The principal global treaty-based
legal instrument relating to LI (including retained data) is the
Budapest Convention on Cybercrime (Budapest, 23 Nov 2001). The secretariat for the Convention is the
Council of Europe. However, the treaty itself has signatories worldwide and provides a global scope. Individual countries have different legal requirements relating to lawful interception. The Global Lawful Interception Industry Forum lists many of these, as does the Council of Europe secretariat. For example, in the United Kingdom the law is known as RIPA (Regulation of Investigatory Powers Act), in the
United States there is an array of federal and state criminal law, in
Commonwealth of Independent States countries as
SORM.
Europe In the
European Union, the
European Council Resolution of 17 January 1995 on the Lawful Interception of Telecommunications (Official Journal C 329) mandated similar measures to CALEA on a pan-European basis. Although some EU member countries reluctantly accepted this resolution
out of privacy concerns (which are more pronounced in Europe than the US), there appears now to be general agreement with the resolution. Interception mandates in Europe are generally more rigorous than those of the US; for example, both voice and ISP public network operators in the
Netherlands have been required to support interception capabilities for years. In addition, publicly available statistics indicate that the number of interceptions in Europe exceed by many hundreds of times those undertaken in the U.S. Europe continues to maintain its global leadership role in this sector through the adoption by the European Parliament and Council in 2006 of the far reaching
Data Retention Directive. The provisions of the Directive apply broadly to almost all public electronic communications and require the capture of most related information, including location, for every communication. The information must be stored for a period of at least six months, up to two years, and made available to law enforcement upon lawful request. The Directive has been widely emulated in other countries. On 8 April 2014, the Court of Justice of the European Union declared the Directive 2006/24/EC invalid for violating fundamental rights.
United States In the
United States, three Federal statutes authorize lawful interception. The 1968
Omnibus Crime Control and Safe Streets Act, Title III pertains mainly to lawful interception
criminal investigations. The second law, the 1978
Foreign Intelligence Surveillance Act, or FISA, as amended by the
Patriot Act, governs wiretapping for
intelligence purposes where the subject of the investigation must be a foreign (non-US) national or a person working as an
agent on behalf of a foreign country. The Administrator of the U.S. Courts annual reports indicate that the federal cases are related to
illegal drug distribution, with
cell phones as the dominant form of intercepted communication. During the 1990s, as in most countries, to help law enforcement and the
FBI more effectively carry out wiretap operations, especially in view of the emerging
digital voice and
wireless networks at the time, the U.S. Congress passed the
Communications Assistance for Law Enforcement Act (CALEA) in 1994. This act provides the Federal statutory framework for
network operator assistance to LEAs in providing evidence and tactical information. In 2005, CALEA was applied to public
broadband networks Internet access and
Voice over IP services that are interconnected to the
Public Switched Telephone Network (PSTN). In the 2000s, surveillance focus turned to terrorism.
NSA warrantless surveillance outside the supervision of the FISA court caused considerable controversy. It was revealed in
2013 mass surveillance disclosures that since 2007, the
National Security Administration has been collecting connection metadata for all calls in the United States under the authority of section 215 PATRIOT Act, with the mandatory cooperation of phone companies and with the approval of the FISA court and briefings to Congress. The government claims it does not access the information in its own database on contacts between American citizens without a warrant. Lawful interception can also be authorized under local laws for state and local police investigations.
Canada Police ability to lawfully intercept private communications is governed by Part VI of the
Criminal Code of Canada (Invasion Of Privacy). When evaluating Canada’s position on lawful interception, Canadian courts have issued two major rulings on this issue. In June 2014, the Supreme Court ruled that
law enforcement officers need a search warrant before accessing information from
Internet service providers (ISPs) about users’ identities. The context behind this 8-0 ruling is an adolescent Saskatchewan man charged with possessing and distributing child pornography. The police used the man’s IP address to access his personal information from his online service provider— all of which was done without a search warrant. The plaintiff’s attorneys argued that their client’s rights were violated, as he was victim to unlawful search and seizure. Despite the court’s ruling, the evidence gathered from the unwarranted search was used as evidence in trial, as the court claimed that the police were acting in good faith. In accordance to the ruling, the court proclaims that a warrant is not needed if: • “There are exigent circumstances, such as where the information is required to prevent imminent bodily harm.” • “If there is a reasonable law authorizing access.” • “If the information being sought does not raise a reasonable expectation of privacy.” The second court case to refer to is from the same year but in December. Essentially, the
Supreme Court of Canada argued that police are allowed access to a suspect’s cell phone, but they must abide by very strict guidelines. This ruling came about from the argument of Kevin Fearon who was convicted of armed robbery in 2009. After robbing a Toronto Jewelry kiosk, Fearon argued that the police unlawfully violated his
charter rights upon searching his cellphone without a warrant. Although divided, the Supreme Court laid out very detailed criteria for law enforcement officers to follow when searching a suspect's phone without a warrant. There are four rules which officers must follow in these instances: • “The arrest must be lawful – This is the case for any situation; it just means if the arrest isn’t lawful, then neither is the search.” • “The search must be incidental to the arrest and police need an “objectively reasonable” reason to conduct the search. These include: protecting police/the accused/the public; preserving evidence; discovering evidence such as finding more suspects.” • “The nature and extent of the search are tailored to the purpose of the search. This means police activity on the phone must be directly linked to the purpose they give.” • “Police must take detailed notes of what they looked at on the device as well as how it was searched (e.g. which applications or programs they looked at, the extent of search, the time of search, its purpose and duration)” To continue a search without a warrant, the situation at-hand would need to meet three of the four guidelines stated above. Nonetheless, the court highly encourages law enforcement to request a warrant before searching a cellphone to promote and protect privacy in Canada.
Russia Due to
Yarovaya Law, law enforcement is entitled to stored private communication data.
India Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009 provides that ‘the competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource for the purpose specified in sub-section (1) of Section 69 of the Act’. · The Statutory order (S.O.) dated 20.12.2018 has been issued in accordance with rules framed in year 2009 and in vogue since then. · No new powers have been conferred to any of the security or law enforcement agencies by the S.O. dated 20.12.2018. · Notification has been issued to notify the ISPs, TSPs, Intermediaries etc. to codify the existing orders. · Each case of interception, monitoring, decryption is to be approved by the competent authority i.e. Union Home secretary. These powers are also available to the competent authority in the State governments as per IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009. · As per rule 22 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009, all such cases of interception or monitoring or decryption are to be placed before the review committee headed by Cabinet Secretary, which shall meet at least once in two months to review such cases. In case of State governments, such cases are reviewed by a committee headed by the Chief Secretary concerned. ·S.O dated 20.12.2018 will help in following ways: I. To ensure that any interception, monitoring or decryption of any information through any computer resource is done as per due process of law. II. Notification about the agencies authorized to exercise these powers and preventing any unauthorized use of these powers by any agency, individual or intermediary. III. The above notification will ensure that provisions of law relating to lawful interception or monitoring of computer resource are followed and if any interception, monitoring or decryption is required for purposes specified in Section 69 of the IT Act, the same is done as per due process of law and approval of competent authority i.e. Union Home Secretary.
Elsewhere Most countries worldwide maintain LI requirements similar to those Europe and the U.S., and have moved to the ETSI handover standards. The
Budapest Convention on Cybercrime requires such capabilities. ==Illegal use==