fbpx
Wikipedia

Lawful interception

January 01, 1970

Lawful interception (LI) refers to the facilities in telecommunications and telephone networks that allow law enforcement agencies with court orders or other legal authorization to selectively wiretap individual subscribers. Most countries require licensed telecommunications operators to provide their networks with Legal Interception gateways and nodes for the interception of communications. The interfaces of these gateways have been standardized by telecommunication standardization organizations. As with many law enforcement tools, LI systems may be subverted for illicit purposes.

With the legacy public switched telephone network (PSTN), wireless, and cable systems, lawful interception (LI) was generally performed by accessing the mechanical or digital switches supporting the targets' calls. The introduction of packet switched networks, softswitch technology, and server-based applications during the past two decades fundamentally altered how LI is undertaken.

Lawful interception differs from the dragnet-type mass surveillance sometimes done by intelligence agencies, where all data passing a fiber-optic splice or other collection point is extracted for storage or filtering. It is also separate from the data retention of metadata that has become a legal requirement in some jurisdictions.

Terminology edit

Lawful interception is obtaining communications network data pursuant to lawful authority for the purpose of analysis or evidence. Such data generally consist of signalling or network management information or, in fewer instances, the content of the communications. If the data are not obtained in real-time, the activity is referred to as access to retained data (RD).[1]

There are many bases for this activity that include infrastructure protection and cybersecurity. In general, the operator of public network infrastructure can undertake LI activities for those purposes. Operators of private network infrastructures in the United States have an inherent right to maintain LI capabilities within their own networks unless otherwise prohibited.[2]

One of the bases for LI is the interception of telecommunications by law enforcement agencies (LEAs), regulatory or administrative agencies, and intelligence services, in accordance with local law. Under some legal systems, implementations—particularly real-time access to content—may require due process and receiving proper authorization from competent authorities—an activity that was formerly known as "wiretapping" and has existed since the inception of electronic communications. The material below primarily treats this narrow segment of LI.[3]

Technical description edit

Almost all countries have lawful interception capability requirements and have implemented them using global LI requirements and standards developed by the European Telecommunications Standards Institute (ETSI), Third Generation Partnership Project (3GPP), or CableLabs organizations—for wireline/Internet, wireless, and cable systems, respectively. In the USA, the comparable requirements are enabled by the Communications Assistance for Law Enforcement Act (CALEA), with the specific capabilities promulgated jointly by the Federal Communications Commission and the Department of Justice. In the USA, lawful intercept technology is currently patented by a company named Voip-pal.com under the USPTO Publication #: 20100150138.[4]

Governments require phone service providers to install a legal interception gateway (LIG), along legal interception nodes (LIN), which allow them to intercept in real-time the phone calls, SMS messages, emails and some file transfers or instant messages.[5][6] These LI measures for governmental surveillance have been in place since the beginning of digital telephony.[7]

To prevent investigations' being compromised, LI systems may be designed in a manner that hides the interception from the telecommunications operator concerned. This is a requirement in some jurisdictions.

To ensure systematic procedures for carrying out interception, while also lowering the costs of interception solutions, industry groups and government agencies worldwide have attempted to standardize the technical processes behind lawful interception. One organization, ETSI, has been a major driver in lawful interception standards not only for Europe, but worldwide.

This architecture attempts to define a systematic and extensible means by which network operators and law enforcement agents (LEAs) can interact, especially as networks grow in sophistication and scope of services. Note this architecture applies to not only “traditional” wireline and wireless voice calls, but to IP-based services such as voice over IP, email, instant messaging, etc. The architecture is now applied worldwide (in some cases with slight variations in terminology), including in the United States in the context of CALEA conformance. Three stages are called for in the architecture:

  1. collection where target-related “call” data and content are extracted from the network
  2. mediation where the data is formatted to conform to specific standards
  3. delivery of the data and content to the law enforcement agency (LEA).

The call data (known as intercept related information (IRI) in Europe and call data (CD) in the US) consists of information about the targeted communications, including destination of a voice call (e.g., called party’s telephone number), source of a call (caller’s phone number), time of the call, duration, etc. Call content is namely the stream of data carrying the call. Included in the architecture is the lawful interception management function, which covers interception session set-up and tear-down, scheduling, target identification, etc. Communications between the network operator and LEA are via the handover interfaces (HI). Communications data and content are typically delivered from the network operator to the LEA in an encrypted format over an IP-based VPN. The interception of traditional voice calls still often relies on the establishment of an ISDN channel that is set up at the time of the interception.

As stated above, the ETSI architecture is equally applicable to IP-based services where IRI/CD is dependent on parameters associated with the traffic from a given application to be intercepted. For example, in the case of email IRI would be similar to the header information on an email message (e.g., destination email address, source email address, time email was transmitted) as well as pertinent header information within the IP packets conveying the message (e.g., source IP address of email server originating the email message). Of course, more in-depth information would be obtained by the interception system so as to avoid the usual email address spoofing that often takes place (e.g., spoofing of source address). Voice-over-IP likewise has its own IRI, including data derived from Session Initiation Protocol (SIP) messages that are used to set up and tear down a VOIP call.

ETSI LI Technical Committee work today is primarily focussed on developing the new Retained Data Handover and next-generation network specifications, as well as perfecting the innovative TS102232 standards suite that apply to most contemporary network uses.

USA interception standards that help network operators and service providers conform to CALEA are mainly those specified by the Federal Communications Commission (which has both plenary legislative and review authority under CALEA), CableLabs, and the Alliance for Telecommunications Industry Solutions (ATIS). ATIS's standards include new standards for broadband Internet access and VoIP services, as well as legacy J-STD-025B, which updates the earlier J-STD-025A to include packetized voice and CDMA wireless interception.

To ensure the quality of evidence, the Commission on Accreditation for Law Enforcement Agencies (CALEA) has outlined standards for electronic surveillance once a Title III surveillance application is approved:

  1. Ensure clear access to all data without any loss of information or impact on the network being monitored
  2. Create a filter to adhere to warrant parameters – time span, types of communications that can be monitored, evidence to be collected, etc.
  3. Set the lawful intercept device to capture and/or store data according to the warrant parameters.
  4. Deliver data directly from the source to the mediation device without any human intervention or packet loss

Generic global standards have also been developed by Cisco via the Internet Engineering Task Force (IETF) that provide a front-end means of supporting most LI real-time handover standards. All of these standards have been challenged as "deficient" by the U.S. Department of Justice pursuant to CALEA.

Laws edit

The principal global treaty-based legal instrument relating to LI (including retained data) is the Convention on Cybercrime (Budapest, 23 Nov 2001). The secretariat for the Convention is the Council of Europe. However, the treaty itself has signatories worldwide and provides a global scope.

Individual countries have different legal requirements relating to lawful interception. The Global Lawful Interception Industry Forum lists many of these, as does the Council of Europe secretariat. For example, in the United Kingdom the law is known as RIPA (Regulation of Investigatory Powers Act), in the United States there is an array of federal and state criminal law, in Commonwealth of Independent States countries as SORM.

Europe edit

In the European Union, the European Council Resolution of 17 January 1995 on the Lawful Interception of Telecommunications (Official Journal C 329) mandated similar measures to CALEA on a pan-European basis.[8] Although some EU member countries reluctantly accepted this resolution out of privacy concerns (which are more pronounced in Europe than the US[citation needed]), there appears now to be general agreement with the resolution. Interception mandates in Europe are generally more rigorous than those of the US; for example, both voice and ISP public network operators in the Netherlands have been required to support interception capabilities for years. In addition, publicly available statistics indicate that the number of interceptions in Europe exceed by many hundreds of times those undertaken in the U.S.[citation needed]

Europe continues to maintain its global leadership role in this sector through the adoption by the European Parliament and Council in 2006 of the far reaching Data Retention Directive. The provisions of the Directive apply broadly to almost all public electronic communications and require the capture of most related information, including location, for every communication. The information must be stored for a period of at least six months, up to two years, and made available to law enforcement upon lawful request. The Directive has been widely emulated in other countries. On 8 April 2014, the Court of Justice of the European Union declared the Directive 2006/24/EC invalid for violating fundamental rights.

United States edit

See also: Mass surveillance in the United States

In the United States, three Federal statutes authorize lawful interception. The 1968 Omnibus Crime Control and Safe Streets Act, Title III pertains mainly to lawful interception criminal investigations. The second law, the 1978 Foreign Intelligence Surveillance Act, or FISA, as amended by the Patriot Act, governs wiretapping for intelligence purposes where the subject of the investigation must be a foreign (non-US) national or a person working as an agent on behalf of a foreign country. The Administrator of the U.S. Courts annual reports indicate that the federal cases are related to illegal drug distribution, with cell phones as the dominant form of intercepted communication.[9]

During the 1990s, as in most countries, to help law enforcement and the FBI more effectively carry out wiretap operations, especially in view of the emerging digital voice and wireless networks at the time, the U.S. Congress passed the Communications Assistance for Law Enforcement Act (CALEA) in 1994.[10] This act provides the Federal statutory framework for network operator assistance to LEAs in providing evidence and tactical information. In 2005, CALEA was applied to public broadband networks Internet access and Voice over IP services that are interconnected to the Public Switched Telephone Network (PSTN).

In the 2000s, surveillance focus turned to terrorism. NSA warrantless surveillance outside the supervision of the FISA court caused considerable controversy. It was revealed in 2013 mass surveillance disclosures that since 2007, the National Security Administration has been collecting connection metadata for all calls in the United States under the authority of section 215 PATRIOT Act, with the mandatory cooperation of phone companies and with the approval of the FISA court and briefings to Congress. The government claims it does not access the information in its own database on contacts between American citizens without a warrant.

Lawful interception can also be authorized under local laws for state and local police investigations.[11]

Canada edit

Police ability to lawfully intercept private communications is governed by Part VI of the Criminal Code of Canada (Invasion Of Privacy).[12] When evaluating Canada’s position on lawful interception, Canadian courts have issued two major rulings on this issue.[13] In June 2014, the Supreme Court ruled that law enforcement officers need a search warrant before accessing information from internet service providers about users’ identities. The context behind this 8-0 ruling is an adolescent Saskatchewan man charged with possessing and distributing child pornography.[14] The police used the man’s IP address to access his personal information from his online service provider— all of which was done without a search warrant. The plaintiff’s attorneys argued that their client’s rights were violated, as he was victim to unlawful search and seizure. Despite the court’s ruling, the evidence gathered from the unwarranted search was used as evidence in trial, as the court claimed that the police were acting in good faith. In accordance to the ruling, the court proclaims that a warrant is not needed if:

  1. “There are exigent circumstances, such as where the information is required to prevent imminent bodily harm.”
  2. “If there is a reasonable law authorizing access.”
  3. “If the information being sought does not raise a reasonable expectation of privacy.”[13][15]

The second court case to refer to is from the same year but in December. Essentially, the Supreme Court of Canada argued that police are allowed access to a suspect’s cell phone, but they must abide by very strict guidelines. This ruling came about from the argument of Kevin Fearon who was convicted of armed robbery in 2009. After robbing a Toronto Jewelry kiosk, Fearon argued that the police unlawfully violated his charter rights upon searching his cellphone without a warrant. Although divided, the Supreme Court laid out very detailed criteria for law enforcement officers to follow when searching a suspect's phone without a warrant. There are four rules which officers must follow in these instances:

  1. “The arrest must be lawful – This is the case for any situation; it just means if the arrest isn’t lawful, then neither is the search.”
  2. “The search must be incidental to the arrest and police need an “objectively reasonable” reason to conduct the search. These include: protecting police/the accused/the public; preserving evidence; discovering evidence such as finding more suspects.”
  3. “The nature and extent of the search are tailored to the purpose of the search. This means police activity on the phone must be directly linked to the purpose they give.”
  4. “Police must take detailed notes of what they looked at on the device as well as how it was searched (e.g. which applications or programs they looked at, the extent of search, the time of search, its purpose and duration)”[16]

To continue a search without a warrant, the situation at-hand would need to meet three of the four guidelines stated above. Nonetheless, the court highly encourages law enforcement to request a warrant before searching a cellphone to promote and protect privacy in Canada.

Russia edit

Due to Yarovaya Law, law enforcement is entitled to stored private communication data.

India edit

Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009 provides that ‘the competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource for the purpose specified in sub-section (1) of Section 69 of the Act’. · The Statutory order (S.O.) dated 20.12.2018 has been issued in accordance with rules framed in year 2009 and in vogue since then. · No new powers have been conferred to any of the security or law enforcement agencies by the S.O. dated 20.12.2018. · Notification has been issued to notify the ISPs, TSPs, Intermediaries etc. to codify the existing orders. · Each case of interception, monitoring, decryption is to be approved by the competent authority i.e. Union Home secretary. These powers are also available to the competent authority in the State governments as per IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009. · As per rule 22 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, all such cases of interception or monitoring or decryption are to be placed before the review committee headed by Cabinet Secretary, which shall meet at least once in two months to review such cases. In case of State governments, such cases are reviewed by a committee headed by the Chief Secretary concerned. ·S.O dated 20.12.2018 will help in following ways: I. To ensure that any interception, monitoring or decryption of any information through any computer resource is done as per due process of law. II. Notification about the agencies authorized to exercise these powers and preventing any unauthorized use of these powers by any agency, individual or intermediary. III. The above notification will ensure that provisions of law relating to lawful interception or monitoring of computer resource are followed and if any interception, monitoring or decryption is required for purposes specified in Section 69 of the IT Act, the same is done as per due process of law and approval of competent authority i.e. Union Home Secretary.

Elsewhere edit

Most countries worldwide maintain LI requirements similar to those Europe and the U.S., and have moved to the ETSI handover standards. The Convention on Cybercrime requires such capabilities.

Illegal use edit

As with many law enforcement tools, LI systems may be subverted for illicit purposes, producing a violation of human rights, as declared by European Court of Human Rights in the case Bettino Craxi III v. Italy.[17] It also occurred in Greece during the 2004 Olympics: the telephone operator Vodafone Greece was fined $100,000,000 in 2006 [18] (or €76,000,000[19]) for failing to secure its systems against unlawful access. According to Monshizadeh et al., the event is representative of mobile networks and Internet Service Providers vulnerability to cyber attacks because they use outdated LI mechanism.[20]

Further information: Greek wiretapping case 2004–2005

Notes edit

  1. ^ Gleave, Stephen (2007-05-01). "The mechanics of lawful interception". Network Security. 2007 (5): 8–11. doi:10.1016/S1353-4858(07)70034-X. ISSN 1353-4858.
  2. ^ "Lawful Interception". GeorgianJournal (in Georgian). Retrieved 2021-04-13.
  3. ^ Wireless, Argos. "Home". ArgosWireless. Retrieved 2020-10-23.
  4. ^ Drugs, Bureau of Narcotics and Dangerous; Enforcement, Office of Drug Abuse Law; enforcement, Federal law; agency, Civilian; Michele Leonhart, Administrator; Thomas M. Harrigan, Chief of Operations (2014-08-09). "Communications for Law Enforcement Act Public Law No. 103-414,108 Statute 4279". National Corrections Oversight Coalition Reg'd OJP DOJ DHS Intelligence for Corrections. Retrieved 2020-10-23.
  5. ^ Lumme, Martti; Eloranta, Jaana; Jokinen, Hannu (Apr 25, 2002), Interception system and method, from the original on 2016-04-02, retrieved 2016-02-13
  6. ^ "Inside North Korea's cell network: ex-Koryolink technical director reveals all | NK News - North Korea News". NK News - North Korea News. 20 August 2015. from the original on 2016-02-16. Retrieved 2016-02-13.
  7. ^ Penttinen, Jyrki T. J. (2015-03-16). The Telecommunications Handbook: Engineering Guidelines for Fixed, Mobile and Satellite Systems. John Wiley & Sons. ISBN 9781119944881.
  8. ^ "EUR-Lex - 31996G1104 - EN". from the original on 2010-12-23. Retrieved 2009-10-21.
  9. ^ "Wiretap Report 2018".
  10. ^ "AskCALEA". from the original on 2018-10-06. Retrieved 2018-12-31.
  11. ^ "Electronic Surveillance of Private Communications". www.americanbar.org. Retrieved 2020-10-31.
  12. ^ "Criminal Code". from the original on 2014-04-26. Retrieved 2014-04-22.
  13. ^ a b Bogart, Nicole (February 25, 2016). "Can law enforcement legally access data on your smartphone in Canada?". Global News. Retrieved February 18, 2020.
  14. ^ Staff (June 13, 2014). "Supreme Court says warrant needed for Internet info". Global News. Retrieved February 18, 2020.
  15. ^ Blanchfield, Mike (December 11, 2014). "Police can search cellphones without warrant during arrest: court". Global News. Retrieved February 18, 2020.
  16. ^ Tucker, Erika (December 11, 2014). "What rules must police follow to search a cellphone during arrest?". Global News. Retrieved February 18, 2020.
  17. ^ The deviant behaviors (...) were ignored as useful to prepare the public to an anticipated judgment incriminating: Buonomo, Giampiero (2003). "Caso Craxi, come l'Italia non difese il suo diritto alla riservatezza". Diritto&Giustizia Edizione Online. from the original on 2016-03-24. Retrieved 2016-04-03.
  18. ^ "Greek scandal sees Vodafone fined". BBC News. 15 December 2006. from the original on 2008-11-23. Retrieved 7 May 2010.
  19. ^ Poropudas, Timo (December 16, 2006). . Nordic Wireless Watch. Archived from the original on March 5, 2016. Retrieved 2007-11-25.
  20. ^ Monshizadeh, Mehrnoosh; Khatri, Vikramajeet; Varfan, Mohammadali; Kantola, Raimo (September 2018). "LiaaS: Lawful Interception as a Service". 2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM). IEEE. pp. 1–6. doi:10.23919/softcom.2018.8555753. ISBN 978-953-290-087-3. S2CID 54442783.

See also edit

References edit

  • ETSI, Handover interface for the lawful interception of telecommunications traffic, ETSI TS 101 671, version 3.15.1, June 2018. (PDF-File, 728 KB)
  • ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP delivery, ETSI TS 101 232-1, version 3.7.1, 2014-07-25. (PDF, Word & zip)
  • ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 2: Service-specific details for E-mail services, ETSI TS 101 232-2, version 3.7.1, 2014-02-21. (HTML, Word, & zip)
  • ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 3: Service-specific details for internet access services, , version 2.2.1, January 2009. (PDF-File, 430 KB)
  • ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 4: Service-specific details for Layer 2 services, ETSI TS 102 232-4, version 3.4.1, August 2017. (PDF-file, 241 KB)
  • ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia Services, ETSI TS 102 232-5, version 3.2.1, June 2012. (PDF-File, 209 KB)
  • ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 6: Service-specific details for PSTN/ISDN services, ETSI TS 102 232-6, version 3.3.1, March 2014. (PDF-File, 90 KB)
  • ETSI, Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 7: Service-specific details for Mobile Services, ETSI TS 102 232-7[dead link], version 2.1.1, August 2008. (PDF-File, 66 KB)
  • ETSI, Handover interface for the request and delivery of retained data, ETSI TS 102 657, version 1.7.1, October 2010. (PDF-File, 561 KB)
  • Handover Interface for the Lawful Interception of Telecommunications Traffic, ETSI ES 201 671, under Lawful Interception, Telecommunications Security, version 3.1.1, May 2007.
  • 3rd Generation Partnership Project, Technical Specification 3GPP TS 33.106 V5.1.0 (2002–09), “Lawful Interception Requirements (Release 5),” September 2003.
  • 3rd Generation Partnership Project, Technical Specification 3GPP TS 33.107 V6.0.0 (2003–09), “Lawful interception architecture and functions (Release 6),” September 2003.
  • 3rd Generation Partnership Project, Technical Specification 3GPP TS 33.108 V6.3.0 (2003–09), “Handover interface for Lawful Interception (Release 6),” September 2003.
  • PacketCable Electronic Surveillance Specification, , Cable Television Laboratories Inc., 13 January 2004.
  • T1.678, Lawfully Authorized Electronic Surveillance (LAES) for Voice over Packet Technologies in Wireline Telecommunications Networks.
  • Lawfully Authorized Electronic Surveillance, ATIS/TIA joint standard, document number J-STD-025B, December 2003 (although challenged as deficient).

External links edit

  • Guide to the one party consent exception to the rule against interception of private communications in Canada

January 01, 1970
lawful, interception, refers, facilities, telecommunications, telephone, networks, that, allow, enforcement, agencies, with, court, orders, other, legal, authorization, selectively, wiretap, individual, subscribers, most, countries, require, licensed, telecomm. Lawful interception LI refers to the facilities in telecommunications and telephone networks that allow law enforcement agencies with court orders or other legal authorization to selectively wiretap individual subscribers Most countries require licensed telecommunications operators to provide their networks with Legal Interception gateways and nodes for the interception of communications The interfaces of these gateways have been standardized by telecommunication standardization organizations As with many law enforcement tools LI systems may be subverted for illicit purposes With the legacy public switched telephone network PSTN wireless and cable systems lawful interception LI was generally performed by accessing the mechanical or digital switches supporting the targets calls The introduction of packet switched networks softswitch technology and server based applications during the past two decades fundamentally altered how LI is undertaken Lawful interception differs from the dragnet type mass surveillance sometimes done by intelligence agencies where all data passing a fiber optic splice or other collection point is extracted for storage or filtering It is also separate from the data retention of metadata that has become a legal requirement in some jurisdictions Contents 1 Terminology 2 Technical description 3 Laws 3 1 Europe 3 2 United States 3 3 Canada 3 4 Russia 3 5 India 3 6 Elsewhere 4 Illegal use 5 Notes 6 See also 7 References 8 External linksTerminology editThis section may contain material not related to the topic of the article Please help improve this section or discuss this issue on the talk page November 2017 Learn how and when to remove this message Lawful interception is obtaining communications network data pursuant to lawful authority for the purpose of analysis or evidence Such data generally consist of signalling or network management information or in fewer instances the content of the communications If the data are not obtained in real time the activity is referred to as access to retained data RD 1 There are many bases for this activity that include infrastructure protection and cybersecurity In general the operator of public network infrastructure can undertake LI activities for those purposes Operators of private network infrastructures in the United States have an inherent right to maintain LI capabilities within their own networks unless otherwise prohibited 2 One of the bases for LI is the interception of telecommunications by law enforcement agencies LEAs regulatory or administrative agencies and intelligence services in accordance with local law Under some legal systems implementations particularly real time access to content may require due process and receiving proper authorization from competent authorities an activity that was formerly known as wiretapping and has existed since the inception of electronic communications The material below primarily treats this narrow segment of LI 3 Technical description editAlmost all countries have lawful interception capability requirements and have implemented them using global LI requirements and standards developed by the European Telecommunications Standards Institute ETSI Third Generation Partnership Project 3GPP or CableLabs organizations for wireline Internet wireless and cable systems respectively In the USA the comparable requirements are enabled by the Communications Assistance for Law Enforcement Act CALEA with the specific capabilities promulgated jointly by the Federal Communications Commission and the Department of Justice In the USA lawful intercept technology is currently patented by a company named Voip pal com under the USPTO Publication 20100150138 4 Governments require phone service providers to install a legal interception gateway LIG along legal interception nodes LIN which allow them to intercept in real time the phone calls SMS messages emails and some file transfers or instant messages 5 6 These LI measures for governmental surveillance have been in place since the beginning of digital telephony 7 To prevent investigations being compromised LI systems may be designed in a manner that hides the interception from the telecommunications operator concerned This is a requirement in some jurisdictions To ensure systematic procedures for carrying out interception while also lowering the costs of interception solutions industry groups and government agencies worldwide have attempted to standardize the technical processes behind lawful interception One organization ETSI has been a major driver in lawful interception standards not only for Europe but worldwide This architecture attempts to define a systematic and extensible means by which network operators and law enforcement agents LEAs can interact especially as networks grow in sophistication and scope of services Note this architecture applies to not only traditional wireline and wireless voice calls but to IP based services such as voice over IP email instant messaging etc The architecture is now applied worldwide in some cases with slight variations in terminology including in the United States in the context of CALEA conformance Three stages are called for in the architecture collection where target related call data and content are extracted from the network mediation where the data is formatted to conform to specific standards delivery of the data and content to the law enforcement agency LEA The call data known as intercept related information IRI in Europe and call data CD in the US consists of information about the targeted communications including destination of a voice call e g called party s telephone number source of a call caller s phone number time of the call duration etc Call content is namely the stream of data carrying the call Included in the architecture is the lawful interception management function which covers interception session set up and tear down scheduling target identification etc Communications between the network operator and LEA are via the handover interfaces HI Communications data and content are typically delivered from the network operator to the LEA in an encrypted format over an IP based VPN The interception of traditional voice calls still often relies on the establishment of an ISDN channel that is set up at the time of the interception As stated above the ETSI architecture is equally applicable to IP based services where IRI CD is dependent on parameters associated with the traffic from a given application to be intercepted For example in the case of email IRI would be similar to the header information on an email message e g destination email address source email address time email was transmitted as well as pertinent header information within the IP packets conveying the message e g source IP address of email server originating the email message Of course more in depth information would be obtained by the interception system so as to avoid the usual email address spoofing that often takes place e g spoofing of source address Voice over IP likewise has its own IRI including data derived from Session Initiation Protocol SIP messages that are used to set up and tear down a VOIP call ETSI LI Technical Committee work today is primarily focussed on developing the new Retained Data Handover and next generation network specifications as well as perfecting the innovative TS102232 standards suite that apply to most contemporary network uses USA interception standards that help network operators and service providers conform to CALEA are mainly those specified by the Federal Communications Commission which has both plenary legislative and review authority under CALEA CableLabs and the Alliance for Telecommunications Industry Solutions ATIS ATIS s standards include new standards for broadband Internet access and VoIP services as well as legacy J STD 025B which updates the earlier J STD 025A to include packetized voice and CDMA wireless interception To ensure the quality of evidence the Commission on Accreditation for Law Enforcement Agencies CALEA has outlined standards for electronic surveillance once a Title III surveillance application is approved Ensure clear access to all data without any loss of information or impact on the network being monitored Create a filter to adhere to warrant parameters time span types of communications that can be monitored evidence to be collected etc Set the lawful intercept device to capture and or store data according to the warrant parameters Deliver data directly from the source to the mediation device without any human intervention or packet loss Generic global standards have also been developed by Cisco via the Internet Engineering Task Force IETF that provide a front end means of supporting most LI real time handover standards All of these standards have been challenged as deficient by the U S Department of Justice pursuant to CALEA Laws editThe principal global treaty based legal instrument relating to LI including retained data is the Convention on Cybercrime Budapest 23 Nov 2001 The secretariat for the Convention is the Council of Europe However the treaty itself has signatories worldwide and provides a global scope Individual countries have different legal requirements relating to lawful interception The Global Lawful Interception Industry Forum lists many of these as does the Council of Europe secretariat For example in the United Kingdom the law is known as RIPA Regulation of Investigatory Powers Act in the United States there is an array of federal and state criminal law in Commonwealth of Independent States countries as SORM Europe edit In the European Union the European Council Resolution of 17 January 1995 on the Lawful Interception of Telecommunications Official Journal C 329 mandated similar measures to CALEA on a pan European basis 8 Although some EU member countries reluctantly accepted this resolution out of privacy concerns which are more pronounced in Europe than the US citation needed there appears now to be general agreement with the resolution Interception mandates in Europe are generally more rigorous than those of the US for example both voice and ISP public network operators in the Netherlands have been required to support interception capabilities for years In addition publicly available statistics indicate that the number of interceptions in Europe exceed by many hundreds of times those undertaken in the U S citation needed Europe continues to maintain its global leadership role in this sector through the adoption by the European Parliament and Council in 2006 of the far reaching Data Retention Directive The provisions of the Directive apply broadly to almost all public electronic communications and require the capture of most related information including location for every communication The information must be stored for a period of at least six months up to two years and made available to law enforcement upon lawful request The Directive has been widely emulated in other countries On 8 April 2014 the Court of Justice of the European Union declared the Directive 2006 24 EC invalid for violating fundamental rights United States edit See also Mass surveillance in the United States In the United States three Federal statutes authorize lawful interception The 1968 Omnibus Crime Control and Safe Streets Act Title III pertains mainly to lawful interception criminal investigations The second law the 1978 Foreign Intelligence Surveillance Act or FISA as amended by the Patriot Act governs wiretapping for intelligence purposes where the subject of the investigation must be a foreign non US national or a person working as an agent on behalf of a foreign country The Administrator of the U S Courts annual reports indicate that the federal cases are related to illegal drug distribution with cell phones as the dominant form of intercepted communication 9 During the 1990s as in most countries to help law enforcement and the FBI more effectively carry out wiretap operations especially in view of the emerging digital voice and wireless networks at the time the U S Congress passed the Communications Assistance for Law Enforcement Act CALEA in 1994 10 This act provides the Federal statutory framework for network operator assistance to LEAs in providing evidence and tactical information In 2005 CALEA was applied to public broadband networks Internet access and Voice over IP services that are interconnected to the Public Switched Telephone Network PSTN In the 2000s surveillance focus turned to terrorism NSA warrantless surveillance outside the supervision of the FISA court caused considerable controversy It was revealed in 2013 mass surveillance disclosures that since 2007 the National Security Administration has been collecting connection metadata for all calls in the United States under the authority of section 215 PATRIOT Act with the mandatory cooperation of phone companies and with the approval of the FISA court and briefings to Congress The government claims it does not access the information in its own database on contacts between American citizens without a warrant Lawful interception can also be authorized under local laws for state and local police investigations 11 Canada edit Police ability to lawfully intercept private communications is governed by Part VI of the Criminal Code of Canada Invasion Of Privacy 12 When evaluating Canada s position on lawful interception Canadian courts have issued two major rulings on this issue 13 In June 2014 the Supreme Court ruled that law enforcement officers need a search warrant before accessing information from internet service providers about users identities The context behind this 8 0 ruling is an adolescent Saskatchewan man charged with possessing and distributing child pornography 14 The police used the man s IP address to access his personal information from his online service provider all of which was done without a search warrant The plaintiff s attorneys argued that their client s rights were violated as he was victim to unlawful search and seizure Despite the court s ruling the evidence gathered from the unwarranted search was used as evidence in trial as the court claimed that the police were acting in good faith In accordance to the ruling the court proclaims that a warrant is not needed if There are exigent circumstances such as where the information is required to prevent imminent bodily harm If there is a reasonable law authorizing access If the information being sought does not raise a reasonable expectation of privacy 13 15 The second court case to refer to is from the same year but in December Essentially the Supreme Court of Canada argued that police are allowed access to a suspect s cell phone but they must abide by very strict guidelines This ruling came about from the argument of Kevin Fearon who was convicted of armed robbery in 2009 After robbing a Toronto Jewelry kiosk Fearon argued that the police unlawfully violated his charter rights upon searching his cellphone without a warrant Although divided the Supreme Court laid out very detailed criteria for law enforcement officers to follow when searching a suspect s phone without a warrant There are four rules which officers must follow in these instances The arrest must be lawful This is the case for any situation it just means if the arrest isn t lawful then neither is the search The search must be incidental to the arrest and police need an objectively reasonable reason to conduct the search These include protecting police the accused the public preserving evidence discovering evidence such as finding more suspects The nature and extent of the search are tailored to the purpose of the search This means police activity on the phone must be directly linked to the purpose they give Police must take detailed notes of what they looked at on the device as well as how it was searched e g which applications or programs they looked at the extent of search the time of search its purpose and duration 16 To continue a search without a warrant the situation at hand would need to meet three of the four guidelines stated above Nonetheless the court highly encourages law enforcement to request a warrant before searching a cellphone to promote and protect privacy in Canada Russia edit Due to Yarovaya Law law enforcement is entitled to stored private communication data India edit Rule 4 of the IT Procedure and Safeguards for Interception Monitoring and Decryption of Information Rules 2009 provides that the competent authority may authorise an agency of the Government to intercept monitor or decrypt information generated transmitted received or stored in any computer resource for the purpose specified in sub section 1 of Section 69 of the Act The Statutory order S O dated 20 12 2018 has been issued in accordance with rules framed in year 2009 and in vogue since then No new powers have been conferred to any of the security or law enforcement agencies by the S O dated 20 12 2018 Notification has been issued to notify the ISPs TSPs Intermediaries etc to codify the existing orders Each case of interception monitoring decryption is to be approved by the competent authority i e Union Home secretary These powers are also available to the competent authority in the State governments as per IT Procedure and Safeguards for Interception Monitoring and Decryption of Information Rules 2009 As per rule 22 of the IT Procedure and Safeguards for Interception Monitoring and Decryption of Information Rules 2009 all such cases of interception or monitoring or decryption are to be placed before the review committee headed by Cabinet Secretary which shall meet at least once in two months to review such cases In case of State governments such cases are reviewed by a committee headed by the Chief Secretary concerned S O dated 20 12 2018 will help in following ways I To ensure that any interception monitoring or decryption of any information through any computer resource is done as per due process of law II Notification about the agencies authorized to exercise these powers and preventing any unauthorized use of these powers by any agency individual or intermediary III The above notification will ensure that provisions of law relating to lawful interception or monitoring of computer resource are followed and if any interception monitoring or decryption is required for purposes specified in Section 69 of the IT Act the same is done as per due process of law and approval of competent authority i e Union Home Secretary Elsewhere edit Most countries worldwide maintain LI requirements similar to those Europe and the U S and have moved to the ETSI handover standards The Convention on Cybercrime requires such capabilities Illegal use editAs with many law enforcement tools LI systems may be subverted for illicit purposes producing a violation of human rights as declared by European Court of Human Rights in the case Bettino Craxi III v Italy 17 It also occurred in Greece during the 2004 Olympics the telephone operator Vodafone Greece was fined 100 000 000 in 2006 18 or 76 000 000 19 for failing to secure its systems against unlawful access According to Monshizadeh et al the event is representative of mobile networks and Internet Service Providers vulnerability to cyber attacks because they use outdated LI mechanism 20 Further information Greek wiretapping case 2004 2005Notes edit Gleave Stephen 2007 05 01 The mechanics of lawful interception Network Security 2007 5 8 11 doi 10 1016 S1353 4858 07 70034 X ISSN 1353 4858 Lawful Interception GeorgianJournal in Georgian Retrieved 2021 04 13 Wireless Argos Home ArgosWireless Retrieved 2020 10 23 Drugs Bureau of Narcotics and Dangerous Enforcement Office of Drug Abuse Law enforcement Federal law agency Civilian Michele Leonhart Administrator Thomas M Harrigan Chief of Operations 2014 08 09 Communications for Law Enforcement Act Public Law No 103 414 108 Statute 4279 National Corrections Oversight Coalition Reg d OJP DOJ DHS Intelligence for Corrections Retrieved 2020 10 23 Lumme Martti Eloranta Jaana Jokinen Hannu Apr 25 2002 Interception system and method archived from the original on 2016 04 02 retrieved 2016 02 13 Inside North Korea s cell network ex Koryolink technical director reveals all NK News North Korea News NK News North Korea News 20 August 2015 Archived from the original on 2016 02 16 Retrieved 2016 02 13 Penttinen Jyrki T J 2015 03 16 The Telecommunications Handbook Engineering Guidelines for Fixed Mobile and Satellite Systems John Wiley amp Sons ISBN 9781119944881 EUR Lex 31996G1104 EN Archived from the original on 2010 12 23 Retrieved 2009 10 21 Wiretap Report 2018 AskCALEA Archived from the original on 2018 10 06 Retrieved 2018 12 31 Electronic Surveillance of Private Communications www americanbar org Retrieved 2020 10 31 Criminal Code Archived from the original on 2014 04 26 Retrieved 2014 04 22 a b Bogart Nicole February 25 2016 Can law enforcement legally access data on your smartphone in Canada Global News Retrieved February 18 2020 Staff June 13 2014 Supreme Court says warrant needed for Internet info Global News Retrieved February 18 2020 Blanchfield Mike December 11 2014 Police can search cellphones without warrant during arrest court Global News Retrieved February 18 2020 Tucker Erika December 11 2014 What rules must police follow to search a cellphone during arrest Global News Retrieved February 18 2020 The deviant behaviors were ignored as useful to prepare the public to an anticipated judgment incriminating Buonomo Giampiero 2003 Caso Craxi come l Italia non difese il suo diritto alla riservatezza Diritto amp Giustizia Edizione Online Archived from the original on 2016 03 24 Retrieved 2016 04 03 Greek scandal sees Vodafone fined BBC News 15 December 2006 Archived from the original on 2008 11 23 Retrieved 7 May 2010 Poropudas Timo December 16 2006 Vodafone fined EUR 76 million in Greece Nordic Wireless Watch Archived from the original on March 5 2016 Retrieved 2007 11 25 Monshizadeh Mehrnoosh Khatri Vikramajeet Varfan Mohammadali Kantola Raimo September 2018 LiaaS Lawful Interception as a Service 2018 26th International Conference on Software Telecommunications and Computer Networks SoftCOM IEEE pp 1 6 doi 10 23919 softcom 2018 8555753 ISBN 978 953 290 087 3 S2CID 54442783 See also editSecrecy of correspondence Telecommunications data retention Network Monitoring Interface Card SS7 probe SIGINT Surveillance Mass surveillance Mass surveillance in the United Kingdom Targeted surveillanceReferences editETSI Handover interface for the lawful interception of telecommunications traffic ETSI TS 101 671 version 3 15 1 June 2018 PDF File 728 KB ETSI Handover Interface and Service Specific Details SSD for IP delivery Part 1 Handover specification for IP delivery ETSI TS 101 232 1 version 3 7 1 2014 07 25 PDF Word amp zip ETSI Handover Interface and Service Specific Details SSD for IP delivery Part 2 Service specific details for E mail services ETSI TS 101 232 2 version 3 7 1 2014 02 21 HTML Word amp zip ETSI Handover Interface and Service Specific Details SSD for IP delivery Part 3 Service specific details for internet access services ETSI TS 102 232 3 version 2 2 1 January 2009 PDF File 430 KB ETSI Handover Interface and Service Specific Details SSD for IP delivery Part 4 Service specific details for Layer 2 services ETSI TS 102 232 4 version 3 4 1 August 2017 PDF file 241 KB ETSI Handover Interface and Service Specific Details SSD for IP delivery Part 5 Service specific details for IP Multimedia Services ETSI TS 102 232 5 version 3 2 1 June 2012 PDF File 209 KB ETSI Handover Interface and Service Specific Details SSD for IP delivery Part 6 Service specific details for PSTN ISDN services ETSI TS 102 232 6 version 3 3 1 March 2014 PDF File 90 KB ETSI Handover Interface and Service Specific Details SSD for IP delivery Part 7 Service specific details for Mobile Services ETSI TS 102 232 7 dead link version 2 1 1 August 2008 PDF File 66 KB ETSI Handover interface for the request and delivery of retained data ETSI TS 102 657 version 1 7 1 October 2010 PDF File 561 KB Handover Interface for the Lawful Interception of Telecommunications Traffic ETSI ES 201 671 under Lawful Interception Telecommunications Security version 3 1 1 May 2007 3rd Generation Partnership Project Technical Specification 3GPP TS 33 106 V5 1 0 2002 09 Lawful Interception Requirements Release 5 September 2003 3rd Generation Partnership Project Technical Specification 3GPP TS 33 107 V6 0 0 2003 09 Lawful interception architecture and functions Release 6 September 2003 3rd Generation Partnership Project Technical Specification 3GPP TS 33 108 V6 3 0 2003 09 Handover interface for Lawful Interception Release 6 September 2003 PacketCable Electronic Surveillance Specification PKT SP ESP I03 040113 Cable Television Laboratories Inc 13 January 2004 T1 678 Lawfully Authorized Electronic Surveillance LAES for Voice over Packet Technologies in Wireline Telecommunications Networks Lawfully Authorized Electronic Surveillance ATIS TIA joint standard document number J STD 025B December 2003 although challenged as deficient External links editWhite Paper on Interception of Voice over LTE VoLTE Networks White Paper on Interception of IP Networks White Paper on Interception of 3G and 4G Wireless Networks 3GPP Lawful Interception requirements for GSM Guide to the one party consent exception to the rule against interception of private communications in Canada Retrieved from https en wikipedia org w index php title Lawful interception amp oldid 1213751037, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.