超越極限（超限）服務下新型態通訊資料保存及監察架構

Abstract

超越極限（超限）服務已成為最受人們歡迎的通訊方式，原因在於其具備免費通話及訊息、加密與社群連結等功能。過去，通話及訊息等功能需仰賴電信設備運作，因此通訊服務主要多由本地電信事業提供。而電信事業遵循所在國法律規定，於執法機關及公共安全部門取得法律授權後，提供用戶資料及通信紀錄，遇有嚴重犯罪時，電信事業亦依法協助執行通訊監察，使執法機關及公共安全部門得以獲取通訊內容。 超限服務透過網際網路可在全球範圍運作，用戶僅需簡單步驟即可下載應用程式並安裝至智慧型手機，使超限服務用戶彼此之間可進行通話並傳送即時訊息，這打破了過去通話及訊息服務由本地電信事業提供的障礙。另一方面，超限服務提供者除了來自世界各地且數量眾多外，提供者基於自身商業利益考量，多不願比照本地電信事業遵循相關法令，配合調取使用者資料、通信紀錄及執行通訊監察，此問題已經成為全球執法機關及公共安全部門遭遇的最大挑戰。本篇博士論文旨在研究超限服務下執法機關及公共安全部門之因應對策，以解決無法獲得超限服務用戶資料、通信紀錄及通訊內容等問題為其目標，同時考量難以要求超限服務提供者配合，以及相關技術對人民基本權之干預應在合理必要之範圍等實際限制，進而提出具體可行的框架。 對於無法取得超限服務用戶資料及通信紀錄的問題，藉由測試當前熱門之超限服務並取得其流量進行分析，發現多數超限服務執行不同的動作時，會產生出相異的流量特徵，故僅需保留必要之網際網路連線紀錄，即可使辨別用戶所使用的超限服務種類、可能動作及關聯收發通訊雙方得以實現；基於上述實驗結果，提出基於動作特徵之超限服務資料保存框架。另考量實際運作的問題，大量超限服務用戶所產生的巨量連線紀錄，以及實際運作時的系統辨識錯誤等情況，本論文基於上述框架進一步提出了二種的辨識策略：事後對應及即時量測，相關策略可用於降低辨識錯誤之可能性，並可視執法機關及公共安全部門所面對之實際情境靈活運用。其中即時量測策略運用超限服務的流量共通特性，僅需於使用前開啟系統進行記錄，不僅可降低對於隱私權的干預，也可解決超限服務用戶游牧接取不易識別的問題。 有關無法取得超限服務用戶通訊內容的問題，經測試發現幾乎所有的熱門超限服務其通訊流量均被加密，意即執行傳統通訊監察時，僅能取得被加密後之流量，仍無法取得超限服務用戶實質通訊內容。許多研究提出了潛在的解決方案，包含要求超限服務提供者提供解密金鑰、提供解密後的通訊內容及提供通訊監察功能，或是要求網際網路接取服務提供者阻擋超限服務流量及使用政府駭客工具等，但核心的問題在於大部分的方案必須仰賴超限服務或網際網路接取服務提供者的協助，這使得使用政府駭客工具成為多數國家的主要選項。但使用政府駭客工具高度干預人民基本權利，許多國家雖有立法授權，但欠缺相關標準，在執法機關及公共安全部門實際執行上不僅缺乏透明度，更無法判斷是否逾越立法所授權之範圍。本論文綜合近年來國際矚目的使用政府駭客工具事件，並結合傳統通訊監察標準，提出使用政府駭客工具的框架，不僅使政府駭客工具所需功能得以模組化，其執行方式也加以標準化，除可強化監督機制外，亦可降低執法機關及公共安全部門建置成本；另一方面，本論文進一步關注了實際使用政府駭客工具時應探討的各項問題，包含實施技術及成本、運作安全、權限控管、漏洞揭露、標準規劃、國際合作協議及避免政府駭客工具擴散等議題。 綜上，本博士論文對於超限服務衍生的執法困境提出的因應對策，包含：運用超限服務流量特徵的網際網路連線紀錄保存及使用政府駭客技術的標準二種框架，期能降低超限服務對全球執法機關及公共安全部門帶來之衝擊外，也能為尚未提出解決方案的國家提供後續研究基礎。

Over-the-top communication services have already become the most popular way to communicate because they provide free voice calls and instant messaging, encrypted communication and social connection. In the past, the communication services, such as making a voice call and sending a short message, only utilized telecommunications equipment so communication services could only be provided by local telecommunication carriers. These carriers must obey the local rules and provide subscriber information and metadata of the communication after they received the court order from law enforcement agencies and public security departments. These carriers could also intercept the communication to aid law enforcement agencies and public security departments obtain the content of the communication. Over-the-top communication services operate via the Internet worldwide. Users can download and install an application in a smart phone and use its services to make a voice call and send an instant message, to the users of the over-the-top communication service. Communication services are no longer only provided by local carriers. Over-the-top communication service providers are global and need not obey the local rules, especially in terms of supplying subscriber information and metadata of communication, or allowing lawful interception. These are now signficant challenges for law enforcement agencies and public security departments. This dissertation determines solutions to overcome these issues. Practical restrictions should be considered, such as the solutions operate without any support from the over-the-top communication service providers and the use of these techniques should reduce the interference of fundamental right. Based on these restrictions, practical and feasible frameworks are proposed. To obtain the user information and metadata of over-the-top communication services, an experiment generate, tests and analyzes the traffic of the popular services. We found there were some characteristics between the different actions in the most services. So law enforcement agencies and public security departments can identify the used services and actions of users and correlate the sender and receiver of the services, using characteristic-action Internet connection records. A novel identification framework that uses the different action-characteristic of the over-the-top communication services is proposed. Users generate large records when they use over-the-top communication services. Many targets are found in real fields and it is difficult to ensure who the real target is. There are also errors in the Internet connection record systems. This dissertation proposes two strategies: post-action sequence mapping and real-time measurement. These strategies reduce the probability of the identification error and are applied to different scenarios that law enforcement agencies and public security departments encounter. The real-time measurement strategy only turns on the Internet record system only turn on before government agencies use it, which decreases the impact in privacy and addresses the nomadic access characteristic of over-the-top communication services. To obtain the user's communication content of over-the-top communication services, the traffic of almost all tested services is encrypted under the above traffic analysis. Using traditional lawful interception only obtains the encrypted traffic, without the true communication content of over-the-top communication services. Many solutions exist such as requiring providers to offer decrypted keys, encrypting communications and information, or building intercepting functionality, blocking encrypted services and using government hacking. Using government hacking is a method with the high violation of fundamental rights. Many countries have legislation in place but have no relevant standard. Law enforcement agencies and public safety departments lack transparency and their implementation can exceed the scope of the legislation. This dissertation summarizes traditional lawful interception standards and well-known government hacking events. The functions of government hacking are implemented as standardization and modularization which enhances the oversight mechanism reduces the cost to law enforcement agencies and public security departments. This dissertation also discusses issues surrounding the use of government hacking tools, including techniques and the cost to implement, operating security, privacy and policy control, disclosed vulnerability, standardization, cooperation agreement, and preventing proliferation. In summary, this dissertation proposes solutions and frameworks for the challenges from the over-the-top communication services. It includes a user identification framework based on the retention of action-characteristic data and a standardization framework for implementation government hacking that reduce the impacts from over-the-top communication services on law enforcement agencies and public safety agencies worldwide. This is a basis for future research for the countries that have not yet proposed solutions.