ETSI & Lawful Interception of IP ETSI & Lawful Interception - PowerPoint PPT Presentation

ETSI & Lawful Interception of IP ETSI & Lawful Interception of IP Traffic Traffic Jaya Baloo RIPE 48 � Jaya Baloo RIPE 48 May 3 Amsterdam, The � May 3 Amsterdam, The Netherlands Netherlands

Contents Contents Introduction to Lawful Interception Introduction to Lawful Interception � � Interception of Internet services Interception of Internet services � � Origins in The European Community Origins in The European Community � � The European Interception Legislation in Brief The European Interception Legislation in Brief � � ETSI Standards – – 101 232, 101 233, 101 234 101 232, 101 233, 101 234 ETSI Standards � � Interception Suppliers & Discussion of Techniques Interception Suppliers & Discussion of Techniques � � Future Developments & Issues Future Developments & Issues � �

Introduction to Lawful Interception Introduction to Lawful Interception ETSI definition of (lawful) interception: ETSI definition of (lawful) interception: � � interception: action (based on the law), action (based on the law), � interception: � performed by an network operator/access by an network operator/access performed provider/service provider (NWO/AP/SvP SvP), of ), of provider/service provider (NWO/AP/ making available certain information and making available certain information and providing that information to a law enforcement providing that information to a law enforcement monitoring facility. monitoring facility. Law LI Enforcement Network Operator, Agency order (LEA) Access Provider or Law Deliver requested Service Provider Enforcement information Monitoring Facility

LI’ ’s s Raison Raison D D’ ’etre etre LI � Why intercept? � Why intercept? � Terrorism � Terrorism � Pedophilia � Pedophilia rings rings � Cyber stalking � Cyber stalking � Data theft � Data theft – –Industrial espionage Industrial espionage � Drug dealers on the internet � Drug dealers on the internet � Why not? � Why not? � Privacy � Privacy � Security � Security

Legal Issues in LI Legal Issues in LI Judge: "Am I not to hear the truth?" Judge: "Am I not to hear the truth?" � � Objecting Counsel: "No, Your Lordship is to hear the Objecting Counsel: "No, Your Lordship is to hear the evidence." evidence." Some characteristics of evidence- - relevance to LI relevance to LI Some characteristics of evidence � � � Admissible Admissible – – can evidence be considered in court can evidence be considered in court– – � *differs per country *differs per country � Authentic Authentic – – explicitly link data to individuals explicitly link data to individuals � � Accurate Accurate – – reliability of surveillance process over reliability of surveillance process over � content of intercept content of intercept � Complete Complete – – tells a tells a “ “complete complete” ” story of a particular story of a particular � circumstance circumstance � Convincing to juries Convincing to juries – – probative value, and subjective probative value, and subjective � practical test of presentation practical test of presentation

Admissibility of Surveillance Admissibility of Surveillance Evidence Evidence Virtual Locus Delecti Delecti Virtual Locus � � Hard to actually find criminals in delicto flagrante delicto flagrante Hard to actually find criminals in � � How to handle expert evidence? Juries are not How to handle expert evidence? Juries are not � � composed of network specialists. Legal not scientific composed of network specialists. Legal not scientific decision making. decision making. Case for treating Intercepted evidence as secondary and Case for treating Intercepted evidence as secondary and � � not primary evidence not primary evidence � Primary Primary – – is the best possible evidence is the best possible evidence – – e.g. in the e.g. in the � case of a document – – its original. its original. case of a document Secondary – – is clearly not the primary source is clearly not the primary source – – e.g. e.g. � Secondary � in the case of a document – – a copy. a copy. in the case of a document

Interception of Internet services Interception of Internet services

Interception of Internet services Interception of Internet services What are defined as Internet services? What are defined as Internet services? � access to the Internet access to the Internet � � the services that go over the Internet, such as: the services that go over the Internet, such as: � � surfing the World Wide Web (e.g. html), � surfing the World Wide Web (e.g. html), � e � e- -mail, mail, � chat and � chat and icq icq, , � VoIP � VoIP, , FoIP FoIP � ftp, � ftp, � telnet � telnet

What about encrypted traffic? What about encrypted traffic? � Secure e Secure e- -mail (e.g. PGP, S/MIME) mail (e.g. PGP, S/MIME) � � Secure surfing with HTTPS (e.g. SSL, TLS) Secure surfing with HTTPS (e.g. SSL, TLS) � � VPNs VPNs (e.g. (e.g. IPSec IPSec) ) � � Encrypted IP Telephony (e.g. Encrypted IP Telephony (e.g. pgp pgp - -phone and phone and � Nautilus) Nautilus) � etc. etc. � If applied by NWO/AP/SvP SvP then then If applied by NWO/AP/ � � � encryption should be stripped before sending to encryption should be stripped before sending to � LEMF or LEMF or � key(s) should be made available to LEA key(s) should be made available to LEA � else else � a challenge for the LEA a challenge for the LEA �

Logical Overview Logical Overview

Technical Challenges Technical Challenges � Req. Req. – –Maintain Transparency & Standard of Maintain Transparency & Standard of � Communication Communication � Identify Target Identify Target - - Monitoring Radius Monitoring Radius – – misses misses � disconnect disconnect � Capture Intercept information Capture Intercept information – – Effective Effective � Filtering Switch Filtering Switch � Packet Reassembly Packet Reassembly � � Software complexity increases Software complexity increases bugginess bugginess � � Peering with LEMF Peering with LEMF – – monitoring multiple XDSL monitoring multiple XDSL � ccts. . ccts

Origins in The European Origins in The European Community Community

What is LI based on in the EU? What is LI based on in the EU? � Legal Basis � Legal Basis � EU directive EU directive � � Convention on Convention on Cybercrime Cybercrime – – Council of Council of � Europe- - Europe � Article 20 Article 20- - Real time collection of traffic data Real time collection of traffic data � � Article 21 Article 21- - Interception of content data Interception of content data � � National laws & regulations National laws & regulations � � Technically � Technically � Not Not Carnivore Carnivore � � Not Not Calea Calea � � Standards, Best Practices based approach � Standards, Best Practices based approach � IETF IETF’ ’s s standpoint (RFC 2804 IETF Policy on standpoint (RFC 2804 IETF Policy on � Wiretapping ) Wiretapping )

The European Interception The European Interception Legislation in Brief Legislation in Brief

Solution Requirements Solution Requirements

European Interception Legislation European Interception Legislation � France � France � Commission � Commission Nationale Nationale de de Contr Contrô ôle le des des Interceptions de S Sé écurit curité é -- -- La La loi loi 91 91- -636 636 Interceptions de � Loi sur � Loi sur la la Securite Quotidienne Securite Quotidienne – – November November 2001 2001 � Germany � Germany � G � G- -10 10 – – 2001 2001- - ” ”Gesetz zur Beschr Gesetz zur Beschrä änkung nkung des des Brief- -, Post , Post- - und und Fernmeldegeheimnisses Fernmeldegeheimnisses” ” Brief � The Counter terrorism Act � The Counter terrorism Act – – January 2002 January 2002