[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) Some extracts from ENFOPOL 98



------- Forwarded Message Follows -------
Date:          Sun, 14 Mar 1999 18:40:44 -0500
To:            cryptography@c2.net, cypherpunks@cyberpass.net
From:          Robert Hettinga <rah@shipwright.com>
Subject:       Some extracts from ENFOPOL 98


--- begin forwarded text


Date: Sun, 14 Mar 1999 22:19:39 +0000
To: usual@espace.net
From: Duncan Campbell <duncan@gn.apc.org> (by way of Fearghas McKay
 <fm@mids.org>)
Subject: Some extracts from ENFOPOL 98
Reply-To: "Usual People List" <usual@espace.net>
Sender: <usual@espace.net>
List-Subscribe: <mailto:requests@espace.net?subject=subscribe%20usual>



ENFOPOL 98 : REQUIREMENTS RELATING TO SERVICE PROVIDERS WITH REGARD TO
CRYPTOGRAPHY


Based on a lawful enquiry and given a target identifier or other
information about the target or encrypted data with related
information, law enforcement agencies require:

"       full details of the target including service number;
"       information that will fully identify the cryptographic
services used by the target; and "       the technical parameters of
the method used to implement the cryptographic service.

Law enforcement agencies require access to the decrypted message as
quickly (in urgent cases within a few hours or minutes).  The law
enforcement agencies will specify how it wishes to achieve this
result; either through the provision of cryptographic key material and
all necessary information to decrypt the data or exceptionally by
provision of the data as plaintext.  Access to the decrypted message
must be available for those encryption systems that allow for both
national and international operation.

The handover of cryptographic key material should be immediate.  The
computational and operational process a law enforcement authority
needs to undertake to decrypt the data, including any reconstruction
or rebuilding of keys, should involve minimal time and resources to
ensure an efficient, economic and timely operation.

The provision of data as plaintext should take place as soon possible;
in urgent cases within a few hours or minutes.




ENFOPOL 98 : REQUIREMENTS RELATING TO CALL AND SUBSCRIBER ASSOCIATED
DATA


Law enforcement agencies require a real-time, full-time monitoring
capability for the interception of telecommunications.  Call
associated data should also be provided in real-time.  If call
associated data cannot be made available in real time, law enforcement
agencies require the data to be available as soon as possible upon
call termination

The identifier for an Internet service which is a target service will
usually be the means by which the service is known to the service
provider and used to authenticate (and possibly to bill) a person
attempting to use the service and/or the means by which traffic is
directed to the service. Examples of service identifiers are: "      
IP address (for services with a fixed IP address) "       Account
number "       Logon id/password "       PIN number "       E-mail
address Call associated data refers to the signalling information
contained within the IP datagrams and also where appropriate, to the
calling line identifier of the telephone service used by the
interception subject to connect to the Internet provider.

Before implementation of the interception, law enforcement agencies
require: (1) the interception subject's identity, service number or
other distinctive Identifier, (2) Information on the services and
features of the telecommunications system used by the interception
subject and delivered by network operators/service providers, and (3)
information on the technical parameters of the transmission to the law
enforcement monitoring facility

Law enforcement agencies require access to information about
subscribers to all telecommunications services including, but not
limited to, the following: circuit switched telephony services,

"       PSTN,
"       ISDN;
"       terrestrial mobile services, e.g. GSM, AMPS, D-AMPS, CDMA,
DCS-1800; "       satellite-based mobile services, e.g. IRIDIUM,
Globalstar, ICO; "       Trunked mobile services, e.g. TETRA; "      
Internet services both dial -in and fixed based; "       calling card
services both pre-paid and account based; "       call-back services;
"       long distance and international services; "       paging
services; "       data services, e.g. X.25, X.400, ATM, frame relay,
and; "       voice mail services. Law enforcement agencies also
require the means to access information about subscribers in other
countries in situations where those subscribers may be operating
within the agency's jurisdiction. Examples of these situations
include, but are not limited to the following: "       Internationally
roaming mobile subscribers; "       Subscribers to S-PCS services such
as Iridium, and; "       Subscribers to international carriers where
the subscriber database is in another country. Law enforcement
agencies require access to information kept by the providers of
telecommunications networks, telecommunications services and Internet
services on the subject's Identity. Examples of this information
include, but are not limited to, the following: "       the full name
and address of the Interception subject including postal code; "      
the full name and address, including postal code, of the party which
pays the bill for the services provided to the interception subject; "
      sufficient credit card details to identify the account if the
interception subject pays by credit card, and "       the directory
name and address as shown in the directory. Law enforcement agencies
require access to information kept by the providers of
telecommunications networks, telecommunications services and Internet
services on the interception subject's service number or other
distinctive Identifier. Examples of this information may include, but
are not limited to the following: Types of services and features used
by the interception subject;

"       Wire line directory numbers;
"       Technical identifiers and codes of the telecommunications
equipment such as the MSISDN, IMSI and IMEI GSM identifiers, which are
supplied by the provider to the interception subject; "       The
means by which a provider identifies a subscriber of Internet on cable
TV; "       User identifier or code given by a caller and used by an
Internet provider to authenticate and bill the user; "       Cable or
channel identifiers for fixed point services; "       IP address for
users of fixed Internet services; "       Associated directory number
on a voice mail service; "       E-mail address; "       The PIN or
code given by the caller and used by the provider to authenticate   
and bill a user of calling card services, and; "       The means by
which an international or long distance service provider authenticates
a caller.

Law enforcement agencies require access to traffic and billing records
of an interception subject.


I will be taking about some this stuff at LSE on Tuesday :  (snip from
Peter's posting)

Global information surveillance:
Intelligence and law enforcement
planning and capabilities

Duncan Campbell will report on and discuss
his current work for the European
Parliament on such systems as
Echelon and proposed legislation /
mutual assistance arrangements as
Enfopol and the US Communications
Assistance to Law Enforcement Act.

See http://csrc.lse.ac.uk/Colloquia/colloquia1.htm for further
information.


Duncan

--- end forwarded text


-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/> 44
Farquhar Street, Boston, MA 02131 USA "... however it may deserve
respect for its usefulness and antiquity, [predicting the end of the
world] has not been found agreeable to experience." -- Edward Gibbon,
'Decline and Fall of the Roman Empire'