. b) Information relating to target identities and target services to which interception is being applied

46、shall not be made available to unauthorized persons. STD.ETS1 ETR 331-ENGL 177b m 3q00855 Olb0091 275 m Page 13 ETR 331 : December 1996 6.5.2 Manufacturers The network operator/service provider shall agree confidentiality on the manner in which interception measures are implemented in a given teleco

47、mmunication installation with the manufacturers of his technical installations for the implementation of interception measures. 6.6 Information transmission and information protection requirements The technical arrangements required within a telecommunication installation to allow implementation of

48、the interception measures shall be realized with due care exercised in operating telecommunication installations, particularly with respect to: the need to protect information on which and how many target identities are or were subject to interception and the periods during which the interception me

49、asures were active; the restriction to a minimum of staff engaged in implementation and operation of the interception measure; to ensure the clear delimitation of functions and responsibilities and the maintenance of third-party telecommunications privacy, interception and recording shall be carried out in operating rooms accessible only by authorized personnel; the result of interception shall be delivered through a handover interface; no access of any form to the handover interface shall be granted to unauthorized persons; network