wk03005.en18
Dieses Dokument ist Teil der Anfrage „Antrag auf Dokumente zur Entwicklung einer Daten-Matrix für eine Vorratsdatenspeicherung“
Brussels, 09 March 2018 WK 3005/2018 INIT LIMITE COPEN CYBER DAPIX ENFOPOL JAI WORKING PAPER This is a paper intended for a specific community of recipients. Handling and further distribution are under the sole responsibility of community members. NOTE From: Europol To: DAPIX (Friends of the Presidency - Data Retention) Subject: Preparatory work for the Data Retention Matrix Delegations will find in the Annex a Preparatory work for the data retention matrix: types of data records held by providers which are strictly necessary or unnecessary for criminal investigation. WK 3005/2018 INIT DG D 2 MK/mj LIMITE EN
Preparatory work for the Data Retention Matrix: types of data records held by providers which are strictly necessary or unnecessary for criminal investigation purposes. ETSI Standards V1.20.1 (2017-11) Categories of Data Services and Sources Council of Europe (COE) 'Electronic Evidence Guide' 1. Telephony services pp.3-12 ETSI Standards B.2 Telephony fields pp. 57-64 1.1.1. TelephonySubscriber p.3 ETSI B.2.2.0 - Table B.1 p.57 1.1.2. SubscribedTelephonyServices p.3 ETSI B.2.2.4 - Table B.2 p.58 1.2.1. TelephonyBillingDetails and Records p.4 ETSI B.2.3.0 - Table B.3; B.2.3.1- Table B.4 p.59 1.3.1. TelephonyServiceUsage p.5 ETSI B.2.4.1 - Table B.5 p.60 1.3.2. PartyInformation + Sms/Mms Information p.6 ETSI B.2.4.2 - Table B.6; B.2.4.3 - Table B.7; B.2.4.4 - Table B.2.4.4 pp.60-61 1.4.1. TelephonyDevice p.8 ETSI B.2.5.1 - Table B.9 p.61 1.5.1. TelephonyNetworkElement p.9 ETSI B.2.6.1 - Table B.10 p.62 1.5.2. Location parametres p.9 ETSI B.2.6.2.1 - Table B.11 p.63 1.5.3. GSM and UMTS Location parameters p.10 ETSI B.2.6.2.2 - Table B.12; B.2.6.2.3 - Table B.13 pp.63-64 1.5.4. Extended location parameters p.11 ETSI B.2.6.2.4 - Table B.14 p.64 1.5.5. TransmitterDetails parameters p.11 ETSI B.2.6.3.1 - Table B.15 p.64 2. Asynchronous message services pp.12-15 ETSI Standards C.2 Message services pp.80-83 2.1.1. MsgSubscriber p.12 ETSI C.2.2.0 - Table C.1 p.81 2.1.2. MsgStore p.12 ETSI C.2.2.2 - Table C.2 p.81 2.2.1. MsgTransmission p.13 ETSI C.2.3.1 - Table C.3 p.82 2.2.2. MsgStoreOperation p.14 ETSI C.2.3.2 - Table C.4 p.82 2.3.1. MsgBilling details and records p.14 ETSI C.2.4.0 - Table C.5; ETSI C.2.4.1 - Table C.6 p.83 3. Synchronous multi-media services pp.15-22 ETSI Standards D.2 Multimedia fields pp.88-93 3.1.1. MultimediaSubscriber p.15 ETSI D.2.2.0 - Table D.1 p.88 3.1.2. SubscribedMultimediaService p.16 ETSI D.2.2.4.1 - Table D.2 p.89 3.1.3. MultimediaServiceRegistrationInfo p.17 ETSI D.2.2.5 - Table D.2.A p.90 3.2.1. Multimedia Billing Details, Address and Records p.18 ETSI D.2.3.1 - Table D.3; D.2.3.2 - Table D.3A; D.2.3.3 -Table D.4 pp.90-91 3.3.1. MultimediaServiceUsage p.19 ETSI D.2.4.1 - Table D.5 pp.91-92 3.3.2. PartyInformation p.21 ETSI D.2.4.2 - Table D.6 p.92 3.3.3. IMSInformation p.22 ETSI D.2.4.3 - Table D.7 p.93 3.3.4. MediaComponents p.22 ETSI D.2.4.4 - Table D.8 p.93 4. Network access pp.23-31 ETSI Standards E.2 Network access pp.101-106 4.1.1. NASubscriber p.23 E.2.2 - Table E.1 p.101
DRAFT DRAFT DRAFT 4.2.1. NAServiceSubscription p.23 E.2.3 - Table E.2 p.102 4.3.1. NAServiceUsage p.25 E.2.4 - Table E.3 p.103 4.3.2. DialUpInformation p.26 E.2.4 - Table E.4 p.103 4.3.3. GPRSInformation p.26 E.2.4 - Table E.5 p.103 4.3.4. EPSInformation p.27 E.2.4 - Table E.5A p.104 4.3.5. WiFiInformation p.28 E.2.4 - Table E.5B p.105 4.4.1. NADevice p.29 E.2.5 - Table E.6 p.105 4.5.1. NANwElement p.30 E.2.6 - Table E.7 p.106 4.6.1. NABillingDetails p.30 E.2.7 - Table E.8 p.106 5. Further information on data categories pp.31-34 ETSI Standards H.2 Subscriber data pp.122-125 5.1.1. Subscriber Data Requests p.31 H.2.1 p.122 5.1.2. Generic Subscriber Data Requests p.31 H.2.2 pp.122-123 5.1.3. Service Specific Subscriber Reply Data p.32 H.2.3 p.123 5.2.1. Usage Requests p.32 H.3.1 p.123 5.2.2. Usage Data Categories p.32 H.3.2 p.124 5.2.3. Usage: Traffic Data (Reply) p.33 H.3.3 p.124 5.2.4. Usage: Traffic Data Related Information (Reply) p.33 H.3.4 p.124 5.2.5. Usage: Communication Independent User Activities (Reply) p.33 H.3.5 p.124 5.2.6. Usage: Network Activity Data (Reply) p.33 H.3.6 p.124 5.3.1. Network Element Requests p.34 H.4.1 p.125 5.3.2. Network Configuration Data Reply Data p.34 H.4.2 p.125 6. Online Sources of Investigation - Council of Europe pp.34-36 COE Electronic Evidence Guide - 4.3 pp. 101-110 6.1. Plain Web Site p.34 4.3.1 pp.103-104 6.2. Social Networking Sites p.34 4.3.2 pp.105-106 6.3. Blogging Sites p.35 4.3.3 pp.106-107 6.4. WebMail Sites p.35 4.3.4 p.107 6.5. URL-Shortners p.35 4.3.5 p.107 6.6. Ad-Networks p.35 4.3.6 pp.107-108 6.7. Content Storage Networks p.35 4.3.7 p.108 6.8. P2P Networks p.36 4.3.8 pp.108-110 7. Digital Evidence Sources - Council of Europe pp.36-39 COE Electronic Evidence Guide - 6.5 Forensic analysis; 3.5 Volatile data 7.1. Document forensic analysis p.36 COE Electronic Evidence Guide 6.5.5 p.143 7.2. Live data forensics and Log file forensic analysis p.36 COE Electronic Evidence Guide 6.5.7 pp.144-145 7.3. Network Forensic Analysis p.36 COE Electronic Evidence Guide 6.5.8, 6.5.9, 6.5.9.1 pp.145-147 7.4. Volatile Data fragments p.37 COE Electronic Evidence Guide 3.5.1 pp.65-67 1. Swedish Inquiry on data retention - November 2017 ANNEXES (pp 43-47) Subscriber data is NOT to be considered for Data Matrix Page 2
DRAFT DRAFT DRAFT ANNEXES (pp. 43-47) 2. Directive 2006/24/EC, art.5 categories 1.1. Telephony Subscriber ETSI B.2.2 Strict necessity for retention 1.1.1. TelephonySubscriberParameters Yes No Justification A unique identifier for a particular subscriber within subscriberID a CSP A unique identifier for this particular subscriber genericSubscriberInfo within a CSP telSubscriberInfo Service specific information about the subscriber List of services details that a subscriber (or account) subscribedTelServices may have 1.1.2. SubscribedTelephonyServices parameters A unique identifier within the operator for the serviceID service providerID A unique identifier for the service provider timeSpan Time over which the subscription was held The telephone number(s) assigned to the subscriber registeredNumbers as part of this subscription Integrated Circuit Card ID in cases of single SIM card registeredICCID contracts serviceType The type of service subscribed to The instation address for the subscriber's equipment, installationAddress if applicable connectionDate Date when the subscriber was actually connected iMSI IMSI of the subscriber Subscriber data is NOT to be considered for Data Matrix Page 3
DRAFT DRAFT DRAFT carrierPreselect Indication of the carrier preselection lineStatus CSP for specific description of the current line status List of all known devices allocated to this user for this allocatedDeviceIDs subscription PUK code for the SIM card associated with this pUKCode subscription PUK2 code for the SIM card associated with this pUK2Code subscription iMEI IMEI of the subscriber nationalTelSubscription Defined on a national basis paymentDetails Details for payment deliveryAddress The delivery address for equipment resellerAddress The address of the reseller or dealer Used if there are addresses for the subscription otherAddress which do not fit into the other categories Information avout timespan of the active number registeredNumbersInfo and disable reasons Integrated Circuit Card ID in cases of MultiSIM card registeredICCIDs contracts Information on login details, e.g. in case of a loginInfos VMS/UMS account 1.2. Telephony Billing Details and Records ETSI B.2.3 Strict necessity for retention 1.2.1 TelephonyBillingDetails and Records parameters Yes No Justification Subscriber data is NOT to be considered for Data Matrix Page 4
DRAFT DRAFT DRAFT A unique identifier for a particular subscriber within subscriberID a CSP A unique identifier within the operator for the serviceID service or tariff subscribed to billingAddress The billing address for this subscription A unique identifier for billing purposes. The format is billingIdentifier for CSPs to determine A sequence of billing records, one for each payment billingRecords by the subscriber on this subscription time Time of the payment place Location of the payment amount Amount of the payment, in currency specified currency Currency of payment method Type of payment (e.g. credit card, top-up voucher) nationalTel BillingRecords Defined on a national basis transactionID Unique reference transactionStatus Status of transaction (declined, succeeded etc.) 1.3. Telephony Service Usage ETSI B.2.4 Strict necessity for retention 1.3.1. TelephonyServiceUsage parameters Yes No Justification Subscriber data is NOT to be considered for Data Matrix Page 5
DRAFT DRAFT DRAFT partyinformation A list of partyInformation structures communicationTime Total time for this service usage A list of telephony events that occurred during this eventInformation call. They may relate to Call Forwarding, Conference Calls etc. endReason The Q.850 cause cose for the termination of the call communicationType The type of call bearerService The bearer service for the call smsInformation SMS information for the service usage ringDuration Ring duration, given in seconds mmsInformation MMS information for service usage nationalTelServiceUsage Defined on a national basis operatorSpecificCall Identifier or a combination of identifiers as used by Details the CSP to classify the call for billing procedures 1.3.2. PartyInformation + SMS/MMS information parametres partyRole Role for this party (e.g. called, calling) partyNumber Number for this party in E.164 format subscriberID Subscriber identifier for subscriber Subscriber data is NOT to be considered for Data Matrix Page 6
DRAFT DRAFT DRAFT deviceID Device identifier locations location(s) encoutered during a call Time that this party was involved in the call, if this communicationTime was a multiparty call. iMSI IMSI of the party Nature of the address - may be international, natureOfAddress national or subscriber number forwardedTransferred Number Forwarded number if call was transferred terminatingTransferred Number Terminating number if call was transferred emailAddress Email address of the party for MMS iMEI IMEI of the party detailedLocation Detailed location information per call and party nationalTelPartyInfo Defined on a national basis partyType Type of party (e.g. operator provided voicemail etc.) Digits dialled by the party (e.g. subscriber controlled dialledDigits input) smsEvent Type of message event smsType Type of sms transferred on SC - MC interface smsStatus Status reached by the sms Subscriber data is NOT to be considered for Data Matrix Page 7
DRAFT DRAFT DRAFT smsCmRefNr Concatenated short message reference number Number of short messages transferred in case of smsNumOfSM composite messages Delivery notification message generated by smsNotifyInd messagnig centre smsProtocolID Transfer layer Protocol - Protocol Identifier (TP-PID) mmsEvent Type of message event mmsStatus Status reached by the mms mmsNotifyInd Delivery notification message generated mmsMsgMod Modifications performed on the message 1.4. Telephony Device ETSI B.2.5 Strict necessity for retention 1.4.1 TelephonyDevice parameters Yes No Justification deviceIDType Indicates the type of identifier used in TelephonyDeviceID, e.g. IMEI. Unique identifier for the telephony device. If this telephonyDeviceID identifier happens to have a particular format (e.g. IMEI), then this may be indicated using deviceIDType Identity of a known user of this equipment. This identity may be registered in cases where the subscriberID provider has supplied the user with a device. It may also be recorded ad-hoc based on service usage data, depending on national legislation 1.5. TelephonyNetworkElement ETSI B.2.6 Strict necessity for retention parameters Subscriber data is NOT to be considered for Data Matrix Page 8
DRAFT DRAFT DRAFT 1.5.1. TelephonyNetworkElement parameters Yes No Justification Unique identifier for the network element (e.g. MSC telephonyNetworkID ID) cellInformation Location information for this network element. Time period during which the information given in validity this structure is or was valid nationalTelephony Defined on a national basis NetworkElement Characteristics of the transmitter, e.g. beam-width, transmitterDetails radiated power, antenna height, frequency, technology 1.5.2. Location parametres e164-Number E.164 number in ISUP format globalCellID Global cell ID in ETSI TS 100 974 [8] Routing Area Identifier in current SGSN, in 3GPP TS rAI 24.008, withour Routing Area Identification IEI gsmLocation GSM location umtsLocation UMTS location sAI Service Area Identifier, 3GPP TS 25.413 Subscriber data is NOT to be considered for Data Matrix Page 9