Communications Assistance for Law Enforcement Act

From Wikipedia, the free encyclopedia

The Communications Assistance for Law Enforcement Act (CALEA) is a United States wiretapping law passed in 1994 (Pub. L. No. 103-414, 108 Stat. 4279, codified at 47 USC 1001-1010). In its own words, the purpose of CALEA is:

To amend title 18, United States Code, to make clear a telecommunications carrier's duty to cooperate in the interception of communications for Law Enforcement purposes, and for other purposes.

CALEA was intended to preserve the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities. Common carriers, facilities-based broadband Internet access providers, and providers of interconnected Voice over Internet Protocol (VoIP) service – all three types of entities are defined to be “telecommunications carriers” for purposes of CALEA section 102. The driving force in adopting CALEA was the FBI's worry that increasing use of digital telephone exchange switches would make tapping phones at the phone company's central office harder and slower to execute, or in some cases impossible. Since the original requirement to add CALEA-compliant interfaces required phone companies to modify or replace hardware and software in their systems, U.S. Congress included funding for a limited time period to cover such network upgrades. CALEA was passed on October 25, 1994 and came into force on January 1, 1995.

Contents 1 Provisions of CALEA 2 VoIP implications 3 See also 4 Further reading

[edit] Provisions of CALEA

The U.S. Congress passed the CALEA to aid law enforcement in its effort to conduct criminal investigations requiring wiretapping of digital telephone networks. The Act obliges telephone companies to make it possible for law enforcement agencies to tap any phone conversations carried out over its networks, as well as making call detail records available. The act also stipulates that it must not be possible for a person to detect that his or her conversation is being monitored by the respective government agency. Finally, the CALEA Implementation Unit at the FBI has clarified that: while buffering may be necessary to ensure successful transport, this buffering is envisioned as only lasting long enough to determine that the transmission was successful. Intercepted information is supposed to be sent to Law Enforcement concurrently with its capture, but the storing of the intercept on a CALEA device or hardware may not be legal.

On March 10, 2004, the DOJ, FBI and DEA filed a "Joint Petition for Expedited Rulemaking" in which they requested certain steps to accelerate CALEA compliance. This petition mainly involved extending the provisions of CALEA to include communications that travel over the internet. This resulted in the FCC issuing a notice of proposed rulemaking entitled "In the Matter of Communications Assistance for Law Enforcement Act and Broadband Access and Services" (FCC 04-187, 2004 WL 1774542) on August 9, 2004. The FCC received public comment and, in August 2005, adopted a "First Report and Order" concluding that CALEA applies to facilities-based broadband Internet access providers and providers of interconnected (with the PSTN network) Voice-over-Internet-Protocol (VoIP) services. The First Report and Order also sought public comment on whether other (non-interconnected) types of VoIP services should be covered by CALEA and on how the Commission should consider granting exemptions from CALEA's requirements. In May 2006, the FCC adopted a "Second Report and Order", which clarified and affirmed the First Order:

• The CALEA compliance deadline remains May 14, 2007, and applies equally to all facilities-based broadband access providers and interconnected VoIP service providers, with restricted availability of compliance extensions.
• Carriers are permitted to meet their CALEA obligations through the services of “Trusted Third Parties (TTP)” including processing requests for intercepts, conducting electronic surveillance, and delivering information to LEAs. However, carriers remain responsible for ensuring the timely delivery of information to the LEA and protecting subscriber privacy, as required by CALEA.
• Carriers are responsible for CALEA development and implementation costs, and may not recover these costs through a national surcharge.
• Service providers to whom CALEA obligations were applied in the First Order must comply with the system security requirements of the First Order by within 90 days of the effective date of the Second Order.

Section 107 of the Communications Assistance for Law Enforcement Act (CALEA) states: “a telecommunications carrier shall be found to be in compliance with the assistance capability requirements under Section 103, and a manufacturer of telecommunication transmission or switching equipment or a provider of telecommunication support services shall be found in compliance with Section 106, if the carrier, manufacturer, or support service provider is in compliance with publicly available technical requirements or standards adopted by an industry association or standard-setting organization, or by the Commission under subsection (b), to meet the requirements of section 103.”

[edit] VoIP implications

The Internet Engineering Task Force in 2000 decided not to consider requirements for wiretapping as part of the process for creating and maintaining IETF standards (RFC 2804). The Information Technology Association of America (ITAA) presented a June 2006 paper authored by Vinton Cerf, Whitfield Diffie, among others which discusses the implications of applying CALEA to VoIP. In their opinion: In order to extend authorized interception much beyond the easy scenario, it is necessary either to eliminate the flexibility that Internet communications allow, or else introduce serious security risks to domestic VoIP implementations. The former would have significant negative effects on U.S. ability to innovate, while the latter is simply dangerous. The current FBI and FCC direction on CALEA applied to VoIP carries great risks.

The FCC’s First Report and Order, issued in September 2005, ruled that providers of broadband Internet access and interconnected VoIP services are regulable as “telecommunications carriers” under CALEA. That order was affirmed and further clarified by the Second Report and Order, dated May 2006. In that same month, on May 5, 2006, a group of higher education and library organizations led by the American Council on Education (ACE) challenged that ruling, arguing that the FCC’s interpretation of CALEA was unconstitutional under the Fourth Amendment. However, on June 9, 2006, the D.C. Circuit Court disagreed and summarily denied the petition (American Council on Education vs. FCC, United States Court of Appeals for the District of Columbia Circuit, Decision 05-1404, June 9, 2006).

[edit] See also

• Authorization for Use of Military Force Against Terrorists
• Lawful interception
• Mass surveillance
• Secrecy of correspondence
• Secure communication

[edit] Further reading

• White Paper on Lawful Interception of IP Networks
• Communications Assistance for Law Enforcement Act of 1994
• FCC CALEA Home page
• FBI CALEA website
• EFF CALEA page
• Digital Surveillance: The Communications Assistance for Law Enforcement Act, Congressional Research Service, June 8, 2007
• RFC 3924 - Cisco Architecture for Lawful Intercept in IP Networks
• Global Lawful Intercept Industry Forum (GLIIF)
• CALEA for Broadband? The Critics Are Unanimous :: Lasar's Letter on the Federal Communications Commission
• Law enforcement groups have been lobbying for years for FCC Internet wiretapping plan :: Lasar's Letter on the Federal Communications Commission
• Cybertelecom :: CALEA Information
• OpenCALEA open-source CALEA suite
• Guide to lawful intercept legislation around the world
• CableLabs Cable Broadband Intercept Specification