1、 Reference number ISO/TR 11769:2010(E) ISO 2010TECHNICAL REPORT ISO/TR 11769 First edition 2010-10-01 Intelligent transport systems Communications access for land mobiles (CALM) Data retention for law enforcement Systmes intelligents de transport Accs aux communications des services mobiles terrestr
2、es (CALM) Conservation des donnes pour application de la loi ISO/TR 11769:2010(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed t
3、o and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the sof
4、tware products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it
5、is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO 2010 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying a
6、nd microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland i
7、i ISO 2010 All rights reservedISO/TR 11769:2010(E) ISO 2010 All rights reserved iiiForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out throu
8、gh ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collabora
9、tes closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standar
10、ds. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In exceptional circumstances, when a technical committee has collecte
11、d data of a different kind from that which is normally published as an International Standard (“state of the art”, for example), it may decide by a simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature and does not have
12、to be reviewed until the data it provides are considered to be no longer valid or useful. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/TR 1176
13、9 was prepared by Technical Committee ISO/TC 204, Intelligent transport systems. TECHNICAL REPORT ISO/TR 11769:2010(E) ISO 2010 All rights reserved 1Intelligent transport systems Communications access for land mobiles (CALM) Data retention for law enforcement 1 Scope This Technical Report reviews th
14、e intelligent transport systems (ITS) landscape and the provisions of data retention (DR) to ITS deployments. In particular, it considers the communications access for land mobiles (CALM) environment and the services offered in the IPv6 domain served by CALM and ITS in general. NOTE The analysis in
15、this Technical Report has been made with respect to the European Data Retention Directive and applies in general. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated refere
16、nces, the latest edition of the referenced document (including any amendments) applies. Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications
17、 services or of public communications networks and amending Directive 2002/58/EC 3 Terms and definitions For the purposes of this document, the terms and definitions given in Directive 2006/24/EC and the following apply. 3.1 retention storage functional and physical means which serve as the reposito
18、ry where all data to be retained are stored, enforcing all required security measures 3.2 supervisory authority public authority which has been authorized by national legislation or regulation to act as the supervisor for the data retention (DR) regulations and procedures in accordance with Directiv
19、e 2006/24/EC 3.3 target legal entity for which data retrieval is requested from the communications service provider (CSP), through the data retention (DR) system ISO/TR 11769:2010(E) 2 ISO 2010 All rights reserved4 Abbreviated terms CSP Communications Service Provider DR Data Retention DSL Digital S
20、ubscriber Line ECN Electronic Communication Network ECS Electronic Communication Service IMEI International Mobile Equipment Identity IMSI International Mobile Subscriber Identity ITS Intelligent Transport Systems LEA Law Enforcement Agency LEMF Law Enforcement Monitoring Facility 5 Overview The act
21、 of data retention (DR) is primarily to support the actions of law enforcement agencies acting in support of investigation of criminal and terrorist offences, and for support of general forensic investigation resulting from criminal and terrorist offences. In addition, access to retained data may be
22、 used in societal supporting activities, such as the tracking of missing persons. The EU directive on data retention (DR), Directive 2006/24/EC, defines the set of data to be retained and the conditions under which the retained data is maintained by communications service providers (CSPs) operating
23、within the EU. Within the EU, CSPs are required to retain data sufficient to identify the form of communication and the communicating parties of all complying communications for all users of the CSPs facilities (irrespective of there being a direct relationship between the user and the CSP) for a pr
24、e-set period of time, the retention period, after which the data should be deleted. During the retention period the retained data of a subscriber can be made available to authorized law enforcement agencies (LEAs). As the data may be required to be used in legal processes there is an implicit requir
25、ement to maintain and to verify the integrity, validity, and quality of the retained data, that does not compromise the privacy of subscribers and their data. CSPs are also required to report any failure of the DR system. Data retention applies to all CSPs. A CSP should provide mechanisms to ensure
26、the retention and handover of signalling of specific CSP users if required to by a lawful authority. 6 Data that can be retained by CSPs 6.1 Data identified in EU Directive 2006/24/EC Article 5 of the directive identifies a number of categories to be retained. It is only data that falls into these c
27、ategories that are considered by this report. Table 1 identifies how CALM/ITS systems may meet the requirements established by the directive. It is important to note that the CALM form of ITS is a data only network. ISO/TR 11769:2010(E) ISO 2010 All rights reserved 3Table 1 Retained data identified
28、in Directive 2006/24/EC and provision in CALM/ITS Class of data Class of network Retained data Provision in CALM/ITS The calling telephone number N/a Fixed network telephony and mobile telephony The name and address of the subscriber or registered user N/a The user ID(s) allocated May be available f
29、rom the CALM CSP Station-ID The user ID and telephone number allocated to any communication entering the public telephone network N/a May be available from VoIP provider Data necessary to trace and identify the source of a communication Internet access, Internet e-mail and Internet telephony The nam
30、e and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication N/a The number(s) dialled (the telephone number(s) called), and, in cases involving supplementary services such as call forwarding
31、or call transfer, the number or numbers to which the call is routed N/a Fixed network telephony and mobile telephony The name(s) and address(es) of the subscriber(s) or registered user(s) N/a The user ID or telephone number of the intended recipient(s) of an Internet telephony call N/a Data necessar
32、y to identify the destination of a communication Internet e-mail and Internet telephony The name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication May be available from the CALM CSP Fixed network telephony and mobile telephony Th
33、e date and time of the start and end of the communication N/a The date and time of the log-in and log-off of the Internet access service, based on a certain time zone, together with the IP address, whether dynamic or static, allocated by the Internet access service provider to a communication, and t
34、he user ID of the subscriber or registered user May be available from IPv6 host configuration process Data necessary to identify the date, time and duration of a communication Internet access, Internet e-mail and Internet telephony The date and time of the log-in and log-off of the Internet e-mail s
35、ervice or Internet telephony service, based on a certain time zone May be available from CSP registration process Fixed network telephony and mobile telephony The telephone service used N/a Data necessary to identify the type of communication Internet e-mail and Internet telephony The Internet servi
36、ce used May be available in IPv6 header (protocol field) ISO/TR 11769:2010(E) 4 ISO 2010 All rights reservedTable 1 (continued) Class of data Class of network Retained data Provision in CALM/ITS Fixed network telephony The calling and called telephone numbers N/a The calling and called telephone num
37、bers May be available from the CALM CSP The International Mobile Subscriber Identity (IMSI) of the calling party Given in CALM Cellular registration process The International Mobile Equipment Identity (IMEI) of the calling party May form part of the user subscriber data but not exchanged over the AI
38、 The IMSI of the called party Given in CALM Cellular registration process but only where the called party is on the same CALM CSP The IMEI of the called party May form part of the user subscriber data but not exchanged over the AI Mobile telephony In the case of pre-paid anonymous services, the date
39、 and time of the initial activation of the service and the location label (Cell ID) from which the service was activated Available at registration with station-Id The calling telephone number for dial-up access N/a Data necessary to identify users communication equipment or what purports to be their
40、 equipment Internet access, Internet e-mail and Internet telephony The digital subscriber line (DSL) or other end point of the originator of the communication N/a The location label (Cell ID) at the start of the communication Station-Id (infrastructure) Data necessary to identify the location of mob
41、ile communication equipment Data identifying the geographic location of cells by reference to their location labels (Cell ID) during the period for which communications data are retained Should be available from the CALM CSP ISO/TR 11769:2010(E) ISO 2010 All rights reserved 56.2 Observations on CALM
42、/ITS adherence to Directive 2006/24/EC CALM provides IPv6 connectivity for a number of wireless based data link technologies by means of a general purpose abstraction layer. In addition CALM provides an option that offers link connectivity without IP connectivity. For consideration of CALM/ITS again
43、st Directive 2006/24/EC the characteristics of CALM/ITS as described in available standards are that CALM does not currently define a subscriber management model, therefore from the existing CALM/ITS standards it is not clear how a CALM/ITS environment can comply with any requirement to give data su
44、ch as name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication. However if the underlying communication uses the facilities of a Public Land Mobile Network (PLMN) such as Satellite, 2G
45、(GSM, CDMAone) 3G (UMTS, CDMA2000), or any emerging technology such as WiMax, the CSP operating the PLMN may be able to provide such data. Several new access media have been defined within the CALM family of standards, but the standards do not yet define how such media will be integrated into commun
46、ication systems. Inevitably these systems will be operated by a CSP, who will be required to provide DR and support LI. Additionally, although the CALM standards do not explicitly define a “home agent“ which is required to enable routing of communications to a mobile node this is defined for the und
47、erlying mobility services of the Internet Protocol and other Public Land Mobile Services. The provider of a “home agent“ service may be classified as a CSP and the obligations outlined in 6.1 apply. ISO/TR 11769:2010(E) 6 ISO 2010 All rights reservedBibliography 1 Directive 2002/21/EC of the Europea
48、n Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services 2 Directive 2002/20/EC of the European Parliament and of the Council of 7 March 2002 on the authorisation of electronic communications networks and services 3 Directiv
49、e 2002/19/EC of the European Parliament and of the Council of 7 March 2002 on access to, and interconnection of, electronic communications networks and associated facilities 4 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector 5 Directive 2002/22/EC of the European Parliament and of the Council of 7 March 2002 on universal service and users rights relating to electronic communicati
