Decree No. 336 / 2005 Coll.
Order on the form and extent of information provided from the subscribers' database of publicly available telephone services and on technical and operational conditions and points for connecting end-of-life telecommunications wiretap equipment and recording of messages
Valid
Order
Effective from 07.09.2005
Text versions:
07.09.2005
336
DECLARATION
of 29 August 2005
on the form and extent of information provided from the subscriber database to the publicly available telephone service, and on the technical and operational conditions and points for connecting the end-telecommunications wiretap equipment and recording of messages
According to Section 150 (4) of Act No. 127 / 2005 Coll., on Electronic Communications and on the amendment of certain related laws (the Act on Electronic Communications) (hereinafter referred to as "the Act"), the Ministry of Interior provides for the implementation of Sections 97 (4) and 97 (8) of the Act:
FORM AND SCOPE OF INFORMATION PROVIDED FROM PARTICIPANTS 'DATABASE TO PUBLIC AVAILABLE TELEPHONE SERVICES
A legal or natural person providing a publicly available telephone service shall provide information on the subscriber to a publicly available telephone service (hereinafter referred to as "information") from the participants database.
(a) for public fixed electronic communications networks to the extent that they identify the participating number, the name and surname or, where applicable, the name of the participant, the address, category of station, the date on which the requested information relates - the time-limit usually indicated in the application, the natural person's birth number or the date of birth, if the natural person's or legal person's birth number has not been assigned, an identification number - IC, information on publication in the list of participants (hereinafter referred to as "lustration of a participant in a fixed network service");
(b) for public mobile telephone networks to the extent that they identify the participating number, the name and surname or, where applicable, the name of the subscriber, the address, the natural person's home number or the date of birth, if the birth number was not assigned, the natural person involved or the legal person's identification number - IC, the name and surname and address of the invoice, the status on the date of application of the application (active, deactivated, suspended), the date of the last change in the status, the publication in the list of participants (hereinafter referred to as "the lustration of the subscriber of the service provided in the mobile network ').
(1) The request for information is made and the requested information is transmitted through the designated contact point of the Police of the Czech Republic ("police") and legal or natural persons providing a publicly available telephone service.
(2) Communication between the contact point of a legal or natural person providing a publicly available telephone service and the contact point of the police is carried out by remote access. Applications and information shall be transmitted in electronic form as data files. Only generally available technologies and communication protocols are used in communication of contact centres so that the solution is not linked to a particular manufacturer or supplier.
(3) Where it is not possible to use remote access in a justified case, the request or requested information may be transmitted in paper form or in the form of data files on a portable medium.
(4) To prove the authenticity of the application or requested information, it is possible to use
(a) a guaranteed electronic signature based on a qualified certificate issued by an accredited certification service provider (1). The format of the cryptographic standard with public key PKCS # 7 shall be used to create the signature and its verification,
(b) the paper form of the requests or requested information, signed by the authorised person. In addition, in summary over a period of usually one week, this method shall also apply to applications or requested information already transmitted in electronic form without any other proof of authenticity.
(5) The contact point information of a legal or natural person providing a publicly available telephone service shall be transmitted without delay.
(1) A request from the police pursuant to Paragraph 2 (1) may contain more than one requirement for the lustration of a participant in a service provided on a fixed network or a participant in a service provided on a mobile network (hereinafter referred to as "lustration"). As a general rule, one set of lustrations is processed for the application.
(2) The illustrations in the lustration file are identical to the order given in the application and bear the appropriate serial number. In the row, the individual information is separated by semicolons or tabulators, the last information is terminated by CRLE. If the required information is not found, the location of the required information shall be left blank.
(3) The police will be given the lustration in a structured text file, usually encoding according to a standardised character set for the coding of CP-1250, UTF-8 and ISO 8859-2 texts. The names of the transferred files have a fixed structure according to the name convention.
(4) The nominal convention specifies the name of the set of lustration in the form of DDMMRR _ XXX.txt, where DDMMRR corresponds to the date of application and XXX corresponds to the serial number of the application within that date.
(5) In the justified case, with the agreement of the police contact office and of the legal or natural person providing a publicly available telephone service, the format, structure and name of the file may be used differently from their definition in paragraphs 2 to 4.
Structure of the lustration of a participant in a fixed network service
(1) When a participant's lustrating service is provided on a fixed network, the information in the file is stored in the following structure
(a) the order number of the lustration,
(b) the participating number,
(c) the name and surname and, where appropriate, the name of the tenderer;
(d) the address of the tenderer,
(e) category of station,
(f) the date of validity in the form of DDMMRR;
(g) birth number,
(h) identification number;
(i) published (A / N).
(2) If the number on which the information is requested is not in the participant database, the word "not found 'shall be entered in the row marked in the structure.
Structure of the lustration of the participant in the mobile service
(1) When a participant's lustrating service is provided in a mobile network, the information in the file is stored in the following structure
(a) the order number of the lustration,
(b) the participating number,
(c) the name and surname and, where appropriate, the name of the tenderer;
(d) the address of the tenderer,
(e) the natural number or identification number of the tenderer;
(f) the name and surname on the invoice;
(g) the address indicated on the invoice,
(h) the birth number or identification number indicated on the invoice;
(i) the status at the date of application (active, deactivated, suspended),
(j) the date of the last amendment (activation, deactivation or suspension) in the form of DDMMRR;
(k) published (A / N).
(2) If the number on which the information is requested is not in the participant database, the word "not found 'shall be entered in the row marked in the structure. If the number is used by a subscriber with a prepaid anonymous service, the word" prepaid "shall be entered in the row.
ON TECHNICAL AND OPERATIONAL CONDITIONS AND POINTS FOR THE APPROACH OF COMPETENT TELECOMMUNICATIONS FOR ANSWERS AND REPORTS
Preliminary provisions
Definition of terms
(1) The user address is the end-connection identifier or user of the electronic communications service (hereinafter referred to as the service), in particular:
(a) the participating number;
(b) the IMSI international mobile participant identifier;
(c) International Mobile Station Identifier - IMEI,
(d) the user name or identifier of access to the electronic communications network (hereinafter referred to as "the network");
(e) e-mail address,
(f) mailbox identifier,
(g) network device identifier used by Internet layer protocols - IP address,
(h) the network device identifier used by the communication layer protocols - MAC address; or
(i) the dialled connection identifier.
An interest user address is a user address intended for wiretap and record messages ("wiretap").
(2) The activity of the user address is a process in which operational and localisation data or message content are transmitted between the device identified by this address and the network or service facility, or in which the network or service transmits or processes messages originating from or directed to that user address.
(3) The interface for connecting the end telecommunications device for listening and recording messages is
(a) the output used for the transmission of traffic and location data and the content of messages by the user's network or service to the police facility, the Security Information Service (2) or the Military Intelligence (3) (hereinafter referred to as the "Authorised Authority"); or
(b) the connection point for the authorised authority's equipment at the places of the anticipated occurrence of expressions of interest address activity.
Conditions for the implementation of the interface for the connection of the end telecommunications listening device
(1) A legal or natural person providing a public communications network or providing a publicly available electronic communications service (hereinafter referred to as "operator") shall equip the network or service with an interface for the connection of the wiretap equipment at the request of the authorised authority.
(2) Where an operator builds a new network or service, expands or significantly changes an existing network or service, the competent authority shall invite the competent authority to make an application for network equipment or services through the interface to connect the listening device. Where the operator intends to carry out a technical evaluation of the monitoring equipment, the authorised authority shall invite the competent authority to make a request for such an evaluation. The authorised authority shall apply the request within 15 days of the date of receipt of the call, otherwise the request shall be deemed not to apply at that time. This shall be without prejudice to the possibility of the procedure referred to in paragraph 1.
(3) On the basis of an application made pursuant to paragraph 1 or 2, the operator shall, in cooperation with the competent authority, prepare a draft of possible options for the solution, including their justification and the amount of the cost of their implementation.
(4) The chosen option and parameters of the solution should be indicated in the record prepared by the jointly authorised authority and the operator, including the definition of the financial costs, the method and schedule of their reimbursement and the method, procedure and timetable for the implementation of the selected solution, including the indication of the time at which the cost invoicing is initiated. Where no variant is selected, the reason and outline of the next procedure shall be entered in the record.
General technical conditions for listening and recording messages
(1) Commence of the wiretap
(a) by activating the wiretap at the user's interest address, thereby putting the network or service in a state in which the information about each activity of the user's interest address is transferred to the output; or
(b) the installation of the authorised authority's equipment at the connection point and its activation.
(2) The end of the wiretap shall be done by deactivation of the wiretap at the user's interest address in the network or service or at the authorised authority's facility.
(3) The possibility of initiating and ending the wiretap is ensured continuously.
(4) If the content of messages by the operator is modified by encryption or coding in any part of the network or service, it shall always be provided from that part of the network or service where it is not. Where the content of the messages is demonstrated in all parts of the network or service by encryption or encryption and the operator does not have access to the required key, the content of the messages shall be provided in the form in which it is available.
(5) Data on the change of network or service likely to affect the monitoring shall be transmitted by the operator to the competent authority:
(a) for anticipated changes prior to their implementation;
(b) in other cases, without delay after their detection.
Interconnection with network or service activation
(1) The network activation or message content service and the associated operational and localisation data or selected non-message operational and location data shall be enabled at the user address,
(a) which may have an end connection to the network or service; or
(b) whose messages or operational and localisation data the network or service transmits or processes and the user address data is available to the network or service.
(2) The selected operating and localisation data is:
(a) the date, time of initiation, duration or time of termination of the activity of the user's interest address, even if the content of the messages is not transmitted; for a network or service where the processing of messages may not take place in real time and the reporting does not contain data on the time of its creation, the time within the meaning of this provision shall be taken to be the time at which the processing of network or service messages takes place;
(b) identification of the type of activity of the user address;
(c) any data identifying the user's interest address available to the network or service in the activity of the user's interest address, whether or not the wiretap has been activated;
(d) data identifying all user addresses to which the activity of the user's interest address is directed and from which the activity is directed to the user's interest address, data identifying all user addresses constituting the redirection chain and data identifying all user addresses of the conference connection; such data need not be provided if networks or services do not provide them demonstrably;
(e) an indication of the destination of the end-point of the user address for the public mobile telephone network;
(f) an indication of the exact identification of the channel used to transmit the content of the messages to the authorised authority, if necessary to identify the transmitted message;
(g) details of the user login identified by the user's interest address to the network or service device; and
(h) the identifier of the data source in case of transmission through a common channel from multiple nodes of the network or services.
(3) The minimum number of user addresses which the network or service allows simultaneously to activate for the wiretap is given by the relationship:
Y = a.x0,4
Where Y is the minimum number of user addresses that the network or service allows simultaneously to activate for wiretap,
x is the total capacity of the number of network or service users,
and is a specific coefficient for the type of network or service, selected
a = 1 for fixed networks with circuit commuter;
a = 2 for electronic mail service and other services with a record of messages being transmitted;
a = 3 for packet commuter networks;
a = 4 for mobile circuits.
(1) The instruction to activate, deactivate and verify the activation of the wiretap at the user address of interest shall be made from the workplace of the authorised authority by remote access using software supplied by the authorised authority. Where it is not possible to use this remote access in a justified case, the operator shall ensure activation, deactivation or verification of activation on the basis of a request made in paper form.
(2) An operator shall, for six months, maintain instructions for the activation and deactivation of the wiretap and information on its execution for control purposes in a manner that does not permit their change.
(1) The number and capacity of outputs determined by the competent authority shall be determined in such a way as to enable the continuous transmission of the content of the messages and of the selected operational and localisation data from simultaneous communicating user interest addresses, the number of which corresponds to at least 15% of the value determined in accordance with Paragraph 9 (3), the calculated result being rounded to the nearest higher multiple of the number two.
(2) All types of messages are transferred to the output when communicating the user's interest address in such a way that the entire content can be reconstructed.
(3) The selected operational and localisation data and the content of the message are transmitted to the output in a comprehensible form without the need to use specialised equipment supplied only by a particular supplier or only by a supplier of network or service technology.
(4) The operator shall provide the competent authority with a detailed, complete and comprehensible description of the communication protocols and formats used to transmit message contents and selected operational and localisation data to the outputs.
Outputs of networks with circuit commuters
(1) The output of the network or service is performed by a fixed circuit with interface as recommended by G. 703 International Telecommunications Union ITU-T. Voice transmission is carried out by pulsed code modulation with compression characteristics as recommended by G. 711 - type A International Telecommunications Union ITU-T.
(2) As a communication protocol for controlling the transmission of messages transmitted to the output, SS7 or DSS1 signals are used. Full information on the current messages transmitted by the user addresses is inserted into the signal. The signal is usually placed in the 16th channel output interval.
(3) Where necessary, the address of the signaling point on the part of the authorised authority shall be used from the extent of the address of the operator.
(4) For data transmission of messages, separate channel intervals are used for the transmission of forward and reverse directions of the user address.
(5) Selected operational and localisation data shall be transmitted through a data channel with a standardised communication protocol TCP / IP or X.25, normally located in one or more dedicated channel output intervals as referred to in paragraph 1, or transmitted by a signal as referred to in paragraph 2.
(6) The output of the network or service allows to set the number of channel intervals used according to the capacity requirements of the authorised authority. In dynamic casting of channel intervals by each session, the channel interval is usually used for the longest unoccupied.
(7) The output of the network or service shall be located at points consistently determined by the authorised authority and the operator.
Outputs of packet commuter networks
(1) The output of the network or service is performed
(a) by a fixed data link; or
(b) a secure virtual channel on the Internet with a standardised communication protocol FTP, with a server on the authorised authority side and a client on the operator side.
(2) The data unit sent shall bear an address identifier and a serial number or time stamp. Data integrity is ensured by creating a file imprint using the sha-1 hash function.
(3) When wiretap e-mail messages, copies of the messages may be sent by the SMTP electronic mail transmission protocol to the dedicated authorised authority postal server, with the consent of the authorised authority and the operator.
Monitoring with installation of the authorised authority's equipment at the connection point
(1) A network or service for which it is not possible or useful to perform a wiretap with an activation in a network or service shall be equipped at the request of the authorised authority with connection points for the authorised authority's equipment.
(2) At the request of the authorised authority, the operator shall draw up a proposal for the location of the connection points with the justification for each of them. On the basis of the draft submitted, the authorised authority shall define the number of connection points and their location.
(3) The operator shall provide the competent authority with the information necessary to create the conditions necessary for the interception using the authorised authority's equipment, in particular for the installation and operation of the authorised authority's equipment at the connection point.
(4) For equipment of the authorised authority which are placed on the premises of the operator for technological reasons, the operator shall also ensure:
(a) appropriate location;
(b) the transmission channel for continuous remote access to data by the authorised authority;
(c) backup power supply; and
(d) at least once a day the possibility of access for service to members of the authorised authority.
(5) For the identification of the operator of the dynamically allocated addresses, the operator shall provide the competent authority with:
(a) an output providing real-time information on the currently assigned dynamic addresses; or
(b) the connection point to the location where the information on the dynamically assigned addresses occurs.
Specific technical conditions for the monitoring of services with the recording of messages carried
(1) Where the service includes the recording of messages carried (voice mail, e-mail and MMS transmission on mobile networks), the service may not comply with the conditions set out in Sections 8 (1) and (2) and 10 (1) where the competent authority is able to obtain at least daily selected operational and localisation data and the content of all messages originating from the user's interest address and those referring to the user's interest address immediately upon request. The other provisions of the Order shall be applied accordingly.
(2) For the service referred to in paragraph 1, information on the activity of the user's interest address shall be transmitted via commonly used data media or interfaces.
Efficacy
This decree shall take effect on the day of its publication.
Minister:
Mgr. Bublan v. r.
1) Paragraph 11 of Act No. 227 / 2000 Coll., on Electronic Signature and on the Amendment of Certain Other Acts (Act on Electronic Signature).
2) Act No. 154 / 1994 Coll., on the Security Information Service, as amended.
3) Act No. 289 / 2005 Coll., on Military Intelligence.
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Decree No. 336 / 2005 Coll., on the form and extent of information provided from the participants database of publicly available telephone services and on the technical and operational conditions and points for connection of end-telecommunications equipment for wiretap and recording messages |
|---|---|
| Regulation Type | Order |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 07.09.2005 |
|---|---|
| Effective from | 07.09.2005 |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0