Lawful Interception Requirements for 3GMS

3GPP TS 33.106 V9.0.0 (2009-12)
Technical Specification
3rd Generation Partnership Project;
Technical Specification Group Services and System Aspects;
3G security;
Lawful Interception requirements
(Release 9)

	 EMBED Word.Picture.8  

The present document has been developed within the 3rd Generation Partnership Project (3GPP TM) and may be further elaborated for the purposes of 3GPP.
The present document has not been subject to any approval process by the 3GPP Organisational Partners and shall not be implemented.
This Specification is provided for future development work within 3GPP only. The Organisational Partners accept no liability for any use of this Specification.
Specifications and reports for implementation of the 3GPP TM system should be obtained via the 3GPP Organisational Partners' Publications Offices.



Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© 2009, 3GPP Organizational Partners (ARIB, ATIS, CCSA, ETSI, TTA, TTC).
All rights reserved.

UMTS™ is a Trade Mark of ETSI registered for the benefit of its members
3GPP™ is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners
LTE™ is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners
GSM® and the GSM logo are registered and owned by the GSM Association
Keywords
UMTS, Security, Architecture

3GPP
Postal address

3GPP support office address
650 Route des Lucioles - Sophia Antipolis
Valbonne - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Internet
http://www.3gpp.org


Contents
 TOC \o "1-9" Foreword	 PAGEREF _Toc193534429 \h 4
Introduction	 PAGEREF _Toc193534430 \h 4
1	Scope	 PAGEREF _Toc193534431 \h 5
2	References	 PAGEREF _Toc193534432 \h 5
3	Definitions and abbreviations	 PAGEREF _Toc193534433 \h 6
3.1	Definitions	 PAGEREF _Toc193534434 \h 6
3.3	Abbreviations	 PAGEREF _Toc193534435 \h 6
4	Relationship to Regional Requirements	 PAGEREF _Toc193534436 \h 6
5	Requirements	 PAGEREF _Toc193534437 \h 6
5.1	Description of requirements	 PAGEREF _Toc193534438 \h 6
5.1.1	General technical requirements	 PAGEREF _Toc193534439 \h 7
5.1.2	General principles	 PAGEREF _Toc193534440 \h 7
5.1.3	Applicability to telecommunication services	 PAGEREF _Toc193534441 \h 8
5.1.4	Interception within the Home and Visited Network	 PAGEREF _Toc193534442 \h 8
5.2	Normal operation	 PAGEREF _Toc193534443 \h 8
5.2.1	Intercept administration requirements	 PAGEREF _Toc193534444 \h 8
5.2.1.1	Activation of LI	 PAGEREF _Toc193534445 \h 8
5.2.1.2	Deactivation of LI	 PAGEREF _Toc193534446 \h 8
5.2.1.3	Security of processes	 PAGEREF _Toc193534447 \h 8
5.2.2	Intercept invocation	 PAGEREF _Toc193534448 \h 9
5.2.2.1	Invocation events for lawful interception	 PAGEREF _Toc193534449 \h 9
5.2.2.2	Invocation and removal of interception regarding services	 PAGEREF _Toc193534450 \h 9
5.2.2.3	Correlation of information and product	 PAGEREF _Toc193534451 \h 9
5.3	Exceptional procedures	 PAGEREF _Toc193534452 \h 9
5.4	Interworking considerations	 PAGEREF _Toc193534453 \h 9
5.5	Charging aspects	 PAGEREF _Toc193534454 \h 10
5.6	Minimum service requirements	 PAGEREF _Toc193534455 \h 10
6	Handover Interface Requirements	 PAGEREF _Toc193534456 \h 10
Annex A (informative):	Change history	 PAGEREF _Toc193534457 \h 11

Foreword
This Technical Specification (TS) has been produced by the 3rd Generation Partnership Project (3GPP).
The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows:
Version x.y.z
where:
x	the first digit:
1	presented to TSG for information;
2	presented to TSG for approval;
3	or greater indicates TSG approved document under change control.
y	the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc.
z	the third digit is incremented when editorial only changes have been incorporated in the document.
Introduction
This Technical Specification has been produced by the 3GPP TSG SA to allow for the standardisation in the area of lawful interception of telecommunications. This document describes in general the requirements for lawful interception.
Laws of individual nations and regional institutions (e.g. European Union), and sometimes licensing and operating conditions define a need to intercept telecommunications traffic and related information in modern telecommunications systems. It has to be noted that lawful interception shall always be done in accordance with the applicable national or regional laws and technical regulations.
1	Scope
The present document provides basic interception requirements within a Third Generation Mobile Communication System (3GMS) based on ETSI TS 101 331 [2] and other national regulatory requirements and GSM specifications GSM TS 01.33 [5], GSM TS 02.33 [6] and GSM TS 03.33 [7].
The specification describes the service requirements from a Law Enforcement point of view only. The aim of this document is to define a 3GMS interception system that supports a number of regional interception regulations, but these regulations are not repeated here as they vary. Regional interception requirements shall rely on this specification to derive such information as they require.
These interception requirements shall be used to derive specific network requirements.
For details see:
Stage 2:	3GPP TS 33.107 [9];
Stage 3:	3GPP TS 33.108 [10].

2	References
The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
References are either specific (identified by date of publication, edition number, version number, etc.) or non‑specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies.
[1]	European Union Council Resolution on the Lawful Interception of Telecommunications (17. January 1995)
[2]	ETSI TS 101 331: "Telecommunications security; Lawful Interception (LI); Requirements of Law Enforcement Agencies".
 [3]	ETSI ES 201 158: "Lawful Interception; Requirements for network functions".
[4]	ETSI ES 201 671: "Handover Interface for the lawful interception of telecommunications traffic".
[5]	GSM 01.33: "Lawful Interception requirements for GSM".
[6]	GSM 02.33:" Lawful Interception - stage 1".
[7]	GSM 03.33: "Lawful Interception - stage 2".
[8]	J-STD-025‑A: "Lawfully Authorized Electronic Surveillance".
[9]	3GPP TS 33.107: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Lawful interception architecture and functions".
[10]	3GPP TS 33.108: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Handover interface for Lawful Interception".
3	Definitions and abbreviations
3.1	Definitions
For the purposes of the present document, the following terms and definitions apply.
Interception Area: is a subset of the Public Lands Mobile Network (PLMN) service area comprised of a set of cells which define a geographical zone.
Location Dependent Interception: is interception within a PLMN service area that is restricted to one or several Interception Areas (IA).
Network Based Interception: Interception that is invoked at a network access point regardless of Target Identity.
Subject Based Interception: Interception that is invoked using a specific Target Identity
Target Identity: A technical identity that uniquely identifies a target of interception. One target may have one or several identities.
3.3	Abbreviations
For the purposes of the present document, the following abbreviations apply:
CC	Content of Communication
IA	Interception Area
IP	Internet Protocol
IRI	Intercept Related Information
LDI	Location Dependent Interception
LEA	Law Enforcement Agency
LEMF	Law Enforcement Monitoring Facility
3GMS	Third Generation Mobile Communications System
VHE	Virtual Home Environment

4	Relationship to Regional Requirements
Interception requirements are subject to national law and international treaties and should be interpreted in accordance with applicable national policies.
Requirements universally called out in regional interception regulatory requirements are supported by the system defined in this document. Requirements unique to a specific region are not addressed (some examples are given in Section 2 as references).
The intercept system defined here provides subject based interception. Network based interception is not included.
5	Requirements
5.1	Description of requirements
This section  gives the general description of  lawful interception requirements.
5.1.1	General technical requirements
Figure 1 shows the general system for interception. Technical interception is implemented within a 3GMS by special functionality on network elements shown in the figure.
EMBED Unknown
Figure 1: General specification for interception
5.1.2	General principles
3GMS shall provide access to the intercepted Content of Communications (CC) and the Intercept Related Information (IRI) of the mobile target and services related to the target (e.g. Call Forwarding) on behalf of Law Enforcement Agencies (LEAs).
A mobile target in a given 3GMS can be a subscriber of that 3GMS, or a user roaming from another 3GMS or from any other network capable of using that 3GMS (such as a GSM or mobile satellite). The intercepted CC and the IRI can only be delivered for activities on that given 3GMS.
For interception, there needs to be a means of identifying the target, correspondent and initiator of the communication.  Target Identities used for interception of CS and GPRS service shall be MSISDN, IMEI and IMSI. Target Identities for multi-media shall be SIP URL. Other target identities for multi-media are for further study. When encryption is provided and managed by the network, it shall be a national option as to whether the network provides the CC to the LEA decrypted, or encrypted with keys and additional information to make decryption possible. Encryption not provided or managed by the network, e.g. user provided end-to-end encryption, cannot be removed by the network. In the case that the NWOs/ APs/SvPs provides encryption keys to the subscriber or customer but does not provide the encryption itself, the NWOs/ APs/SvPs shall provide the keys to the LEA if required by national regulations.
Location Dependent Interception, (LDI) allows a 3GMS to service multiple interception jurisdictions within its service area. Multiple law agencies with their own interception areas can be served by the 3GMS. All the information or rules given for interception within a 3GMS apply to interception within an IA when Location Dependent Interception is invoked. A target may be marked in one or more different IAs within the same 3GMS. Interception is not required nor prohibited by this standard when Location Dependent Interception is active and the location of the target subscriber is not known or available.
5.1.3	Applicability to telecommunication services
The requirement for lawful interception is that all telecommunications services  for the 3GMS standards should be capable of meeting the requirements within this document.
5.1.4	Interception within the Home and Visited Network
The introduction of the Virtual Home Environment, VHE, means that significant portions of subscriber services can be executed in the home or visited network, regardless of where the target is physically located.
The visited network shall intercept only those UMTS services that the visited network provides to the target subscriber. Furthermore, the visited network shall not be required to intercept services executed by the home network.
Based upon national regulations, UMTS services executed in the home network may be intercepted in the home network.
5.2	Normal operation
This section gives the expected operation for lawful interception.
5.2.1	Intercept administration requirements
A secure means of administrating the service by the 3GMS operator and intercept requesting entity is necessary. This mechanism shall provide means to activate, deactivate, show, or list targets in the 3GMS as quickly as possible. The function shall be policed by appropriate authentication and audit procedures.  The administration function shall allow specific IAs to be associated with target subscribers when Location Dependent Interception is being used.
5.2.1.1	Activation of LI
As a result of the activation (of a warrant) it shall be possible to request for the specified target, either IRI, or both the IRI and the CC and designate the LEA destination addresses for the delivery of the IRI and if required CC. These shall be selectable on a 3GMS basis according to national options.
5.2.1.2	Deactivation of LI
As a result of deactivation it shall be possible to stop all, or a part of, interception activities for the specified target.
5.2.1.3	Security of processes
The intercept function shall only be accessible by authorised personnel.
To be effective, interception must take place without the knowledge of either party to the communication. Therefore, decryption must also take place without either party being aware that it is happening.
No indication shall be given to any person except authorised personnel that the intercept function has been activated on a target. Authentication, encryption, audits, log files and other mechanisms may be used to maintain security in the system. Audit procedures should be capable of keeping accurate logs of administration commands.
NWOs/APs/SvPs shall ensure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable of facilitating authorized communications interceptions and access to intercept related information unobtrusively and with a minimum of interference with any subscriber's telecommunications service and in a manner that protects:
(A)	the privacy and security of communications and intercept related information not authorized to be intercepted; and
(B)	information regarding the LEA’s interception of communications and access to intercept related information.
5.2.2	Intercept invocation
5.2.2.1	Invocation events for lawful interception
In general, Lawful interception should be invoked when the transmission of information or an event takes place that involves the target. Examples of when Lawful interception could be invoked are when:
-	A circuit switched call is requested originated from, terminated to, or redirected by the target,
-	Location information related to the target facility is modified by the subscriber attaching or detaching from the network, or if there is a change in location,
-	An SMS transfer is requested - either originated from or terminated to the target,
-	A data packet is transmitted to or from a target,
-	A Conference Call is targeted.
5.2.2.2	Invocation and removal of interception regarding services
The invocation of lawful interception shall not alter the operation of a target's services or provide indication to any party involved in communication with the target. Lawful interception shall not alter the standard function of 3GMS network elements.
If lawful interception is activated during a circuit switched service, the currently active circuit switched service is not required to be intercepted. If lawful interception is deactivated during a circuit switched service, all ongoing intercepted activities may continue until they are completed.
If lawful interception is activated when a packet data service is already in use, the next packets transmitted shall be intercepted. If lawful interception is deactivated during a packet data service, the next packets shall not be transmitted.
5.2.2.3	Correlation of information and product
When both IRI and CC are invoked, an unambiguous correlation shall be established between associated IRI, IRI and CC, and associated CC within the single domain (for example different legs in CS or different packets in PS). The IRI and CC shall be delivered in as near real time as possible.
NOTE:	Clarification about correlation limitations during inter-PLMN call or session handovers is for further study.
5.3	Exceptional procedures
When a failure occurs while establishing the connection towards the LEA to transfer the CC this shall not result in any interruption of the ongoing telecommunications service. No further specific requirements apply for the CC in the 3GMS.
A national option may be that when failure occurs while trying to provide the IRI it shall be temporarily stored in the 3GMS and some further attempts shall be made to deliver it if available.
5.4	Interworking considerations
 For 3GMS, the network, homed or visited, shall not be responsible to interpret the protocol used by the target, or to remove user level compression or encryption.
5.5	Charging aspects
The 3GMS may charge for intercept service subject to national laws and regulations. Charging mechanisms include the following:
-	Use of network resources,
-	Activation and deactivation of the target, 
-	Every intercept invocation,
-	Flat rate.
The 3GMS shall be capable of producing intercept-charging data. It shall be possible to produce this data in such a way that access by non-authorised personnel or the target is precluded.
5.6	Minimum service requirements
Quality of service, capacity, integrity and reliability are the subject of bilateral agreement between the relevant authorities and the 3GMS operator. The QoS towards the delivery function provided by the network must be at least that the network provides to the target.
6	Handover Interface Requirements
Handover interface requirements are defined in 3GPP TS 33.108 [10]. For national or regional specifications, see ETSI ES 201 671 [4] and J‑STD‑025‑A [8].
Annex A (informative):
Change history
Change history
TSG SA#
Version
CR
Tdoc SA
New Version
Subject/Comment
SA#04
1.0.0


3.0.0
Approved at SA#4 and placed under TSG SA Change Control
SA#06
3.0.0
0001

3.1.0

SP-11
3.1.0
0002
SP-010135
4.0.0
Update of TS 33.106 for Release 4
SP-11
3.1.0
0003
SP-010136
5.0.0
Release 5 updates
SP-17
5.0.0
0004
SP-020510
5.1.0
Changes to 33.106 to clarify interception capabilities
SP-22
5.1.0
0006
SP-030589
6.0.0
Correction to lawful interception references (Rel-6)
SP-24
6.0.0
0007
SP-040396
6.1.0
Clarification on delivery of IRI and CC
SP-29
6.1.0
0008
SP-050569
7.0.0
Correlation for IMS interception

7.0.0


7.0.1
2006-01: Editorial to show correct version on cover
SP-38
7.0.1
0009
SP-070788
8.0.0
Clarification of requirements
SP-39
8.0.0
0010
SP-080171
8.1.0
Alignment of CC encryption statement in ETSI TS 101 671
2009-12
8.1.0
-

9.0.0
Update to Rel-9 version (MCC)























styleref ZA 3GPP TS 33.106 V9.0.0 (2009-12)
page 11
styleref ZGSM Release 9


3GPP