Technical Committee (TC) Lawful Interception (LI) Activity Report 2019

Chair: Martin Kissel, Telefonica S.A.

Responsible for developing standards that support the technical requirements of national and international obligations for law enforcement (including the lawful interception and retention of the communications-related data of electronic communications).

Lawful Interception (LI) and Retained Data (RD) plays a crucial role in the growth and development of the Information Society, by helping law enforcement agencies (LEAs) to investigate terrorism and serious criminal activity.

Bringing together the interests of governments and law enforcement agencies (LEAs) as well as mobile network operators and equipment vendors, our Technical Committee Lawful Interception (TC LI) develops standards supporting common international requirements for LEAs, including the interception of content and retention/disclosure of electronic communications related data with supporting standards for warrantry and internal interfaces.

Working in partnership with other ETSI technical bodies, projects and partnerships, TC LI develops a suite of standards that allow ETSI standards to support industry compliance to the requirements of national and international law.

The role of TC LI in these partnerships is in the development and publication of control and handover interfaces, and of rules for the delivery of technology specific interception or retained data. In addition, TC LI liaises with other bodies – notably 3GPP, GSMA and ITU-T, as well as our own oneM2M/SmartM2M, CYBER, TCCE, NFV, MEC, ENI and NGP groups – to capture the requirements of users (law enforcement agencies) and translate these into requirements to be applied to technical specifications.

In 2019 we continued to update our Lawful Interception (LI) and Retained Data (RD) standards, specifications and reports. This notably included updates to our current standards to include advanced messaging services such as social media platforms.

In addition to revising our suite of LI and RD deliverables, in 2019 TC LI completed work on a multi-part standard for internal network LI interfaces (X1/X2/X3), covering wide area connections between LI systems and (depending on the network) many network elements from different vendors. With a view toward the future, as network and services become virtualized, the X interfaces specifications intend to support newer implementations by ensuring that standard interfaces are available to the provisioning equipment or service, which should reduce complexity and cost for the Communication Service Providers. SA3LI provided very relevant and useful feedback towards the finalization of this work, also to align the work and needs of both groups.

Having specified the internal network interface X1 used for administrative purposes, in early 2019 TC LI published a Technical Specification to standardize both internal interfaces X2 for intercept related information and X3 for communication content.

During the year we finalized and published a new specification on the dynamic triggering of interception, required as a result of the diversification of service and network architectures. This considers the issues and develops solutions in existing TC LI standards for both single operator scenarios and multiple cooperating operators (either by mutual operator commercial arrangements or regulatory requirements).

See the complete list of TC LI standards and specifications published in 2019.

In February 2019, the group adopted a new Work Item to characterize problems associated with interception and secure onward delivery of high-bandwidth user traffic using TCP or TLS as currently defined in ETSI TC LI specifications. This study will identify whether there is a need to solve these problems, and identify potential technical and other measures that can be used to mitigate or address them.

In June the group began work on a new Technical Report on LI network function security. This examines LI and Lawful Disclosure (LD) network function security with a focus on virtualization. It considers a broad definition of virtualization i.e. including but not restricted to Network Functions Virtualization (NFV).

Working with ETSI CTI (Centre for Testing and Interoperability), in July TC LI hosted our first Inter Law Enforcement Monitoring Facility (LEMF) Handover Interface (ILHI) interoperability PlugtestsTM event. Open to Law Enforcement Authorities and LEMFs vendors, the event focused on the cross-border data exchange for electronic evidence, based on the specification developed by TC LI. This standard supports European Investigation Orders related to Lawful Interception and Retained Data. The successful event represented the first time that LEMF vendors could convene to exchange data from different countries using ETSI standards in a lab test environment to help them comply with the law. The event was motivated by the important work carried out by TC LI organisations towards the publication of our TS that specifies the LEMF-to-LEMF interface to support (as a minimum) European Investigation Orders (EIOs) related to LI and/or RD. This specification aims to be capable of securely handling real time and stored data transfer between LEMFs, both among countries and within the same country. The PlugtestsTM provided important feedback to ETSI Members on this specification, which was updated accordingly.

Further work was also planned for a future revision of this TS to be published towards the end of 2020. In addition to EIOs for LI/RD, this will also support the European Production and Preservation Orders for electronic evidence in criminal matters (EPOC), and in particular the issues related to Lawful Disclosure of information.

In October the group adopted a new Work Item to produce a TS on Data Structures for Lawful Disclosure. This will specify flexible and extensible data structures for Lawful Disclosure for use in combination with existing ETSI handover interface standards, e.g. eWarrant or ILHI.

Work meanwhile progressed on revisions to Part 2 of our TS on Handover Interface and Service-Specific Details (SSD) for IP delivery, taking into account requirements in different countries related to Instant Messaging services. Hence this will define how to ensure the LI/RD functionalities. Publication of the revised specification is expected in late 2020.

Look out for in 2020 – TC LI work in progress

  • Revision to TS on Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 2: Service-specific details for messaging services. This important revision will take into account requirements in different countries related to Instant Messaging services
  • New TS on flexible and extensible data structures for Lawful Disclosure
  • New TS on handover for messaging services over HTTP/XML
  • Revision to TS on Inter LEA Handover Interface (ILHI). This revision will add Lawful Disclosure information exchange mechanisms
  • New TR on interception and secure onward delivery of high-bandwidth user traffic using TCP or TLS
  • New TR on LI network function security