This document highlights the ETSI activity on Lawful Interception (LI) and Retained Data (RD) at end of 2021 as update from Q4 2020 status.
ETSI TC LI committee worked primary to provide new versions of the LI internal (X) and external handover interfaces (HI) specifications to address the newest LEA demands and the 5G requirements of the 3GPP Releases as being specified in ETSI TS 133 126 (5G LEA requirements from 3GPP TS 33 126), ETSI TS 133 127 (5G Architecture and Functions from 3GPP TS 33 127) and ETSI TS 133 128 (5G Protocols and Procedures from 3GPP TS 33 128).
Such a work was in parallel with the updating of the Requirements for network function (TS 101 158) to detail the new LI architecture reference model for the Virtualized networks coordinating it with ETSI ISG NFV and 3GPP SA3-LI specifications. Most work focus was to define standard procedures for the initial LI automatic configuration (X0) and administrative (X1) phases for the Virtualized Network scenarios to be applied also to the 3GPP 5G interception domain.
The Internal Network Interfaces for the administrative LI procedures (X1, ref. TS 103 221-1) were clarified for different use cases and progressed primarily to manage the hashed identifiers (with new X1 generic object) and to select the service type when managing a command towards the Network Elements. The Internal Network Interfaces for the IRI (Intercept Related Information) and CC (Content of Communication) data (X2 and X3, ref. TS 103 221-2) were updated with clarifications, i.e. sequence number detailing, and corrections but also extended them to transport new payloads, i.e. 3GPP Non-IP Data Delivery, and to optimize the X3 delivery avoiding multiple copies of the same CC for different interception orders.
For the External Network Interfaces, ETSI has further progressed the handover interface of TS 103 707 used mostly by OTT CSPs to deliver messaging services for LI over HTTP/XML as alternative to LI delivery over TCP/ASN.1. The new v1.4.1 version covered the delivery of Lawful Disclosure (LD) information for messaging services, the security recommendations and the multiple handover items.
The HTTP delivery mechanism was specified by the TS 103 120 whose new version v.1.10.1 included the international email address type, enhanced the details of the Approver and the Request and extended the delivery address fields.
The HI interfaces were updated to the new TS 102 232-1 v3.25.1 which clarified several LI HI header data, e.g. sequence number and LIID, and added new HI information relevant for LEAs to identify the internal network point of interceptions for each HI PDU of the 5G mobile services, e.g. RFID and extended IPID.
The Service-specific details for messaging services were extended to the TS 102 232-2 v3.13.2 to support the international email addresses and to solve formatting issues in the associated ASN.1 file.
In addition to the messaging service interception, the IP delivery mechanism of TS 102 232-i parts was progressed to cover new requirements for the IP Multimedia Services (ref. TS 102 232-5 v3.14.1 updated to refer to V4 ATIS-1000678) and for Mobile Services (ref. TS 102 232-7 v3.10.1 updated to provide LEA with data identifying the internal network interception point per each received PDU on HI for 5G).
The new version v2.7.1 of the Dictionary for common standard parameters TS 103 280 was published in 2021 to add new parameters, e.g. the international email and EUI64, and to improve the TS readability by corrections and better examples. Furthermore, it was guaranteed also the alignment to the ASN.1 object identifies defined in latest ETSI HI specifications by publishing the updated version v1.15.1 of the report TR 102 503.
The requirement of the conditional delivery of location information and the content of communication on a per-intercept basis was included in the specification Requirements of Law Enforcement Agencies, published as TS 101 331 v1.8.1.
TC LI continued the investigation to verify to what extent the existing TC LI specifications can be used for an interface between law enforcement and providers of vehicle information. Following to the publication of the TR 103 767 on Considerations about interfacing with providers of vehicle information, a new study started on Interfaces for Lawful Disclosure of vehicle related data (ref. TR 103 854) to describe scenarios and provide examples and recommendations.
The Retained Data (RD) Handover Interface specification was enhanced to include a series of requests from LEAs to add new data for message services, network access services, telephony and multi-media services.
TS 102 657 v1.28.1 was published and verified to cover all relevant 5G interception domain scenarios. This TS and its related requirement TS 102 656 remain the only ETSI specification targeting RD as the new ETSI TC LI new work items are focusing on “Lawful Disclosure” (LD), which covers, in addition to CDRs and subscription information, invoices, mailboxes and other business data available within the CSP domain. In such context, TC LI kept working on the new TS 103 705: Data Structures for Lawful Disclosure. This work will specify flexible and extensible data structures for Lawful Disclosure for use in combination with existing ETSI handover interface standards, e.g. TS 103 120 or TS 103 462.
Several ETSI TC LI meeting sessions were focused on the inter LEMF handover interface (ILHI, ref. TS 103 462) used to support the European Investigation Order (EIO) for criminal matters for transferring between LEAs both real-time data (in line with TS 102 232 parts, ETSI TS 133.108 and TS 133.128) and stored data (Lawful Disclosure, LD, in line with TS 102 657 and TS 103 120).
Most attention was for the national parameters and implementations in the context of ILHI and cross-border data exchange in criminal matters with focus on the mapping of national data structures and single parameters into a related ETSI standard and, if necessary, also the mapping back into the national structure. All these items were addressed by the study TR 103 727 Library and Mapping for Lawful Interception (LI) and Lawful Disclosure (LD) which was finalized and published as version v1.1.1.
Following to several requests to clarify traceability and retention aspects for IP address, ETSI started a study to provide indications regarding typical IP usage and Network Address Translation within a CSP or Internet Service Provider. The related TR (ref. TR 103 829) was well progressed along 2021 to plan its finalization and approval by mid of 2022.
TC LI also started a new study to be published as TR 103 830: LEA support services; Development and evaluation of technical capabilities. This work will serve as a guidance document to help manufacturers, Communications Service Providers (CSPs), Law Enforcement Agencies (LEAs) and other stakeholders to provide support for development and evaluation of technical capabilities regarding LEA support services. These include support for public safety, e.g. during serious crime situations and life at risk queries, such as provision of location and search of unknown identities.
Latest published ETSI standard on LI & RD (December 2021)
The following list is limited to the ETSI Specifications and Reports published during last quarter of 2020 and during 2021.
ETSI TS 103 221-1 V1.10.1 (2021-11)
Lawful Interception (LI); Part 1: Internal Network Interfaces; Part 1: X1
It refers to internal intercepted information on X1 interface between the two entities of the controlling function (i.e. a CSP Administration Function (ADMF)) and the controlled function (i.e. a Network Element (NE) performing interception or mediation). ETSI TS 133 127 5G administrative interfaces with ADMF, TF and POI entities are covered.
ETSI TS 103 221-2 V1.5.2 (2021-10)
Lawful Interception (LI); Internal Network Interfaces; Part 2: X2/X3
It refers to internal intercepted information on X2/X3 interface between the two entities of the Point Of Interception (POI), which performs interception and the Mediation and Deliver Function (MDF), which performs the necessary translation, correlation and mediation for onward handover over material to LEAs via the HI2 and HI3 interfaces.
ETSI TS 133 126 V16.3.0 (2021-01)
LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Lawful Interception requirements (3GPP TS 33.126 Release 16).
It specifies Stage 1 Lawful Interception requirements for 3GPP networks and services. It covers 5G as difference from ETSI TS 133 106 V16.3.0 (2020-11).
ETSI TS 133 127 V16.9.0 (2021-09)
LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Lawful Interception (LI) architecture and functions (3GPP TS 33.127 Release 16)
It specifies Stage 2 Lawful Interception architecture and functions for 3GPP networks. It covers 5G as difference from ETSI TS 133 107 V16.9.0.
ETSI TS 133 108 V16.4.0 (2021-08)
Universal Mobile Telecommunications System (UMTS); LTE; Digital cellular telecommunications system (Phase 2+) (GSM); 3G security; Handover interface for Lawful Interception (LI) (3GPP TS 33.108 version 16.4.0 Release 16))
It specifies Stage 3 Lawful Interception protocol and procedures for 3GPP networks for legacy 2G, 3G and 4G systems.
ETSI TS 133 128 V16.8.0 (2021-09)
LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Security; Protocol and procedures for Lawful Interception (LI); Stage 3 (3GPP TS 33.128 Release 16)
It specifies Stage 3 Lawful Interception protocol and procedures for 3GPP networks. It covers 5G as difference from ETSI TS 133 108 V16.8.0.
ETSI TS 103 707 v1.4.1 (2021-11)
Lawful Interception (LI); Handover for messaging services over HTTP/XML
It defines a standard handover to deliver messaging services for LI over HTTP/XML. The CSP may opt to use other standards to facilitate LI over TCP/ASN.1 as an alternative message format, e.g. ETSI TS 102 232-2 (for messaging services) and ETSI TS 102 232-5 (for IP Multimedia Services).
ETSI TS 103 120 v1.10.1 (2021-11)
Lawful Interception (LI); Interface for warrant information
It defines a standard HI electronic interface for the LI warrant management, e.g. HI1. Additionally, it is supported the Lawful Disclosure (LD) warrant management and delivery. The defined HI is intended to be used also in the new NFV network scenarios.
ETSI TS 102 232-1 V3.25.1 (2021-11)
Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP delivery
It refers to handover intercepted information via IP-based networks from a CSP to an LEMF covering the transportation of traffic without specifying any service functionality within CSPs or LEMF.
ETSI TS 102 232-2 V3.13.2 (2021-10)
Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 2: Service-specific details for messaging services
It contains a stage 1 and stage 2 description of the interception information in relation to the process of sending and receiving asynchronous messages, i.e. email, unified messaging and chat applications.
ETSI TS 102 232-5 V3.14.1 (2021-04)
Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia Services
It details HI IRI and CC in relation to the Internet Protocol (IP) Multimedia (MM) Services based on the Session Initiation Protocol (SIP) and Real Time Transport Protocol (RTP) and Message Session Relay Protocol (MSRP) and IP MM services as described by the Recommendations ITU-T H.323 and H.248.
ETSI TS 102 232-7 V3.10.1 (2021-09)
Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 7: Service-specific details for Mobile Services
It specifies an approach for the handover of the lawfully intercepted information that is defined by 3GPP TS 33.108 & TS 33.128 (5G) and by ANSI/J-STD-025-B by using the handover techniques defined in ETSI TS 102 232-1.
ETSI TS 103 280 V2.6.1 (2021-11)
Lawful Interception (LI); Dictionary for common parameters
It defines a dictionary of parameters that are commonly used in multiple TC LI specifications. It represents a reference document to provide technical means for other specifications to use and it is intended to be a reference in the development of new specifications.
ETSI TR 102 503 V1.15.1 (2021-11)
Lawful Interception (LI); ASN.1 Object Identifiers in Lawful Interception and Retained data handling Specifications
It provides an overview over the relevant Object IDentifiers (OID) used in Lawful Interception and Retained data handling specifications of ETSI and other specifications from ITU-T and ISO.
ETSI TS 101 331 v1.8.1 (2021-07)
Lawful Interception (LI); Requirements of Law Enforcement Agencies
It gives guidance for lawful interception of telecommunications in the area of co-operation by network operators, access providers, and service providers. It provides a set of requirements relating to handover interfaces for the interception by law enforcement and state security agencies.
ETSI TS 102 657 V1.28.1 (2021-11)
Lawful Interception (LI); Retained data handling; Handover interface for the request and delivery of retained data
It contains handover requirements and a handover specification for the data that is identified in national legislations on Retained Data. It defines an electronic interface and considers both the requesting of retained data and the delivery of the results.
ETSI TR 103 727 V1.1.1 (2021-11)
Lawful Interception (LI); Library and mapping for Lawful Interception (LI) and Lawful Disclosure (LD)
It specifies the handling of national parameters and implementations in the context of the Inter LEA Handover Interface and cross-border data exchange in criminal matters. ©