The Communications Assistance for Law Enforcement Act of 1994 (CALEA)

Congress enacted the Communications Assistance for Law Enforcement Act of 1994 (Pub. L. No. 103-414) to facilitate lawful interception of electronic communications. CALEA was intended to preserve the ability of law enforcement officials to conduct electronic surveillance effectively and efficiently in the face of rapid advances in telecommunications technology. CALEA mandates technical capabilities for covered entities in order to align the government’s legal authority and actual ability to intercept communications.

 

TIA and the Alliance for Telecommunications Industry Solutions (ATIS) developed its voluntary, consensus-based lawful interception standard, J-STD-025, through collaboration with telecommunications equipment manufacturers, service providers, government agencies, academic institutions, and end-users (available here).

How Is CALEA Compliance Achieved?

CALEA requires that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities. A telecommunications carrier may comply with CALEA either by:

• developing its own compliance solution for its network;
• purchasing a compliance solution from vendors; or
• purchasing a compliance solution from a trusted third party (TPP).

Section 107 of CALEA provides that a carrier will be deemed to comply with the assistance capability requirements if it complies with “publicly available technical requirements or standards adopted by an industry association or standard-setting organization.” Any person may petition the Commission to modify such standards (or, in their absence, to establish standards). In such cases, section 107(b)(5) directs the Commission to “provide a reasonable time and conditions for compliance with and the transition to any new standard.”

Under CALEA, a court order is required for law enforcement officials to wiretap and eavesdrop on phone conversations and to intercept electronic communications. Such a court order is obtainable only with a showing that there is probable cause to believe that a crime is being committed, that communications about the crime will be intercepted and that the equipment being tapped is used by the suspect in connection with the crime.

How is Government Regulation Limited by CALEA?

When Congress enacted CALEA, it included clear limitations on future regulation. CALEA denies law enforcement the authority to require any specific design of equipment, facilities, services, features or system configurations to be adopted, or to prohibit the adoption of any equipment, facility, service or feature by any provider of wire or electronic communications services. CALEA mandates that any FCC-imposed requirements must serve the policy of the United States to encourage the provision of new technologies and services to the public.

Why are CALEA Standards Effective?

Over-regulation can stifle innovation. The open and voluntary nature of the multistakeholder process used to develop CALEA standards ensures inclusiveness of all stakeholders in the process. The unique architecture of the Internet lends it to particular vulnerabilities regarding the innovative nature of the Internet. In addition, the proposed expansion of CALEA also raises free speech and privacy issues. Imposing a specific technology design or solution would limit technological innovation by industry and would not be consistent with the Congressional intent of CALEA.

It is in the nation’s best interest to facilitate innovation. Any requirement of governmental approval of communications technology or applications before deployment could give foreign competitors an advantage over U.S. companies. The unique architecture of the Internet lends it to particular vulnerabilities national security concerns.

Broad technical mandates undermine cybersecurity goals. Architecting communications technologies to facilitate surveillance can make them less secure, and can produce backdoors easily exploited by foreign governments, hackers and identity thieves. Broad requirements or restrictions could introduce vulnerabilities or weaken the protection afforded by encryption and related security technologies.

CALEA standards help preserve consumer trust that mandates could threaten. Consumers and businesses trust in the confidentiality of Internet communications, and this characteristic is essential to online commerce, privacy, and free speech. Changes to products and services that could undermine users’ trust in the privacy and security of their communications should be avoided.

 

TIA is continually working to develop a series of standards to provide law enforcement with the capabilities mandated by CALEA. Meanwhile, the FCC continues to examine the scope of CALEA with guidance from its congressional directive to preserve government's ability to intercept communications involving advanced technologies; protect the privacy of communications; and implement CALEA in a manner that does not impede the introduction of new technologies, features and services. TIA’s persistent advocacy of a manageable implementation of CALEA, led by industry standards efforts, has acted as a counterweight to law enforcement requests for capabilities beyond what is required under current law.  These issues continue to persist as new technologies are introduced into the marketplace and others remain in development.