Domenico CioneETSI StandardsGerald McQuaidIII_MMXIX

ETSI LI & RD Status (Sept. 2019)

by Gerald McQuaid and Domenico Raffaele Cione

This article highlights the relevant ETSI activity on Lawful Interception (LI) and Retained Data (RD) as update to the previous article of February 2017. The 2018th and 2019th period work items are described in the following section.



Most ETSI TC LI committee work was focused to standardize both the LI internal (X) and external handover (HI) interfaces to cover the new 5G requirements in addition to the latest coming LEA functional demands.
The 5G Interception domain addressed by ETSI interfaces includes the one being defined by the 3GPP committees as specified by the Release 15 LI specifications ETSI TS 133 126 (5G LEA requirements from 3GPP TS 33 126), ETSI TS 133 127 (5G Architecture and Functions from 3GPP TS 33 127) and ETSI TS 133 128 (5G Protocols and Procedures from 3GPP TS 33 128).

The Internal Network Interfaces for the administrative LI procedures (X1, ref. TS 103 221-1) was for the first time standardized in 2018 and enhanced by ETSI during 2019 to cover all the possible administrative interfaces from the CSP Administration Function (ADMF) towards the Network Elements (NE’s), Triggering Functions and Mediation Functions (MF’s). ETSI X1 is now structured to cover all the network interception domains scenarios (e.g. including 5G use cases).
TS 102 677 v1.1.1 on LI Dynamic Triggering (DT) of Interception was published during 2019 focusing on the architecture for the lawful interception of dynamically-allocated flows in a secondary communications domain, triggered by the activity of permanent identities in a primary domain. DT compliments the use of ETSI TS 103 221-1 X1 interface specification.

The Internal Network Interfaces for the IRI (Intercept Related Information) and CC (Content of Communication) data (X2 and X3, ref. TS 103 221-2) have just been finalized to support any Product Data Units (PDUs) type format (i.e. 3GPP, ETSI TS 102 232 parts) transferring from Points of Interception (POI’s) towards the Mediation Delivery Functions (MFD’s). Furthermore, ETSI TC LI has started a study on high bandwidth delivery (to be published as TR 103 656 expected in 2020) focusing on the X3 and HI3 interfaces with the intent to define the proper protocol mechanisms assuring all data delivery with respect all possible huge delivery data throughput for 5G relevant use cases.


For the External Network Interfaces, ETSI is now working solely on the IP based delivery HI of TS 102 232-i family based on the decision to put the TS 101 671 (and related ES 201 671) specifications to the historical status (e.g. not updated anymore since 2018).
TC LI has published new versions of HI of TS 102 232-i family to provide LEA with intercepted data of communication services for messaging, internet access, layer 2, IP multimedia, PSTN/ISDN and mobile. The new TS 102 232-1 v3.20.1 has been enriched to provide HI2 and HI3 data handover of the Inter LEMF HI (ILHI) and of the 5G PDUs also covering the new payload type HI4 PDU of 3GPP TS 33.128 (ref. TS 102 232-7 v3.6.1). For VoLTE roaming, the ETSI HI is aligned to support LI in VPLMN with S8HR as defined in 3GPP.
The interception of the IP Multimedia services has been improved (ref. TS 102 232-5 v3.11.1) to include IMSI/IMEI as possible target identifiers, IRI only for SMS in SIP messages.
TS 102 232-2 is now under study to extend the lawful interception to the Instant Messaging service as defined at EC level to allow users to transfer messages of a finite number of users in near-real-time whereby the persons initiating or participating in the communications determine its recipient(s).

A new publication of the Dictionary for common standard parameters, TS 103 280 v2.3.1 was provided in 2019 to add the 5G identifiers and to correct several previous 4G, 3G parameters that are commonly used in the different LI specifications where interfaces are specified. Furthermore, it was guaranteed also the alignment to the ASN.1 object identifies defined in latest LI HI specification by releasing the updated version v1.12.1 of the report TR 102 503 (with v1.13.1 expected by October 2019).

Retained Data (RD) Handover Interface specification was enhanced to take into account of a series of input from LEA’s requesting to add new data as payment transaction, passport or ID copy, bill copy, Multi-SIM support. TS 102 657 v1.23.1 was published.
ETSI is now working to extend the RD HI interfaces to handover the so-called “Lawful Disclosure” (LD), which not only deals with CDRs and subscription information, but may also be used for retrieval of invoices, mailboxes and other business data available within the CSP domain.
The new HI1 specification TS 103 120 v1.3.1 (updated to support 5G) was agreed to be extended to support LD for both warrant request managing (from LEA to CSP) and subsequent LD data transferring (from CSP to LEA). This new LD specification is planned to be finalized by ETSI by mid 2020.

The new TS 103 462 v1.1.1 was published in 2018 to address the new European Investigation Order (EIO) for criminal matters which specifies that an LEA of a country A shall be able to get intercepted data of a target using a communication service in a CSP network located in a country B. This first Inter LEMF handover interface (ILHI) was specified for LI data and following it was agreed for a new work item to extend this ILHI specification to RD and LD data.

Current most ETSI organizations focus and work action is currently for a Technical Report (to be published as TR 103 685 expected in 2020) on LI and LD network function security focusing on threats and risks to provide applicable recommendations. Major interest is on virtualization including but not restricted to NFV (ref. GR NFV-SEC 011 v1.1.1).


Latest published ETSI standard on LI & RD* (September 2019)

ETSI TS 103 221-1 V1.5.1 (2019-07) Lawful Interception (LI); Part 1: Internal Network Interface X1 for Lawful Interception
It refers to internal intercepted information on X1 interface between the two entities of the controlling function (e.g. a CSP Administration Function (ADMF)) and the controlled function (e.g. a Network Element (NE) performing interception or mediation).

ETSI TS 103 221-2 V1.1.1 (2019-03) Lawful Interception (LI); Part 2: Internal Network Interface X2/X3 for Lawful Interception. It refers to internal intercepted information on X2/X3 interface between the two entities of the Point Of Interception (POI), which performs interception and the Mediation Function (MF), which performs the necessary translation, correlation and mediation for onward handover over material to LEAs via the HI2 and HI3 interfaces.

ETSI TS 103 120 v1.3.1 (2019-05) Lawful Interception (LI); Interface for warrant information. It defines a standard HI electronic interface for the LI warrant management, e.g. HI1. It is intended to be used also in the new NFV network scenarios.

ETSI TS 103 462 v1.1.1 (2018-07) Lawful Interception (LI); Inter LEMF Handover Interface. It specifies the LEMF to LEMF interface to support (as a minimum) European Investigation Orders (EIOs) related to LI and/or RD. The specification aims to be capable of securely handling real-time and stored data transfer between LEMFs in accordance with ETSI TS 102 232 parts 1 to 7 and the related ETSI TS 133 108/128 for LI.

ETSI TS 102 232-1 V3.20.1 (2019-08) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP delivery. It refers to handover intercepted information via IP-based networks from a CSP to an LEMF covering the transportation of traffic without specifying any service functionality within CSPs or LEMF.

ETSI TS 102 232-5 V3.11.1 (2019-08) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia Services. It details HI IRI and CC in relation to the Internet Protocol (IP) Multimedia (MM) Services based on the Session Initiation Protocol (SIP) and Real Time Transport Protocol (RTP) and Message Session Relay Protocol (MSRP) and IP MM services as described by the Recommendations ITU-T H.323 and H.248.

ETSI TS 102 232-7 V3.6.1 (2019-04) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 7: Service-specific details for Mobile Services. It specifies an approach for the handover of the lawfully-intercepted information that is defined by 3GPP TS 33.108 & TS 33.128 (5G) and by ANSI/J-STD-025-B by using the handover techniques defined in ETSI TS 102 232-1.

ETSI TS 102 657 V1.23.1 (2019-08) Lawful Interception (LI); Retained data handling; Handover interface for the request and delivery of retained data. It contains handover requirements and a handover specification for the data that is identified in national legislations on Retained Data. It defines an electronic interface and considers both the requesting of retained data and the delivery of the results.

ETSI GS NFV-SEC 011 V1.1.1 (2018-04) Network Functions Virtualization (NFV); NFV Security; Report on NFV LI Architecture. It identifies the set of capabilities, interfaces, functions and components which can be utilized by the virtualized applications (VNFs) to provide Lawful Interception

ETSI TS 103 280 V1.3.1 (2019-04) Lawful Interception (LI); Dictionary for common parameters. It defines a dictionary of parameters that are commonly used in multiple TC LI specifications. It represents a reference document to provide technical means for other specifications to use and it is intended to be a reference in the development of new specifications

ETSI TR 102 503 V1.12.1 (2018-10) Lawful Interception (LI); ASN.1 Object Identifiers in Lawful Interception and Retained data handling Specifications. It reported the updated overview over the relevant Object Identifiers (OID) used in Lawful Interception and Retained data handling specifications of ETSI and other specifications from ITU-T and ISO.

ETSI TS 101 671 V3.15.1 (2018-06) Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic. First ETSI specification defining HI2 (Rose and FTP) and HI3 for GSM, TETRA, GPRS, ISDN, PSTN, fixed NGN (including PSTN/ISDN emulation) and fixed IMS PSTN simulation.

ETSI TS 133 126 V15.1.0 (2019-04) LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Lawful Interception requirements (3GPP TS 33.126 Release 15)
It specifies Stage 1 Lawful Interception requirements for 3GPP networks and services. It covers 5G as difference from ETSI TS 133 106 V15.1.0 (2018-06).

ETSI TS 133 127 V15.2.0 (2019-07) LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Lawful Interception (LI) architecture and functions (3GPP TS 33.127 Release 15)
It specifies Stage 2 Lawful Interception architecture and functions for 3GPP networks. It covers 5G as difference from ETSI TS 133 107 V15.6.0 (2019-07).

ETSI TS 133 128 V15.1.0 (2019-07) LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Security; Protocol and procedures for Lawful Interception (LI); Stage 3 (3GPP TS 33.128 Release 15). It specifies Stage 3 Lawful Interception protocol and procedures for 3GPP networks. It covers 5G as difference from ETSI TS 133 108 V15.5.0 (2019-07).

Note: * The list is limited to the Specifications published during 2019 and 2018 only. ©


You can also hear this news on Amazon's Alexa
Show More

Related Articles