1
Data Protection Issues / Lawful Interception in Cross-border Scenarios
« on: October 23, 2015, 03:23:38 PM »
Lawful interception has undergone significant technological changes over the recent years. Not only has PSTN been largely replaced by packet-switched networks regarding traditional telephony, but also VoIP is being largely used. VoIP services often include built-in encryption.
As a result, traditional approaches to interception on the line between the terminals are doomed to fail in such use cases. A remedy to that is intercepting the telecommunications at one of the terminal devices involved, prior to encryption respectively post decryption. This, however, involves secretly implementing a software to channel the communications to the intercepting unit.
Such procedure is not necessarily covered by existing law, as secretly and remotely altering IT systems such as mobile devices in some member states is governed by other laws than those governing traditional wiretapping. Simultaneously the transition into the mobile results in these devices being moved through different member states, without the intercepting unit necessarily knowing about.
This causes legal insecurities, as – other than traditional lawful interception – this case is not being covered by the Convention on Mutual Legal Assistance.
As a result, the legal situation for LEAs becomes tricky, when the target is moving between different member states and the implemented software continues to intercept data (which is possibly even useful for the case). In that case, such activity could violate laws of the state in which the target is located. This, as it seems, is not yet sufficiently addressed by international/European law, while likewise this situation is of significant practical relevance.
This raises the question of how this could be handled in the future.
As a result, traditional approaches to interception on the line between the terminals are doomed to fail in such use cases. A remedy to that is intercepting the telecommunications at one of the terminal devices involved, prior to encryption respectively post decryption. This, however, involves secretly implementing a software to channel the communications to the intercepting unit.
Such procedure is not necessarily covered by existing law, as secretly and remotely altering IT systems such as mobile devices in some member states is governed by other laws than those governing traditional wiretapping. Simultaneously the transition into the mobile results in these devices being moved through different member states, without the intercepting unit necessarily knowing about.
This causes legal insecurities, as – other than traditional lawful interception – this case is not being covered by the Convention on Mutual Legal Assistance.
As a result, the legal situation for LEAs becomes tricky, when the target is moving between different member states and the implemented software continues to intercept data (which is possibly even useful for the case). In that case, such activity could violate laws of the state in which the target is located. This, as it seems, is not yet sufficiently addressed by international/European law, while likewise this situation is of significant practical relevance.
This raises the question of how this could be handled in the future.