Understanding Lawful Interception for MCX in 3GPP Standards

. 3GPP TSG-SA WG6 Meeting #67 S6-252xxx Fukuoka, Japan, 19th May 2025 - 23th May 2025 SA6 Conf.call 06 May 2025 Lawful Interception for MCX AIRBUS .

. S6-252xxx Background During SA6#66 (Gothenburg, Sweden, 7-11. April 2025), discussion on LI for MCX was triggered by a draft LS proposal S6-251250. After offline discussion with SA3-LI Chair Alex L + discussion in the MCX breakout session, most of the questions in the LS proposal were answered the LS was noted. The answers are collected in the following pages. Note that these answers reflect only the best understanding of the author at a moment of writing! Furthermore, in this DP, an initial architecture sketch is proposed on how interception from MCX servers could be implemented. In addition to SA6 TSs, the following ETSI standards and 3GPP TSs have been briefly studied: ETSI TS 10322101v011901 (X1 interface) ETSI TS 10322102v010701 (X2 and X3 interfaces) 3GPP TS 33.126 V19.2.0 (2024-12) Lawful Interception requirements 3GPP TS 33.127 V19.2.0 (2025-03) Lawful Interception (LI) architecture and functions 3GPP TR 33.928 V18.5.0 (2025-03) ADMF logic for provisioning Lawful Interception (Release 18) The following 3GPP TS is also noted 3GPP TS 33.128 V19.2.0 (2025-03) Protocol and procedures for Lawful Interception (LI), Stage 3 The following article was also found useful in understanding LI for 5G and the relation between 3GPP TS 33.12x and ETSI X1/X2/X3 standards: https://www.lawfulinterception.com/explains/5g-and-lawful-interception/ .

. S6-252xxx Q&A from S6-251250 (1/2) What MCx features and functionality is already included to the TS 33.12x TSs? Only MCPTT and only parts of MCPTT features (based on some older release, maybe Rel-13/14 ?) Which of the LI interfaces will interface with the MCX system and how does the LI system get the data and metadata out from the MCX system? There is no answer to this question yet. Even the question whether LEA/LEMF interface(s) with MCX system or intercept the MC traffic directly from 5G NFs ? This is one of the fundamental questions we need to discuss/solve with SA3-LI, but it would be good if SA6 has an opinion on this? What are SA3-LI group s plans regarding MCX features/functions that are not yet included in TS 33.12x? No plans. There are currently no MC enthusiasts in the SA3-LI group to be active on this matter. We would also kindly request a joint session (conference call) between SA6 and SA3-LI to discuss the above and potential other questions. We agreed with Alex to have a f2f session in Fukuoka....I will remind him about this asap and hopefully SA6 will have a list of questions from the 6th May conf.call to be sent to SA3-LI in advance. .

. S6-252xxx Q&A from S6-251250 (2/2) SA6 asks SA1 to review the Discreet listening requirements (TS 22.280) and confirm that they are still valid? I don't remember whether we concluded something on this? Kees? SA6 also asks SA1 to explain their view on the differences between discreet listening and lawful intercept? From Alex: DL is real time. LI may be real time but does not have to be. Technically LI is fetching recordings of the traffic under interception. Whether LI could use those recordings created by the "Logging and Recording" function or if it requires something different (e.g. smaller chunks), I don't know yet. Does SA1 think both functionalities are needed, if or when LI is extended to cover all MC services? Based on the previous question, yes. .

. S6-252xxx Architecture proposal, LI for MCX MCX operator New functional entity LI server ACM server Acts as an IWF between MC servers and LI functions/interfaces Isolates LI specific functionality from the MC system The new LI-x reference points reuse existing MC client-server reference points - LI-1 and LI-7 can be developed based on Recording and Discreet Monitoring features, which are under work right now in Rel-20 MC service server(s) LI server For the LI target setting, proposal is to reuse the model defined for Recording (Rel- 19) i.e. adding parameters to user profiles and group profiles Rec-LI CSC-5 CSC-3 GMC-LI Group ADMF = ADMinistration Function LI-2 management server CSC-10 MCX-LI ADMF / MDF MDF = Mediation Function CSC-25 Configuration management server LEA / LEMF CMC-LI LI-3 New reference points introduced in the MC system: Identity management server IdMC-LI LI-1 - MC server LI server - intercepted media and related metadata - reuse REC-4 and TBD Rel-20 amendments for the Recording functionality KMC-LI Key CSC-9 management server LMC-LI CSC-24 CSC-15 Location management server LI-2 - LI server GMS - setting groups as targets for interception (FFS if needed) - GMS LI server - GMKs for deciphering of group calls - Changes in target group configurations (if needed by LI?) AudC-LI Common services core Recording server REC-2 REC-3 REC-4 Mass storage(s) REC-5 (continues next page) .

. S6-252xxx Architecture proposal, LI for MCX, cont. MCX operator LI-3 - LI server CMS - setting MC users as targets for interception - CMS LI server - Changes in target user s configurations (if needed by LI?) ACM server MC service server(s) LI-4 - IdMS LI server - target user authentications/authorizations (if needed by LI?) LI server Rec-LI CSC-5 CSC-3 LI-5 - KMS LI server - PCKs for deciphering of e2e one-to-one communications. GMC-LI Group LI-2 management server CSC-10 MCX-LI ADMF / MDF CSC-25 LI-6 - LMS LI server - Target user s location signaling Configuration management server LEA / LEMF CMC-LI LI-3 Identity management server IdMC-LI LI-7 - Rec. server LI server - Copy of off-network recordings (after target has returned to on-network state, if needed by LI?) - AudC-LI = Audit Client (with LI specific functionality) KMC-LI Key CSC-9 management server LMC-LI CSC-24 CSC-15 Location management server AudC-LI Common services core Impacts to the existing CSC-5 and CSC3: Recording server REC-2 REC-3 Setting users/groups as targets for LI. Same mechanism/procedures can be used as for Recording, but new parameters needed in the user/group profiles. REC-4 Mass storage(s) REC-5 .