Sicurezza e Giustizia

THE LI-INTERFACE FOR WARRANT INFORMATION

Facebooktwitterredditpinterestlinkedinmail

by Gerald McQuaid and Domenico Raffaele Cione

Traditionally the ETSI standardization work was focused on IRI and CC data details by defining, updating and maintaining related data Handover Interfaces (HI-2 and HI-3) specifications. Furthermore, ETSI had defined a dedicated Handover Interface, named HI-1, referred to be also crossing borders between countries based on corresponding international laws or agreements. HI-1 was defined as an interface between LEA and CSP to transport all kind of administrative information being used for the transmission of the request to establish or to remove the interception action from the LEA to the CSP and the acknowledgement message back to the LEA.

pdf-icon

 

1.     Background
Traditionally the ETSI standardization work was focused on IRI and CC data details (from CSP to LEA) by defining, updating and maintaining related data Handover Interfaces (HI-2 and HI-3) specifications (ref. [1], [2], [3] with related services parts). Furthermore, ETSI had defined a dedicated Handover Interface, named HI-1, at clause 5.3 of ref. [7], referred to be also crossing borders between countries based on corresponding international laws or agreements. HI-1 was defined as an interface between LEA and CSP to transport all kind of administrative information being used for the transmission of the request to establish or to remove the interception action from the LEA to the CSP and the acknowledgement message back to the LEA. This HI-1 port was extended to support manual transmission (e.g. document fax) for cases in which an automatic transmission between LEA and CSP was not possible for some reasons. Status reporting from CSP to LEA or LEMF was defined to cover all kind of alarms, reports or information related to the intercept function. Overview of HI-1 was provided by clause 5.1 of ref. [1].

HI-1 was not standardized at stage 3 level (e.g. detailing protocols, messages, parameters) and its standard implementation was limited to HI-1 Notification interface data from CSP to LEA, as specified by clauses 5.1, 7 and D.4 of ref. [1] and by Annex M of ref. [2] specifically for the 3GPP HI-1 Notification. Both these HI Notification implementations are supported by the ASN.1 Specification of the ETSI HI IP delivery mechanism as specified by clause A.2 of ref. [3].

 

2.     Latest years standard evolution
Based on the experience of standardization in HI-2 and HI-3 that has provided industry with benefits in terms of interoperability, security and cost reduction, starting from 2013 almost all major European Government organizations present in ETSI TC LI have supported a new standard document to provide a completely new electronic interface for warrant information for the exchange of information relating to the establishment and management of Lawful Interception between two systems. The initial input materials were the requirements of the different Administrative European countries which were analyzed to identify the set of common requirements as base for the new HI standard specifications. Following the initial document definitions, also non-European organizations (from US and Australia among others) were actively involved by contributing with their requirements and implementation proposals resulting into a specification adoptable worldwide, hence not limited to the European countries context. The specification has been finalized in January 2016 with the publication of the ETSI TS 103 120 v1.1.1, ref. [4].
Usage of standardized HI-1 is applicable to several scenarios with LEA, CSP, Warrant Approval Authorities (single or multiple) and Central Authority. Figures 2a to 2d shows the main four architecture covered by this ETSI TS.

 

3.     TS 103 120 Specification
The standard document is intended to provide an interface and data structure of warrant leaving out the definition of the process for creating, approving and implementing a warrant as national matter. Specifically, the TS provides the definition of national profiles to specify the national logics and rules that are applied to warrant exchange. A National Profile is specified as informative example.
HI-1 is simply defined by means of Request and Response messages and each Message is made of a Header and a Payload component (Request Payload, Response Payload). The Message Header part is only intended to contain basic routing and identification information. The Message Payload consists of a collection of Actions (Action Requests, Action Responses) and only few basic actions have been identified, e.g. Get, Create, Update and List. Each Action was conceived to act on a specific Object which was defined as the relevant entity for Data Definitions. The basic set of standard Object types are defined for Authorization, Document, Notification and Task to manage the LI interception task associated to a target. ETSI target identifier formats and all possible error codes are all detailed within normative annexes.

Based on the defined data details, the specification provides LEA with the management of all the basic electronic procedures on warrants by allowing actions at different data levels (including also document exchange). The defined HI-1 interface is now being used as the new official standard HI-1 interface referred in all new LI specifications, i.e. the corresponding internal X1 interface (ref. [5]) and NFV LI Architecture (ref.[6]). Further analysis has started to consider its possible extension to new requirements, i.e. the possible coverage of the Retained Data HI management. Encoding and Transport mechanisms are specified in terms of XML schema and HTTP transport, but a nationally-defined transport alternative is allowed as national basis. ©

 


Other articles of Gerald McQuaid

ETSI INTERFACE TO IMPLEMENT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVIII)
The ETSI work to provide a Technical Specification (TS) to support the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] had started in 2016 and was carried on during all 2017 and 2018 on all technical aspects of the new interface resulting now finalized with the publication of a first version of the Inter LEMF Handover Interface (ILHI) [4]. This specification provides LEMF’s with all implementation details to allow LI data transferring from one LEMF located in the country B (responding country where a target abroad is requested to be intercepted) to a LEMF located in the country A (requesting country where the request of interception is originated).
LAWFUL INTERCEPTION IN VIRTUALIZED NETWORKS (Sept. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVII)
NFV refers to the replacement of traditional specialised hardware devices with software that can be installed on standardised, off-the-shelf piece of hardware. ETSI work on NFV was initially set to address a requirement to define a list of base security requirements imposed by lawful interception in the NFV architecture.
ETSI LI & RD Status (Feb. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVII)
Current ETSI activity on Lawful Interception (LI) and Retained Data (RD) is managed mainly by three main standardization committees: ETSI TC LI (the leading LI/RD group), TC CYBER and ISG NFV
LEMF TO LEMF INTERFACE TO SUPPORT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. IV_MMXVI)
Imminently, the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] is expected to become part of the EU-nations’ national laws. This EU directive requires each European Member State to transpose the directive into national law by 22 May 2017 (Article 33). This EIO describes the possibilities about lawful interception (LI) of telecommunications and collection of traffic and location retained data (RD) extended to network scenarios out of a pure national network context: an EIO may be issued for the interception of telecommunications by a Member State to obtain intercepted data of a target when using a communication service in a CSP’s network located in another Member State country (ref. Article 30 of [1]).
LAWFUL INTERCEPTION ITEMS FOR VOLTE
by Gerald McQuaid and Domenico Raffaele Cione (N. II_MMXVI)
VoLTE, Voice over Long Term Evolution (LTE), is a standard-based technology used to support voice calls over the LTE technology being now used by 4G wireless networks.
ETSI AND STATUS OF LI & RD STANDARDS
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVI)
This thematic section is intended to inform readers on the latest progress of standardization work items on Lawful Interception (LI) and Retained Data (RD) mainly focusing on European regional level (ETSI). The scope is to cover all relevant LI and RD aspects in terms of requirements, communication service providers architecture and network interfaces/protocols definition.

 


Other articles of Domenico Raffaele Cione

ETSI INTERFACE TO IMPLEMENT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVIII)
The ETSI work to provide a Technical Specification (TS) to support the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] had started in 2016 and was carried on during all 2017 and 2018 on all technical aspects of the new interface resulting now finalized with the publication of a first version of the Inter LEMF Handover Interface (ILHI) [4]. This specification provides LEMF’s with all implementation details to allow LI data transferring from one LEMF located in the country B (responding country where a target abroad is requested to be intercepted) to a LEMF located in the country A (requesting country where the request of interception is originated).
LAWFUL INTERCEPTION IN VIRTUALIZED NETWORKS (Sept. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVII)
NFV refers to the replacement of traditional specialised hardware devices with software that can be installed on standardised, off-the-shelf piece of hardware. ETSI work on NFV was initially set to address a requirement to define a list of base security requirements imposed by lawful interception in the NFV architecture.
ETSI LI & RD Status (Feb. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVII)
Current ETSI activity on Lawful Interception (LI) and Retained Data (RD) is managed mainly by three main standardization committees: ETSI TC LI (the leading LI/RD group), TC CYBER and ISG NFV
LEMF TO LEMF INTERFACE TO SUPPORT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. IV_MMXVI)
Imminently, the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] is expected to become part of the EU-nations’ national laws. This EU directive requires each European Member State to transpose the directive into national law by 22 May 2017 (Article 33). This EIO describes the possibilities about lawful interception (LI) of telecommunications and collection of traffic and location retained data (RD) extended to network scenarios out of a pure national network context: an EIO may be issued for the interception of telecommunications by a Member State to obtain intercepted data of a target when using a communication service in a CSP’s network located in another Member State country (ref. Article 30 of [1]).
LAWFUL INTERCEPTION ITEMS FOR VOLTE
by Gerald McQuaid and Domenico Raffaele Cione (N. II_MMXVI)
VoLTE, Voice over Long Term Evolution (LTE), is a standard-based technology used to support voice calls over the LTE technology being now used by 4G wireless networks.
ETSI AND STATUS OF LI & RD STANDARDS
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVI)
This thematic section is intended to inform readers on the latest progress of standardization work items on Lawful Interception (LI) and Retained Data (RD) mainly focusing on European regional level (ETSI). The scope is to cover all relevant LI and RD aspects in terms of requirements, communication service providers architecture and network interfaces/protocols definition.