22 June 2001
Source: Foundation for Information Policy
Research (FIPR).
Original in .DOC format: http://cryptome.org/09194.en1.doc
FIPR welcomes comments on this document Send to: [email protected]
[23 pages.]
COUNCIL OF THE EUROPEAN UNION |
Brussels, 20 June 2001
9194/01
LIMITE
ENFOPOL 55 |
|||
|
||||
|
LEGISLATIVE ACTS AND OTHER INSTRUMENTS
Subject : | Council Resolution on law enforcement operational needs with respect to public telecommunication networks and services |
COUNCIL RESOLUTION
of
on law enforcement operational needs
with respect to public telecommunication networks and services
THE COUNCIL OF THE EUROPEAN UNION,
Recalling the objectives of the Treaty on European Union;
Bearing in mind the Council Resolution of 17 January 1995 on the lawful interception of telecommunications;1
____________________
1 OJ C 329, 4.11.1996, p. 1.
Reaffirming the need, when implementing telecommunications interception measures, to observe the right of individuals to respect for their privacy;
Considering that criminals, like anyone else, use telecommunications in pursuit of their objectives and that they take advantage of opportunities offered by telecommunications systems both to avoid detection and to commit offences;
Convinced that lawful access to these telecommunications is vital in the investigation of serious crime and the prosecution of offenders;
Aware of the impact on lawful interception of new and emerging technologies in telecommunications;
Bearing in mind that the aim of the Resolution of 17 January 1995 was to provide a platform for discussion with Telecommunications Providers on Law Enforcement Agencies' operational needs rather than imposing legal obligations on them;
Taking into account the ongoing work of Law Enforcement Agencies to cooperate with the telecommunications industry in discussions of operational needs and means of meeting them;
Aware of the fact that the Resolution of 17 January 1995 described the operational needs of the Law Enforcement Agencies, but that the development of new technologies has made it necessary for some further explanation;
Noting the requirements of Member States to continue and maintain lawful interception capabilities;
Considering that the Annex to this Resolution constitutes an important summary and explanation of the operational needs of law enforcement agencies in taking account of new and emerging technologies,
HEREBY ADOPTS THIS RESOLUTION:
The Council calls upon Member States to ensure that, in the development and implementation in cooperation with communication service providers of any measures which may have a bearing on the carrying out of legally authorised forms of interception of telecommunications, the law enforcement operational needs, as described in the Annex, are duly taken into account.
______________________
ANNEX
Law Enforcement Operational Needs
Contents
Law Enforcement Operational Needs
Access to Communications Related Data
Delivery of Interception Product
Security of the Interception Facility
Access to Information on the Subject of Interception
Access to Multiple and Simultaneous Interceptions
Subject to national legislation, all kinds of telecommunications may be subject
to interception and/or data searches in relation to enquiries. This document
relates to the operational needs of Law Enforcement Agencies (LEAs)
with respect to public telecommunication networks and services. It does not
recommend technical specifications or solutions but is a set of guidelines
for technical discussions, which will be needed for implementation.
This document applies to all telecommunications services, circuit and packet switched, fixed and mobile networks and services.
For fixed networks this includes, for example, PSTN and ISDN (Integrated
Services Digital Network). For packet switched networks and services this
includes, for example, GPRS, UMTS (Universal Mobile Telecommunications System),
xDSL, TETRA (Trans European Trunk RAdio standard), Email/message services
and other Internet telecommunications services. For PLMN this includes, for
example, GSM (Global System for Mobile communications), CDMA, IS41, AMPS,
GPRS, UMTS, TETRA. It also applies to S-PCS (Satellite Personal Communication
Systems).
The International User Requirements (IURs), see OJ C 329, 4.11.1996, p. 2, were written at a time when telecommunications were predominantly circuit switched. Although this may have influenced the terminology used throughout the IUR, law enforcement's needs are technology neutral. The IUR expresses law enforcement's general operational needs regardless of technology even if some of the terms used, e.g. "call", appear to limit their scope to specific technologies. More detailed clarification of this and other terms is provided throughout this document.
Throughout the document, each IUR item is presented first, followed by
explanations/clarifications where applicable. The items are presented in
functional rather than numerical order.
[IUR 1] Law enforcement agencies require access to the entire telecommunications transmitted, or caused to be transmitted, to and from the number or other identifier of the target service used by the interception subject. Law enforcement agencies also require access to the call-associated data that are generated to process the call.
"Call" in this context means the entire telecommunications transmitted, or caused to be transmitted, to and from the entity associated with the number or other identifier specified in the legal authorisation. "Number" or "Identifier" is the means by which telecommunications facilities determine specific communications. Identifiers may refer to a physical or logical entity (e.g. user addresses, equipment identities, user name/passwords, port identities, mail addresses, etc.) and may differ according to the type of telecommunications system.
Typical, but not exclusive, examples for some specific services are: For PLMN IMSI, MS-ISDN, IMEI; for PSTN/ISDN directory numbers, port identification, personal and vanity numbers; for Internet (access) services IP addresses, account number, logon ID/password, PIN number and E-mail address.
Law enforcement needs the transmitted and received components of intercepted telecommunications to be delivered such that those components can be handled separately. (For example, this applies in telephony-like networks to ordinary calls between A and B party, conference calls, etc.).
Contemporaneous telecommunications should be handled in such a way that it is possible clearly to distinguish between them. (Some examples of telephony-like networks are enquiry calls, simultaneous forward calls, etc).
Law enforcement needs any telecommunications associated with the identifier of the subject of interception.
"Call Associated Data" should be understood as being "Communications Related Data" throughout the document. (See explanation under IUR 1.4 for more detail).
[IUR 1.1] Law enforcement agencies require access to all interception subjects operating temporarily or permanently within a telecommunications system.
Law enforcement needs access to telecommunications even when the subject of an interception is a temporary user of a network or telecommunications facility. (Some illustrative examples are: in PLMN roaming; in telephony-like systems UPT and calling cards; in Internet services remote access via other service providers, etc.).
[IUR 1.2] Law enforcement agencies require access in cases where the interception subject may be using features to divert calls to other telecommunications services or terminal equipment, including calls that traverse more than one network operator/service provider before completing.
As stated above, "Call" should be understood as "Telecommunications". Law enforcement needs any telecommunications associated with the identifier of the subject of interception. (Examples for telephony-like systems are diversion of calls or direct communication to a voicemail box).
Access to Communications Related Data
[IUR 1.4] Law enforcement agencies require access to call associated data such as:
The needs explained in 1.4 apply to all telecommunications services. However, the information resulting from the interception will depend on the telecommunication service (e.g. conference calls, call-forwarding, mobile calls, network calls, call-back services, etc.). For packet switched services this information could already be part of the packets.
NB: similar data to those referred to in 1.4 are needed not only when such data are received as a result of interception but also where they have been retained by providers in accordance with the requirements of their national legislation.
[IUR 1.4.1] signalling of access ready status;
1.4.1 expresses the need for an indication that the user facility is being logged on, or connected, to the telecommunications service.
[IUR 1.4.2] Called party number for outgoing connections even if there is no successful connection established;[IUR 1.4.3] Calling party number for incoming connections even if there is no successful connection established;
1.4.2 and 1.4.3 express the need to be aware of all the numbers or identifiers related to attempted telecommunications involving the interception subject. This applies whether or not the telecommunications to or from the interception subject are successful.
[IUR 1.4.4] all signals emitted by the target, including post-connection dialled signals emitted to activate features such as conference calling and call transfer;
1.4.4 expresses the need for access to all signals emitted by the interception subject and particularly applies to signals that activate or facilitate telecommunications facilities (e.g. re-routing). They may reside within the telecommunication but should not necessarily be considered as part of the content of that telecommunication service.
[IUR1.4.5] Beginning, end and duration of the connection;
1.4.5 expresses the need for the most accurate time stamps the telecommunication system can provide on telecommunications and on telecommunicationsrelated signals. (In most cases there will be no need to calculate the duration).
[IUR 1.4.6] actual destination and intermediate directory number if call has been diverted.
1.4.6 expresses the need for the provision of numbers or identifiers involved in the telecommunication when re-routing is invoked by users.
[IUR 1.5] Law enforcement agencies require information on the most accurate geographical location known to the network for a mobile subscriber.
1.5 expresses the need for location information which may be geographical, physical or logical. Even fixed networks facilitate mobility by means of services such as personal numbering/UPT, dial-in networks for ISPs (Internet Service Providers), re-routing, etc.
The type of information provided will depend on the network, but should be as accurate as possible.
It should also be presented in a form that is easily interpreted.
[IUR 1.6] Law enforcement agencies require data on the specific services used by the interception subject and the technical parameters for those types of communication.
1.6 expresses the need for information on the services used in the intercepted
telecommunication. This information assists the correct interpretation of
the communication content. Some illustrative examples are: bearer services
in ISDN; the bearer and tele-services in GSM, etc.
[IUR 1.3] Law enforcement agencies require that the telecommunications to and from a target service be provided to the exclusion of any telecommunications that do not fall within the scope of the interception authorisation.
1.3 is self-explanatory, but it should be noted that fulfilling the need in detail will depend on individual national jurisdictions.
[IUR 2] Law enforcement agencies require a real time, full time monitoring capability for the interception of telecommunications. Call-associated data should also be provided in real time. If call-associated data cannot be made available in real time, law enforcement agencies require the data to be available as soon as possible upon call termination.
2 expresses the need for telecommunications to be provided to the intercepting agency without undue delay. This will depend on the typical performance of the technology used and any special conditions imposed (e.g. for security, see also IUR 3.5).
Provision of a real time and full time monitoring capability might require
resilience. The means used to achieve this capability will depend on the
intercepted technology (e.g. circuit or packet switched) and national
jurisdictions.
Delivery of Interception Product
[IUR 3] Law enforcement agencies require network operators/service providers to provide one or several interfaces from which the intercepted communications can be transmitted to the law enforcement monitoring facility. These interfaces have to be commonly agreed on by the interception authorities and the network operators/service providers. Other issues associated with these interfaces will be handled according to accepted practices in individual countries.
3 is self-explanatory.
[IUR 3.1] Law enforcement agencies require network operators/service providers to provide call-associated data and call content from the target service in a way that allows for the accurate correlation of call-associated data with call content.
3.1 expresses the need for correlation. This may be intrinsic in some technologies where communications-related data are delivered together with telecommunications content. However, where this is not the case, a reliable method for correlation should be used. (For example, time references are not acceptable because they may be ambiguous e.g. Standard Time, Summer Time, and where simultaneous communications can be in progress).
[IUR 3.2] Law enforcement agencies require that the format for transmitting the intercepted communications to the monitoring facility be a generally available format. This format will be agreed upon on an individual country basis.
3.2 is self-explanatory.
[IUR 3.4] Law enforcement agencies require network operators/service providers to be able to transmit the intercepted communications to the law enforcement monitoring facility via fixed or switched connections.
3.4 is self-explanatory, but it should be noted that the term "service providers" applies to all telecommunications providers. "Switched connections" include both circuit and packet services.
[IUR 3.5] Law enforcement agencies require that the transmission of the intercepted communications to the monitoring facility meet applicable security requirements.
3.5 expresses the need for transmission of intercepted telecommunications to be performed in such a way that the confidentiality and integrity of the product are maintained. The product may be used as evidence for both defence and prosecution purposes; the confidentiality needs to be maintained both to meet privacy considerations and for investigative reasons.
[IUR 5.2] Law enforcement agencies require network operators/service providers to ensure that intercepted communications are transmitted only to the monitoring agency specified in the interception authorisation.
5.2 is self-explanatory and applies to all telecommunications providers.
Security of the Interception Facility
[IUR 4] Law enforcement agencies require interceptions to be implemented so that neither the interception target nor any other unauthorised person is aware of any changes made to fulfil the interception order. In particular, the operation of the target service must appear unchanged to the interception subject.
4 is self-explanatory, but it should be noted that telecommunications services or networks must be capable of performing interception without indicating this to other services or networks.
[IUR 5] Law enforcement agencies require the interception to be designed and implemented to preclude unauthorised or improper use and to safeguard the information related to the interception.
5 is self-explanatory, but it should be noted that security considerations cover issues such as unauthorised access to facilities, site and personnel security.
[IUR 5.3] According to national regulations, network operator/service providers could be obliged to maintain an adequately protected record of activations of interceptions.
5.3 is self-explanatory, but it should be noted that the same level of security applies to records of activation as to the interception facilities. The term "activation" also covers cessation and extensions.
[IUR 5.1] Law enforcement agencies require network operators/service providers to protect information on which, and how many, interceptions are being, or have been, performed and not disclose information on how interceptions are carried out.
5.1 is self-explanatory, but it should be noted that it applies to all
telecommunications providers.
Access to Information on the Subject of Interception
[IUR 6] Based on a lawful enquiry and before implementation of the interception, law enforcement agencies require:1) the interception subjects identity, service number or other distinctive identifier,2) information on the services and features of the telecommunications system used by the interception subject and delivered by network operators/service providers and
3) information on the technical parameters of the transmission to the law enforcement monitoring facility.
6(1) and (2) express the need for information which will support LEAs' requests for interception. Typical information required about the subject of interception includes: a technical identifier; the full name of the person (or company) subscribing to the service; the residential address of the subscriber (or registered business address of a company); the postal address to which accounts are sent; credit card details sufficient to identify the account; the directory name if applicable (note that this may differ from the subscriber's name); the directory address if applicable (note that this may differ from the residential or postal address).
6(3) does not directly relate to the subject of interception but is necessary
for the general support of interception.
[IUR 7] During the interception, law enforcement agencies may require information and/or assistance from the network operators/service providers to ensure that the communications acquired at the interception interface are those communications associated with the target service. The type of information and/or assistance required will vary according to the accepted practices in individual countries.
7 is self-explanatory.
[IUR 9] Law enforcement agencies require network operators/service providers to implement interceptions as quickly as possible (in urgent cases within a few hours or minutes). The response requirements of law enforcement agencies will vary by country and by the type of target service to be intercepted.
9 expresses the need for administrative facilities and technical designs
which enable providers to implement interception efficiently.
Access to Multiple and Simultaneous Interceptions
[IUR 8] Law enforcement agencies require network operators/service providers to make provision for implementing a number of simultaneous intercepts. Multiple interceptions may be required for a single target service to allow monitoring by more than one law enforcement agency. In this case, network operators/service providers should take precautions to safeguard the identities of the monitoring agencies and ensure that confidentiality of the investigations. The maximum number of simultaneous interception for a given subscriber population will be in accordance with national requirements.
8 is self-explanatory and applies to all telecommunications providers.
Reliability of the Interception Facility
[IUR 10] For the duration of the interception, law enforcement agencies require that the reliability of the services supporting the interception at least equals the reliability of the target services provided to the interception subject. Law enforcement agencies require the quality of service of the intercepted transmissions forwarded to the monitoring facility to comply with the performance standards of the network operator/service provider.
10 is self-explanatory (please also refer to IUR 2).
[IUR 3.3] If network operators/service providers initiate encoding, compression or encryption of telecommunications traffic, law enforcement agencies require the network operators/service providers to provide intercepted communications en clair.
3.3 is self-explanatory.
Access | The technical capability to interface with a communications facility, such as a communications line or switch, so that a law enforcement agency can acquire and monitor communications and call-associated data carried on the facility. |
Authenticity | Establishing the validity of a claimed identity of a user, device or another entity in an information or communications system. |
Authorised person(s) | A person authorised to perform duties related to lawful interception. |
Availability | The property that a communications system or service is useable on a timely basis in the required manner. |
Call | Any connection (fixed or temporary) capable
of transferring information between two or more users of a telecommunications
system.
Note: generally, the technology neutral term is "telecommunications". |
Call-Associated Data | Signalling information passing between a target
service and the network or another user. Includes signalling information
used to establish the call and to control its progress (e.g. call hold, call
handover). Call-associated data also include information about the call that
is available to the network operator/service provider (e.g. duration
of connection).
Note: the generally applicable technology neutral term is "communications related data". |
Data | The representation of information in a manner suitable for communications, interpretation, storage or processing. |
Interception | As used here, the statutory-based action of providing access and delivery of a subject's telecommunications and call-associated data to law enforcement agencies. |
Interception Interface | The physical location within the network operator's/service provider's telecommunications facilities where access to the intercepted communications or call associated data is provided. The interception interface is not necessarily a single, fixed point. |
Interception Order | An order placed on a network operator/service provider for assisting a law enforcement agency with a lawfully authorised telecommunications interception. |
Interception Subject | Person or persons identified in the lawful authorisation and whose incoming and outgoing communications are to be intercepted and monitored. |
Integrity | The property that data or information has not been modified or altered in an unauthorised manner. |
IUR | International User Requirement the common term for the International Requirements for Interception (Version 1.0) and the Council Resolution of 17 January 1995 on the lawful interception of telecommunications (published in the Official Journal of the European Communities C 329, 4.11.1996, p. 1). |
Law Enforcement Agency (LEA) | A service authorised by law to carry out
telecommunications interceptions.
Note : This definition refers to LEAs' function only in terms of this document |
Law Enforcement Monitoring Facility | A law enforcement facility designated as the transmission destination for the intercepted communications and call-associated data of a particular interception subject. The site where monitoring/recording equipment is located. |
Lawful Authorisation | Permission granted to a law enforcement agency under certain conditions to intercept specified telecommunications. Typically this refers to an order or warrant issued by a legally authorised body. |
Network Operator/Service Provider | "Network operator" = the operator of a public
telecommunications infrastructure which permits the conveyance of signals
between defined network termination points by wire, by microwave, by optical
means or by other electromagnetic means.
"Service provider" = the natural or legal person providing (a) public telecommunications service(s) the provision of which consists wholly or partly in the transmission and routing of signals on a telecommunications network. |
Quality of Service | The quality specification of a communications channel, system, virtual channel, computer-communications session, etc. Quality of service may be measured, for example, in terms of signal-to-noise ratio, bit error rate, message throughput rate or call blocking probability. |
Reliability | The probability that a system or service will perform in a satisfactory manner for a given period of time when used under specified operating conditions. |
Roaming | The ability of subscribers of mobile telecommunications services to place, maintain and receive calls when they are located outside their designated home service area. |
Target Service | A service associated with an interception subject and usually specified in a lawful authorisation for interception. |
Telecommunications | Any transfer of signs, signals, writing, images, sounds, data or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo-electronic or photo-optical system. |
=========================
Conversion to HTML by Cryptome.