Lawful Interception in practise in the Netherlands



Similar documents
Central Information Point for Telecom Investigation CIOT René Bladder

Simple Law Enforcement Monitoring

Lawful Interception of IP Traffic: The European Context

Lawful Interception in P2Pbased

Technical Glossary from Frontier

Lawful Interception in German VoIP Networks

EAGLE EYE IP TAP. 1. Introduction

Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention

ETSI & Lawful Interception of IP Traffic

WHITE PAPER. Gaining Total Visibility for Lawful Interception

what can we do with botnet data?

Position Paper 4. Closer understanding of the term third party networks and service providers" in relation to its application in Directive 2006/24/EC

IMS Interconnect: Peering, Roaming and Security Part One

IP-based Delivery Network via OpenVPN Provider Handbook

Advanced Metering Infrastructure

Network Overview. Background Traditional PSTN Equipment CHAPTER

SERIES A : GUIDANCE DOCUMENTS. Document Nr 3

TAXONOMY OF TELECOM TERMS

Thanks to SECNOLOGY s wide range and easy to use technology, it doesn t take long for clients to benefit from the vast range of functionality.

Citrix Access Gateway: Implementing Enterprise Edition Feature 9.0

Inspection of Encrypted HTTPS Traffic

Deploying Media Probes in Evolving VoIP Networks

The University of Information Technology Management System

ETNO Expert Contribution on Data retention in e- communications - Council s Draft Framework Decision, Commission s Proposal for a Directive

Load Balance Mechanism

Lawful Interception of VoIP. Rudolf Winschuh Business Development Transaction Security / Telecommunications

Datawire Secure Transport Value Proposition

WAN Failover Scenarios Using Digi Wireless WAN Routers

STAR-GATE TM. Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards.

ABC SBC: Software Defined Communication Networks. FRAFOS GmbH

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.

Brocade Telemetry Solutions

Compliance and Unified Communication

Regulatory Framework for Communications Security and Privacy in Greece

ICTNPL5071A Develop planning strategies for core network design

WATCHGUARD FIREBOX SOHO 6TC AND SOHO 6

Today's security needs in networking

Introducing STAR-GATE Enhancements for Packet Cable Networks

DATA RETENTION REPORT

Everything Voice SIP Trunks. The cost-effective and flexible alternative to ISDN

Today s challenges in Lawful Interception. C. Rogialli, October 11, 2005 RIPE MEETING 51 - Amsterdam

Integrating Lawful Intercept into the Next Generation 4G LTE Network

Network Service, Systems and Data Communications Monitoring Policy

Product Guide A5000 R5.4 Multi-company Services - CONTENTS -

Survey on Approaches of Provision VoIP Service 報 告 人 : 唐 崇 實 2005/3/24

Avoid Network Outages Within SaaS and Cloud Computing Environments

Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention

2 box model (in the SOP)

A Framework for Secure and Verifiable Logging in Public Communication Networks

Network Assessment Client Risk Report Demo

Authentication, Authorization and Accounting (AAA) Protocols

ZyXEL offer more than just a product, we offer a solution. The Prestige DSL router family benefits providers and resellers enabling them to offer:

AdvOSS Session Border Controller

Voice over Internet Protocol (VoIP) - An Introduction

utimaco a member of the Sophos Group

Advanced LCR (Least Cost Router) With SIP Proxy Server

SIP TRUNKING THE COST EFFECTIVE AND FLEXIBLE ALTERNATIVE TO ISDN

NIXI Connection Agreement. between... With Registered Office at hereinafter referred to as Member

EXPLOITING SIMILARITIES BETWEEN SIP AND RAS: THE ROLE OF THE RAS PROVIDER IN INTERNET TELEPHONY. Nick Marly, Dominique Chantrain, Jurgen Hofkens

The treatment of Voice over Internet Protocol (VoIP) under the EU Regulatory Framework

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Colt IP Access Colt Technology Services

IP Voice Reseller. Deliver the VoIP services your customers demand without costly infrastructure investment or increased management complexity.

The Dutch implementation of the Data Retention Directive

Private Cloud Solutions Virtual Onsite Data Center

Phish Blocker: Spyware Blocker:

Voice over IP Security

1.264 Lecture 37. Telecom: Enterprise networks, VPN

Meeting the challenge of voice services

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Device Provisioning in Cable Environments

Guidelines on International Gateway Access and Voice over Internet Protocol (VoIP) Issued by the Nigerian Communications Commission

Data retention current state of UK and EU legislation. Dr. Ian Brown, UCL

European Commission Consultation document on Voice over IP

Global Information Society Watch 2014

BITEK INTERNATIONAL INC PRESENTS: VoIP FILTERING

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Cost Comparison of a Hosted PBX Versus a Traditional PBX

SIP Trunks. The cost-effective and flexible alternative to ISDN

FCS Fraud Mitigation Standard Specification

No. 1 - The Simple Guide to SIP Trunking. City Lifeline Technology Briefing

DATA RETENTION. Guidelines for Service Providers

Telecom Business Continuity Solutions FOR INTERNAL USE ONLY

Cyber Crime and Data Retention

Alcatel-Lucent ISAM Voice. For smooth migration to NGN/IMS

Security Technology: Firewalls and VPNs

Number 3 of 2011 COMMUNICATIONS (RETENTION OF DATA) ACT 2011 ARRANGEMENT OF SECTIONS

Evaluating Bandwidth Optimization Technologies: Bonded Internet

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Course No.

Build yourself an ISP

EAGLE EYE Wi-Fi. 1. Introduction

Experiment # 6 Remote Access Services

Bonded Internet. Bonded is Better! AllCore Communications... Bonded Internet Features: Who is AllCore Communications?

Routing Security Server failure detection and recovery Protocol support Redundancy

From Lawful to Massive Interception : Aggregation of sources. amesys - Prague ISS World Europe 2008

An Introduction to SIP

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

Transcription:

SvSnet Stichting Nationale Beheersorganisatie Internet Providers Lawful Interception in practise in the Netherlands Cyprus 30 June 2010 Pim van Stam SvSnet 1

SvSnet Stichting Nationale Beheersorganisatie Internet Providers SvSnet founded in 2005 for supporting the NBIP NBIP is the Dutch service organisation for Internet Providers Is it possible to do lawful interception with a group of providers? Does this make it cheaper? Is it safe to let a third party do lawful interception? 2

Content 1.law and supervision Telecommunications Law Law enforcement agencies Telecommunications Agency (AT) BBGT Security Framework specifications 2. Interception Infrastructure infrastructure interceptable services (IP, E-Mail, VoIP) management interface 3. NBIP foundation for lawful interception organisation growth services procedures costs 3

Obligations for Law Enforcement Obligations on telecommunication providers for law enforcement Handover subscriber data CIOT Centraal Informatiepunt Opsporing Telecom Interception Historical data, retained data Dataretention directive 4

Telecommunications Law (1) Artikel 13.1 1. Aanbieders van openbare telecommunicatienetwerken en openbare telecommunicatiediensten stellen hun telecommunicatienetwerken en telecommunicatiediensten uitsluitend beschikbaar aan gebruikers indien deze aftapbaar zijn. Public telecommunication services and networks must be interceptable. 2. Bij of krachtens algemene maatregel van bestuur kunnen regels worden gesteld met betrekking tot de technische aftapbaarheid van openbare telecommunicatienetwerken en openbare telecommunicatiediensten. Rules on intercepts can be defined -> FuncSpec en TIIT (functional and technical specifications) 5

Telecommunications Law (2) Article 13.2: cooperation on exceptional orders Article 13.3: disputes -> Telecom Agency Article 13.4: cooperation on handover of information Article 13.5: security measures for secrecy of information -> BBGT Article 13.6: costs - interceptable: provider - administrative en personnel costs: government Article 13.7: non public networks and services Article 13.8: release of obligations 6

Telecommunications Law (3) Changes in the Telecommunications law for Data retention Law since july 6 th 2009. Active since sept. 1 st 2009 art. 11.13: Retained data may not be used for other purposes 13.2: Data Retention directions for warrants based upon criminal law 13.5: Change of BBGAT to BBGT 13.9: evaluation every 5 jaar Evaluation will be in september 2010! 13.10: Mentioning the attachment wich data to retain 7

Law enforcement agencies Lawful interception by Justice identifiable user or entity serious crime punishment 4 years Lawful interception by intelligence agencies (AIVD/MIVD) investigation borders can be anything 8

Telecommunications Agency Agentschap Telecom supervisor Telecommunications law art. 13 information last onder dwangsom test taps to check fine dispute LEA vs provider BBGT 9

BBGT security measures Besluit Beveiliging Gegevens Telecommunicatie Directive on Security of Telecommunication Data Security of Intercepted data and information Security of retained data security plan security measures since juni 2005 supervision by Agentschap Telecom 10

Specifications Functional specifications real-time secrecy, unnoticeable reliable identifiable user (name, address, account, IPaddress, e-mail address, phone number) all traffic IP or E-mail 11

Specifications Technical Specifications based on TIIT moving to ETSI 102 323 S1: filtering and coding S2: transport to LEMF (tunnels) T1: receiving data and split-up T2: store and investigation 12

Interception Infrastructure 13

Infrastructure 14

Interceptable services Internet connectivity DSL, Cable, fixed lines, fibre, VPN's Triggering protocols DHCP, Radius hosting, shared, dedicated, colocating E-mail - SMTP VoIP - SIP, H.323 Fixed lines on small scale analogue, ISDN-30, ISDN-2 15

Interceptable services - POTS Make it VoIP! 16

EVE Management Interface (1) EVE Interception Software (http://www.lawfulinterception.com/) Pine Digital: from the Internet industry with focus on security software solutions with standard server platform with FreeBSD all units (S1, S2, S3) use same software bundle separate units or EVE-One (combined) separate licenses for services (IP, e-mail, voip) many triggering protocols 17

EVE Management Interface (2) definition of: S1 units and groups T1 units and groups Services (EVE, EVESMTP, EVESIP, etc) taps input manually of from XML file logging and auditing 18

foundation NBIP National Service Organisatie for Internet Providers 19

Goals of the foundation NBIP offering services to providers to fulfil obligations from the telecommunications law, article 13; acting as an intermediar between government and providers, whereas providers can delegate obligations; decrease costs for providers on executing the obligations on technical, economical and organisation level 20

NBIP organisation founded in august 2002 9 ISP's 1-1-2010: 79 participants administration board (7 persons) Council of Participants Office and execution by contractors: SvSnet 21

NBIP growth Growth of the NBIP year 2003 2004 2005 2006 2007 2008 2009 2010 participants 10 15 27 41 45 50 59 79 warrants 12 13 27 69 147 259 335 interception days duration (mean) 528 670 1168 2402 5468 7837 8920 44 52 43 35 37 30 27 22

NBIP Services administration of participants management of infrastructure intake and testing executing warrants - legal check - drive out (S1's) - tap's monitoring taps and infrastructure contacts with government, Agentschap Telecom, working groups BBGT support 23

Interception infrastructure NBIP (2) central S3 / S2's fail-over, redundant monitoring system mobile S1's for IP en mailtaps 24

NBIP: Procedures: I want to join! procedure take in form with signature status to form applied intake network scan status to aspirant member test taps end-to-end test dependant of ISP services technical report status to member 25

NBIP: Procedures - warrant 26

Costs Interceptable: ISP Warrant: LEA In case of NBIP: participants fee (yearly) for infrastructure bill per tap for extecution of warrant 27

Costs (2) De yearly fea for 2010 is: 1 provider business market, max. 3000 subscribers. Also: max. 7 employees Yearly fee: Eur 2.000 2 business/residential max 25.000 subscribers Yearly fee: Eur 3.500 3 business/residential 25K - 250K subscribers Yearly fee: Eur 15.000 4 business/residential over 250K subscribers Yearly fee: Eur 30.000 28

Costs (3) D escriptio n Per: F ee 1 handling tap, adm inistration e n legal che ck ta p 2 5 0 2 driv e out & p ick -up, installa tion S1 *) ta p 5 0 0 3 Monitorin g and he lpdesk d ay 8 Fee 1 tap for 1 month 9 9 0 * In 2007-2009 the average fee for taps were about EUR 500,- * Costs can be declared to the government. 29

Questions? 30

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information