Note:
This
Resolution was adopted in great haste by what is known as the "written
procedure." Several years ago, the text was circulated to Eutropian
Federation member states and, as there were no substantial objections, it
was officially adopted. Neither national parliaments nor the Eutropian parliament
were consulted. It has only recently been made public.
The Council of the Eutropian
Federation,
Having regard to the Treaty
establishing the Eutropian Federation,
Affirming the fundamental right
to privacy, as set forth in the Universal Human Rights Declaration and
the Eutropian Federation's Memorandum on Human Rights,
Reaffirming the need, when
implementing telecommunications interception
measures, to observe the right of individuals to respect for their privacy
as guaranteed by national laws and,
Aware of the fact that recent
technological developments have greatly complicated the inherent privacy-related
legal and technical difficulties,
Determined to identify and
overcome these difficulties in implementing the requirements set out in
the Annex (which follows) while observing human rights and the principles
of data protection,
Whereas the laws of the Member
States include provisions for restricting the secrecy of communications
and, under certain circumstances, intercepting telecommunications;
Whereas the legally
authorized interception of telecommunications is an important tool
for the protection of national interest, in particular national security
and the investigation of serious crime;
Whereas interception may only
be effected insofar as the necessary
technical provisions have been made;
Whereas recent legal, technical
and market developments within the telecommunications sector
dramatically affect the available modalities
of interception and the actions that can be taken to counter
the problems that have become apparent,
Has adopted this resolution:
- The Council notes that
the requirements of Member States to enable them to conduct the lawful
interception of telecommunications,
annexed to this Resolution ("the
Requirements"), constitute an important summary of the needs of
the competent authorities for
the technical implementation of legally
authorized interception in modern telecommunications systems.
- The Council considers that
the aforementioned Requirements should be taken into account in defining
and implementing measures which may affect the legally authorized interception
of telecommunications.
- The Council further requests
the support of the Member States in formulating applicable laws and
regulations to address the current situation. Specifically, the Member
States are requested to obtain the support of telecommunications officials
for the views expressed in this resolution and to ensure their cooperation
with the relevant ministries (justice and interior affairs) in implementing
the Requirements in relation to network operators and service providers.
Annex
Requirements
This section presents the
Requirements of law enforcement agencies relating to the lawful interception
of telecommunications. These requirements are subject to national law
and should be interpreted in accordance
with applicable national policies.
Terms are defined in the attached
glossary.
- Law
enforcement agencies require access to the entire telecommunications
transmitted, or caused to be transmitted, to and from the number
or other identifier of the target
service used by the interception
subject. Law enforcement agencies also require access to the call-associated
data that are generated to process the call.
- Law enforcement agencies
require access to all interception subjects operating temporarily
or permanently within a telecommunications system.
- Law enforcement agencies
require access in cases where the interception subject may be using
features to divert calls to
other telecommunications services
or terminal equipment, including
calls that traverse more
than one network or are processed by more than one network
operator/service provider before completing.
- Law enforcement agencies
require that the telecommunications to and from a target service
be provided to the exclusion of any telecommunications that do not
fall within the scope of the interception
authorization.
- Law enforcement agencies
require access to call-associated data such as:
- signalling of access
ready status;
- called party number
for outgoing connections even if there is no successful connection
established;
- calling party number
for incoming connections even if there is no successful connection
established;
- all signals emitted
by the target, including
post-connection dialled signals
emitted to activate features such as conference
calling and call transfer;
- beginning, end and
duration of the connection;
- actual destination
and intermediate directory numbers if call has been diverted.
- Law enforcement agencies
require information on the most accurate geographical location known
to the network for mobile subscribers.
- Law enforcement agencies
require data on the specific services used by the interception subject
and the technical parameters for those types of communication.
- Law enforcement agencies
require a real-time, fulltime monitoring capability for the interception
of telecommunications. Call-associated data should also be provided
in real-time. If call-associated data cannot be made available in real
time, law enforcement agencies require the data to be available as soon
as possible upon call termination.
- Law enforcement agencies
require network operators/service providers to provide one or more interfaces
from which the intercepted communications can be transmitted to the
law enforcement monitoring facility.
These interfaces shall be commonly agreed on by the interception authorities
and the network operators/service providers. Other issues associated
with these interfaces will be handled according to accepted practices
in individual countries.
- Law enforcement agencies
require network operators/service providers to provide call- associated
data and call content from
the target service in a way that allows for the accurate correlation
of call-associated data with call content.
- Law enforcement agencies
require that the format for transmitting the intercepted communications
to the monitoring facility be a generally available format. This
format will be agreed upon on an individual country basis.
- If network operators/service
providers initiate encoding, compression or encryption of telecommunications
traffic, law enforcement agencies require the network operators/service
providers to provide intercepted communications en
clair.
- Law enforcement agencies
require network operators/service providers to be able to transmit
the intercepted communications to the law enforcement monitoring
facility via fixed or switched connections.
- Law enforcement agencies
require that the transmission of the intercepted communications
to the monitoring facility meet applicable security requirements.
- Law enforcement agencies
require interceptions to be implemented so that neither the interception
target nor any other unauthorized person is aware of any changes
made to fulfil the interception order. In particular, the operation
of the target service must appear unchanged to the interception
subject.
- Law enforcement agencies
require the interception to be designed and implemented to preclude
unauthorized or improper use and to safeguard
the information related to the interception.
- Law enforcement agencies
require network operators/service providers to protect information
on which and how many interceptions are being or have been performed;
further, they may not disclose information on how interceptions
are carried out.
- Law enforcement agencies
require network operators/service providers to ensure that intercepted
communications are only transmitted to the monitoring agency specified
in the interception authorization.
- According to national
regulations, network operators/service providers may be obliged
to maintain an adequately protected record of activations of interceptions.
- Based on a lawful inquiry
and before implementation of the interception, law enforcement agencies
require: (1) the interception subject's identity, service number or
other distinctive identifier; (2) information on the services and features
of the telecommunications system used by the interception subject and
delivered by network operators/service providers; and (3) information
on the technical parameters of the transmission to the law enforcement
monitoring facility.
- During the interception,
law enforcement agencies may require information and/or assistance from
the network operators/service providers to ensure that the communications
acquired at the interception interface are those communications associated
with the target service. The type of information and/or assistance required
will vary according to the accepted practices in individual countries.
- Law enforcement agencies
require network operators/service providers to make provisions for implementing
a number of simultaneous intercepts. Multiple interceptions may be required
for a single target service to allow monitoring by more than one law
enforcement agency. In this case, network operators/service providers
should take precautions to safeguard the identities of the monitoring
agencies and ensure the confidentiality of the investigations. The maximum
number of simultaneous interceptions for a given subscriber population
will be in accordance with national requirements.
- Law enforcement agencies
require network operators/service providers to implement interceptions
as quickly as possible (in urgent cases within a few hours or minutes).
The response requirements of law enforcement agencies will vary by country
and by the type of target service to be intercepted.
- For the duration of the
interception, law enforcement agencies require that the reliability
of the services supporting the interception at least equals the reliability
of the target services provided to the interception subject. Law enforcement
agencies require the quality of service
of the intercepted transmissions forwarded to the monitoring facility
to comply with the performance standards of the network operators/service
providers.
GLOSSARY
(Note: Expressions in italics
have been added to the original list of technical terms included with
the Resolution.)
Access
The technical capability to
interface with a communications facility, such as a communications line
or switch, so that a law enforcement agency can acquire and monitor communications
and call associated data carried on the facility.
Annex
A section of an official document,
such as a resolution or a treaty, which
Call
Any connection (fixed or temporary)
capable of transferring information between two or more users of a telecommunications
system.
Call-associated
data
Signalling information passing
between a target service and the network or another user. Includes signalling
information used to establish the call and to control its progress (e.g.
call hold, call handover). Call-associated data also includes information
about the call that is available to the network operator/service provider
(e.g. duration of connection).
Call
content
The data, images or spoken
contents sent and received during a telephone call or other telecommunications
transmission.
Call
transfer
Once a connection has been
established, the person receiving the call transfers the connection (or
"puts the caller through") to another number.
Competent
Responsible.
Conference
call
A telephone call in which additional
participants at different locations are included after the initial connection
has been successfully established.
Counter
Respond to.
Divert
Redirect, forward, e.g. to
another telephone or IP number.
Effected
Implemented, put into practice,
carried out.
Emitted
Sent, transmitted.
En
clair
Readable; without encoding,
compression or encryption.
Fixed
or switched connections
Fixed connections = permanent;
switched connections = temporary or "dial-up" connections.
In
accordance with
Consistent with.
Interception
As used here, the statutory-based
action of providing access and delivery of a subject's telecommunications
and call associated data to law enforcement agencies.
Interception
interface
The physical location within
the network operator's/service provider's telecommunications facilities
where access to the intercepted communications or call associated data
is provided. The interception interface is not necessarily a single, fixed
point.
Interception
order
An order placed on a network
operator/service provider for assisting a law enforcement agency with
a lawfully authorized telecommunications interception.
Interception
subject, interception target
Person or persons identified
in the lawful authorization and whose incoming and outgoing communications
are to be intercepted and monitored.
Law
enforcement agency
A service authorized by law
to carry out telecommunications interceptions.
Law
enforcement monitoring
A law enforcement facility
designated as the transmission destination facility for the intercepted
communications and call associated data of a particular interception subject.
The site where monitoring/recording equipment is located.
Lawful
authorization, interception authorization
Permission granted to a law
enforcement agency under certain conditions to intercept specified telecommunications.
Typically this refers to an order or warrant issued by a legally authorized
body.
Mobile
subscriber
Person with legal access to
a mobile (cellular or satellite) telecommunications network.
Modalities
Methods, modes; here, the ways
in which interception can be carried out.
Network
operator/service provider
- network operator: the operator
of a public telecommunications infrastructure which permits the conveyance
of signals between defined network termination points by wire, by microwave,
by optical means or by other electromagnetic means;
- service provider: the natural
or legal person providing (a) public telecommunications service(s) whose
provision consists wholly or partly in the transmission and routing of
signals on a telecommunications network.
Number
or other identifier
Telephone number, IP number,
user ID, or other means by which the target (subject) of an investivation
can be identified.
Obliged
Required, obligated.
Post-connection
dialled signals
Commands or signals sent after
a connection has been established.
Quality
of service
The quality specification
of a communications channel, system, virtual channel, computer-communications
session, etc. Quality of service may be measured, for example, in terms
of signal-to-noise ratio, bit error rate, message throughput rate or call
blocking probability.
Preclude
Prevent.
Reliability
The probability that a system
or service will perform in a satisfactory manner for a given period of
time when used under specified operating conditions.
Roaming
The ability of subscribers
of mobile telecommunications services to place, maintain, and receive
calls when they are located outside their designated home serving area.
Safeguard
Protect; here: keep secret.
Sector
A part of an economy, e.g.
the industrial sector, the high-tech sector, the manufacturing sector.
Target
service
A service associated with
an interception subject and usually specified in a lawful authorization
for interception.
Telecommunications
Any transfer of signs, signals,
writing, images, sounds, data or intelligence of any nature transmitted
in whole or in part by a wire, radio, electromagnetic, photoelectronic
or photooptical system.
Telecommunications
service
Telephone, computer network,
television, radio, etc. Presumably refers here to those services which
allow two-way communication, but other forms are not excluded.
Terminal
equipment
Electronic equipment such as
telephones, personal organizers, PCs, etc., used by the sender and receiver
(as opposed to the intermediate parties, or service providers) to communicate
or transmit data.
Traverse
Pass through, be transmitted
via (e.g. a telecommunications network).
Top
Briefing
Information for the Forum on Electronic Surveillance
Resolution on the Lawful Interception of Communications | Excerpts
from the TaskFEDAP Recommendation Report
Surveillance
Links |
Participant
Resources | Map
of Eutropia
|
