ETSI TS 103 120 V1.3.1 (2019-05)

TECHNICAL SPECIFICATION
Lawful Interception (LI);
Interface for warrant information


2 ETSI TS 103 120 V1.3.1 (2019-05)

Reference
RTS/LI-00168
Keywords
eWarrant, lawful interception, warrant, warrantry

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2019.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.
TM TM
3GPP and LTE are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners. ®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI
3 ETSI TS 103 120 V1.3.1 (2019-05)
Contents
Intellectual Property Rights . 7
Foreword . 7
Modal verbs terminology . 7
Executive summary . 7
Introduction . 7
1 Scope . 8
2 References . 8
2.1 Normative references . 8
2.2 Informative references . 9
3 Definition of terms, symbols and abbreviations . 10
3.1 Terms . 10
3.2 Symbols . 10
3.3 Abbreviations . 10
4 Structure and model. 11
4.1 Structure of the standard . 11
4.2 Structure of the present document . 11
4.3 Reference model . 11
5 Message Exchange . 12
6 Message Structure . 13
6.1 Overview . 13
6.2 Message Header . 14
6.2.1 Introduction. 14
6.2.2 Structure . 14
6.2.3 Version . 14
6.2.4 EndpointID . 15
6.2.5 Transaction Identifiers . 15
6.3 Message Payload . 15
6.3.1 Introduction. 15
6.3.2 Request Payload . 16
6.3.3 Response Payload . 16
6.4 Action Request and Responses . 16
6.4.1 Overview . 16
6.4.2 Action Requests . 16
6.4.3 Action Responses . 17
6.4.4 Action Identifiers . 17
6.4.5 GET . 17
6.4.6 CREATE . 17
6.4.7 UPDATE . 18
6.4.8 LIST . 19
6.4.9 Action Unsuccessful Information . 20
7 Data Definitions . 20
7.1 HI-1 Object . 20
7.1.1 Overview . 20
7.1.2 ObjectIdentifier . 21
7.1.3 Generation. 21
7.1.4 AssociatedObjects . 21
7.1.5 LastChanged . 21
7.1.6 NationalHandlingParameters . 21
7.2 Authorisation Object . 22
7.2.1 Overview . 22
7.2.2 AuthorisationReference . 22
ETSI
4 ETSI TS 103 120 V1.3.1 (2019-05)
7.2.3 AuthorisationLegalType . 23
7.2.4 AuthorisationPriority . 23
7.2.5 AuthorisationStatus . 23
7.2.6 AuthorisationDesiredStatus . 24
7.2.7 AuthorisationTimespan . 24
7.2.8 AuthorisationCSPID . 24
7.2.9 AuthorisationCreationTimestamp . 25
7.2.10 AuthorisationServedTimestamp . 25
7.2.11 AuthorisationApprovalDetails . 25
7.2.12 AuthorisationFlags . 25
7.3 Document Object . 25
7.3.1 Overview . 25
7.3.2 DocumentReference. 26
7.3.3 DocumentName . 26
7.3.4 DocumentStatus . 26
7.3.5 DocumentDesiredStatus . 27
7.3.6 DocumentTimespan . 27
7.3.7 DocumentType . 27
7.3.8 DocumentProperties. 28
7.3.9 DocumentBody . 28
7.3.10 DocumentSignature . 28
7.4 Notification Object . 28
7.4.1 Overview . 28
7.4.2 NotificationDetails . 29
7.4.3 NotificationType . 29
7.4.4 NewNotification . 29
7.4.5 NotificationTimestamp . 30
7.4.6 NationalNotificationParameters . 30
8 Task Objects . 30
8.1 Overview . 30
8.2 LITaskObject . 30
8.2.1 Overview . 30
8.2.2 Reference . 31
8.2.3 Status . 31
8.2.4 DesiredStatus . 32
8.2.5 TimeSpan . 32
8.2.6 TargetIdentifier . 33
8.2.6.1 Overview . 33
8.2.6.2 TargetIdentifierValues Field . 33
8.2.6.3 FormatType . 33
8.2.6.4 Task Service Type . 34
8.2.7 DeliveryType . 34
8.2.8 TaskDeliveryDetails . 34
8.2.8.1 Overview . 34
8.2.8.2 DeliveryDestination . 35
8.2.8.3 DeliveryAddress . 35
8.2.8.4 HandoverFormat . 35
8.2.9 ApprovalDetails . 36
8.2.10 CSPID . 36
8.2.11 HandlingProfile . 36
8.2.12 Flags. 36
9 Transport and Encoding . 36
9.1 Overview . 36
9.2 Encoding. 37
9.2.1 XML Schema . 37
9.2.2 Error conditions . 37
9.2.3 Message signing and encryption . 37
9.3 HTTP Transport . 37
9.3.1 Use of HTTP . 37
9.3.2 Client/Server architecture . 37
ETSI
5 ETSI TS 103 120 V1.3.1 (2019-05)
9.3.3 HTTP Configuration . 37
9.3.4 Transport security . 37
9.4 Nationally-defined Transport . 38
Annex A (informative): Example usage scenarios for HI-1 . 39
A.1 Overview . 39
A.2 Direct communication . 39
A.3 Single "Central Authority" . 39
A.4 Multiple Approving Authorities . 41
A.4.1 Overview . 41
A.4.2 "Serial" interaction . 41
A.4.3 "Parallel" interaction . 42
Annex B (informative): Example Template National Profile . 43
B.1 Introduction . 43
B.1.1 Overview . 43
B.1.2 Structure of this annex . 43
B.1.3 Checklist for National Profile authors . 43
B.1.4 Details of the fictional national jurisdiction . 44
B.2 Example National Profile . 45
B.2.1 Approach and reference model . 45
B.2.1.1 Overview . 45
B.2.1.2 Warrants . 45
B.2.1.3 Tasking Instructions . 45
B.2.1.4 Representation by HI-1 Objects . 46
B.2.2 Message Structure . 46
B.2.2.1 Overview . 46
B.2.2.2 Version information . 46
B.2.2.3 Sender and Receiver Identifiers . 46
B.2.2.4 LIST semantics . 46
B.2.3 Data Definitions . 47
B.2.3.1 Overview . 47
B.2.3.2 Object Identifiers . 47
B.2.3.3 Generic Object Fields . 47
B.2.3.4 Authorisation Objects . 47
B.2.3.5 Document Objects . 48
B.2.3.6 Notification Objects . 49
B.2.3.7 LITaskObjects . 49
B.2.4 Transport and Encoding . 50
B.2.5 Example XML . 50
B.2.5.1 Introduction. 50
B.2.5.2 Request 1 . 51
B.2.5.3 Response 1 . 52
B.2.5.4 Request 2 . 53
B.2.5.5 Response 2 . 53
B.2.5.6 Request 3 . 55
B.2.5.7 Response 3 . 56
Annex C (normative): ETSI Target Identifier Format Definitions . 58
C.1 Overview . 58
C.2 Definitions . 58
Annex D (normative): Error Codes . 60
D.1 Detailed error codes. 60
Annex E (normative): Approval Details . 61
ETSI
6 ETSI TS 103 120 V1.3.1 (2019-05)
E.1 Overview . 61
E.2 ApprovalType . 61
E.3 ApprovalDescription . 61
E.4 ApprovalReference . 61
E.5 ApproverDetails . 62
E.5.1 Overview . 62
E.5.2 ApproverIdentity . 62
E.6 ApprovalTimestamp . 62
E.7 ApprovalIsEmergency . 62
E.8 ApprovalDigitalSignature . 63
E.8.1 Overview . 63
Annex F (normative): Dictionaries . 64
F.1 Overview . 64
F.2 DictionaryEntry type . 64
F.3 Definition and use of dictionaries . 64
F.3.1 Overview . 64
F.3.2 Owner . 65
F.3.3 Name . 65
F.3.4 Use of dictionaries . 65
F.3.5 Machine-readable dictionary definitions . 65
Annex G (normative): Drafting conventions for National Parameters . 66
G.1 Overview . 66
G.2 Drafting conventions . 66
Annex H (informative): Bibliography . 67
Annex I (informative): Change Request history . 68
History . 69

ETSI
7 ETSI TS 103 120 V1.3.1 (2019-05)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Lawful Interception (LI).
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Executive summary
The present document defines a protocol for the electronic exchange of legal and technical information for the purposes
of establishing and managing lawfully required actions (e.g. Lawful Interception). In this phase, the present document is
intended to provide the underlying functionality for HI-1, as defined in the ETSI LI Reference Model, and it has been
designed for applicability beyond LI in future phases.
Introduction
The present document was constructed in multiple phases. The first phase of the present document consisted of a
reference architecture. It was created by investigating current practices and procedures across TC LI. It makes clear the
distinction between the process of communicating with the Communication Service Provider to inform them about the
interception details (commonly called "tasking") and also communication among government/law
enforcement/judiciary to establish the warrant (commonly called "warrantry"). The second phase of the present
document provided a standardized detailed interface based on the architecture in the first phase, in particular for LI. The
present document anticipates that future phases will add other requests for legal action.

ETSI
8 ETSI TS 103 120 V1.3.1 (2019-05)
1 Scope
The present document defines an electronic interface between two systems for the exchange of information relating to
the establishment and management of lawful required action, typically Lawful Interception. Typically this interface
would be used between: on one side, a Communications Service Provider; and, on the other side, a Government or Law
Enforcement Agency who is entitled to request a lawful action. The present document is a specific and detailed example
of one particular Warrantry interface for eWarrants [i.1].
The ETSI reference model for LI (ETSI TS 101 671 [1] or ETSI TS 102 232-1 [2]) defines three interfaces between law
enforcement and CSPs, called HI-1, HI-2 and HI-3. The protocol defined in the present document is designed to provide
a large part of the functionality for HI-1. It is not designed to be used for HI-2 (delivery of intercept related information)
or HI-3 (delivery of communications content). The protocol designed in the present document may also be used for
interfaces which require structured exchange of information relating to the establishment and management of Lawful
Interception. The general view is that the HI-1 concept can also be used for other legal actions than LI. For that reason
the present document could, besides LI, also be applied for retained data requests, seized data requests, data
preservation orders and other similar legal requests.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI TS 101 671: "Lawful Interception (LI); Handover interface for the lawful interception of
telecommunications traffic".
[2] ETSI TS 102 232-1: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 1: Handover specification for IP delivery".
[3] IETF RFC 4122: "A Universally Unique IDentifier (UUID) URN Namespace".
[4] W3C Recommendation 26 November 2008: "Extensible Markup Language (XML) 1.0".
[5] IETF RFC 2818: "HTTP over TLS".
[6] IETF RFC 4279: "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)".
[7] ETSI TS 103 280: "Lawful Interception (LI); Dictionary for common parameters".
[8] IETF RFC 1738: "Uniform Resource Locators (URL)".
NOTE: Obsoleted by IETF RFC 4248 and IETF RFC 4266.
[9] IETF RFC 2045: "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet
Message Bodies".
[10] IETF RFC 2046: "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types".
[11] IETF RFC 1321: "The MD5 Message-Digest Algorithm".
[12] W3C Recommendation, 14 December 2017: "HTML 5.2".
ETSI
9 ETSI TS 103 120 V1.3.1 (2019-05)
[13] IEEE POSIX 1003.1™-2008: "IEEE Standard for Information Technology - Portable Operating ®
System Interface (POSIX )".
[14] ISO 3166-1: "Codes for the representation of names of countries and their subdivisions -
Part 1: Country codes".
[15] ETSI TS 102 232-2: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 2: Service-specific details for messaging services".
[16] ETSI TS 102 232-3: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 3: Service-specific details for internet access services".
[17] ETSI TS 102 232-4: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 4: Service-specific details for Layer 2 services".
[18] ETSI TS 102 232-5: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia Services".
[19] ETSI TS 102 232-6: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 6: Service-specific details for PSTN/ISDN services".
[20] ETSI TS 102 232-7: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 7: Service-specific details for Mobile Services".
[21] ETSI TS 123 501: "5G; System Architecture for the 5G System (3GPP TS 23.501)".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] ETSI TR 103 690: "Lawful Interception (LI); eWarrant Interface".
[i.2] IETF RFC 3261: "SIP: Session Initiation Protocol".
[i.3] IETF RFC 3966: "The tel URI for Telephone Numbers".
[i.4] IETF RFC 3508: "H.323 Uniform Resource Locator (URL) Scheme Registration".
[i.5] IETF RFC 4282: "The Network Access Identifier".
[i.6] ETSI TS 123 003 (V13.4.0): "Digital cellular telecommunications system (Phase 2+) (GSM);
Universal Mobile Telecommunications System (UMTS); Numbering, addressing and
identification (3GPP TS 23.003 version 13.4.0 Release 13)".
[i.7] ETSI TS 124 229 (V13.3.1): "Digital cellular telecommunications system (Phase 2+); Universal
Mobile Telecommunications System (UMTS); IP multimedia call control protocol based on
Session Initiation Protocol (SIP) and Session Description Protocol (SDP); Stage 3 (3GPP
TS 24.229 version 13.3.1 Release 13)".
[i.8] IEEE Std 802.2001™: "IEEE Standard for Local and Metropolitan Area Networks: Overview and
Architecture".
[i.9] Recommendation ITU-T E.164: "The international public telecommunication numbering plan".
[i.10] Recommendation ITU-T E.212: "The international identification plan for public networks and
subscriptions".
ETSI
10 ETSI TS 103 120 V1.3.1 (2019-05)
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the following terms apply:
Communications Service Provider (CSP): Network Operator (NWO) or Access Provider (AP) who is obliged by law
to perform a lawful action in response to a Warrant (e.g. perform Lawful Interception)
Law Enforcement Agency (LEA): Government or Law Enforcement Agency who is entitled to request a lawful action
warrant: legal authorization to perform an action or set of actions
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
CC Content of Communication
CIDR Classless InterDomain Routing
CSP Communication Service Provider
CSPID Communication Service Provider Identifier
ERE Extended Regular Expression
FQDN Fully Qualified Domain Name
FTP File Transfer Protocol
HI Handover Interface
HI-1 Handover Interface 1
HI-2 Handover Interface 2
HI-3 Handover Interface 3
HTML Hypertext Markup Language
HTTP HyperText Transfer Protocol
IEEE Institute of Electrical and Electronics Engineers
IMEI International Mobile station Equipment Identity
IMEISV International Mobile station Equipment Identity Software Version
IMPI IP Multimedia Private Identity
IMPU IP Multimedia PUblic identity
IMSI International Mobile Subscriber Identity
IP Internet Protocol
IPv4 Internet Protocol Version 4
IPv6 Internet Protocol Version 6
IRI Intercept Related Information
ISO International Organization for Standardization
JPEG Joint Photographic Experts Group
LEA Law Enforcement Agency
LI Lawful Intercept
LIID Lawful Intercept IDentifier
MAC Media Access Control
MIME Multipurp
...