1、 ETSI TS 101 331 V1.5.1 (2017-03) Lawful Interception (LI); Requirements of Law Enforcement Agencies TECHNICAL SPECIFICATION ETSI ETSI TS 101 331 V1.5.1 (2017-03)2 Reference RTS/LI-00139 Keywords security, lawful interception ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.:
2、+33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made availab
3、le in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only pr
4、evailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other E
5、TSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utiliz
6、ed in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to rep
7、roduction in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of t
8、he 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 101 331 V1.5.1 (2017-03)3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g3Introduction 5g31 Scope 6g32 References 6g32.1 Normative referen
9、ces . 6g32.2 Informative references 6g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 8g34 User (LEA) requirements . 9g34.1 Introduction 9g34.2 General requirements . 9g34.3 Result of interception . 10g34.4 Location information 11g34.5 Time constraints . 11g34.6 Non-disc
10、losure . 11g34.6.1 Network operator/service provider/access provider 11g34.6.2 Manufacturers . 12g34.7 Information transmission and information protection requirements 12g34.8 Internal security 13g34.9 Unchanged state of service, etc. . 13g34.10 Technical handover interfaces and format requirements
11、13g34.11 Independence of the network operator, service provider or access provider 14g34.12 Temporary obstacles to transmission . 14g34.13 Identification of the identity to be intercepted 15g34.14 Multiple interception measures 15g3Annex A (normative): Detailed Requirements of Law Enforcement Agenci
12、es for Circuit Switched oriented telecommunications Networks and Services 16g3A.0 Introduction 16g3A.1 Details on clause 4.3, item d) . 16g3A.2 Details on clause 4.4 . 16g3A.3 Details on clause 4.7, items i) and j) 16g3A.4 Details on clause 4.10, items a) and h) . 17g3Annex B (normative): Detailed R
13、equirements of Law Enforcement Agencies for Packet oriented telecommunications Networks and Services. 18g3B.0 Overview 18g3B.1 Details on clause 4.3, items d) and e) . 18g3B.2 Details on clause 4.4 . 19g3B.3 Details on clause 4.7, item i) 19g3B.4 Details on clause 4.10, item a) . 19g3Annex C (normat
14、ive): Advanced Services . 20g3Annex D (informative): Examples of Advanced Services . 21g3ETSI ETSI TS 101 331 V1.5.1 (2017-03)4 D.0 Introduction 21g3D.1 General Capabilities . 21g3D.1.1 Registration/Authorization Events . 21g3D.1.2 Communication Content Events . 21g3D.1.3 Feature Management Events 2
15、1g3D.1.4 Interception Status Events 21g3D.2 Voice Capabilities 22g3D.2.1 Call Management Events 22g3D.2.2 Feature Use Events . 22g3D.3 Messaging Capabilities. 23g3D.3.0 Introduction 23g3D.3.1 Message Creation Events . 23g3D.3.2 Message Reception Events . 23g3D.3.3 Automatic welcome or reply message
16、management 23g3Annex E (informative): Explanatory diagrams . 24g3E.0 Introduction 24g3E.1 General network arrangements . 24g3E.2 Service providers 25g3E.3 Home country service from a foreign territory. 26g3E.4 Identification of a target service . 27g3Annex F (informative): Basic requirements for int
17、erception across national frontiers 28g3Annex G (informative): Change Request History 29g3History 30g3ETSI ETSI TS 101 331 V1.5.1 (2017-03)5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to thes
18、e essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest
19、updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
20、server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Lawful Interception (LI). The present document replaces ETSI ETR 331 (1996) i.1 (and earlier versions of ETSI TS 101 331). Modal ve
21、rbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT a
22、llowed in ETSI deliverables except when used in direct citation. Introduction Originally ETSI ETR 331 i.1 was intended to incorporate into ETSI standards the EU Council Resolution of 1995 1 on International User Requirements. In consequence, the original ETSI ETR 331 i.1 concentrated on telephony ne
23、tworks such as PSTN, ISDN and GSM because these were the main telecommunications networks. The introduction of TETRA, GPRS, UMTS and the increased usage of the Internet forced a change so that ETSI ETR 331 i.1 has been replaced by the present document which focuses on the interpretation of ETSI ETR
24、331 i.1 on specific technologies in the different annexes. According to rules set by the laws of individual nations as well as decisions of the European Union, there is a need to lawfully intercept telecommunications traffic and intercept related information in modern telecommunications systems. Wit
25、h the aim of harmonising the interception policy in the member states, the Council of the European Union adopted a set of requirements in EU Council Resolution of 1995 1, with the aim of feeding them into national legislation. The LEA requirements have to be taken into account in defining the abstra
26、ct handover interface. The definition of a handover interface for the delivery of the results of lawful interception should allow the technical facilities to be provided: - with reliability; - with accuracy; - at low cost; - with minimum disruption; - most speedily; - in a secure manner; - using sta
27、ndard procedures. ETSI ETSI TS 101 331 V1.5.1 (2017-03)6 1 Scope The present document gives guidance for lawful interception of telecommunications in the area of co-operation by network operators, access providers, and service providers. It provides a set of requirements relating to handover interfa
28、ces for the interception by law enforcement and state security agencies. Requirements with regard to telecommunications services provided from areas outside national boundaries are not fully developed yet and therefore only some preliminary requirements have been annexed for information. The present
29、 document describes the requirements from a Law Enforcement Agencys (LEAs) point of view. Not all requirements necessarily apply in one individual nation. These requirements need to be used to derive specific network requirements and furthermore to standardize handover interfaces. 2 References 2.1 N
30、ormative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendment
31、s) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The foll
32、owing referenced documents are necessary for the application of the present document. 1 European Union Council Resolution of 17 January 1995 on the Lawful Interception of Telecommunications (96/C 329/01). 2.2 Informative references References are either specific (identified by date of publication an
33、d/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of
34、 publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI ETR 331: “Security Techniques Advisory Group (STAG); Definition o
35、f user requirements for lawful interception of telecommunications; Requirements of the law enforcement agencies“. i.2 ETSI TS 103 307: “CYBER; Security Aspects for LI and RD Interfaces“. ETSI ETSI TS 101 331 V1.5.1 (2017-03)7 3 Definitions and abbreviations 3.1 Definitions For the purposes of the pr
36、esent document, the following terms and definitions apply: access provider: company that provides a user of some network with access from the users terminal to that network buffer: temporary storing of information in case the necessary telecommunication connection to transport information to the Law
37、 Enforcement Monitoring Facility (LEMF) is temporarily unavailable call: any temporarily switched connection capable of transferring information between two or more users of a telecommunications system NOTE: In this context a user may be a person or a machine. communication: information transfer acc
38、ording to agreed conventions content of communication: information exchanged between two or more users of a telecommunications service, excluding intercept related information NOTE: This includes information which may, as part of some telecommunications service, be stored by one user for subsequent
39、retrieval by another. handover interface: physical and logical interface across which the interception measures are requested from network operator/access provider/service provider, and the results of interception are delivered from a network operator/access provider/service provider to a law enforc
40、ement monitoring facility identity: technical label which may represent the origin or destination of any telecommunications traffic, as a rule clearly identified by a physical telecommunications identity number (such as a telephone number) or the logical or virtual telecommunications identity number
41、 (such as a personal number) which the subscriber can assign to a physical access on a case-by-case basis intercept related information: collection of information or data associated with telecommunication services involving the target identity, specifically communication associated information or da
42、ta (e.g. unsuccessful communication attempts), service associated information or data (e.g. service profile management by subscriber) and location information interception (lawful interception): action (based on the law), performed by a network operator/service provider/access provider, of making av
43、ailable certain information and providing that information to an LEMF NOTE: In the present document the term interception is not used to describe the action of observing communications by an LEA (see below). interception interface: physical and logical locations within the network operators/service
44、providers/access providers telecommunications facilities where access to the content of communication and intercept related information is provided NOTE: The interception interface is not necessarily a single, fixed point. interception measure: technical measure which facilitates the interception of
45、 telecommunications traffic pursuant to the relevant national laws and regulations interception subject: person or persons, specified in a lawful authorization, whose telecommunications are to be intercepted Law Enforcement Agency (LEA): organization authorized by a lawful authorization based on a n
46、ational law to receive the results of telecommunications interceptions Law Enforcement Monitoring Facility (LEMF): law enforcement facility designated as the transmission destination for the results of interception relating to a particular interception subject ETSI ETSI TS 101 331 V1.5.1 (2017-03)8
47、lawful authorization: permission granted to an LEA under certain conditions to intercept specified telecommunications and requiring co-operation from a network operator/service provider/access provider NOTE: Typically, this refers to a warrant or order issued by a lawfully authorized body. location
48、information: information relating to the geographic, physical or logical location of an identity relating to an interception subject network operator: operator of a public telecommunications infrastructure which permits the conveyance of signals between defined network termination points by wire, by
49、 microwave, by optical means or by other electromagnetic means quality of service: quality specification of a telecommunications channel, system, virtual channel, computer-telecommunications session, etc. NOTE: Quality of service may be measured, for example, in terms of signal-to-noise ratio, bit error rate, message throughput rate or call blocking probability. reliability: probability that a system or service will perform in a satisfactory manner for a given period of time when used under specific operating conditions result of interception: inform
