Re: [nznog] TICSA and lawful intercept

On 25/08/2017, at 8:40 AM, Dave Mill mailto:dave(a)mill.net.nz> wrote:

Hi all

So, probably a bit a touchy subject this one but here goes..

If you are a network operator and you have more than 4000 customers in my understanding you need to have full interceptions capabilities. (I'm not a lawyer, etc, etc) This is more than just being 'interception ready'.

http://www.police.govt.nz/advice/businesses-and-organisations/ticsa/intercep... http://www.police.govt.nz/advice/businesses-and-organisations/ticsa/intercep...

This will mean having a mediation system and being able to produce intercept data in the ETSI standard - again, as far as I know.

What are companies/organisations out there doing about this?

Is there a nice open source solution out there for this? (I haven't found one yet) Are people putting their heads in the sand and praying they never get served a warrant? Is everyone just shelling out hundreds of thousands of dollars on a vendor LI solutions?

What network kit are people integrating with LI in NZ?

And note, the last paragraph on the URL I linked above reads:

"Can I share interception capability resources?

Network operators may co-ordinate, share or contract for services (equipment or staff) in order to meet the interception capability requirements in the Act. However, it remains the responsibility of the network operator to ensure that any such arrangement does not affect any obligations that apply under the Act. Before entering into any such arrangement a network operator must notify the Director of the GCSB."

Replies on or off list welcomed.

I understand that the requirement has recently changed to require ETSI bits, rather than just being able to provide PCAP or similar. I haven’t looked at that stuff for years, and even then it was really just plumbing in some vendor box. So there’s two things to consider, voice and data... For voice, a couple of the networks I am involved in are almost entirely open source, which makes some of this a bit tricky - no (or limited) vendor solutions around. Vendor/hardware SBCs typically have support for this stuff though. Still trying to figure out the best way to achieve this - the difficult part is the signalling - I can easily get copies of media. Looking at some sort of packet capture thing that can poke stuff in to the right formats.. not totally sure. I am yet to figure out if BBIP services fall under PSTN or IP Multimedia. For IP Multimedia the original signalling messages appear to be required. PSTN seems to be looking for ISDN signalling but I may be misreading something. For data services, most BNG vendors support LI, which can happen in a few different ways. From my reading, the main difference between the ETSI standard and a simple PCAP of customer data is the IRI. It is not clear to me if the CC (actual captured data) can be stored and made available for collection, or if it needs to be streamed live. The ETSI documents seem to indicate that it is streamed live but I haven’t read them all yet, and they are… not particularly accessible. For both data and voice services an MF and AF function is required - The MF is really the key here, and I’ve not seen an open implementation of those protocols. Not sure if anyone else has? They don’t look too complicated, but, a bit hard to validate that they’re working correctly if you were to implement them yourself.. ! Perhaps some collaboration here would be useful, if others are looking at their own implementations of this stuff? I don’t imagine much could happen in terms of sharing hardware - unless the LFCs and other last mile providers offer some sort of “LI service”, but if someone is or is thinking about writing some software or something then collaboration seems like a good idea. -- Nathan Ward