Hi all,

During the TICSA roadshow last month, there was a representative from the Police talking about the provision of the data from the interception.

 

He made the point that solution using pcap and ftp is not acceptable due to delays in receiving the data and other reasons. They need the data faster than that.

 

They also talked about the importance of the meta data surrounding the capture and that they are using the 2012 version of the standard rather than the latest because the support for the latest version isn���t there yet.

 

So I agree with getting in touch with them before you start creating your own solution. The conversation needs to include how any proposed solution could be certified to stand up to Court scrutiny.

 

Peter.

 

Peter Ensor | Chief Architect  
Ultrafast Fibre
T +64 (7) 8503880   M +64 (21) 02502772
E Peter.Ensor@ultrafast.co.nz
W ultrafastfibre.co.nz



Attention:
This e-mail message is intended for the intended recipient only and it may contain Ultrafast Fibre Limited confidential or legally privileged information or both. No confidentiality or privilege is waived or lost if this email has been delivered to the wrong recipient. If you have received this email in error, please immediately delete it from your system and notify Ultrafast Fibre Limited. You must not disclose, copy or relay any part of this correspondence if you are not the intended recipient. Any views expressed in this message are those of the individual sender and not Ultrafast Fibre Limited. This email has been checked for viruses. However, Ultrafast Fibre Limited makes no warranty that this email or any attachments are free from viruses or other conditions which may damage or interfere with recipient data, hardware or software. The recipient relies on its own procedures and assumes all risk of use and of opening any attachments.

From: nznog-bounces@list.waikato.ac.nz [mailto:nznog-bounces@list.waikato.ac.nz] On Behalf Of Nathan Ward
Sent: Wednesday, 6 September 2017 2:58 PM
To: Dave Mill <dave@mill.net.nz>
Cc: nznog@list.waikato.ac.nz
Subject: Re: [nznog] TICSA and lawful intercept

 

 

On 6/09/2017, at 2:33 PM, Dave Mill <dave@mill.net.nz> wrote:

 

Hi again

 

 

On Mon, Sep 4, 2017 at 6:34 PM, Nathan Ward <nznog@daork.net> wrote:

 

Perhaps some collaboration here would be useful, if others are looking at their own implementations of this stuff? I don���t imagine much could happen in terms of sharing hardware - unless the LFCs and other last mile providers offer some sort of ���LI service���, but if someone is or is thinking about writing some software or something then collaboration seems like a good idea.

 

 

What Nathan mentions here about collaboration is where I have been heading but first a bit of an update on all of this.

 

Since my first post LI on NZNOG I've had a few off-list replies and a few chats with people on other mediums.

 

I'm treating all conversations as confidential but as a general summary.

 

-I've heard from a few ISPs or other network operators interested in my post and interested in some degree of collaboration. As Nathan suggests that is collaboration on coming up with a solution rather than sharing of actual hardware.

 

-Most people I've talked to are a bit surprised at ETSI now being required and most people were just assuming they are compliant by being able to offer pcaps on demand.

 

-I have previously reached out to the police by email regarding whether we can put together other (non-ETSI) options for LI but so far haven't had a response

 

-Potentially, interested organisations could arrange a meet up with the police LI people in Wellington and work together on a solution

 

-I have heard from NZ organisations that are either supplying tools/equipment to do LI or are interested in doing so

 

-Potentially (this is obviously completely unknown) if enough of us wished to do LI in the same manner we could convince the police and other government departments to accept a non ETSI format of LI? Again, feedback from the police here would be great.

 

In general, it seems like we should be forming some kind of working group where a group of us just start working towards the goal of being able to carry out police and other departments' LI requests in a cost-efficient manner and avoid fines or being non-compliant.

 

I think the next step from here is having the people I've already talked to agree that they can participate in a small group where their identity and organisation will be known and also for me to hear from other organisations that might be interested in working together on LI. Note, it is my understanding that you still have some LI obligations if you have less than 4000 customers..

 

The rest of your email was interesting and I���m generally in agreement, but, focussing on just this one thing for the minute..

 

What is the objection to ETSI format here? The format itself looks rather straightforward, if you can provide a PCAP for this today I think you could turn this in to the ETSI format in some sort of mediation device fairly easily - either streaming or as files on an SFTP/similar server. The only reason I haven���t started cutting code to do this is I don���t know how to go about validating the output yet, heh.

 

My understanding is that the ETSI format typically includes L2 encapsulation if the data comes from a BNG/access node that supports ���proper��� LI. I���d be interested in understanding if this is a requirement.

 

The thing that PCAP on demand certainly doesn���t do is the IRI stuff. The feeling I get right now is that that���s going to be pretty implementation specific in a lot of circumstances unless you���re buying a vendor solution. BNGs which have LI licenses and so on (and so probably export ETSI data for CC) are likely to support SNMPv3 IRI, which is good. In a PCAP/mirror port->ETSI situation you���re going to need to figure out how to get intercept related RADIUS messages or something similar where they need to go. Certainly not insurmountable, but, every network I work with would have a different solution for that, I���m sure.

 

--

Nathan Ward