"MEMORANDUM OF UNDERSTANDING" ON THE INTERCEPTION OF TELECOMMUNICATIONS
Law enforcement agencies and secret services are showing growing concern about the prospect of interception becoming impossible as a result of new digital telecommunication techniques. In an attempt to get a grip on the situation, the EU member states and Norway have agreed on a Memorandum of Understanding concerning the "lawful surveillance" of telecommunications. The memorandum, quietly signed at the EU JHA Council's meeting on 23 November 1995, lists a number of legal and technical requirements that shall enable comprehensive surveillance of international telecommunications in the digital age. The document stresses the need for this form of global cooperation as a means of fighting crime and maintaining national security.
The Memorandum expresses the common conviction of the signatory states that efforts at keeping telecommunications open to interception will be more successful if the participating states jointly set up a number of "international surveillance requirements" with a view to
- influence national policy concepts;
- provide guidelines for network operators, service providers and manufacturers on surveillance requirements they must take into consideration in developing telecommunication hardware and software;
stimulate the development of norms for telecommunication industries regarding the execution of interception orders; and
- secure that new technical norms do not jeopardise interception.
In the English version of the Memorandum, the term used for authorities competent to carry out interceptions is "law enforcement agencies". Significantly, in the German version, this term is translated as gesetzlich ermächtigte Behörden ("agencies authorised by law"). The German wording would indicate that intercepting agencies include secret services.
Full access every where at any time
Among others, the following requirements are listed in an appendix to the Memorandum.
The "agencies authorised by law" must have access to all telecommunications transmitted to or from a user under surveillance by a telecommunication service. They also must have access to all call-associated data (e.g time of connection, call forwarding etc). Access must be possible even to telecommunication services used only temporarily by a customer under surveillance, as well as to the phone numbers of users called up by the person under surveillance, even if a connection was not made. Telecommunications not subject to an interception order may not be transmitted to the intercepting agency.
Tracking mobile phone users
Regarding users of mobile phones, service providers must be able to provide the competent authorities with information on the geographic position of a user under surveillance.
Permanent interception must be possible without any delay in time. For these purposes, network operators and service providers must prepare "one or several interfaces" from which the intercepted telecommunications can be transmitted to the surveillance facilities of the competent authority.
Cracking encoded telecommunications
Service providers who make use of compression or encoding programmes must provide the competent authorities with the intercepted telecommunications in their full, decoded form. Interception must be enabled in such a way that neither the person under surveillance nor other unauthorised persons becomes aware of the measure.
Prior to interception, network operators/service providers shall supply the intercepting agency with the following information:
- Data regarding the identity of the person under surveillance, his phone number and/or other identification data;
Information on the services and characteristics of the telecommunication system used by the person under surveillance and provided by the network operator/service provider; and
Information on the technical parameters for transmission to the interception facilities of the competent authorities.
Service providers must enable for simultaneous interception by several agencies
It shall further be required that network operators/service providers provide for several simultaneous interception measures. This is necessary, in order to enable interception by several "agencies authorised by law". Network operators/service providers must implement interception "as fast as possible", and in urgent cases "within a few hours or minutes".
Cooperation with the FBI
Although an initiative of the EU member states, non-EU states have been invited to sign the Memorandum and signatory states are called upon to send information and recommendations pertaining to the constant examination and updating of interception requirements to two addresses: The General Secretariat of the Council of the EU in Brussels and... the Director of the FBI at 10, Pennsylvania Avenue, in Washington DC. However, despite this information input, generously and unilaterally offered by the Europeans to the FBI, the USA (as well as Canada, Australia and Hong Kong) have so far refrained from signing the Memorandum.
Memorandum a reaction to confidential K4 report
A confidential report of an expert sub-group of the K4-Committee from 5 May 1995 voices some of the fears of law enforcement and intelligence agencies that led to the agreement on the Memorandum.
The report notes that lawful interception of terrestrial or wireless telecommunication networks (such as GSM) has up to now been carried out via national infrastructures, but that this will in many cases no longer be possible with the next generation of satellite supported systems that will be run by large international corporations and do not require exchanges in every country. This means that system providers could no longer be held responsible and interception no longer be carried out if exchanges are located in "non-cooperative" countries. "The problem is further complicated through the fact that an interception target, although it is operating within a certain national territory, can be registered in another country," the report emphasises.
Existing mechanisms of mutual legal assistance in police investigations no longer meet the requirements of the coming century, the report stresses and considers a number of operational and technical, as well as legal and political measures, much on the lines of a recent German draft Telecommunication Law (see article in this issue: "INTERCEPTION OF TELECOMMUNICATIONS: THE GERMAN MODEL").
Privacy of telecommunications a "global problem"?
The report illustrates the concerns of the interception experts with the following example: A citizen of country A is a customer of a telecommunication service provider in country B, is temporarily working in country C, uses a telecommunication system whose exchange is located in country D, and wishes to ring up a number in country E. This person's telecommunications shall be intercepted in connection with a serious crime committed in country F.
The prime question is, which legal regulations apply and, consequently, in which country the interception order is issued and who is responsible to carry out the measure. Country A, whose citizen the suspect is, is not directly concerned, since neither the crime was committed there nor the phone conversations in question take place there. Country B, where the telecommunication service is located and where the customer pays his bills, is neither concerned with the crime, nor responsible for the transmission of the suspect's telecommunications. It must however authorise the "marking" (technical identification) of the customer, enabling interception. Country C, from which the suspect is communicating, probably has no idea of his presence in the country, is not concerned with the crime and has nothing to do with the authorization of the interception or the transmission of the intercepted conversations. Country D, the site of the telecommunication service's exchange, is not concerned with the crime, but responsible for the transmission of the suspect's telecommunications and in a position to intercept his conversations, on condition however, that the data of the suspect customer are "marked". Country E, to which the suspect is calling, has nothing to do with any of the above aspects, but may have regulations imposing certain operation restrictions on the service provider.
Need for international agreements
The report stresses that agreement must then be reached on how the content of the intercepted telecommunication and additional data in connection with a communication shall be processed on a transnational level. This requires prior treaties with respect to, inter alia, the site of the exchange used, forwarding information to the point where it is handed over, and questions pertaining to the confidentiality of the information.
By way of a conclusion, the report points out, that the new satellite supported telecommunication systems have a lot in common with existing terrestrial mobile phone (GSM) systems: the individual customer is mobile; the range of the system is not limited to one country; the customer can choose between a variety of competing systems. There is, however one crucial difference: the new systems must not necessarily be located in a particular country.
According to the expert subgroup, this situation will rapidly develop into a "global problem" which can be handled only through "global cooperation to a hitherto unknown extent".
Sources: Memorandum of Understanding betreffend die gesetzliche Überwachung des Telekommunikationsverkehrs (lawful interception of telecommunications), EU JHA-Council, Brussels, 25.10.95, 10037/95, Limite, Enfopol 112, 16 p., in German; Legales Abhören auf Telekommunikationssystemen ausserhalb der Landesgrenzen (Lawful interception on telecommunication systems outside the national frontiers), report of a subgroup of experts (Paris, 5.5.95), EU JHA-Council, Brussels, 2.6.95, 4118/2/95, 7 p., in German. Quotations from the above documents are our translations from German. On telecommunications interception see also FECL [No.13: "DIGITAL NETWORKS TOO SAFE?"](/artikel/1307/) and [No.24: "K.4 Committee on interception of personal satellite communication"](/artikel/2403/)