336/2005 Sb.
The DECREE
of 29 April 2004. August 2005
on the form and extent of the information provided from the database of the participants publicly
available telephone services, and on the technical and operational conditions and
points for connecting telecommunications device for tapping
and record messages
The Ministry of the Interior shall establish under section 150, paragraph. 4 Act No. 127/2005 Coll.,
on electronic communications and amending certain related laws
(the law on electronic communications), (hereinafter referred to as "the Act") for the implementation of section
paragraph 97. 4 and § 97 paragraph. 8 of the Act:
PART THE FIRST
THE FORM AND EXTENT OF THE INFORMATION PROVIDED FROM THE DATABASE OF THE PARTICIPANTS PUBLICLY
AVAILABLE TELEPHONE SERVICES
§ 1
From the database of the participants publicly available telephone services legal or
natural person providing a publicly available telephone service provides
information about the participant publicly available telephone services (hereinafter referred to as
"the information")
and public fixed networks) for electronic communications in the range
identifying the subscriber number, name and surname, or name
participant, address, category, date, station to which the requested
the information relates to the time usually referred to in the request, for physical
a person's social security number, or date of birth, social security number, if it has not been
allocated for the entrepreneurial natural persons or legal persons
identification number-IDENTIFICATION NUMBER, information about the publication of the list of participants
(hereinafter referred to as "lustration subscriber services provided in the fixed network"),
(b)) for the public mobile telephone networks within the range of identifying
Subscriber number, name and surname, or name, address of the participant,
in the case of a natural person, the social security number or date of birth, social security number, if it has not been
allocated for the entrepreneurial natural persons or legal persons
identification number-IDENTIFICATION NUMBER, the name and surname and address listed on the
the invoice on the date of application of the status of the request (active, disabled,
suspended), date of last status change, the publication of the information in the
list of participants (hereinafter referred to as "lustration subscriber services provided in
mobile network ").
§ 2
(1) a request for information shall be applied and the requested information is
transmit through the designated contact Department of the Czech Police
Republic (hereinafter referred to as "the police") and legal or natural persons
providing a publicly available telephone service.
(2) Communications between the contact workplace legal or natural persons
providing a publicly available telephone service and contact the workplace
the police is carried out through remote access. Application and information
shall be communicated in electronic form as data files. When communicating
contact centres are used only generally available technology and
communication protocols so that the solution was not tied to a specific
the manufacturer or supplier.
(3) If the case is not possible to use remote access,
can be passed to the application or the information requested in paper form or in
the form of data files on removable media.
(4) in order to prove the authenticity of the application or transmitted the information requested
You can use the
and) advanced electronic signature based on a qualified certificate
issued by an accredited certification service provider ^ 1). To
create a signature and its verification shall apply cryptographic format
standard public key PKCS # 7,
(b) a physical form) of the transmitted requests or information requested by
bearing the signature of the authorised person. Additionally, in the summary for a particular
as a rule, the period of one week, this method applies also in the case of
applications or on-demand information already transmitted in electronic form
no other proof of authenticity.
(5) information, contact the workplace legal or natural persons
providing a publicly available telephone service passes without delay.
§ 3
(1) the request of the police, under section 2 (2). 1 can contain more requirements on
lustration subscriber services provided in the fixed network or the participant
services provided in a mobile network (hereinafter referred to as "lustration"). The application shall be
processes one file generally tasked.
(2) the lustration process is in the file identically with the order tasked with the ranks set out in
the application and are marked with its serial number. On the line with
individual information is separated by commas or tabs, the last
terminating CRLF character information. In the event that the requested information
is not identified, its location in the lustration process is empty.
(3) the police shall transmit the lustration in structured text file,
usually encoded according to a standardized character set for encoding
the texts of the CP-1250, UTF-8 and ISO 8859-2. The names of the files being transferred are
the given structure under the name conventions.
(4) the Name Convention provides the file name of lustration in the shape of
URDDMMRR_XXX.txt, where DDMMYY corresponds to the date of application of the application and the XXX
corresponds to the sequence number of the request within the given day.
(5) in the case of a reasoned, with the approval of the Liaison Department of the police
and legal or natural persons providing publicly available telephone
service, it is possible to enjoy the format, structure, and the name of the file differently from
their definition in paragraphs 2 to 4.
§ 4
The structure of the lustration of the participant services provided in the fixed network
(1) in the lustration of the participant services provided in the fixed network
the information stored in the file in the following structure
and lustration, serial number)
(b) subscriber number),
(c)), the name and surname, or name of the participant,
(d) the address of the participant)
e) category of the station,
f) expiration date in the form DDMMYY,
(g)), social security number,
h) identification number,
I) published (A/N).
(2) If a number, which is required information in the database
of the participants, the line marked "name in the structure
the word "participant" not found ".
§ 5
The structure of the lustration of the participant services provided in a mobile network
(1) in the lustration of the participant services provided in mobile network
the information stored in the file in the following structure
and lustration, serial number)
(b) subscriber number),
(c)), the name and surname, or name of the participant,
(d) the address of the participant)
(e)), social security number or identification number of the participant,
(f)) first and last name on the invoice,
(g)) the address shown on the invoice,
h) social security number or identification number on the invoice,
(I) on the date of application of the status) of the application (active, disabled, suspended)
j) date of last change (activation, deactivation or suspension) in the shape of
DDMMYY,
k) published (A/N).
(2) If a number, which is required information in the database
of the participants, the line marked "name in the structure
the word "participant" not found ". If the number is used with the participant
pre-paid anonymous services, the line the word "prepaid".
PART THE SECOND
ON THE TECHNICAL AND OPERATIONAL CONDITIONS AND POINTS FOR CONNECTING
TELECOMMUNICATIONS DEVICES FOR THE INTERCEPTION AND RECORDING OF THE MESSAGES
Title I Of The
Introductory provisions
§ 6
Definition of terms
(1) the end user's address is the identifier of the connection or
users of the electronic communications service (the "service"), in particular
and subscriber number),
(b) the international mobile subscriber identifier)-IMSI,
(c)), the international mobile station identifier-IMEI,
(d)) the user name or identifier network access, electronic
communications (hereinafter referred to as "the network"),
e) electronic mail address,
(f)) of the mailbox identifier,
(g)) the identifier of the network device that is used by Internet protocols
layer-IP address,
h) identifier of the network device that is used for communications protocols layer-
MAC address, or
I) identifier of the dial-up connection.
User address of interest is intended to address the user tapping
and a record of messages ("tapping").
(2) the activity of the user address is the process by which are transmitted
traffic and location data or the content of the messages between the device
identified this address and the network device or service, or when
which network or service transmits or processes the message coming from
This user's address or the address pointing to this user.
(3) interface for connecting the telecommunications device for the
interception and recording of the messages is
and the output for transferring) traffic and location data and the content of the
messages of interest from the network address of the user or service to the device
the police, the security information service ^ 2) or the military
News ^ 3) (hereinafter referred to as "the legitimate authority"), or
(b) the attachment point for the device) the authorised authority in places
prediction of the occurrence of manifestations of the activities of the special interest user addresses.
section 7 of the
The conditions for the implementation of the interface for the connection of the end
telecommunications devices for the interception
(1) legal or natural person providing a public communications network
or providing publicly available electronic communications service
(hereinafter referred to as the "operator") equips the service interface for the network or the
connection device for interception at the request of the authorised authority.
(2) If an operator is building a new network or service, extends, or
significantly changing the existing network or service, ask the competent authority to
the date of the request for the equipment of the network or the service interface for the connection
devices for the interception. If the operator assumes to execute
technical evaluation of the devices for the interception, it shall invite the competent authority to
the date of the request for the implementation of this evaluation. The competent authority shall apply the
request within fifteen days from the date of receipt of the request, otherwise the
It considers that the request does not apply at that time. This does not affect the possibility
the procedure referred to in paragraph 1.
(3) on the basis of the request applied under paragraph 1 or 2 of the processes
the operator shall, in cooperation with the appropriate authority proposal for possible options
the solution, including the reasons and the determination of the amount of the cost of their
implementation.
(4) the selected option and the parameters of the solution are given in the record processed
jointly by the competent authority and the operator, whose part is also the
the definition of the amount of the financial costs, the method and timetable for their remuneration and
the way the procedure and timetable for the implementation of the selected solution including putting
the time of vesting for the initiation of the billing costs. In the case where
no option is not selected, enter into the record the reason and outline
the next procedure.
§ 8
General technical conditions for the interception and recording of the messages
(1) initiate the interception is carried out
and the activation of the interception for interest) the user of the address, which the network or
service to the State in which the information about each activity interest
user address transmitted to the output, or
(b) the installation of the device) of the authorised authority in the connection point and its
activation.
(2) the termination of the eavesdropping is done by deactivating the interception for the interest
user addresses in the network or the service or device authorized
authority.
(3) the ability to start and stop the eavesdropping is ensured continuously.
(4) if it is in some parts of the network or the service content of the message
the operator modified by encrypting or encoding, always from the
that part of the site or the services, where this is not modified. If the content of the reports
proven in all parts of the network or the service modified encryption or
encoding and the operator does not have to verifiably access the required key,
provides the contents of a message in a form in which it is available.
(5) data on the change in the network or service, which might affect the interception,
the operator shall forward to the competent authority
and the anticipated changes) before their implementation,
(b)) in other cases without delay after their discovery.
Title II
The tapping with the activation in the network or the service
§ 9
(1) the interception with the activation in the network or service to obtain the content of the messages and
related selected operational and localisation data, or
the selected traffic and location data without the content of the messages is allowed
for the user, address
and) which may have to the network or the service end of the connection, or
(b)) whose reports or traffic and location data network or service
transmits or processes, and the information about the user at has a network or service
available.
(2) the selected operational and location information is
and start time) date, duration. the end time of the activity
special-interest user addresses, even if, in the absence of transmission of content
messages; for network or service, where the message processing may not occur in the
real time and message in itself do not carry information about the time of its inception, the
time within the meaning of this provision shall be considered as the time when the processing is
network or service messages,
(b) determine the kind of extracurricular activities) of the user's address,
(c) any information that identifies the interest) user address, network
or service is available in the activity the user address, without interest
regardless of whether the interception was activated by them,
(d) all user identification data) addresses, to which the activity
special-interest user addresses and from which the activity is directed to the
interest the user address, data that identifies any user
address and data redirection string forming that identifies all
the user addresses the Conference; These data may not be listed
in the event that the network or the services do not provide a proven,
(e) an indication of the determination of the place of) the end user at connection interest address
public mobile telephone networks
(f) an indication of the exact destination) channel, used for the transmission of the content of the messages to
the equipment of the authorised authority, if it is to identify the transmitted message
necessary,
g) data on the user logon identified user interest
the address to the network resource or service
(h) the identifier of the data source) in the case of transfer of the common
channel from multiple nodes of the network or services.
(3) the minimum number of user addresses that the network or the service allows you to
at the same time to activate the eavesdropping is given by:
Y = and. x 0, 4
Where Y is the minimum number of user addresses that the network or the service
allows you to simultaneously activate the eavesdropping,
x is the total number of users or network capacity services
and is specific for the type of network or service,
a = 1 for fixed network with komutací circuits,
a = 2 for the service of electronic mail and other services to a record carried
messages,
a = 3 for networks with packet komutací
a = 4 for mobile network with komutací circuits.
§ 10
(1) guideline for activation, deactivation and activation verification for interception
interest the user address is carried out from the workplace of the authorised authority
remote access using the software supplied to authorized
authority. If it is not possible in a reasoned case for this remote access
use, shall ensure that the operator activation, deactivation or activation verification
on the basis of the request in a written paper claimed.
(2) the operator shall keep for six months in order to control
instructions on how to activate and deactivate the eavesdropping and the information about their
implementation, and the manner of their nedovolujícím the change.
§ 11
(1) the number and capacity of outputs designated by the competent authority shall be
so, in order to allow smooth transmission of the content of the messages and selected operating
and location data from parallel communicating interest
user addresses, the number of which corresponds to at least 15% of the value
set out under section 9 (2). 3, while the calculated result shall be rounded
to the next higher multiple of two numbers.
(2) all message types when communicating user addresses of interest
transmitted to the output in such a way that it is possible to reconstruct the entire
their contents.
(3) the selected traffic and location data and the content of the message to the output
transmit comprehensible without having to use a dedicated
equipment supplied only by a particular supplier or the supplier only
the technology of the network or service.
(4) the operator shall forward to the competent authority a detailed, complete and
a user-friendly description of the communication protocols and formats used to
the transfer of the contents of messages and selected traffic and location data on
outputs.
§ 12
The outputs of the network with komutací circuits
(1) the output of the network or the services shall be carried out according to fixed circuit interface
recommendation G. 703 International Telecommunication Union ITU-T. Voice transmission
Pulse Code modulation is performed with the compression characteristics by
recommendation G. 711-type and the International Telecommunication Union ITU-T.
(2) As a communications protocol for controlling the transmission of messages transmitted on
the output of the SS7 signaling is used or DSS1 signaling. In the alarm
the following complete information about the user currently addresses of interest
the transmitted messages. The alarm is usually in the sixteenth
kanálovém the interval of the output.
(3) in the case of having to use the addresses point to the side of the
the authorised authority shall apply the address from the address range of the operator.
(4) for the data transfer used a separate channel intervals
for the transfer of forward and reverse the direction of the communication the user interest
addresses.
(5) the selected traffic and location data are transmitted to the data channel
with a standardized communication protocol TCP/IP or x.25 located
as a rule in one or more of the reserved channel
output intervals referred to in paragraph 1, or to transmit alarms
in accordance with paragraph 2.
(6) the output of the network or service allows you to set the number of
channel intervals according to the capacity requirements of the authorised authority.
When dynamic casting channel intervals each sessions
usually uses the channel's longest interval unoccupied.
(7) the output of the network or service is to be placed in sections identically designed
by the competent authority and the operator.
section 13
The outputs of the network komutací packets
(1) the output of the network or service is performed
fixed a data connection), or
(b) secure virtual channel) on the Internet with a standardised
communication protocol FTP server on the side of legitimate authority and
on the client side of the operator.
(2) Sent data unit is fitted with an identifier of interest
user addresses and sequence number or timestamp. The integrity of the
the data is provided by creating a fingerprint file by using hash function
SHA-1.
(3) when the interception of e-mail messages can be sent with the consent of
the authorised authority and operator to send copies of the message protocol for
SMTP e-mail messages on a dedicated mailbox server
the authorised authority.
Title III
The tapping with the installation of the equipment of the authorised authority in the connection point
§ 14
(1) the site or service for which it is not possible or appropriate to carry out the interception
with the activation of the network or service, at the request of the authorised authority equips
mount points for the equipment of the authorised authority.
(2) on application by the authorized body shall draw up a proposal for the operator
the location of the attachment points on the grounds of each of them. On the basis of the
proposal the competent authority shall define the number of attachment points and the
their location.
(3) the operator of an authorized institution provides the information necessary to
creating the necessary conditions for the interception by means of authorised
the authority, in particular for the installation and operation of the facilities of the authorised authority in
location of the connection point.
(4) for the equipment of the authorised authority, which are from the technological
the grounds located in the premises of the operator, the operator also provides
and appropriate location)
b) transmission channel for continuous remote access to legitimate authority
data,
(c) power and backed up)
(d) at least once a day) the ability to access members of the authorised authority
for the purpose of service.
(5) to identify the operator dynamically allocated addresses
the operator provides the competent authority
and giving) output in real time information about the currently allocated
dynamic addresses, or
(b)) to the point where the information about dynamically allocated
addresses found.
§ 15
Specific technical conditions for tapping the services of record
transported messages
(1) If a part of the service carried messages (voice record
Clipboard, email and Multimedia Messaging MMS transmission in
mobile networks), the service may not meet the conditions referred to in section 8 (2).
1 and 2 and article 10, paragraph 1. 1 in the case where the competent authority without delay after the
request to allow at least once a day to receive the selected
traffic and location data and the content of all messages originating from the
user addresses and messages of interest to interest the user address
aimed at. The other provisions of the decree is in this case used
mutatis mutandis.
(2) the services referred to in paragraph 1, the information about the activity of interest
user addresses to be transmitted through commonly used data carriers or
interface.
section 16 of the
The effectiveness of the
This Decree shall take effect on the date of its publication.
Minister:
Mgr. Bublan in r.
1) section 11 of Act No 227/2000 Coll., on electronic signature and amending
certain other laws (the law on electronic signature).
2) Act No. 154/1994 Coll., on the security information service, as amended by
amended.
3) Law No 289/2005 Coll. on Military Intelligence.