Regulatory Compliance with International Law Enforcement Assistance Mandates

Communication service providers (CSPs) are generally required to assist law enforcement agency (LEA) investigations.  The needed assistance could involve the disclosure of subscriber billing records or the facilitation of real-time lawful electronic surveillance (a lawful “intercept” or “wiretap”).  Unfortunately, many CSPs are unsure whether and how to comply with LEA assistance mandates. The confusion tends to multiply as CSPs expand to foreign markets.

It’s no wonder. As communication technologies evolve, it becomes harder to determine which types of networks must produce what types of assistance. Some CSPs are subject to greater assistance obligations than others.  Further complicating matters, as service providers extend their networks internationally, they find that different nations have adopted different LEA assistance laws.  A common factor applicable to CSPs doing business in all nations: non-compliance with legal mandates is against the law and can lead to serious financial penalties.

When an American CSP offers its communication services in the European Union or other nations it encounters new mandates for LEA assistance.  Each government imposes its own assistance duties.  For that reason, trying to serve multiple foreign markets can get complicated.   On the other hand, there are commonalities.

Lawful Surveillance

In the EU and other nations, CSPs must install solutions to perform real-time surveillance.  Each nation’s counterpart to CALEA specifies the technical capabilities to be delivered to LEAs in the given jurisdiction.  Unlike the US, the EU does not exempt information services such as social media or “electronic messaging services” from their surveillance laws.  International TTPs understand the differences among different surveillance technical standards.  They can furnish a CSP with an intercept solution that follows the given country’s legal and technical demands.

Data Retention

Just as US LEAs may serve subpoenas on CSPs to collect the subscriber records of criminal suspects, so may a European Union-based LEA serve a “production order” on a CSP doing business in the jurisdiction to get the same records.  An American CSP must be ready to perform the same validation and processing work it carries out in the US.   In most EU member states, service providers are also subject to “data retention” mandates.  These regulations require a CSP to save its subscriber records for a minimum number of months or years in case the items are later needed for a criminal investigation.  Privacy and security safeguards are required to protect the retained data from unauthorized access.

Subsentio is a trusted third party (TTP) provider of law enforcement assistance solutions and services to communication service providers (CSPs).  The complexity of lawful intercept technology has been far outpaced by the conflicting intricacies of different national regulatory environments.  With the focus more and more on individual privacy, despite countervailing threats to public safety such as international terrorism,  service provider need more expertise than ever to keep pace with the growing regulatory demands.