CALEA

Citation

Communications Assistance for Law Enforcement Act of 1994 (CALEA), Pub. L. No. 103-414, 108 Stat. 4279 (Oct. 25, 1994), codified at 47 U.S.C. §§1001-10.

Overview

In the early 1990s the Federal Bureau of Investigation (FBI) asked Congress for legislation to assist law enforcement agencies to continue conducting electronic surveillance. The FBI argued that the deployment of digital technologies in public telephone systems was making it increasingly difficult for law enforcement agencies to conduct electronic surveillance of communications over public telephone networks.^[1] As a result of these arguments and concerns from the telecommunications industry, as well as issues raised by groups advocating protection of privacy rights,^[2] the Communications Assistance for Law Enforcement Act (CALEA) was enacted on October 25, 1994.

CALEA was not intended to expand law enforcement's authority to conduct electronic surveillance. On the contrary, the Act was intended only to "preserve the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities."^[3]

Subject to regulatory review by the Federal Communications Commission (FCC), communications carriers were responsible for the initial development of technical standards to fulfill their surveillance capability responsibilities under CALEA.^[4] These modifications were originally planned to be completed by October 25, 1998. Since that time, the Federal Communications Commission (FCC) issued two additional orders establishing June 30, 2002, as the date by which telecommunications carries must have upgraded all their systems. Equipment manufacturers have fulfilled their obligation to provide CALEA solutions and carriers have implemented them.

Following release of the industry group's proposed standard (the so-call J-Standard, officially the Interim Standard/Trial Standard J-STD-025), the Center for Democracy and Technology appealed to the FCC claiming the J-Standard violated CALEA's privacy protections and impermissibly expanded government surveillance capabilities. The Justice Department and the FBI also petitioned the Commission for modifications, arguing that the J-Standard did not include all of CALEA's required assistance capabilities. The Department sought a list of nine additional surveillance capabilities, its so-called punch list.^[5] After receiving public comment on the petitions, the FCC resolved the challenges to the J-Standard in its Third Report & Order.^[6]

Main provisions

47 U.S.C. §1002 directs the telecommunications industry to design, develop, and deploy solutions that meet certain assistance capability requirements for telecommunications carriers to support law enforcement in the conduct of lawfully-authorized electronic surveillance. Pursuant to a court order or other lawful authorization, carriers must be able, within certain limitations, to: (1) expeditiously isolate all wire and electronic communications of a target transmitted by the carrier within its service area; (2) expeditiously isolate call-identifying information that is reasonably available on a target; (3) provide intercepted communications and call-identifying information to law enforcement; and (4) carry out intercepts unobtrusively, so targets are not made aware of the electronic surveillance, and in a manner that does not compromise the privacy and security of other communications.

There are several notable caveats to this requirement, however:

• Law enforcement and officials are not authorized to require telecommunications providers (as well as manufacturers of equipment and providers of support services) to adopt "specific design of equipment, facilities, services, features, or system configurations." Similarly, officials may not prohibit "the adoption of any equipment, facility, service, or feature” by these entities.^[7]
• Telecommunications carriers are not responsible for "decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication."^[8]

To allow carriers to give law enforcement the means to conduct its wiretaps, 47 U.S.C. §1003 requires the Attorney General to determine the number of simultaneous interceptions (law enforcement agencies’ estimate of their maximum capacity requirements) that telecommunications carriers must be able to support.

To maintain privacy rights of individuals, 47 U.S.C. §1004 requires telecommunications carriers to ensure that any interception of communications or access to call-identifying information that is conducted within their premises can only be done with a court order. It also requires the specific intervention of an officer or employee of the carrier acting in accordance with regulations prescribed by the FCC.

47 U.S.C. §1005 directs telecommunications carriers to consult with telecommunications equipment manufacturers to develop equipment necessary to comply with the capability and capacity requirements identified by the FBI.

For efficient industry-wide implementation of the above requirements, 47 U.S.C. §1006 directs the law enforcement community to coordinate with the telecommunications industry and state utility commissions to develop suitable technical standards and establish compliance dates for equipment.

47 U.S.C. §1008 gives the Attorney General, subject to the availability of appropriations, authority to pay telecommunications carriers for all reasonable costs directly associated with the modifications performed by carriers in connection with equipment, facilities, and services installed or deployed on or before January 1, 1995 (known as the “grandfather” date).

Major events following enactment of CALEA

Initial delays

CALEA gave implementation responsibility to the Attorney General, who, in turn, delegated the responsibility to the FBI. The FBI lead that nationwide effort on behalf of federal, state, and local law enforcement agencies. FBI officials initially anticipated that it would take a year for a standard to be developed and agreed upon by law enforcement, the telecommunications carriers, and the equipment manufacturers. Telecommunications consultants estimated that it would take the industry another three years to design, build and deploy new systems to comply with CALEA. Instead, industry and law enforcement became involved in a protracted dispute over what should be required for law enforcement’s wiretapping capabilities.

By March 1997, the completion of the capability standard was overdue by 16 months. The FBI attempted to expedite the industry’s implementation of CALEA by releasing regulations that included a cost recovery plan for the federal government’s payment of costs associated with CALEA, as well as capability and capacity requirements for the industry to meet. The plan required more extensive upgrades to networks than the telecommunications industry believed were necessary for law enforcement to preserve its wiretapping capabilities. Industry groups and privacy advocates disputed the FBI’s plan. They argued that the FBI was attempting to expand its surveillance capabilities beyond the congressional intention of CALEA, and was attempting to unfairly shift costs and accountability away from the federal government onto private industry. Furthermore, the industry argued that, without an adopted capability standard, it could not begin designing, manufacturing, and purchasing the equipment to achieve CALEA compliance.

In December 1997, the Telecommunications Industry Association (TIA, representing telecommunications equipment manufacturers) adopted, over the objections of the law enforcement community, a technical standard, J-STD-025, also known as the "J-standard." This standard prescribes upgrades to network devices to meet CALEA’s assistance capability requirements for local exchange, cellular, and broadband personal communications services (PCS). Although the FBI claimed that the J-standard did not provide all of the capabilities needed, the industry asserted that CALEA's language stated that telecommunications carriers would be compliant if they met publicly available standards adopted by the industry.

Privacy rights groups, on the other hand, protested two aspects of the J-standard that they asserted would make information beyond what is legally required available to law enforcement. One was a feature enabling the telecommunications network to provide location information for users of mobile wireless telecommunications services. The location information protocols in J-STD-025 allow law enforcement agencies to obtain information on the physical location of the nearest cell site (i.e., the receiver/transmitter antenna and base station) of mobile phone handsets at the beginning and end of each call.

Wireless carriers are now deploying another technology (called triangulation) that will enable the carriers, and law enforcement, to track wireless telephone users more precisely, potentially within a few meters. The other was a feature enabling the network to access packet-mode data from telephone calls using more advanced systems. Privacy rights groups argued that these capabilities would violate the Fourth Amendment rights of individuals against unreasonable searches and seizures. Despite these objections, telecommunications manufacturers designed new switches and upgrades to existing switches according to the J-standard.

The FBI's "Punch List"

In the negotiations to develop the J-standard, TIA had refused to include some of the capabilities that law enforcement officials claimed they needed to facilitate digital wiretapping. As a result, in March 1998, the FBI petitioned the FCC to require the telecommunications industry to adopt eleven additional capabilities.

Industry and privacy rights groups protested that the FBI's plan would unlawfully expand enforcement capabilities. Eventually, the "punch-list"^[9] included the following six items^[10]:

• Content of subject-initiated conference calls — Would enable law enforcement to access the content of conference calls supported by the subject’s service (including the call content of parties on hold).
• Party hold, join, drop — Messages would be sent to law enforcement that identify the active parties of a call. Specifically, on a conference call, these messages would indicate whether a party is on hold, has joined or has been dropped from the conference call.
• Subject-initiated dialing and signaling information — Access to all dialing and signaling information available from the subject would inform law enforcement of a subject's use of features (such as the use of flash-hook and other feature keys).
• In-band and out-of-band signaling (notification message) — A message would be sent to law enforcement whenever a subject’s service sends a tone or other network message to the subject or associate (e.g., notification that a line is ringing or busy).
• Timing information — Information necessary to correlate call-identifying information with the call content of a communications interception.
• Dialed digit extraction — Information would include those digits dialed by a subject after the initial call setup is completed.^[11]

Capacity requirements

The FBI's subsequent implementation actions were also opposed by the telecommunications industry. In March 1998, the FBI announced its estimated capacity requirements for local exchange, cellular, and broadband PCS.^[12] The industry protested the FBI's estimates, arguing that it would require telephone carriers to accommodate thousands of wiretaps simultaneously, an impractical and unnecessary burden. In July 1998, the FBI developed guidelines and procedures to facilitate small carrier compliance with its capacity requirements, and asked carriers to identify any systems or services that did not have the capacity to accommodate those requirements.

In December 1998, the FBI began a proceeding to develop capacity requirements for services other than local exchange, cellular, and broadband PCS, asked additional questions of interested parties in June 2000.^[13] These technologies and services included paging, mobile satellite services, specialized mobile radio, and enhanced specialized mobile radio.

FCC actions

As a result of petitions from the industry and the FBI, the FCC became involved in the implementation of CALEA. In October 1997, the FCC released its first Notice of Proposed Rule Making (NPRM) on CALEA implementation.^[14] The NPRM sought comments from interested parties regarding a set of policies and procedures proposed by the FCC for telecommunications carriers to follow.

The proposed procedures would (1) preclude the unlawful interception of communications, (2) ensure that authorized interceptions are performed, (3) maintain secure and adequate records of any interceptions, and (4) determine what entities should be subject to these requirements, whether the requirements are reasonable, and whether to grant extensions of time for compliance with the requirements.

In response to the NPRM, telecommunications carriers, privacy rights groups, and the FBI submitted comments to the FCC to attempt to influence the final decision. Then, in April 1998, the FCC released a Public Notice requesting comments on issues raised in those petitions concerning the dates that carriers were required to comply with CALEA and the dispute over the J-standard. Based on comments it received, the FCC extended the implementation deadline until June 30, 2000, stating that without a standard, the necessary equipment would not be available in time.^[15]

In October 1998, the FCC initiated a proceeding to review the technical capabilities prescribed by the J-standard.^[16] The goal of that proceeding was to determine whether telecommunications carriers should be required under CALEA to meet the FBI’s "punch list" items. The FCC addressed these issues in several documents released over the following year. In March 1999, the FCC's First Report and Order established the minimum capability requirements for telecommunications carriers to comply with CALEA.^[17] Telecommunications carriers were required to ensure that only lawful wiretaps occur on their premises and that the occurrence of wiretaps is not divulged to anyone other than authorized law enforcement personnel.

On August 2, 1999, the FCC decided to allow carriers to decide how long they would maintain their records of law enforcement’s wiretap, pen register, and trap and trace interceptions.^[18]

On August 31, 1999, the Second Report and Order established a definition for "telecommunications carrier" to include all common carriers, cable operators, electric and other utilities that offer telecommunications services to the public, commercial mobile radio services, and service resellers.^[19] The definition did not include Internet service providers (ISPs), which were explicitly excluded under the CALEA statute.

The FCC's Third Report and Order, released August 31, 1999, adopted technical requirements for wireline, cellular, and broadband PCS carriers to comply with CALEA requirements.^[20] The ruling adopted the J-standard, including the two capabilities that were opposed by the privacy rights groups (i.e., the ability to provide location information and packet-mode data to law enforcement). As described above, the FCC also adopted six of the punch list capabilities requested by the FBI to be implemented by telecommunications carriers. The Order required all aspects of the J-standard except for the packet-mode data collection capability to be implemented by June 30, 2000. The Order required carriers to comply with the packet-mode data capability and the six punch list capabilities by September 30, 2001.^[21] (The FCC ultimately extended the date by which all telecommunications carriers must have upgraded their systems to June 30, 2002.^[22])

On April 9, 2001, the FCC adopted its Second Order on Reconsideration,^[23] which clarified the arrangements telecommunications carriers must make to ensure that law enforcement agencies can contact them when necessary, and the interception activity that triggers a record-keeping requirement.

In September 2001, the FCC released a tandem Order^[24] and Public Notice^[25] on CALEA implementation. In the Order, the Commission extended until November 19, 2001, the deadline by which wireline, cellular, and broadband personal communications services (PCS) carriers must implement a packet-mode communications electronic surveillance capability, or to seek individual relief under section 107(c) of CALEA. The notice explained the petitioning process for telecommunications carriers seeking relief under section 107(c) for an extension of the new compliance deadline with respect to packet-mode communications, as well as other safe harbor standards.

Finally, on April 11, 2002, the FCC released an Order on Remand,^[26] which responded to a decision issued by the United States Court of Appeals for the District of Columbia Circuit^[27] vacating four of the punch list electronic surveillance capabilities mandated by the Third Report and Order in this proceeding. The FCC found that all of the capabilities were necessary and authorized by CALEA and had to be provided by wireline, cellular, and broadband PCS telecommunications carriers by June 30, 2002. The FCC also required that two additional punch list capabilities that were mandated by the Third Report and Order, but not reviewed by the Court of Appeals be provided by that same date.

The FCC granted preliminary extensions to requesting carriers with respect to punch list implementation that would expire on June 30, 2004. It granted preliminary extensions in connection with “packet” services that had been scheduled to expire on November 19, 2003, but that date was further extended to January 30, 2004.

Government activity Since 2004

The FBI and other law enforcement agencies, the FCC, and Congress are all concerned with CALEA-related issues, particularly with respect to packet-based services (i.e., voice over Internet Protocol VoIP) and "push-to-talk" services offered by wireless providers.

FBI activity

The FBI has remained active in promoting its positions related to its CALEA powers.

• Comments to the FCC’s Wireless Broadband Task Force Report. On April 22, 2005, the Department of Justice (DOJ) filed comments on the FCC's Wireless Broadband Task Force Report,^[28] requesting that the FCC "continue to preserve the vital national security and criminal law enforcement capabilities of CALEA as it develops a deregulatory framework for wireless broadband Internet access services."

• Notice of Information Collection Under Review. On April 13, 2005, the FBI published a 60-day Notice of Information Collection Under Review.^[29] The notice announced a CALEA Readiness Survey program, which seeks to evaluate the effectiveness of CIU programs for implementing CALEA solutions in the Public Switched Telephone Network.

• Petition for Declaratory Ruling. On March 10, 2004, the FBI, the DOJ, and the Drug Enforcement Administration (DEA) petitioned the FCC to identify additional telecommunications services not identified specifically within CALEA that should be subject to it.^[30] The services named in the FBI petition include some now considered beyond the scope of CALEA by many observers, including services that fall under the FCC’s definition of "information services" under the Communications Act of 1934. However, CALEA provides the FCC a broader framework to determine that a service is a "telecommunications service." The FCC ruled on this Petition on August 5, 2005.

• Inspector General Report. The FBI's Inspector General issued a report in April 2004 on CALEA implementation.^[31] In its report, the IG expressed concern over the cost estimates for obtaining CALEA compliance, which have varied widely. Industry has stated it believes estimates full compliance will cost approximately $1.3 billion; the FBI has estimated costs in the range of $500 million to $1 billion.

• Further, in December 2003, the FBI estimated that an additional $204 million would be necessary to complete deployment of CALEA. The IG stated in its report that it did not believe implementation costs could be determined with any degree of specificity, but that it was unlikely CALEA could be implemented with the $49.5 million that remains unobligated from current funding.

FCC activity

In response to law enforcement's petition and after considering the comments and replies from interested parties, the FCC released an NPRM and Declaratory Ruling on August 4, 2004.^[32] Additionally, the FCC issued two Orders in this matter.

• Declaratory Ruling. In the Declaratory Ruling accompanying the NPRM, the FCC clarified that commercial wireless "push-to-talk" services are subject to CALEA, regardless of the technologies that wireless providers choose to apply in offering them.

• First Report and Order. On August 5, 2005, the FCC ruled that providers of certain broadband and interconnected VoIP services must accommodate law enforcement wiretaps.^[33] The FCC found that these services can be considered replacements for conventional telecommunications services currently subject to wiretap rules, including circuit-switched voice service and dial-up Internet access. As such, the new services are covered by CALEA, which requires the FCC to preserve the ability of law enforcement to conduct wiretaps as technology evolves.

• • The rules are limited to facilities-based broadband Internet access service providers and VoIP providers that offer services permitting users to receive calls from, and place calls to, the public switched telephone network — these providers are called interconnected VoIP providers.
  • In making its ruling, the FCC found that the definition of “telecommunications carrier” in CALEA is broader than the definition of that term in the Communications Act and can, therefore, include providers of services that are not classified as telecommunications services under the Communications Act. CALEA contains a broader definition of telecommunications provider that authorizes the FCC to classify an entity as a telecommunications carrier if it finds that such service is a replacement for a substantial portion of the local telephone exchange.
  • The FCC established a deadline of 18 months from the effective date of the Order for providers to achieve full compliance and adopted a Further Notice of Proposed Rulemaking to seek more information about whether specific classes of facilities-based broadband Internet access providers should be exempt from CALEA (i.e., small and rural providers and providers of broadband networks for educational and research institutions).
  • A coalition of organizations^[34] filed a Petition for Review with the United States Court of Appeals for the District of Columbia Circuit on October 25, 2005.^[35] Specifically, the "petitioners seek relief from the Order on the grounds that it exceeds the Commission's statutory authority and is arbitrary, capricious, unsupported by substantial evidence, and contrary to law. Petitioners request that this Court vacate the Order and the Final Rules adopted therein and grant such other relief as may be appropriate."^[36]

• Second Report and Order. On May 3, 2006, the FCC issued its Second Report and Order, which addressed several issues regarding CALEA implementation.^[37] The Order:

• • Affirmed the May 14, 2007, CALEA compliance deadline for facilities-based broadband Internet access and interconnected VoIP services (as established by the First Report and Order) and clarifies that the date will apply to all such providers.
  • Explained that the FCC does not plan, at this time, to intervene in the standards-setting process in this matter.
  • Permitted telecommunications carriers the option of using Trusted Third Parties (TTPs) to assist in meeting their CALEA obligations.
  • Restricted the availability of compliance extensions to equipment, facilities, and services deployed prior to October 25, 1998.
  • Found that the Commission may, in addition to law enforcement remedies available through the courts, take separate enforcement action under section 229(a) of the Communications Act against carriers that fail to comply with CALEA.
  • Concluded that carriers are responsible for CALEA development and implementation costs for post-January 1, 1995, equipment and facilities, and declines to adopt a national surcharge to recover CALEA costs.
  • Required all carriers providing facilities-based broadband Internet access and interconnected VoIP service to submit interim reports to the FCC to ensure that they will be CALEA-compliant by May 14, 2007, and also requires all such providers to which CALEA obligations were applied in the First Report and Order to come into compliance with the system security requirements in the commission’s rules within 90 days of the effective date of this Second Report and Order.

• Court Challenge. In June 2006, the United States Court of Appeals for the District of Columbia Circuit affirmed the FCC's decision concluding that VoIP and facilities-based broadband Internet access providers have CALEA obligations similar to those of telephone companies.^[38]

Privacy challenges

The United States Telecom Association, the Cellular Telecommunications Industry Association, the Center for Democracy and Technology and several other privacy organizations challenged the FCC order in the United States Court of Appeals for the District of Columbia. The FCC and the Justice Department filed separate briefs defending the Commission’s action. The challengers questioned inclusion of the six of the law enforcement assistance capabilities which the FCC order insisted upon: two from the J-Standard (cellular antenna tower location information and packet-mode data)^[39] and four from the FBI’s punch list (dialed digit extraction, party hold/join/drop, subject-initiated dialing and signaling, and in-band out-of-band signaling).

On August 15, 2000, in United States Telecom Ass'n v. FCC,^[40] the court of appeals vacated the order and sent back to the FCC that portion of the Commission’s order dealing with the four challenged punish list items, but confirmed the FCC's authority with respect to digital packet mode data and the antenna tower location.

Application to Internet-based services

Since 2004, the FCC has considered a number of questions as to how to apply CALEA to new technologies, such as Voice over Internet Protocol (VoIP). In August 2005, in response to a March 2004 petition by a group of law enforcement agencies, the FCC released a Notice of Proposed Rulemaking and Declaratory Ruling which required providers of certain broadband and interconnected VoIP services to accommodate law enforcement wiretaps. The FCC found that these services could be considered replacements for conventional telecommunications services already subject to wiretap rules, including circuit-switched voice service and dial-up Internet access. The Order is limited to facilities-based broadband Internet service providers and VoIP providers that offer services that use the public switched telephone network ("interconnected VoIP providers").

In May 2006, the FCC addressed several outstanding issues regarding CALEA implementation. Among other clarifications, the FCC (1) affirmed its May 14, 2007 compliance deadline for facilities-based broadband Internet access and interconnected VoIP services, and clarified that the date applied to all such providers; (2) explained that the FCC does not plan to intervene in the standards-setting process in this matter; (3) permitted telecommunications carriers the option of using Trusted Third Parties to assist in meeting their CALEA obligations; (4) restricted the availability of compliance extensions to equipment, facilities, and services deployed prior to October 25, 1998; (5) found that the FCC may enforce action under section 229(a) of the Communications Act against carriers that fail to comply with CALEA; and (6) concluded that carriers are responsible for CALEA development and implementation costs for post-January 1, 1995, equipment and facilities, and declined to adopt a national surcharge to recover CALEA costs.

In June 2006, the United States Court of Appeals for the District of Columbia Circuit affirmed the FCC's decision concluding that VoIP and facilities-based broadband Internet access providers have CALEA obligations similar to those of telephone companies.

Application to cybersecurity

Some government and industry observers believe that CALEA should be revised to improve its effectiveness in addressing cybersecurity concerns. Among the concerns expressed are whether the Act is the best mechanism for collecting information transmitted via the Internet, whether reassessment is needed of which private-sector entities the Act covers and which government entities should be involved in enforcement and oversight, and what the role of industry should be in the development of the technologies and standards used to implement the provisions of the act.

References

1. CALEA was enacted "in response to concerns that emerging technologies such as digital and wireless communications were making it increasingly difficult for law enforcement agencies to execute authorized surveillance." Communications Assistance for Law Enforcement Act and Broadband Access and Services, First Report and Order and Further Notice of Proposed Rulemaking, 29 F.C.C.R. 14989, ¶4 (2005).
2. Privacy rights groups involved in the CALEA debate include the Electronic Privacy Information Center, the Electronic Frontier Foundation, advocacy groups which both support on-line privacy rights of individuals, the Center for Democracy and Technology, which also advocates electronic privacy (and is funded primarily by the telecommunications, computer, and media industries), and the American Civil Liberties Union (ACLU), which represents a broad array of civil rights based on the First and Fourth Amendments.
3. Id.
4. The standards must (1) meet the assistance capability requirements by cost-effective methods; (2) protect the privacy and security of communications not authorized to be intercepted; (3) minimize the cost of such compliance on residential ratepayers; (4) serve the policy of the United States to encourage provision of new technologies and services; and (5) provide reasonable time and conditions for compliance with, and transition to, the new standard. 47 U.S.C. §1006.
5. The punch list consists of the ability to capture: "1) Content of subject-initiated conference calls . . . .2) Party hold, join, drop — Messages would be sent to law enforcement that identify the active parties of a call. Specifically, on a conference call, those messages would indicate whether a party is on hold, has joined or has been dropped from the conference call. 3) Subject-initiated dialing and signaling information . . . . 4) In-band and out-of-band signaling (notification message) — A message would be sent to [law enforcement officers] whenever a subject’s service sends a tone or other network message to the subject or association (e.g., notification that a line is ringing or busy). 5) Timing information — Information necessary to correlate call-identifying information with the call content of a communications interception . . . . 6) Surveillance status — a message that would verify that an interception is still functioning . . . . 7) Continuity check tone (c-tone) — An electronic signal that would alter [law enforcement officials] if the facility used for delivery of call content interception has failed or lost continuity. 8) Feature status — A message would affirmatively notify [law enforcement officials] of any changes in features to which a subject subscribes. 9) Dialed digit extraction — Information sent to [law enforcement officials] would include those digits dialed by a subject after initial call setup is completed," In re Communications Assistance for Law Enforcement Act, 14 F.C.C.R. 16794, 16798-99 (1999).
6. In re Matter of Communications Assistance for Law Enforcement Act. 14 F.C.C.R. 16794 (1999).
7. 42 U.S.C. §1002(b)(1).
8. Id. §1002(b)(3).
9. The “punch list” was named as such by the telecommunications industry, which believed the FBI was improperly forcing industry to comply with the FBI's requirements.
10. The additional capabilities originally requested by the FBI that were not included were: standardized delivery interface; separated delivery, surveillance status; continuity check tone (c-tone); and feature status.
11. FCC, Further Notice of Proposed Rulemaking, 63 Fed. Reg. 63639 (Nov. 16, 1998).
12. FBI, Final Notice of Capacity, 63 Fed. Reg. 63 (Mar. 12, 1998).
13. FBI Notice of Inquiry, 63 Fed. Reg. 70160 (Dec. 18, 1998); FBI Further Notice of Inquiry, 65 Fed. Reg. 40694 (June 30, 2000).
14. FCC, Notice of Proposed Rulemaking, CC Docket No. 97-213, FCC Record 97-356 (Oct. 10, 1997).
15. FCC Memorandum Opinion and Order in the Matter of Petition for the Extension of the Compliance Date under Section 107 of CALEA (Sept. 11, 1998).
16. FCC Proposes Rules to Meet Technical Requirements of CALEA, Report No. ET 98-8, FCC News, Oct. 22, 1998.
17. FCC 99-11, Report and Order CC Docket No. 97-213 (Mar. 15, 1999).
18. FCC 99-184, Order on Reconsideration, CC Docket No. 97-213 (Aug. 2, 1999).
19. FCC 99-229, Second Report and Order, CC Docket No. 97-213 (Aug. 31, 1999).
20. FCC 99-230, Third Report and Order, CC Docket No. 97-213 (Aug. 31, 1999).
21. "FCC Sides with FBI on Tapping," Wired News, Aug. 27, 1999 (full-text).
22. FCC Pubic Notice DA 02-270 (Mar. 26, 2002).
23. FCC, Second Order on Reconsideration, CC Docket No. 97-213, 66 Fed. Reg. 22446 (May 4, 2001).
24. FCC, Order, CC Docket No. 97-213, 66 Fed Reg. 50841 (Oct. 5, 2001).
25. FCC Public Notice DA 01-2243 (Sept. 28, 2001).
26. Order on Remand, CC Docket No. 97-213, 67 Fed. Reg. 21999 (May 2, 2002).
27. See United States Telecom. Ass'n v. Federal Comms. Comm'n, 227 F.3d 450 (D.C. Cir. 2000) (full-text).
28. GN Docket No. 04-163. Additional information on this topic is available here.
29. 70 Fed. Reg. 19503 (2005) (full-text).
30. Joint Petition for Expedited Rulemaking of United States Department of Justice, Federal Bureau of Investigation, and Drug Enforcement Administration, RM-10865, March 10, 2004.
31. U.S. Department of Justice, Office of the Inspector General, “Implementation of the Communications Assistance for Law Enforcement Act by the Federal Bureau of Investigation” (Apr. 7, 2004) ([1] full-text).
32. In the Matter of Communications Assistance for Law Enforcement Act and Broadband Access and Services, Notice of Proposed Rulemaking and Declaratory Ruling, FCC 04-187, ET Docket 04-295, RM-10865, adopted August 4, 2004, released August 9, 2004 (full-text). See also 69 Fed. Reg. 56976.
33. In the Matter of Communications Assistance for Law Enforcement Act and Broadband Access and Services, First Report and Order and Further Notice of Proposed Rulemaking, FCC 05-153, ET Docket 04-295, RM-10865, adopted August 5, 2005, released September 23, 2005 (full-text).
34. The coalition was composed of CompTel, American Library Association, Association of Research Libraries, Center for Democracy & Technology, Electronic Frontier Foundation, Electronic Privacy Information Center, Pulver.com, and Sun Microsystems.
35. Petition, No. 05-1408 (Oct. 25, 2005) (full-text).
36. Id.
37. In the Matter of Communications Assistance for Law Enforcement Act and Broadband Access and Services, Second Report and Order and Memorandum Opinion and Order, FCC 06-56, ET Docket 04-295 (May 3, 2006) (full-text).
38. American Council on Education v. FCC, No. 05-1404 (Consolidated with 05-1408, 05-1438, 05-1451, 05-1453) (June 9, 2006) (full-text).
39. In digital switching, a communication is broken into a number of digital packets, each traveling independently. Data packets are reassembled at their final destination. Each packet contains two components: a portion of the communications message and an address. The address information appears in the packet header. The message within the packet is known as the "body" or "payload." The J-Standard requires that carriers make available both header and payload data. The petitioners claimed that packet headers (communication-identifying information) cannot be separated from bodies (communications content), and that any packet mode data made available to law enforcement pursuant to a pen register order would include some call content, thereby violating CALEA's privacy protections. The antenna tower location information capability requires carries to make available the physical location of the antenna tower that a mobile phone uses to connect at the beginning and end of a call.
40. 227 F.3d 450 (D.C. Cir. 2000) (full-text).

Sources

• Digital Surveillance: The Communications Assistance for Law Enforcement Act, at 3-4.
• "Application to cybersecurity" section: Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions, at 26-27.

See also

• Global LI Industry Forum (GLIIF)

External resources

• CALEA Q&A
• Cybertelecom: CALEA Information
• Digital Surveillance: The Communications Assistance for Law Enforcement Act and FBI Internet Monitoring.
• FBI CALEA Website
• FCC CALEA Home page
• EFF CALEA page
• OpenCALEA (Open-source CALEA suite)
• RFC 3924 - Cisco Architecture for Lawful Intercept in IP Networks
• White Paper on Lawful Interception of IP Networks