The Communications Assistance for Law Enforcement Act of 1994 (CALEA)
Who Implements CALEA?
Common carriers, facilities-based broadband Internet access providers, and providers of interconnected VoIP service – all three types of entities are defined to be “telecommunications carriers” for purposes of CALEA – are covered. In 2006 the D.C. Federal Court of Appeals affirmed the FCC’s decision that broadband Internet access and voice over Internet protocol (VoIP) services are regulable as "telecommunications carriers" under CALEA (Am. Council on Educ. v. FCC, 451 F.3d 226 (D.C. Cir. 2006)).
Industry is basically responsible for setting CALEA standards and solutions. Unless a party files a special petition pursuant to CALEA § 107(b), the Commission does not get formally involved with the compliance standards development process. CALEA does not provide for FCC review of manufacturer-developed solutions. Entities subject to CALEA are responsible for reviewing the FCC’s regulations and analyzing how this regulation applies per their specific network architecture.
How Is CALEA Compliance Achieved?CALEA requires that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities. A telecommunications carrier may comply with CALEA either by:
- developing its own compliance solution for its network;
- purchasing a compliance solution from vendors; or
- purchasing a compliance solution from a trusted third party (TPP).
Section 107 of CALEA provides that a carrier will be deemed to comply with the assistance capability requirements if it complies with “publicly available technical requirements or standards adopted by an industry association or standard-setting organization.” Any person may petition the Commission to modify such standards (or, in their absence, to establish standards). In such cases, section 107(b)(5) directs the Commission to “provide a reasonable time and conditions for compliance with and the transition to any new standard.”
Under CALEA, a court order is required for law enforcement officials to wiretap and eavesdrop on phone conversations and to intercept electronic communications. Such a court order is obtainable only with a showing that there is probable cause to believe that a crime is being committed, that communications about the crime will be intercepted and that the equipment being tapped is used by the suspect in connection with the crime.
How is Government Regulation Limited by CALEA?When Congress enacted CALEA, it included clear limitations on future regulation. CALEA denies law enforcement the authority to require any specific design of equipment, facilities, services, features or system configurations to be adopted, or to prohibit the adoption of any equipment, facility, service or feature by any provider of wire or electronic communications services. CALEA mandates that any FCC-imposed requirements must serve the policy of the United States to encourage the provision of new technologies and services to the public.
Why are CALEA Standards Effective?Over-regulation can stifle innovation. The open and voluntary nature of the multistakeholder process used to develop CALEA standards ensures inclusiveness of all stakeholders in the process. The unique architecture of the Internet lends it to particular vulnerabilities regarding the innovative nature of the Internet. In addition, the proposed expansion of CALEA also raises free speech and privacy issues. Imposing a specific technology design or solution would limit technological innovation by industry and would not be consistent with the Congressional intent of CALEA.
It is in the nation’s best interest to facilitate innovation. Any requirement of governmental approval of communications technology or applications before deployment could give foreign competitors an advantage over U.S. companies. The unique architecture of the Internet lends it to particular vulnerabilities national security concerns.
Broad technical mandates undermine cybersecurity goals. Architecting communications technologies to facilitate surveillance can make them less secure, and can produce backdoors easily exploited by foreign governments, hackers and identity thieves. Broad requirements or restrictions could introduce vulnerabilities or weaken the protection afforded by encryption and related security technologies.
CALEA standards help preserve consumer trust that mandates could threaten. Consumers and businesses trust in the confidentiality of Internet communications, and this characteristic is essential to online commerce, privacy, and free speech. Changes to products and services that could undermine users’ trust in the privacy and security of their communications should be avoided.
TIA CALEA-Related Filings
- TIA Comments to the FCC in Response to its Public Notice on CALEA Technical Capabilities (11/16/00)
- TIA Report to the FCC Concerning CALEA and Packet-Data Technologies (11/16/00)
- TIA Comments to the FCC on the Petition to Extend the Compliance Deadline for CALEA (9/15/00)
- TIA Comments to the Federal Bureau of Investigation (FBI) on Developing Law Enforcement’s Capacity Requirements for Services Other than Local Exchange, Cellular and Broadband Personal Communications Services (PCS) (2/16/99)
- TIA Reply Comments to the FCC's Further Notice of Proposed Rulemaking Regarding the Implementation of CALEA (1/27/99)
- TIA Reply Comments to the FCC in Response to Sections 107 and 109 Peititions for Rulemaking (6/12/98)
- TIA Comments to the FCC Regarding the Joint Petition for Extension of the CALEA Compliance Date (5/20/98)
- TIA Reply Comments to the FCC on the Proposed Industry-Wide Extension of the CALEA Compliance Deadline (5/15/98)
- TIA Files Comments to the FCC on the Proposed Industry-Wide Extension of the CALEA Compliance Deadline (5/8/98)