Lawful interception data retention regulation recommendation: Recommendations for countries that do not have relevant regulations of this field

Since the need of the communication data in revealing the crime are just emerged after the event detected, communication data retention for lawful interception (LI) are really demanded. This paper aim to give recommendation for telecommunication regulatory body in making communication data retention regulation. This research describes points of recommendation to National Telecommunication Regulatory Body in establishing LI data retention regulation which conducted by the Communication Service Provider in the country. These recommendations are very useful for countries that do not have relevant regulations of this field. This paper suggests that propose data retention system must have an ability to run administrative function, data collection function and data management function. Each function should maintain such a log. Administrative log has to keep warrant information include target identity and date start, and the duration of data retention needed. In telecommunication infrastructure target are either MSISDN, IMEI or IMSI. For communication data through IP mechanism, target is either email address, account name or IP address. Information item that have to be retained are include subscriber data, usage data and traffic data, equipment data, network element data, additional service data and the call contents. If storage capacity are not fully provided yet, the retention for data that need the largest storage space such as video and file might be less priority. Regulatory Body must determine the data retention format based on handover interface. To prevent abuse of data, regulation should put clauses that obligate each party to delete data longer than retention period. Besides this paper recommends decentralize location of storage media, apart from operational system and have a hot site backup.