Page 415 - Handbook of Modern Telecommunications
P. 415

3-206                   CRC Handbook of Modern Telecommunications, Second Edition

              •   Securing links to partners and other service providers.
              •   Authentication and authorization of the own employees.

            3.8.4  Basic Requirements for Lawful Intercepts

            Telecommunications service providers are being asked to meet lawful intercept requirements for voice,
            data, and video in a varieties of countries worldwide. The requirements vary from country to country
            but some requirements remain common even though details such as delivery formats may differ. Baker
            (2003) gives an excellent basis for streamlining requirements.
              Generic strategic requirements are somehow contradictory, based on “more access for less money”:
              •   Telecommunications service providers need return on investment (ROI) for their ISS deployment
              •   Government agencies need information, but do not have ready access to networks
              •   Telecommunications  service  providers  need  systems  that  fit  business  requirements  without
                 undue burden
              •   Governments need cost-effective solutions with economies of scale
              •   Telecommunications service providers and governments need to address privacy challenges (e.g.,
                 separate content from signal)

              Generic functional requirements include:
              •   Comprehensive IP monitoring
              •   Scalable, tier 1 networks
              •   Any data, any network (mobile, broadband, access, backbone transport)
              •   Leverage commercial off-the-shelf software (COTS)
              •   Availability of real-time information
              •   Business or surveillance policy enforcement

               Generic legal requirements include:
              •   Lawful Intercepts (LI) must be undetectable by the intercept subject.
              •   Mechanisms must be in place to limit unauthorized personnel from performing or knowing about
                 lawfully authorized intercepts.
              •   If multiple law enforcement agencies (LEAs) are intercepting the same subject, they must not be
                 aware of each other.
              •   There is often a requirement to provide intercept-related information (IRI) separately from the
                 actual content of interest.
              •   If IRI is delivered separately from content, there must be some means to correlate the IRI and the
                 content with each other.
              •   If the information being intercepted is encrypted by the telecommunications service provider and
                 the provider has access to the keys, then the information must be decrypted before delivery to the
                 LEA or the encryption keys must be passed to the LEA to allow them to decrypt the information.
              •   If the information being intercepted is encrypted by the intercept subject and its associate and the
                 service provider has access to the keys, then the telecommunications service provider may deliver
                 the keys to the LEA.

              In terms of requests by LEAs, there are four fundamental types:
              •   Past billing and statistical traffic records of communications: These records must be maintained
                 by telecommunications service providers for a certain period of time. This duration depends on
                 the country. Usually, there are strict guidelines about the storage media with the result that TSPs
                 may innovate their billing systems (e.g., Electronic Bill Presentment and Payment [EBPP]) and
                 storage devices without violating any data-retention rules.
   410   411   412   413   414   415   416   417   418   419   420