Sicurezza e Giustizia

ETSI AND STATUS OF LI & RD STANDARDS

Facebooktwitterredditpinterestlinkedinmail

by Gerald McQuaid and Domenico Raffaele Cione


This thematic section is intended to inform readers on the latest progress of standardization work items on Lawful Interception (LI) and Retained Data (RD) mainly focusing on European regional level (ETSI). The scope is to cover all relevant LI and RD aspects in terms of requirements, communication service providers architecture and network interfaces/protocols definition.

pdf-icon


1.     About ETSI
ETSI, the Europeans Telecommunications Standards Institute, is an independent, not-for-profit international organization and the recognized regional standards body – European Standards Organization (ESO) – dealing with telecommunications, broadcasting and other electronic communications networks and services. Although created for the European needs, ETSI is a global Standard Developing Organisation (SDO), while at the same time keeping a special role in Europe. This includes supporting European regulations and legislation through the creation of Harmonised European Standards. Only specific standards developed by the three ESOs (CEN, CENELEC and ETSI) are recognized as European Standards (ENs).

ETSI was set up in 1988 by the European Conference of Postal and Telecommunications Administrations (CEPT) in response to proposals from the European Commission. In May 1988 Professor Diodato Gagliardi was appointed as first Director General of ETSI.
ETSI was founded initially to serve European needs, but it has a global perspective and its standards are used the worldwide. Landmarks over the years include standards to enable technologies that have contributed to shape the modern world.
ETSI has over 800 members drawn from 64 countries across five continents. This reflects the increasing globalization of the communications market and ETSI’s key role in enabling it. Any company or organization with an interest in the creation of telecommunications and related standards can become a member of ETSI. Membership of ETSI includes all the relevant players: manufacturers, network operators, service and content providers, national administrations, universities and research bodies, user organizations, consultancy companies and partnerships.

The ultimate success of ETSI standards depends on meeting the needs of users and the end-users of the products and services based on them. ETSI recognizes a range of different types of user: consumers, business users, users with special needs, service providers, telecommunications operators as users of systems and services, government departments. Standardization in ETSI is a voluntary activity carried out by, and for, all interested parties. Reaching consensus for any approval decisions is a key element of this process. In the approval of European Standards (ENs, where N stands for Norms), the National Standard Organisations (NSOs) have the exclusive responsibility for carrying out the Public Enquiry (consultation with national industry) and submission of the national position (the ‘vote’) on the standard. NSOs ensure the transposition of ENs into national standards, as well as withdrawal of any conflicting national standard.

In ICT standardization, ETSI’s Clusters provide a simple, easy to grasp overview of the activities. Each cluster represents a major component of a global ICT architecture and covers the work of a number of Technical Committees (TCs) and Working Groups (WGs) that share a common technological scope and vision. The work of a single Technical Committee may be represented in several clusters. Clusters enable to easily identify the area of interest based on business relevance or application domain rather than purely on specific technical work areas. For example the Security Cluster covers work areas including Cybersecurity, Lawful Interception, Electronic Signatures, Smart Cards and many others, each undertaken in a specific TC.

ETSI’s Technical Committee Lawful Interception (TC LI) is pioneering the development and maintenance of Lawful Interception (LI) and Retained Data (RD) capability. Its LI standards are being adopted around the world due to the increased efficiency and lower cost resulting from their use and their consistent approach in helping operators meet their legal obligations. Interest in the committee’s work continues to grow, with good attendance at plenary meetings and new organisations joining in the standardisation process. Lawful Interception (LI) and Retained Data (RD) and related areas of (Law Enforcement Agency) LEA Support play a crucial role in helping LEAs to investigate terrorism and serious criminal activity. The providers of public telecommunications networks and services may be legally required to make available to law enforcement authorities information retained necessary for the authorities to be able to monitor telecommunications traffic as part of a criminal investigation.

 

2.     ETSI LI & RD Status  
Currently ETSI activity on Lawful Interception (LI) and Retained Data (RD) is coordinated between three main standardization committees: TC LI, TC CYBER and ISG NFV SEC.

 

2.1.     ETSI TC LI
In recent years, ETSI TC LI work items have been mainly focused on the external Handover Interfaces (HIs) between the domain of the Communication Service Provider (CSP) and the Lawful Enforcement Agency (LEA).  TC LI maintains a coordination role in ETSI in defining the LEA requirements, based on the large participation of government agencies which have been active to propose new requirements resulting into the introduction of new versions of Technical Specifications (TSs) on HIs.
With reference to the external interfaces HI2 (interface of Intercept Related Information, IRI) and HI3 (interface of Content of Communication, CC), TC LI has achieved to provide new versions of the IP based delivery HIs of the TS 102 232-i family (parts 1 to 7) which provides the LEA with intercepted data of communication services for messaging, internet access, layer 2, IP multimedia, PSTN/ISDN and mobile. The new TS 102 232-1 has been enriched with the explicit notification of the location information extended to WLAN, of direction fields for session and payload with reference to the IP Multimedia service (TS 102 232-5).

The legacy specification on HI for LI of telecommunications traffic, TS 101 671, has been recently revised to extend the alarm-information notification (within HI1) towards the LEA. However, for any future implementations, TC LI recommends to use the TS 102 232-i family, and  current implementations of TS 101 671 are advised to migrate to the TS 102 232-i family which has been planned also to provide alignment for mobile services (TS 102 232-7) with the latest versions of the 3GPP TS 33.108 Releases 10/11/12/13, to cover services such as 3GPP IMS Conference, 3GPP IMS-based VoIP, Proximity Services (ProSe) and Group Communications System Enablers (GCSE).

A very relevant result of ETSI standardization on LI has been the publication of the new specification, TS 103 120, covering the administrative interface HI1. It represents the first standard electronic interface being used on the interface CSP – LEA for the warrant management for the exchange of data relating to the establishment and management of LI. The first version of this TS is now expected to be enhanced taking into account the results of its early implementation in several jurisdiction contexts.

During 2015 the first version of the Dictionary for common standard parameters, TS 103 280, was published. Its aim is to collect and define in a unique reference document all the parameters that are commonly used in the different LI specifications where interfaces are specified. In parallel, the alignment to the ASN.1 object identifiers defined in the  latest LI HIs specification was ensure through the publication of an updated version of the report TR 102 503.
The Retained Data Handover Interface specification, TS 102 657, was enhanced taking into account of a series of input from LEAs requesting to correct some base delivery mechanism on handover interfaces and to add new data in relation to locations information for mobile Network Access.

2015 has represented a key year to set up the standardization activity on lawful interception for Cloud/Virtual services.  TC LI finalized its report on LI and RD on Cloud/Virtual services, TR 101 567, which represents a relevant propaedeutic document to address the LI an RD challenges in the context of the new architectures of Cloud Computing and Network Functions Virtualization (NFV), such as LEA requirements, CSP obligations, LI implementation scenarios and related challenges, mobile network, security aspects, use cases.

 

2.2.     TC CYBER on LI
With reference to the current standardization activity in ETSI on NFV, ETSI experts started to create a list of security recommendations related to the LI and RD functions into the new NFV architecture currently being defined. This was addressed with a new report in TC CYBER, TR 103 308, Security baseline regarding LI and RD for NFV and related platforms, which provides baseline recommendations for sensitive functions including lawful interception and retained data in an NFV hardware/platform environment. A new part of related work is in being published in these weeks as a normative Technical Specification (TS).

 

2.3.     ISG NFV SEC
The standardization activity on LI and RD in the NFV interception domain was driven by security (SEC) group within Industrial Specification Group (ISG) NFV. LI requirements were discussed as crucial security requirements in the context of several NFV SEC Group Specifications (GSs) and resulted in the publication of the GS NFV-SEC004 as specific Report on Lawful Interception about Privacy and Regulation. This GS is the first guidance on the provision of LI in a NFV environment which addresses the relevant requirements for lawful interception as CSP obligations, root of trust in LI, core requirements, Point of Interception location and LI un-detectability. In addition to analysis and recommendations on LI service deployment in NFV, the GS describes some initial LI reference model architecture as starting point to define NFV LI architecture whose definition was agreed to be managed by a separated dedicated specification. ©

 

3.     Published LI standards
All ETSI published standards can be downloaded for free from the ETSI website.

(the table is in pdf attached)

 

 


Other articles of Gerald McQuaid

ETSI INTERFACE TO IMPLEMENT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVIII)
The ETSI work to provide a Technical Specification (TS) to support the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] had started in 2016 and was carried on during all 2017 and 2018 on all technical aspects of the new interface resulting now finalized with the publication of a first version of the Inter LEMF Handover Interface (ILHI) [4]. This specification provides LEMF’s with all implementation details to allow LI data transferring from one LEMF located in the country B (responding country where a target abroad is requested to be intercepted) to a LEMF located in the country A (requesting country where the request of interception is originated).
LAWFUL INTERCEPTION IN VIRTUALIZED NETWORKS (Sept. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVII)
NFV refers to the replacement of traditional specialised hardware devices with software that can be installed on standardised, off-the-shelf piece of hardware. ETSI work on NFV was initially set to address a requirement to define a list of base security requirements imposed by lawful interception in the NFV architecture.
ETSI LI & RD Status (Feb. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVII)
Current ETSI activity on Lawful Interception (LI) and Retained Data (RD) is managed mainly by three main standardization committees: ETSI TC LI (the leading LI/RD group), TC CYBER and ISG NFV
LEMF TO LEMF INTERFACE TO SUPPORT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. IV_MMXVI)
Imminently, the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] is expected to become part of the EU-nations’ national laws. This EU directive requires each European Member State to transpose the directive into national law by 22 May 2017 (Article 33). This EIO describes the possibilities about lawful interception (LI) of telecommunications and collection of traffic and location retained data (RD) extended to network scenarios out of a pure national network context: an EIO may be issued for the interception of telecommunications by a Member State to obtain intercepted data of a target when using a communication service in a CSP’s network located in another Member State country (ref. Article 30 of [1]).
THE LI-INTERFACE FOR WARRANT INFORMATION
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVI)
Traditionally the ETSI standardization work was focused on IRI and CC data details by defining, updating and maintaining related data Handover Interfaces (HI-2 and HI-3) specifications. Furthermore, ETSI had defined a dedicated Handover Interface, named HI-1, referred to be also crossing borders between countries based on corresponding international laws or agreements. HI-1 was defined as an interface between LEA and CSP to transport all kind of administrative information being used for the transmission of the request to establish or to remove the interception action from the LEA to the CSP and the acknowledgement message back to the LEA.
LAWFUL INTERCEPTION ITEMS FOR VOLTE
by Gerald McQuaid and Domenico Raffaele Cione (N. II_MMXVI)
VoLTE, Voice over Long Term Evolution (LTE), is a standard-based technology used to support voice calls over the LTE technology being now used by 4G wireless networks.

 


Other articles of Domenico Raffaele Cione

ETSI INTERFACE TO IMPLEMENT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVIII)
The ETSI work to provide a Technical Specification (TS) to support the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] had started in 2016 and was carried on during all 2017 and 2018 on all technical aspects of the new interface resulting now finalized with the publication of a first version of the Inter LEMF Handover Interface (ILHI) [4]. This specification provides LEMF’s with all implementation details to allow LI data transferring from one LEMF located in the country B (responding country where a target abroad is requested to be intercepted) to a LEMF located in the country A (requesting country where the request of interception is originated).
LAWFUL INTERCEPTION IN VIRTUALIZED NETWORKS (Sept. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVII)
NFV refers to the replacement of traditional specialised hardware devices with software that can be installed on standardised, off-the-shelf piece of hardware. ETSI work on NFV was initially set to address a requirement to define a list of base security requirements imposed by lawful interception in the NFV architecture.
ETSI LI & RD Status (Feb. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVII)
Current ETSI activity on Lawful Interception (LI) and Retained Data (RD) is managed mainly by three main standardization committees: ETSI TC LI (the leading LI/RD group), TC CYBER and ISG NFV
LEMF TO LEMF INTERFACE TO SUPPORT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. IV_MMXVI)
Imminently, the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] is expected to become part of the EU-nations’ national laws. This EU directive requires each European Member State to transpose the directive into national law by 22 May 2017 (Article 33). This EIO describes the possibilities about lawful interception (LI) of telecommunications and collection of traffic and location retained data (RD) extended to network scenarios out of a pure national network context: an EIO may be issued for the interception of telecommunications by a Member State to obtain intercepted data of a target when using a communication service in a CSP’s network located in another Member State country (ref. Article 30 of [1]).
THE LI-INTERFACE FOR WARRANT INFORMATION
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVI)
Traditionally the ETSI standardization work was focused on IRI and CC data details by defining, updating and maintaining related data Handover Interfaces (HI-2 and HI-3) specifications. Furthermore, ETSI had defined a dedicated Handover Interface, named HI-1, referred to be also crossing borders between countries based on corresponding international laws or agreements. HI-1 was defined as an interface between LEA and CSP to transport all kind of administrative information being used for the transmission of the request to establish or to remove the interception action from the LEA to the CSP and the acknowledgement message back to the LEA.
LAWFUL INTERCEPTION ITEMS FOR VOLTE
by Gerald McQuaid and Domenico Raffaele Cione (N. II_MMXVI)
VoLTE, Voice over Long Term Evolution (LTE), is a standard-based technology used to support voice calls over the LTE technology being now used by 4G wireless networks.