1、 ETSI TS 102 656 V1.3.1 (2017-03) Lawful Interception (LI); Retained Data; Requirements of Law Enforcement Agencies for handling Retained Data TECHNICAL SPECIFICATION ETSI ETSI TS 102 656 V1.3.1 (2017-03)2 Reference RTS/LI-00140 Keywords handover, retention, security ETSI 650 Route des Lucioles F-06
2、921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-searc
3、h The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between
4、such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information
5、 on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notifi
6、cation No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright a
7、nd the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI register
8、ed for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 656 V1.3.1 (2017-03)3 Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs terminology 4g3Introduction 4g31 Scop
9、e 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34 User (LEA) requirements . 7g34.1 Introduction 7g34.2 General requirements . 7g34.3 Requests . 8g34.4 Request for retained data 8g34.5 Deli
10、very 9g34.6 Content of delivery . 9g34.7 Location information 11g34.8 Availability constraints . 11g34.9 Information transmission and information protection requirements 11g34.10 Internal security 12g34.11 Technical handover interfaces and format requirements 12g34.12 Temporary obstacles to transmis
11、sion . 13g34.13 Identification of the request criteria 13g34.14 Multiple requests 13g3Annex A (normative): Administrative requirements 14g3A.1 Non-disclosure . 14g3A.1.1 CSP . 14g3A.1.2 Manufacturers or 3rdparty providers 14g3Annex B (informative): Change Request History 15g3History 16g3ETSI ETSI TS
12、 102 656 V1.3.1 (2017-03)4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000
13、314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investiga
14、tion, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specificat
15、ion (TS) has been produced by ETSI Technical Committee Lawful Interception (LI). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafti
16、ng Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Introduction The multi CSP, multi LEA and multinational aspect of the retained data creates the need for a standardized requests and the delivery
17、of the data. The present document describes similar to the requirements for lawful interception in ETSI TS 101 331 1 the law enforcement needs for the request and delivery and related aspects of retained data. The definition of a handover interface for the request and delivery should allow the techn
18、ical facilities to be provided: with reliability; with accuracy; at low cost; with minimum disruption and most speedily; in a secure manner; using standard procedures. ETSI ETSI TS 102 656 V1.3.1 (2017-03)5 1 Scope The present document gives guidance for the delivery and associated issues of retaine
19、d data of telecommunications and subscribers. It provides a set of requirements relating to handover interfaces for the retained traffic data and subscriber data by law enforcement and other authorized requesting authorities. The present document describes the requirements from a Law Enforcement Age
20、ncys (LEAs) point of view. Not all requirements necessarily apply in one individual nation. These requirements may be used to derive specific network requirements and furthermore to standardize handover interfaces. The present document gives the requirements for the delivery of Retained Data (in lin
21、e with ETSI TS 101 331 1 for LI). NOTE: Reading the present document it should be taken in account that: square4 Limitations in what data to be retained are a national issue. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number
22、 or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location migh
23、t be found at https:/docbox.etsi.org/Reference/. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI TS 101 331:
24、“Lawful Interception (LI); Requirements of Law Enforcement Agencies“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific refer
25、ences, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application
26、of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TS 103 307: “CYBER; Security Aspects for LI and RD Interfaces“. ETSI ETSI TS 102 656 V1.3.1 (2017-03)6 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the fol
27、lowing terms and definitions apply: cell ID: identity of the cell from which a mobile telephony call originated or in which it terminated Communication Service Provider (CSP): generic description covering Access Provider, Service Provider and Network Operator data: traffic data and location data and
28、 the related data necessary to identify the subscriber or user lawful authorization: permission granted to a LEA under certain conditions to request specified telecommunications retained data and requiring co-operation from a network operator/service provider/access provider NOTE: Typically, this re
29、fers to a warrant or order issued by a lawfully authorized body. Law Enforcement Agency (LEA): organization authorized by a lawful authorization based on a national law to receive the results of telecommunications retained data location information: information relating to the geographic, physical o
30、r logical location of an identity relating to an interception subject quality of service: quality specification of a telecommunications channel, system, virtual channel, computer-telecommunications session, etc. NOTE: Quality of service may be measured, for example, in terms of signal-to-noise ratio
31、, bit error rate, message throughput rate or call blocking probability. reliability: probability that a system or service will perform in a satisfactory manner for a given period of time when used under specific operating conditions request criteria: identity associated with a retained data to be de
32、livered target identity: identity associated with a retained data to be delivered telecommunications: any transfer of signs, signals, writing images, sounds, data or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectric or photo optical system te
33、lephone service: calls (including voice, voicemail and conference and data calls), supplementary services (including call forwarding and call transfer) and messaging and multi-media services (including short message services, enhanced media services and multi-media services) unsuccessful call attemp
34、t: communication where a telephone call has been successfully connected but not answered or there has been a network management intervention user: any legal entity or natural person using a publicly available electronic communications service, for private or business purposes, without necessarily ha
35、ving subscribed to that service user ID: unique identifier allocated to persons when they subscribe to or register with an Internet access service or Internet communications service 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: CIoT Cellular Internet
36、of Things CSP Communication Service Provider DSL Digital Subscriber Line GPRS General Packet Radio Service GPS Global Positioning SystemETSI ETSI TS 102 656 V1.3.1 (2017-03)7 GSM Global System for Mobile communications HLR Home Location Register ID IDentity IMEI International Mobile Equipment Identi
37、ty IMSI International Mobile Subscriber Identity IoT Internet of Things IP Internet Protocol ISO International Organization for Standardization LEA Law Enforcement AgencyLI Lawful Interception RD Retained Data VLR Visited Location Register WLAN Wireless Local Area Network xDSL any Digital Subscriber
38、 Line technology 4 User (LEA) requirements 4.1 Introduction This clause presents the user requirements related to the retained data of telecommunications with the LEA being the user. The relevant terms are defined in clause 3.1. These user requirements are subject to national law and international t
39、reaties and should be interpreted in accordance with applicable national policies. The following list of requirements is a collection of items, where several requirements might not correspond to national laws and regulations of the individual countries. Implementation takes place if required by nati
40、onal law. The Handover Interface(s) (HIs) should be configured in such a way that it (they) complies with the appropriate national requirements. A lawful authorization may specify a subset of requirements to be delivered on a case-by-case basis, this is based on the national regulation for different
41、 LEAs. The consequences and implications of these requirements contain clarifications for new developments (e.g. virtualized networks or 5G communications). 4.2 General requirements a) The obligation of the Communication Service Provider (CSP) as to which data shall be retained and delivered is subj
42、ect to national laws. b) The obligation of the CSP as to which period the data shall be retained subject to national laws. c) The CSP will be able to provide data of subscriber and subscriber related traffic data that was generated or processed within the retention period within its telecommunicatio
43、ns system. d) The CSP will be able to provide data received from other networks that was generated or processed (originated, terminated or forwarded) within the retention period within its telecommunications system. e) The present document relates only to data generated or processed as a consequence
44、 of a communication or a communication service and does not relate to data that are the content of the information communicated. Data generated or processed when supplying the communications services concerned refers to data which are accessible. In particular the obligation to retain data may apply
45、 only in respect of data from the providers or the network providers own services. f) Given that the obligations on providers of electronic communications services should be proportionate, this requires that they retain only such data as are generated or processed in the process of supplying their c
46、ommunications services. To the extent that such data are not generated or processed by those providers, there is no obligation to retain them. There is no intention to harmonize the technology for retaining data, the choice of which is a matter to be resolved at national level. g) The RD requirement
47、s are not limited to communication of individuals. The RD requirement also applies to devices in IoT including CIoT. ETSI ETSI TS 102 656 V1.3.1 (2017-03)8 NOTE 1: The retention of data applies to the use of services. This applies to subscribers, visitors, etc. of the service. NOTE 2: The retention
48、of data applies to all calls or services including those from roaming scenarios, e.g. mobile roaming records (ISO spec). h) The visited network shall be able to support RD of all services without home network assistance or visibility. 4.3 Requests a) The requests for retained data can apply to: 1) d
49、ata generated or processed in association with communication or communication attempts (typically unsuccessful calls) (in accordance with particular national requirements); 2) subscriber data. b) The requests for retained data will be based on the request criteria defined in clause 4.4. c) The request shall not require the CSP to make any subjective decisions, to use any judgement or discretion. In other words, requests shall be such that it is immediately clear whether a particular record matches the request. d) The requests will be done by lawful aut
