by Domenico Raffaele Cione
This article highlights the ETSI activity on Lawful Interception (LI) and Retained Data (RD) as update to the previous article of September 2019. The work items from 2019 last quarter are described below.
ETSI TC LI committee focused primary to provide new versions of the LI internal (X) and external handover interfaces (HI) specifications to cover the latest LEA demands and the 5G requirements of the 3GPP Release 16 as being specified in ETSI TS 133 126 (5G LEA requirements from 3GPP TS 33 126), ETSI TS 133 127 (5G Architecture and Functions from 3GPP TS 33 127) and ETSI TS 133 128 (5G Protocols and Procedures from 3GPP TS 33 128).
The Internal Network Interfaces for the administrative LI procedures (X1, ref. TS 103 221-1) were progressed to use HTTP/2, TLS 1.3 and to have whole alignment to 3GPP specifications including terminology. The Internal Network Interfaces for the IRI (Intercept Related Information) and CC (Content of Communication) data (X2 and X3, ref. TS 103 221-2) were extended primary to transport new payload data for additional network services interception. The study over high bandwidth delivery on X/H interfaces was published as ETSI TR 103 656 v1.1.1 which describes potential solutions and recommendations on transmission and data flow isolation.
For the External Network Interfaces, ETSI has published a whole new handover interface, ref. TS 103 707 v1.1.1, to deliver messaging services for LI over HTTP/XML to be used by CSP (mainly not traditional service provider, i.e. OTT CSP) as alternative message format to LI delivery over TCP/ASN.1. This HTTP delivery mechanism is provided by the TS 103 120 v.1.7.1 as a possible option of all defined format for Lawful Disclosure (LD) together with procedures of the initial warrant request from LEA to CSP. The TS 102 232-2 v3.12.1 was extended to cover also “Instant Messenger” and “Chat” applications for delivery over TCP/ASN.1.
In addition to the messaging service interception, the IP delivery mechanism of TS 102 232-i parts was progressed to cover new requirements for the Internet Access Services (ref. TS 102 232-3 v3.9.1 including Packet Data Summary Report, PDSR), IP Multimedia Services (ref. TS 102 232-5 v3.13.1 clarifying signaling-data correlation, IP addresses setting for SIP IRI) , Mobile Services (ref. TS 102 232-7 v3.8.1 covering data handover defined by 3GPP TS 33.108 for UMTS/GPRS and EPS, ANSI/J STD 025 B for CDMA2000 and 3GPP TS 33.128 for 5G).
The general aspects of HI2/HI3 interfaces were updated by the new TS 102 232-1 v3.22.1 which clarified further 5G data notifications and Network Element identifiers.
The requirement of multiple interceptions for a single target service from a single Authorized Authority was explicitly included in the specification Requirements of Law Enforcement Agencies, published as TS 101 331 v1.6.1.
TC LI completed an investigation to verify to what extent the existing TC LI specifications can be used for an interface between law enforcement and providers of vehicle information. TR 103 767 v1.1.1 highlights all benefits to use an automated, secure, efficient interface whenever there is a lawful requirement to deliver information.
A new version of the Dictionary for common standard parameters, TS 103 280 v2.4.1 was published in 2020 mainly to clarify Date Time parameters definition. Furthermore, it was guaranteed also the alignment to the ASN.1 object identifies defined in latest ETSI HI specifications by publishing the updated version v1.14.1 of the report TR 102 503.
The Retained Data (RD) Handover Interface specification was enhanced to include a series of requests from LEAs to add new data as 5G specific parameters (i.e. SUPI, GPSI), transmitter details to location, UE Radio Capability identity and EID data. TS 102 657 v1.26.1 was published.
Except this TS, all other new ETSI handover interface specifications are extending their scope from RD to “Lawful Disclosure” (LD), which does not deal only with CDRs and subscription information, but may also be used for retrieval of invoices, mailboxes and other business data available within the CSP domain.
TS 103 462 v1.2.1 has included several indications from ETSI plugtests® on the inter LEMF handover interface (ILHI) used to support the European Investigation Order (EIO) for criminal matters. ETSI is now working to further revise this TS to extend the inter LEMF HI scope for an electronic handover interfaces covering different types of electronic evidence between LEAs, i.e. legal assistance regarding the European Production and Preservation Orders for electronic evidence in criminal matters, mutual legal assistance treaty (MLAT). Both real-time data (in line with TS 102 232 parts, ETSI TS 133.108 and TS 133.128) and stored data (Lawful Disclosure, LD, in line with TS 102 657 and TS 103 120) transfer between LEAs have been addressed.
During all 2020, ETSI TC LI worked on a study to describe the national parameters and implementations in the context of the ILHI (for the revision of TS 103 462) and cross-border data exchange in criminal matters. A relevant aspect is the mapping of national data structures and single parameters into a related ETSI standard and, if necessary, also the mapping back into the national structure.
Furthermore, the study focused on providing a library covering implementation aspects as connection parameters between the requesting and responding LEMF or specific parameter formats. All this study aspects have been formalized in the new TR 103 727 Library and Mapping for Lawful Interception (LI) and Lawful Disclosure (LD) whose first version publication is planned for the first half of 2021.
ETSI published a technical report on LI network function security, TR 103 685 v1.1.1, with an overview of LI and LD aspects in a virtualized environment. It examines the threat model, provides a list of provisions to address the identified threats and includes a checklist for the CSP to evaluate the security of an LI and LD deployment in a virtualized environment.©