|
>> See our Press Release
>> Frequently Misunderstood Questions
The FBI filed a letter with the
FCC on January 28, 2004, giving notice that law enforcement would file a
petition seeking comprehensive rules to CALEA. The letter confirmed that the
petition would address a variety of issues including what broadband services and
service providers should be subject to CALEA, as well as the procedures needed
to bring those services and providers into compliance with CALEA.
On March 10, 2004, the DOJ, FBI, and DEA filed a Joint Petition for Expedited Rulemaking
before the FCC. As stated in the joint petition, CALEA's purpose is to
preserve law enforcement's ability to conduct lawful electronic surveillance
despite changing telecommunications technologies. CALEA applies to all
telecommunications carriers, and its application is technology neutral. Despite
a clear statutory mandate, full CALEA implementation has not been achieved.
Although the Commission has taken steps to implement CALEA, there remain several
outstanding issues that are in need of immediate resolution.
To resolve the outstanding issues, law enforcement asks the Commission to:
(1) formally identify the types of services and entities that are subject to
CALEA;
(2) formally identify the services that are considered "packet-mode services';
(3) initially issue a Declaratory Ruling or other formal Commission statement,
and ultimately adopt final rules, finding that broadband access services and
broadband telephony services are subject to CALEA;
(4) reaffirm, consistent with the Commission's finding in the CALEA Second
Report and Order, that push-to-talk "dispatch" service is subject to CALEA;
(5) adopt rules that provide for the easy and rapid identification of future
CALEA-covered services and entities;
(6) establish benchmarks and deadlines for CALEA packet-mode compliance;
(7) adopt rules that provide for the establishment of benchmarks and deadlines
for CALEA compliance with future CALEA-covered technologies;
(8) outline the criteria for extensions of any benchmarks and deadlines for
compliance with future CALEA-covered technologies established by the Commission;
(9) establish rules to permit it to request information regarding CALEA
compliance generally;
(10) establish procedures for enforcement action against entities that do not
comply with their CALEA obligations;
(11) confirm that carriers bear sole financial responsibility for CALEA
implementation costs for post-January 1, 1995 communications equipment,
facilities and services;
(12) permit carriers to recover their CALEA implementation costs from their
customers; and
(13) clarify the cost methodology and financial responsibility associated with
intercept provisioning.
The FCC noted in its IP-Enabled Services Notice of Proposed Rulemaking WC Docket No.
04-36, FCC 04-28, released March 10, 2004, that law enforcement would file
this Petition, and that the Commission recognized the importance of ensuring law
enforcement's requirements are fully addressed. The FCC stated that it took
seriously the issues raised by the law enforcement community concerning
lawfully-authorized wiretaps.
Accordingly, the FCC announced plans to initiate a rulemaking proceeding to
address the matters that it anticipated law enforcement would raise in the
Petition. The Commission also announced plans to closely coordinate its efforts
in these two new proceedings. On March 12, 2004, the FCC released Public Notice DA 04-700 to request
comments sought as a result of the rulemaking proceeding RM-10865 opened at law
enforcement's request.
Department of Justice Joint Reply Comments
On April 27, 2004, the DOJ, FBI, and DEA filed joint reply comments before the FCC. In
the joint reply comments, as stated in law enforcement's Petition - and as
echoed by the law enforcement entities that submitted comments in the proceeding
- court ordered electronic surveillance is an invaluable and necessary tool for
federal, state, and local law enforcement in their fight to protect the American
public against terrorists, spies, and other criminals. Congress enacted CALEA to
preserve law enforcement's ability to conduct court ordered electronic
surveillance despite rapidly emerging telecommunications technologies by further
defining the telecommunications industry's existing obligation to provision
court ordered electronic surveillance capabilities, and requiring industry to
develop and deploy CALEA intercept solutions.
FCC Notice of Proposed Rulemaking and Declaratory Ruling
The FCC released its Notice of
Proposed Rulemaking (NPRM) and Declaratory Ruling RM-10865, ET Docket No.
04-295, FCC 04-187, on August 9, 2004. The NPRM was published in the Federal
Register at 69 Fed. Reg. 56976 (2004)
on September 23, 2004. In its NPRM the FCC states that they were guided first by
the Commission's primary policy goal to ensure that Law Enforcement Agencies
(LEAs) have all of the resources that CALEA authorizes to combat crime and
support Homeland Security. Second, the Commission recognizes that law
enforcement’s needs must be balanced with the competing policies of avoiding
impeding the development of new communications services and technologies and
protecting customer privacy. Section 103 of CALEA explicitly precludes LEAs from
prohibiting the adoption of any equipment, facility, service, or feature by any
telecommunications provider, manufacturer, or support service; and also protects
the privacy and security of communications and call-identifying information not
authorized to be intercepted. Third, the Commission intends to remove to the
extent possible any uncertainty that is impeding CALEA compliance, particularly
for packet-mode technology.
Further, in the NPRM the Commission tentatively concludes that CALEA applies
to facilities-based providers of any type of broadband Internet access service
– including wireline, cable modem, satellite, wireless, and powerline – and
to managed or mediated Voice over Internet Protocol (“VoIP”) services. These
tentative conclusions are based on a Commission proposal that these services
fall under CALEA as “a replacement for a substantial portion of the local
telephone exchange service.” Additionally, the Commission tentatively
concludes that it is unnecessary to identify future services and entities
subject to CALEA. The Commission recognizes law enforcement’s need for
certainty regarding the applicability of CALEA to new services and technologies,
but anticipates that the Report and Order in this proceeding will provide
substantial clarity sufficient to resolve law enforcement’s and industry’s
uncertainty about future compliance obligations.
The Commission seeks comment on telecommunications carriers’ obligations
under section 103 of CALEA and compliance solutions as they relate to broadband
Internet access and VoIP. In particular, the Commission seeks comment on the
feasibility of carriers relying on a trusted third party to manage their CALEA
obligations and whether standards for packet-mode technologies are deficient and
thus preclude carriers from relying on them as safe harbors for complying with
CALEA. With regard to compliance, the Commission proposes mechanisms to ensure
that telecommunications carriers comply with CALEA. Specifically, the Commission
proposes to restrict the availability of compliance extensions under CALEA
section 107(c) and clarifies the role and scope of CALEA section 109, under
which carriers may be reimbursed for their CALEA compliance costs. The
Commission proposes to afford all carriers with pending petitions a reasonable
period of time (e.g., 90 days) in which to comply with, or seek relief from, any
determinations that it eventually adopts in this proceeding.
Additionally, the Commission considers whether, in addition to the
enforcement remedies through the courts available to LEAs under CALEA section
108, it may take separate enforcement action against carriers that fail to
comply with CALEA and tentatively finds that it has general authority under the
Communications Act to promulgate and enforce CALEA rules against carriers and
non-common carriers. With regard to costs, the Commission tentatively concludes
that carriers are responsible for CALEA development and implementation costs for
post-January 1, 1995 equipment and facilities; seeks comment on cost recovery
issues for wireline, wireless and other carriers; and refers to the
Federal-State Separations Joint Board cost recovery issues for carriers subject
to Title II of the Communications Act.
Finally, the Commission requests comment on what would be a reasonable amount
of time for entities that heretofore have not been subject to CALEA to comply
with its requirements, if the Commission ultimately decides that those entities
are subject to CALEA. In the companion Declaratory Ruling, the Commission grants
in part a law enforcement request in the Petition and clarifies that commercial
wireless “push-to-talk” services are subject to CALEA, regardless of the
technologies that Commercial Mobile Radio Service providers choose to apply in
offering them.
As noted previously, law enforcement believes that despite a clear statutory
mandate, full CALEA implementation has not been achieved, and there remain a
number of outstanding implementation issues. These issues require immediate
attention and resolution by the Commission, so that industry and law enforcement
have clear guidance on the scope of CALEA's applicability. The comments filed in
the proceeding only serve to reinforce the immediate need for the Commission to
take the action requested in the Petition. Given the number of issues that
remain unresolved, its is incumbent upon the Commission to immediately initiate
an expedited rulemaking proceeding to further the meaningful implementation of
CALEA by issuing a notice of proposed rulemaking with explicit proposals for
resolving the issues raised in the Petition.
Department of Justice Comments
The Department of Justice filed its
comments in the FCC rulemaking proceeding ET Docket No. 04-295 on November
8, 2004. In its comments the Department stated that the Commission undertook a
timely review of legal and policy issues relating to CALEA implementation
resulting from significant changes in communications technology, as well as
post-9/11 national security concerns, that have surfaced since CALEA’s
enactment in 1994. Two monumental technological changes include the explosive
growth of broadband Internet access services and the rapid emergence of VoIP
services. Notwithstanding these changes, the mission of law enforcement remains
the same - i.e., to protect America from terrorist and criminals. One of law
enforcement's long-standing and most powerful tools has been its ability to
conduct lawful court-authorized electronic surveillance of criminals and
terrorists.
In enacting CALEA, Congress intended it to have a broad reach — one that
would include new technology not envisioned in 1994. Additionally, Congress gave
the Commission significant authority to implement CALEA’s mandate. DOJ
supports the Commission’s tentative conclusions that providers of broadband
Internet access and managed or mediated VoIP are subject to CALEA under CALEA’s
Substantial Replacement Clause. DOJ also supports the Commission’s proposal to
require carriers to comply with any CALEA coverage determinations within 90
days, and even suggests that an additional nine months to be allowed for
carriers to design, build, and test their intercept solutions. In order to
ensure timely and complete CALEA compliance by carriers, the Commission needs to
adopt and enforce CALEA under CALEA section 229. The Commission’s enforcement
power, which is complementary to the separate CALEA section 108 enforcement
authority, was authorized by Congress in CALEA sections 229(a), (c), and (d).
On the issue of standards, DOJ generally believes these important issues
should be resolved though the deficiency petition process of CALEA section
107(b), as has occurred in the past, as opposed to addressing them in this
proceeding. However, DOJ agrees with the Commission that certain broad
guidelines should be resolved now in preparation for future deficiency
proceedings.
Finally, as the Commission recognized in the Notice, there are numerous
outstanding issues relating to CALEA cost and cost recovery that need to be
addressed in this proceeding. DOJ agrees with the Commission’s tentative
conclusion that carriers bear financial responsibility for CALEA development and
implementation costs for post-January 1, 1995 equipment and facilities; this
conclusion is supported by the plain language of CALEA section 109, and the
Commission should adopt rules that reflect this conclusion. In addition, in
order to prevent carriers from improperly shifting post-January 1, 1995
CALEA-incurred capital costs to law enforcement, the Commission should clarify
that such costs may not be included in carriers' intercept provisioning
charges billed to law enforcement.
On November 22, 2004, DOJ filed a motion
for extension of time of the reply comments due date.
Department of Justice Reply Comments
On December 21, 2004, the DOJ filed its reply comments in the
FCC rulemaking proceeding ET Docket No. 04-295. As stated in its reply comments,
DOJ stressed that there have been significant changes in telecommunications
technology since CALEA was enacted over ten years ago. Yet law enforcement’s
mission - to protect America and its citizens from terrorists and other
criminals - has not changed.
What has changed is law enforcement's ability to accomplish its mission in
the face of rapidly advancing technology. CALEA was intended to enable law
enforcement to keep up with these advancements, and the Commission should ensure
that its implementation of CALEA continues to serve the interests of law
enforcement and national security. In particular, the Commission should adopt
rules and policies that keep CALEA viable in the face of the monumental shift of
the telecommunications industry from circuit-switched to IP-based broadband
technologies.
DOJ reiterates its support for the tentative conclusions reached by the
Commission in the Notice regarding CALEA coverage of broadband Internet access
and certain types of VoIP, compliance deadlines, section 107(c) and 109(b)
petitions, and financial responsibility for CALEA development and implementation
costs for post-January 1, 1995 equipment and facilities. As shown in DOJ’s comments, there is strong
statutory and public-interest support for these tentative conclusions, and the
commenting parties have offered no meaningful basis for the Commission to
reconsider or depart from them.
FCC Requires Certain Broadband and VOIP Providers to
Accommodate Wiretaps
In a news release on August 5,
2005, the FCC determined that providers of certain broadband and interconnected
VOIP services must be prepared to accommodate law enforcement wiretaps. The
Commission found that these services can essentially replace conventional
telecommunications services currently subject to wiretap rules, including
circuit-switched voice service and dial-up Internet access. As replacements, the
new services are covered by CALEA, which requires the Commission to preserve the
ability of law enforcement agencies to conduct court-ordered wiretaps in the
face of technological change.
The First Report and Order and Further
Notice of Proposed Rulemaking, FCC 05-153 - referred to in the FCC's August
5, 2005, news release noted above - was released by the FCC on September 23,
2005. In the order, the Commission concluded that CALEA applies to
facilities-based broadband Internet access providers and providers of
interconnected voice over Internet Protocol (VoIP) service. This Order is the
first critical step to apply CALEA obligations to new technologies and services
that are increasingly relied upon by the American public to meet their
communications needs. The Commission went on to note that they will release
another order that will address separate questions regarding the assistance
capabilities required of the providers covered by the FCC 05-153 order pursuant
to section 103 of CALEA. This subsequent order
will include other important issues under CALEA, such as compliance extensions
and exemptions, cost recovery, identification of future services and entities
subject to CALEA, and enforcement.
Frequently Misunderstood Questions
On March 17, 2004, we published a press
release regarding our joint petition.
Q: Does the petition for CALEA rulemaking propose to apply CALEA to all
types of online communication, including instant messaging and visits to
websites?
A: No. The petition proposes CALEA coverage of only broadband Internet access
service and broadband telephony service. Other Internet-based services,
including those classified as "information services" such as email and
visits to websites, would not be covered.
Q: Does the petition propose extensive retooling of existing broadband
networks that could impose significant costs?
A: No. The petition contends that CALEA should apply to certain broadband
services but does not address the issue of what technical capabilities those
broadband providers should deliver to law enforcement. CALEA already permits
those service providers to fashion their own technical standards as they see
fit. If law enforcement considers an industry technical standard deficient, it
can seek to change the standard only by filing a special "deficiency"
petition before the Commission. It is the FCC, not law enforcement, that decides
whether any capabilities should be added to the standard. The FCC may refuse to
order a change in a standard on many different grounds. For example, a
capability may be rejected because it is too costly. Therefore CALEA already
contains protections for industry against paying undue compliance costs.
Q: Did law enforcement ask the FCC to curtail its usual review process
to implement the petition?
A: No. Law enforcement asked the FCC to give the proposed rulemaking
expedited treatment. Such treatment is often requested and granted when urgent
matters are brought to the FCC's attention. Some FCC rulemaking proceedings can
take years to complete. Law enforcement believes expedited treatment is
warranted in this case based on evidence that terrorists, criminals, and/or
spies are already exploiting the networks of broadband communication providers
to evade lawful electronic surveillance.
Q: Is Law enforcement trying to dictate how the Internet should be
engineered to permit whatever level of surveillance law enforcement deems
necessary?
A: No. Law enforcement does not seek the power to dictate how the Internet
should be engineered or even to decide how broadband communications networks
should be engineered. As explained above, CALEA already allocates those
decisions to industry and any resulting capability disputes between industry and
law enforcement are decided by the FCC. Moreover, the level of surveillance is
not an issue raised in the petition, is not within the scope of CALEA, and is
not decided by law enforcement. Based on a statute known as "Title III," before a law enforcement agent or
officer is permitted to engage in lawful electronic surveillance, he or she must
seek an appropriate court order from a judge or magistrate. Only if a judicial
order is issued can the lawful surveillance take place, and the level of
surveillance is prescribed by the order.
Q: Does the petition ignore the letter or spirit of CALEA's
"information services" exemption by seeking to apply CALEA to such
services?
A: No. The petition notes that CALEA contains a definition of
"telecommunications carrier" that is different from and broader than
the definition of that term in the Communications Act,
which governs most FCC actions. The petition therefore asks the FCC to decide
the scope of CALEA coverage based on the CALEA definition, not the
Communications Act definition. As a result, some carriers classified as
"information service" providers for purposes of the Communications Act
would be simultaneously deemed "telecommunications carriers" for
purposes of CALEA.
Q: Would the petition force carriers to decode data that might be
encrypted?
A: No. The petition does not raise the issue of encryption. That issue is
already addressed by CALEA. The statute states that if encryption is provided by
a telecommunications carrier and the carrier possesses the information necessary
to decrypt the communication, it must decrypt the communications subject to an
order for lawful interception. But if the encryption is provided by a subscriber
or customer, the carrier is not responsible for decrypting the targeted
communications.
|
