Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act 70 of 2002)Directives in Respect of Different Categories of Telecommunications Service Providers made in terms of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)Schedule C : Directive for Internet Service Providers in terms of Section 30(7)(a) read with Section 30(2) of the Regulation of Interception of Communications Information Act, 2002 (Act No. 70 of 2002)Part 2 : Interception of Indirect Communications7. Technical and functional requirements in respect of interception |
7.1 | The technical handover interfaces shall provide the results of interception for the entire duration of the interception measure dictated within the direction or request. |
7.2 | The configuration of the handover interface shall ensure that it provides the results of interception. |
7.3 | The configuration of the handover interface shall be such that the routing to the IC of the result of interception provided at the interface can be implemented with industry standard transmission paths, protocols and coding principles. |
74 | Each interception target shall be uniquely associated with a single instance of the handover interface. (This could be achieved by the use of separate channels or unique interception identifiers). |
7.5 | The correlation between the indirect communication and communication-related information shall be unique. |
7.6 | The format for routing the intercepted indirect communications to the IC shall be an industry standard format. |
7.7 | lSPs must be able to route the intercepted indirect communications to the IC via a secure tunnel over circuit or packet switched connections. |
7.8 | The content of an indirect communication routed to the IC must include both incoming and outgoing content. |
7.9 | The IC will, within a reasonable period after the event, be informed by the ISP of: |
(a) | the activation of an intercept measure; |
(b) | the deactivation of the intercept measure; |
(c) | any change of the intercept measure; |
(d) | the temporary unavailability of the intercept measure due to link failure or faults on the ISP’s side of the link; |
(e) | the temporary unavailability of the intercept measure due to software and/or hardware failure within ISP equipment supporting the intercept measure; and |
(f) | the temporary unavailability of the intercept measure due infrastructure failure resulting from a virus or denial of service attack on an ISP. |
7.10 | An ISP shall ensure that the configuration of the telecommunication system is such that it can implement and operate each interception measure with no or the minimum involvement of third parties. |
7.11 | Where an ISP makes use of any other telecommunication service provider’s telecommunication system, both that ISP and that other telecommunication service provider must co-operate in the provision of interception, to the extent provided for in the interception direction. |
7.12 | To the extent provided for in the interception direction, an ISP must ensure that: |
(a) | any telecommunication service provider involved in the provision of interception Facilities is given no more information relating to operational activities than is strictly necessary to allow authorised target services to be intercepted; |
(b) | any telecommunication service provider involved in the co-operative provision of interception facilities is given no more information relating to operational activities than is strictly necessary to allow authorised target services to be intercepted. |
7.13 | When duplication and routing to the IC of the packets of an indirect communication is, in exceptional cases, not possible the remainder of the results of the interception shall nevertheless be duplicated and routed to the IC. |
7.14 | Where the special properties of a given telecommunication service, and the justified requirements of the applicant, necessitate the use of various identifying characteristics for determination of the telecommunications traffic to be intercepted, the ISP shall ensure that the telecommunications traffic can be intercepted on the basis of the following characteristics: |
(a) | address information (physical and/or postal address); |
(b) | user name; |
(c) | subscriber name (in certain instances the subscriber is billed for the service and he/she may not necessarily use the service); |
(d) | e-mail address; and |
(e) | IP address and time stamp (time stamp indicating when the IP address and time stamp (time stamp indicating when the IP address was assigned) to the extent that an ISP has records of IP address assignment at that time. |
7.15 | In each case the characteristics shall be identifiable without unreasonable effort and shall be such that they allow clear identification of the interception target. |
7.16 | The ISP shall ensure ' that more than one interception measure can be operated concurrently for one and the same interception target and service. Multiple interceptions may be required for a single interception target to allow monitoring by more than one applicant. |
7.17 | If multiple interceptions are active, an ISP shall take reasonable precautions to safeguard the identities of the applicants and ensure the confidentiality of the investigations. |
7.18 | The multiple interception measures, requested by different applicants, may require information according to different lawful directions or requests. |
7.19 | Each ISP must ensure that the indirect communications of multiple customers can be intercepted simultaneously at any given time in its telecommunications system, and all the results of interception routed to the IC. An ISP must be able to intercept a number of simultaneous individual targets equal to at least 2 in 25,000 individual customers, and a number of simultaneous corporate/organisational targets equal to at least 1 in 500 of such customers. |
7.20 | The arrangements made in a telecommunication system for the technical implementation of interception measures shall be set up and configured so as to enable the identification and elimination, without undue delay, of bottlenecks and potential bottlenecks in a regional or functional part of that system when several interception measures are operated concurrently. |