3 GPP SA 3 Lawful Intercept Brye Bonner

3 GPP SA 3 Lawful Intercept Brye Bonner Chair SA 3 -LI

3 GPP Organization • Services Aspect (SA); Security (SA WG 3); Lawful Intercept (SA WG 3 -LI) ·UMTS, GSM. · 3 GPP - WLAN IW GSM TR 01. 33 3 GPP TR 41. 033 GSM TS 02. 33/03. 33 3 GPP TS 42. 033/43. 03 3 3 GPP TS 33. 106 (stage 1) 3 GPP TS 33. 107 Stage 2 3 GPP TS 33. 108 Stage 3 Interworking

3 GPP Schedule for latest release • Release 6 developed over last 14 months – Frozen September 2004 • All 3 GPP documents frozen at same time to allow manufacturers to develop product across all 3 GPP standards. Partnership companies (ETSI is one) then ballot the release with or without national addendums. • Four times a year Plenary meets and approves change requests. Once approved by the plenary the document becomes stable and can be implemented if needed. • SA 3 -LI expects to freeze 33. 106 (Stage 1) now. – Does not expect to change 33. 108 (Stage 3) but is asking that it be left open until October – Is asking that 33. 107 (stage 2) be left open to complete WLAN stage 2 work.

Work Items for LI rel 6 • Justification: – to develop IP-based Services, which need to be addressed by lawful interception. SA WG 3 -LI will study IMS phase 2, Multimedia Broadcast and Multicast Services, Priority Service, Presence Service, Subscriber Certificates, and WLAN for possible lawful interception systems. • Objective – The objective of this work item is to create a lawful interception specification for the latest Rel-6 architecture and services as described in the above justification. – The enhancements to specification TS 33. 108 addresses the additional work to specify the HI 2 (Intercepted Related Information) and the HI 3 (Content) interfaces for Packet Data, Circuit Switched and IMS delivery to the Law Enforcement Monitoring Facilities for 3 G networks for Release 6. In the first step the 3 G Packet Domain and phase 1 Multi Media Domain have been addressed in this specification for Rel 5. The Circuit-Switched Domain was already addressed by different regional specifications for 2 G networks, and for 3 G networks the Circuit-Switched Domain will be based on these documents and incorporated into Rel 6. HI 1 (Administration) is not covered in this specification and is considered to be a matter of national regulation.

3 GPP Object Tree

IRI parameters parameter description observed MSISDN Target Identifier with the MSISDN of the target subscriber (monitored subscriber). observed IMSI Target Identifier with the IMSI of the target subscriber (monitored subscriber). observed IMEI Target Identifier with the IMEI of the target subscriber (monitored subscriber) observed PDP address used by the target. . event type Description which type of event is delivered: PDP Context Activation, PDP Context Deactivation, GPRS Attach, etc. event date Date of the event generation in the x. GSN event time Time of the event generation in the x. GSN access point name The APN of the access point PDP type This field describes the PDP type as defined in TS GSM 09. 60, TS GSM 04. 08, TS GSM 09. 02 initiator This field indicates whether the PDP context activation, deactivation, or modification is MS directed or network initiated. correlation number Unique number for each PDP context delivered to the LEMF, to help the LEA, to have a correlation between each PDP Context

IRI parameters location information When authorized, this field provides the location information of the target that is present at the SGSN at the time of event record production. SMS The SMS content with header which is sent with the SMS-service failed context activation reason This field gives information about the reason for a failed context activation of the target subscriber. failed attach reason This field gives information about the reason for a failed attach attempt of the target subscriber. service center address This field identifies the address of the relevant server within the calling (if server is originating) or called (if server is terminating) party address parameters for SMS-MO or SMS-MT. umts QOS This field indicates the Quality of Service associated with the PDP Context procedure. context deactivation reason This field gives information about the reason for context deactivation of the target subscriber. network identifier Operator ID plus SGSN or GGSN address. i. P assignment Observed PDP address is statically or dynamically assigned. SMS originating address Identifies the originator of the SMS message. SMS terminating address Identifies the intended recipient of the SMS message.

IRI parameters SMS initiator Indicates whether the SMS is MO, MT, or Undefined serving SGSN number An E. 164 number of the serving SGSN address An IP address of the serving SGSN.