Cisco Architecture for Lawful Intercept in IP Networks
RFC 3924

 
Document Type RFC - Informational (November 2004; No errata)
Last updated 2013-03-02
Stream ISE
Formats plain text pdf html
Stream ISE state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3924 (Informational)
Telechat date
Responsible AD Steven Bellovin
Send notices to <fred@cisco.com>, <chsharp@cisco.com>, <bfoster@cisco.com>
Network Working Group                                           F. Baker
Request for Comments: 3924                                     B. Foster
Category: Informational                                         C. Sharp
                                                           Cisco Systems
                                                            October 2004

        Cisco Architecture for Lawful Intercept in IP Networks

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

IESG Note

   This RFC is not a candidate for any level of Internet Standard.  The
   IETF disclaims any knowledge of the fitness of this RFC for any
   purpose, and in particular notes that the decision to publish is not
   based on IETF review for such things as security, congestion control
   or inappropriate interaction with deployed protocols.  The RFC Editor
   has chosen to publish this document at its discretion.  Readers of
   this document should exercise caution in evaluating its value for
   implementation and deployment.

Abstract

   For the purposes of this document, lawful intercept is the lawfully
   authorized interception and monitoring of communications.  Service
   providers are being asked to meet legal and regulatory requirements
   for the interception of voice as well as data communications in IP
   networks in a variety of countries worldwide.  Although requirements
   vary from country to country, some requirements remain common even
   though details such as delivery formats may differ.  This document
   describes Cisco's Architecture for supporting lawful intercept in IP
   networks.  It provides a general solution that has a minimum set of
   common interfaces.  This document does not attempt to address any of
   the specific legal requirements or obligations that may exist in a
   particular country.

Baker, et al.                Informational                      [Page 1]
RFC 3924           Architecture for Lawful Intercept        October 2004

Table of Contents

   1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . .  2
      1.1. Requirements Motivating the Architecture . . . . . . . . .  3
      1.2. Document Organization. . . . . . . . . . . . . . . . . . .  4
   2. Reference Model . . . . . . . . . . . . . . . . . . . . . . . .  5
      2.1. Reference Model Components . . . . . . . . . . . . . . . .  6
      2.2. Operational Considerations . . . . . . . . . . . . . . . .  7
   3. Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . .  9
      3.1. Content Intercept Request Interface. . . . . . . . . . . .  9
      3.2. Intercept Content Interface (f). . . . . . . . . . . . . . 10
   4. Applying the Reference Model. . . . . . . . . . . . . . . . . . 11
      4.1. Voice over IP networks . . . . . . . . . . . . . . . . . . 11
           4.1.1. Interception of Voice over IP Services. . . . . . . 11
           4.1.2. Local Voice Services. . . . . . . . . . . . . . . . 12
      4.2. Data Services. . . . . . . . . . . . . . . . . . . . . . . 13
   5. Security Considerations . . . . . . . . . . . . . . . . . . . . 13
      5.1. Content Request Interface (d) - SNMPv3 Control . . . . . . 14
   6. Informative References. . . . . . . . . . . . . . . . . . . . . 14
   7. Acronyms. . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
   8. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . . 17
   9. Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 18

1.  Introduction

   For the purposes of this document, lawful intercept is the lawfully
   authorized interception and monitoring of communications of an
   intercept subject.  The term "intercept subject", "subject", "target
   subscriber" or "target" in this document refers to the subscriber of
   a telecommunications service whose communications and/or intercept
   related information (IRI) has been lawfully authorized to be
   intercepted and delivered to some agency.  Note that although the
   term "Law Enforcement Agency" (LEA) is used throughout this document,
   this may refer to any agency that is able to request lawfully
   authorized interception.

   By intercept related information (IRI) we mean information related to
   the IP traffic of interest.  There is currently no standardized
   definition for IRI for IP traffic.  IRI has been defined for a few
   services that might run over IP (e.g., Voice over IP) or that IP runs
   on top of (e.g., GPRS).  For example, IRI for voice over IP could be
   the called and calling phone numbers.  The definition of IRI from
   [14] is shown below:
Show full document text