This document highlights the ETSI activity on Lawful Interception (LI) and Retained Data (RD) at end of 2022 as update from Q4 2021 status.
ETSI TC LI committee worked mainly to provide new versions of the LI internal (X) and external handover interfaces (HI) specifications to address the latest LEA demands and the 5G requirements of the 3GPP Release 17 as being specified in ETSI TS 133 126 (5G LEA requirements from 3GPP TS 33 126), ETSI TS 133 127 (5G Architecture and Functions from 3GPP TS 33 127) and ETSI TS 133 128 (5G Protocols and Procedures from 3GPP TS 33 128).
Such a work was coordinated with the revision of the Requirements for network function (TS 101 158) which defines the LI architecture reference model for the Virtualized networks synchronizing it with ETSI ISG NFV and 3GPP SA3-LI specifications.
Most work effort was to define standard procedures for the initial LI automatic configuration (X0), attestation, certification and administrative (X1) phases for the Virtualized Network scenarios to be applied also to the 3GPP 5G interception domain.
The Internal Network Interfaces for the administrative LI procedures (X1, ref. TS 103 221-1) were extended to cover new use cases and to manage multiple destination endpoints for X2/X3 delivery points (with a new X1 generic object). X1 was further optimized to implement selective data details retrieval from NE based on ADMF explicit requests.
The Internal Network Interfaces for the IRI (Intercept Related Information) and CC (Content of Communication) data (X2 and X3, ref. TS 103 221-2) received several inputs and as a result they were revised to enhance them with new attribute data transferring.
All these X interfaces were part of an ETSI standard study with the target to identify the features required to use them in all the interception domain contexts (i.e. also addressing Internet Access services).
For the External Network Interfaces, ETSI has further extended the handover interface of TS 103 707 for HTTP delivery of LI and Lawful Disclosure (LD) clarifying that it applies in particular to messaging services but is not limited to such services.
This kind of delivery can be an alternative to LI delivery over TCP/ASN.1.
The HTTP delivery mechanism was specified by the TS 103 120 whose new version v.1.11.2 covers the new target identifiers of the Cell Global Identifier (CGI), E-UTRAN CGI (ECGI), NR CGI (NCGI) and Integrated Circuit Card Identifier (ICCID).
A study was started on HI1 for detailing the Traffic Policy Objects with the intent to provide a means of reducing the bandwidth used for handover of LI product by identifying certain flows that should be summarized.
The HI interfaces were updated to the new TS 102 232-1 v3.28.1 to support TLS 1.3 (ref. IETF RFC 8446) and the notification of the location of the NR Cell Id and the non-3GPP Access information (as defined by 3GPP).
Furthermore, it was agreed for all TS 102 232 parts family to structure the HI specifications by moving the related ASN.1 descriptions to separated documents to be used directly by manufactures to implements the systems supporting such a parameter sets delivery from CSP to LEA domain.
The Service-specific details for the IP Multimedia Services (ref. TS 102 232-5 v3.17.1) was progressed to add the location of the NR Cell Id as target location and to detail the correlation aspects at protocol level.
The new version v2.8.1 of the Dictionary for common standard parameters TS 103 280 was published in 2022 to cover new parameters, e.g. CGI, ECGI, NR CGI and ICCID. In addition, it was guaranteed also the alignment to the ASN.1 object identifies defined in latest ETSI HI specifications by publishing the updated version v1.16.1 of the report TR 102 503.
TC LI continued the study to detail the interface between law enforcement and providers of vehicle information based on the HI base concepts. In the light of the considerations about interfacing with providers of vehicle information (ref. TR 103 767), TC LI published the new study TR 103 854 v1.1.1 on Interfaces for Lawful Disclosure of vehicle related data to describe scenarios, examples and to provide recommendations.
TR 103 767 and TR 103 854 were regarded as complete to cover all relevant stages 1 and 2 aspects of a traditional standards-making procedures, hence it is currently under discussion to start a new work item for a normative specification to cover the stage 3 aspects (e.g. HI protocol aspects).
TR 103 829 on LI IP address retention and traceability was finalized and published as first version v1.1.1 during 2022 primarily to provide indications on typical IP usage and Network Address Translation within a CSP or Internet Service Provider. It also described the Methods for accessing records of IP and port allocation from within a CSP’s network and Methods for retaining and querying stored IP association records.
The Retained Data (RD) Handover Interface specification (ref. TS 102 567 v1.29.1) was enhanced to include Edge Computing as defined by ETSI TS 123 558. A completely new service-specific details annex was added to manage the Edge Computing applications data delivery from CSP to Authorized Organization domain.
Several ETSI TC LI meeting discussions focused on the inter LEMF handover interface (ILHI, ref. TS 103 462) used to support the European Investigation Order (EIO) for criminal matters, in order to transfer between LEAs both real-time data (in line with TS 102 232 parts, ETSI TS 133.108 and TS 133.128) and stored data (Lawful Disclosure, LD, in line with TS 102 657 and TS 103 120).
Most attention was for specifying flexible and extensible data structures for Lawful Disclosure for use in combination with ILHI and with electronic warrant interfaces. This work will result into the new TS on Data Structure for Lawful Disclosure (ref. draft TS 103 705) whose first version publication is planned for late 2023.
Latest published ETSI standard on LI & RD (December 2022)
The following list is limited to the ETSI Specifications and Reports published during last quarter of 2021 and during 2022.
ETSI TS 103 221-1 V1.12.1 (2022-08) Lawful Interception (LI); Part 1: Internal Network Interfaces; Part 1: X1. It refers to internal intercepted information on X1 interface between the two entities of the controlling function (i.e. a CSP Administration Function (ADMF)) and the controlled function (i.e. a Network Element (NE) performing interception or mediation). ETSI TS 133 127 5G administrative interfaces with ADMF, TF and POI entities are covered.
ETSI TS 103 221-2 V1.6.1 (2022-03) Lawful Interception (LI); Internal Network Interfaces; Part 2: X2/X3. It refers to internal intercepted information on X2/X3 interface between the two entities of the Point Of Interception (POI), which performs interception and the Mediation and Deliver Function (MDF), which performs the necessary translation, correlation and mediation for onward handover over material to LEAs via the HI2 and HI3 interfaces.
ETSI TS 133 126 V17.3.0 (2022-09) – LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Lawful Interception requirements (3GPP TS 33.126 Release 17). It specifies Stage 1 Lawful Interception requirements for 3GPP networks and services. It covers 5G as difference from ETSI TS 133 106 V17.0.0 (2022-04).
ETSI TS 133 127 V17.6.0 (2022-09) – LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Lawful Interception (LI) architecture and functions (3GPP TS 33.127 Release 17). It specifies Stage 2 Lawful Interception architecture and functions for 3GPP networks. It covers 5G as difference from ETSI TS 133 107 V17.0.0.
ETSI TS 133 128 V17.6.0 (2022-09) – LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Security; Protocol and procedures for Lawful Interception (LI); Stage 3 (3GPP TS 33.128 Release 17). It specifies Stage 3 Lawful Interception protocol and procedures for 3GPP networks. It covers 5G as difference from ETSI TS 133 108 V17.0.0.
ETSI TS 133 106 V17.0.0 (2022-04) – Universal Mobile Telecommunications System (UMTS); LTE; Digital cellular telecommunications system (Phase 2+) (GSM); 3G security; Lawful interception requirements (3GPP TS 33.106 version 17.0.0 Release 17). It specifies Stage 1 Lawful Interception protocol and procedures for 3GPP networks for legacy 2G, 3G and 4G systems.
ETSI TS 133 107 V17.0.0 (2022-04) – Universal Mobile Telecommunications System (UMTS); LTE; Digital cellular telecommunications system (Phase 2+) (GSM); 3G security; Lawful interception architecture and functions (3GPP TS 33.107 version 17.0.0 Release 17). It specifies Stage 2 Lawful Interception protocol and procedures for 3GPP networks for legacy 2G, 3G and 4G systems.
ETSI TS 133 108 V17.0.0 (2022-04) – Universal Mobile Telecommunications System (UMTS); LTE; Digital cellular telecommunications system (Phase 2+) (GSM); 3G security; Handover interface for Lawful Interception (LI) (3GPP TS 33.108 version 17.0.0 Release 17). It specifies Stage 3 Lawful Interception protocol and procedures for 3GPP networks for legacy 2G, 3G and 4G systems.
ETSI TS 103 707 v1.6.1 (2022-08) Lawful Interception (LI); Handover Interface for HTTP delivery. It defines a standard handover for HTTP delivery of LI and LD. It applies in particular to messaging services, but is not limited to messaging services. The CSP may opt to use other standards to facilitate LI over TCP/ASN.1 as an alternative message format, e.g. ETSI TS 102 232-2 (for messaging services) and ETSI TS 102 232-5 (for IP Multimedia Services).
ETSI TS 103 120 v1.12.1 (2022-12) Lawful Interception (LI); Interface for warrant information. It defines a standard HI electronic interface for the LI warrant management, e.g. HI1. Additionally, it is supported the Lawful Disclosure (LD) warrant management and delivery. The defined HI is intended to be used also in the new NFV network scenarios.
ETSI TS 102 232-1 V3.28.1 (2022-11) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP delivery. It refers to handover intercepted information via IP-based networks from a CSP to an LEMF covering the transportation of traffic without specifying any service functionality within CSPs or LEMF.
ETSI TS 102 232-2 V3.15.1 (2022-11) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 2: Service-specific details for messaging services. It contains a stage 1 and stage 2 description of the interception information in relation to the process of sending and receiving asynchronous messages, i.e. email, unified messaging and chat applications.
ETSI TS 102 232-3 V3.10.1 (2022-11) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 3: Service-specific details for internet access services. It contains a stage 1 description of the interception information in relation to the process of binding a “target identity” to an IP address when providing Internet access and a stage 2 description on IRI and CC.
ETSI TS 102 232-4 V3.5.1 (2022-11) – LawfulI nterception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 4: Service-specific details for Layer 2 services. It specifies Lawful Interception for an Access Provider that has access to layer 2 session information and that is not required to have layer 3 information.
ETSI TS 102 232-5 V3.17.1 (2022-11) – Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia Services. It details HI IRI and CC in relation to the Internet Protocol (IP) Multimedia (MM) Services based on the Session Initiation Protocol (SIP) and Real Time Transport Protocol (RTP) and Message Session Relay Protocol (MSRP) and IP MM services as described by the Recommendations ITU-T H.323 and H.248.
ETSI TS 102 232-6 V3.4.1 (2022-11) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 6: Service-specific details for PSTN/ISDN services. It details the handover of the lawfully intercepted PSTN/ISDN Services (including emulated services such as those defined in ETSI ES 282 002) using packet-based techniques as defined in ETSI TS 102 232-1
ETSI TS 102 232-7 V3.12.1 (2022-11) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 7: Service-specific details for Mobile Services. It specifies an approach for the handover of the lawfully intercepted information that is defined by 3GPP TS 33.108 & TS 33.128 (5G) and by ANSI/J-STD-025-B by using the handover techniques defined in ETSI TS 102 232-1.
ETSI TS 103 280 V2.8.1 (2022-04) Lawful Interception (LI); Dictionary for common parameters. It defines a dictionary of parameters that are commonly used in multiple TC LI specifications. It represents a reference document to provide technical means for other specifications to use and it is intended to be a reference in the development of new specifications
ETSI TR 102 503 V1.15.1 (2022-11) Lawful Interception (LI); ASN.1 Object Identifiers in Lawful Interception and Retained data handling Specifications. It provides an overview over the relevant Object IDentifiers (OID) used in Lawful Interception and Retained data handling specifications of ETSI and other specifications from ITU-T and ISO.
ETSI TR 103 854 V1.1.1 (2022-03) LEA support services; Interfaces for Lawful Disclosure of vehicle-related data: scenarios, examples and recommendations. It describes an interface consisting of requests from a Law Enforcement Agency for vehicle-related data and the responses to those requests. It provides some usage scenarios, examples for this interface and includes a recommendation for the details of how the interface could work.
ETSI TR 103 829 V1.1.1 (2022-08) Lawful Interception (LI); IP address retention and traceability. It provides information regarding typical IP usage and Network Address Translation within a Communication or Internet Service Providers network.
ETSI TS 102 657 V1.29.1 (2022-11) Lawful Interception (LI); Retained data handling; Handover interface for the request and delivery of retained data. It contains handover requirements and a handover specification for the data that is identified in national legislations on Retained Data. It defines an electronic interface and considers both the requesting of retained data and the delivery of the results. ©
