scope:

This document is the result of a study of lawful interception (LI) of certain cloud services. This is a joint study among the ATIS Packet Technologies and Systems Committee (PTSC) Lawfully Authorized Electronic Surveillance (LAES) subcommittee, Wireless Technologies and Systems Committee (WTSC) Lawful Intercept (LI) subcommittee, and the Cloud Services Forum (CSF).

For the purposes of this study, a cloud service is a service that is available to a person with access to the public Internet or that is implemented atop cloud-computing resources. Thus such services are usually independent of access networks, where LI has often been focused. Also, for the purposes of this study, the set of cloud services is restricted to a subset with the following attributes:

• The principal users of the service are people.
• The users have identities defined and known by the cloud service.
• A principal function of the cloud service is communication or the sharing of private information among specific users.
• The cloud service is potentially subject to a lawful intercept.

To differentiate the providers of this type of cloud service from other services upon which they might be built, the term "user service provider (USP)" is used herein to mean the provider of those cloud services fitting the above attributes.

This document is a technical study of interception of cloud services. Purposely, legal matters, implications, and questions are excluded. Also, any findings that result from this study are not intended to imply that the topic of lawful interception of cloud services falls under specific laws of any country, such as the U.S. Communications Assistance for Law Enforcement Act (CALEA) statute.

Purpose

The purpose of this study is to identify and analyze:

• The challenges, impacts, and obstacles of meeting LI requirements for cloud services.
• The extent to which existing ATIS LI standards meet these requirements.
• The deltas that may exist between existing and needed LI capabilities.
• What new work may be required to achieve a fuller set of LI capabilities.

Application

The findings that result from this study will provide appropriate guidance to ATIS committees for use in their standards development work to enable lawful interception of cloud services.