6 November 1998
Source:
http://www.fcc.gov/Bureaus/Common_Carrier/Notices/1998/fcc98282.wp
(374K)
See related press release.
Federal Communications Commission FCC 98-282
| In the Matter of: Communications Assistance for Law Enforcement Act |
) ) ) ) |
CC Docket No. 97-213 |
Adopted: October 22, 1998 ; Released: November 5, 1998
Comment Date: December 14, 1998
Reply Comment Date: January 13, 1999
By the Commission: Commissioner Furchtgott-Roth issuing a
statement.
A. CALEA Assistance Capability Requirements
A. Authority and ApproachB. Industry Interim Standard J-STD-025
C. Particular Capabilities of J-STD-025 Opposed by CDT
1. Location information
2. Packet-Mode1. General Comments
2. Content of subject-initiated conference calls
3. Party hold, join, drop on conference calls
4. Subject-initiated dialing and signaling information
5. In-band and out-of-band signaling
6. Timing information
7. Surveillance status
8. Continuity check tone
9. Feature status
10. Dialed digit extraction
A. Scope of Proceeding
VI. APPENDIX OF COMMENTING PARTIES
1. In this Further Notice of Proposed Rulemaking
(Further NPRM), we address alleged deficiencies in industry-developed technical
requirements for wireline, cellular, and broadband Personal Communications
Services (PCS) carriers to comply with the assistance capability requirements
prescribed by the Communications Assistance for Law Enforcement Act of 1994
(CALEA, or the Act).(1) Industry developed
these technical requirements in an attempt to satisfy the "safe harbor" provision
of the Act, which permits telecommunications carriers to be found in compliance
with CALEA if carriers comply with publicly available technical requirements
adopted by an industry association or standard-setting organization, or by
the Commission.(2) The Act authorizes the
Commission to establish, by rule, technical requirements or standards that
meet the assistance capability requirements, if industry or standards-setting
organizations have failed to set such standards, or if any party believes
that an industry standard is deficient.(3)
To date, the Commission has received four petitions for rulemaking asking
us to establish such requirements or standards pursuant to our statutory
authority under the Act.(4) In addition, in
response to a Public Notice the Commission's Wireless Telecommunications
Bureau and Office of Engineering and Technology released on April 20, 1998,
we have received numerous comments disputing whether certain specific technical
requirements are necessary to comply with
CALEA.(5)
2. In light of petitioners' claims that the interim standard
adopted by industry(6) is deficient with regard
to particular technical requirements it currently includes, this Further
NPRM analyzes those specific requirements and reaches tentative conclusions
regarding which of them are required by CALEA. The Further NPRM also seeks
comment on a range of issues associated with the Commission's obligations
under the Act. In addition, we seek comment on what role, if any, we can
or should play in assisting telecommunications carriers other than wireline,
cellular, and broadband PCS carriers to set standards for, or to achieve
compliance with, CALEA's requirements.(7)
3. Since 1970, telecommunications carriers have been required
to cooperate with law enforcement agencies in conducting electronic
surveillance.(8) Recent advances in technology,
however, most notably the introduction of digital transmission and processing
techniques and the proliferation of wireless services, have hampered the
law enforcement community's ability to conduct lawfully authorized surveillance.
CALEA was enacted in 1994 to address such problems, and to ensure that law
enforcement surveillance efforts would not be unintentionally thwarted by
the development and deployment of new telecommunications technologies and
services.(9) At the same time, however, Congress
recognized the need to protect privacy interests within the context of
court-authorized electronic surveillance. In defining the terms and requirements
of the Act, therefore, Congress sought to balance three important policies:
"(1) to preserve a narrowly focused capability for law enforcement agencies
to carry out properly authorized intercepts; (2) to protect privacy in the
face of increasingly powerful and personally revealing technologies; and
(3) to avoid impeding the development of new communications services and
technologies."(10) Based on these considerations,
Congress envisioned that the requirements of CALEA would serve as "both a
floor and a ceiling," defining the minimum capabilities that should be provided
to law enforcement, while also establishing limits as to what can be
provided.(11)
4. CALEA directs carriers to ensure that their equipment,
facilities, and services are capable of meeting certain requirements to assist
law enforcement in carrying out lawfully authorized electronic surveillance.
To accomplish this, the Act sets out general assistance capability requirements
that telecommunications carriers must meet, and defines the obligations of
the industry, the law enforcement community, and the Commission in developing
the technical requirements or standards necessary to meet these requirements.
To date, industry and the law enforcement community, although they have reached
agreement on many issues, disagree on whether certain specific features and/or
technical requirements must be provided by carriers to comply with the Act's
assistance capability requirements. Consequently, as authorized by the Act,
representatives of industry, law enforcement, and the privacy community have
petitioned the Commission to establish such technical requirements or standards.
In this Further NPRM, therefore, we consider whether certain specific technical
requirements are necessary for wireline, cellular and broadband PCS
carriers(12) to meet CALEA's assistance
capability requirements.(13) Below we discuss
the relevant provisions of the Act.
5. The basic requirements for meeting CALEA's mandates are contained in Section 103, which establishes four general "assistance capability requirements" that carriers must meet to achieve compliance. Specifically, Section 103 requires a telecommunications carrier(14) to:
(a) [E]nsure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable of--(1) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities, or services of a subscriber of such carrier concurrently with their transmission to or from the subscriber's equipment, facility, or service, or at such later time as may be acceptable to the government;(2) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to access call-identifying information that is reasonably available to the carrier--
(A) before, during, or immediately after the transmission of a wire or electronic communication (or at such later time as may be acceptable to the government); and(B) in a manner that allows it to be associated with the communication to which it pertains, except that, with regard to information acquired solely pursuant to the authority for pen registers and trap and trace devices (as defined in section 3127 of title 18, United States Code),(15) such call-identifying information shall not include any information that may disclose the physical location of the subscriber (except to the extent that the location may be determined from the telephone number);
(3) delivering intercepted communications and call-identifying information to the government, pursuant to a court order or other lawful authorization, in a format such that they may be transmitted by means of equipment, facilities, or services procured by the government to a location other than the premises of the carrier; and
(4) facilitating authorized communications interceptions and access to call-identifying information unobtrusively and with a minimum of interference with any subscriber's telecommunications service and in a manner that protects--
(A) the privacy and security of communications and call-identifying information not authorized to be intercepted; and(B) information regarding the government's interception of communications and access to call-identifying information.(16)
6. CALEA does not specify how these four assistance capability
requirements are to be met. Rather, it states only that telecommunications
carriers, in consultation with manufacturers and telecommunications support
service providers, must ensure that the carriers' equipment, facilities,
and services comply with the
requirements.(17) Manufacturers and
telecommunications support service providers are subject to a "cooperation"
requirement, i.e., they are required to make available to carriers
the features and modifications necessary for carriers to comply with the
requirements "on a reasonably timely basis and at a reasonable
charge."(18) Additionally, the Attorney General
of the United States must consult with appropriate industry associations
and standards-setting organizations; with representatives of users of
telecommunications equipment, facilities, and services; and with state utility
commissions "to ensure the efficient and industry-wide implementation of
the assistance capability
requirements."(19)
7. Section 107(a)(2) of CALEA contains a "safe harbor"
provision, stating that "[a] telecommunications carrier shall be found to
be in compliance with the assistance capability requirements under Section
103, and a manufacturer of telecommunications transmission or switching equipment
or a provider of telecommunications support services shall be found to be
in compliance with section 106, if the carrier, manufacturer, or support
service provider is in compliance with publicly available technical requirements
or standards adopted by an industry association or standard-setting organization,
or by the Commission under subsection (b), to meet the requirements of Section
103."(20) Thus, the Act envisions that an
industry association or a standards-setting organization would set applicable
standards. Individual carriers, however, are free to choose any technical
solution that meets the assistance capability requirements of CALEA, whether
based on an industry standard or not. Carriers, therefore, have some degree
of flexibility in deciding how they will comply with CALEA's Section 103
requirements. CALEA specifically states, however, that the absence of industry
standards does not relieve a carrier of its obligation to comply with the
assistance capability requirements.(21)
8. In addition to the safe harbor provision, section 107
also defines certain Commission responsibilities under the Act. Specifically,
upon petition, section 107(b) authorizes the Commission to establish, by
rule, technical requirements or standards necessary for implementing Section
103.(22) Section 107(b) provides that a petition
may be filed with the Commission (1) if industry associations or standard-setting
organizations fail to issue technical requirements or standards, or (2) if
a government agency or any other person believes that requirements or standards
that were issued are deficient.
9. Section 107(b) specifies five factors that the Commission must consider as part of its efforts to establish technical requirements or standards to meet the assistance capability requirements of Section 103. Such technical requirements or standards must:
meet the assistance capability requirements of Section 103 by cost-effective methods; protect the privacy and security of communications not authorized to be intercepted;minimize the cost of such compliance on residential ratepayers;
serve the policy of the United States to encourage the provision of new technologies and services to the public; and
provide a reasonable time and conditions for compliance with and the transition to any new standard, including defining the obligations of telecommunications carriers under Section 103 during any transition period.(23)
10. Section 107(c) authorizes the Commission to extend the
compliance date for telecommunications carriers' equipment, facilities, and
services. On September 11, 1998, the Commission exercised its authority under
section 107(c) by extending the deadline for compliance with Section 103
requirements from October 25, 1998 to June 30,
2000.(24) This extension applies to all
telecommunications carriers proposing to install or deploy, or having installed
or deployed, any equipment, facility or service prior to the effective date
of Section 103, for that part of the carrier's business on which the new
equipment, facility or service is
used.(25)
11. Since early 1995, Subcommittee TR45.2 of the
Telecommunications Industry Association (TIA) has been working to develop
an industry standard that would satisfy the assistance capability requirements
of Section 103 for wireline, cellular, and broadband PCS
carriers.(26) The standards-setting effort
has included participation by industry and law enforcement. In 1996, the
Subcommittee received from the Federal Bureau of Investigation (FBI) a document
known as the Electronic Surveillance Interface (ESI). The ESI was law
enforcement's recommendation for the logical and physical interfaces between
a wireline, cellular, or broadband PCS carrier's network and a law enforcement
agency's electronic surveillance collection facility. The ESI was developed
at the request of industry to describe law enforcement's vision and
recommendations for the interface. The ESI defined the requirements for the
delivery of both call content and call-identifying information to a law
enforcement agency (LEA).
12. By the spring of 1997, TIA developed a final draft of
a proposed CALEA industry standard. The draft standard defined services and
features to support lawfully authorized electronic surveillance and the
interfaces to deliver authorized intercepted communications and call-identifying
information to a LEA. Specifically, the draft standard defined the intercept
function in terms of five broad categories: access, delivery, service provider
administration, collection, and law enforcement
administration.(27) This standard was submitted
for balloting to all participants in the standards-setting process under
procedures of the American National Standards Institute
(ANSI).(28) The law enforcement community
unanimously opposed adoption of this standard, and it was voted down. The
FBI, on behalf of this community, attached a lengthy critique of the draft
standard to its ballot, including specific recommendations for
changes.(29)
13. The FBI's objections to the draft standard centered around a list of technical capabilities that it contended are necessary to meet CALEA's requirements, but that were not included in the industry interim standard. The FBI's list, which has come to be known as the "punch list," originally contained 11 items, and now contains nine items.(30) Specifically, the FBI's punch list identifies the following capabilities it believes must be provided under CALEA:(31)
1) Content of subject-initiated conference calls -- Would enable law enforcement to access the content of conference calls supported by the subject's service (including the call content of parties on hold).(32)2) Party hold, join, drop -- Messages would be sent to law enforcement that identify the active parties of a call. Specifically, on a conference call, these messages would indicate whether a party is on hold, has joined or has been dropped from the conference call.
3) Subject-initiated dialing and signaling information -- Access to all dialing and signaling information available from the subject would inform law enforcement of a subject's use of features (such as the use of flash-hook and other feature keys).
4) In-band and out-of- band signaling (notification message) -- A message would be sent to law enforcement whenever a subject's service sends a tone or other network message to the subject or associate (e.g., notification that a line is ringing or busy).
5) Timing information -- Information necessary to correlate call-identifying information with the call content of a communications interception.(33)
6) Surveillance status -- Message that would verify that an interception is still functioning on the appropriate subject.
7) Continuity check tone (c-tone) -- Electronic signal that would alert law enforcement if the facility used for delivery of call content interception has failed or lost continuity.
8) Feature status -- Would affirmatively notify law enforcement of any changes in features to which a subject subscribes.
9) Dialed digit extraction(34) -- Information would include those digits dialed by a subject after the initial call setup is completed.
14. After the close of balloting, Subcommittee TR45.2 held
a number of meetings and made changes to the draft industry standard, including
a number of changes recommended by the FBI. However, based on the concerns
discussed below, none of the FBI punch list items were added to the industry
standard. The Subcommittee recommended that the revised standard be considered
as a joint TIA/Committee T1 Interim Standard and reballoted under TIA procedures
rather than ANSI's.(35) An interim standard,
however, is valid for a period of only three years and is considered by ANSI
as a "trial use." TIA adopted the recommendations, and the revised draft
standard was submitted for voting in the fall of 1997. Because no law enforcement
agencies are members of the TIA or Committee T1, however, only industry entities
were eligible to cast ballots.
15. The industry unanimously approved the draft standard
as fulfilling the requirements mandated by CALEA. In December 1997, the TIA
and Committee T1, sponsored by the Alliance for Telecommunications Industry
Solutions, announced the joint publication of interim standard J-STD-025,
Lawfully Authorized Electronic Surveillance (J-STD-025, interim
standard, or industry interim standard). This standard defines services and
features required to support lawfully authorized electronic surveillance
and specifies interfaces necessary to deliver intercepted communications
and call-identifying information to a LEA. TIA stated that compliance with
J-STD-025 satisfies the "safe harbor" provisions of CALEA.
16. In July 1997, before the industry interim standard was
released, the Cellular Telecommunications Industry Association (CTIA) filed
a petition for rulemaking on behalf of its members requesting that the Commission
establish a standard to implement the requirements of Section 103, pursuant
to the Commission's authority under section 107(b). CTIA contended that the
standards setting process was deadlocked, and that it was unlikely that a
standard would be developed in the near future. CTIA attached to its petition
the draft industry standard that ultimately became J-STD-025, and argued
that this draft standard met the functional requirements of CALEA in their
entirety.(36)
17. In August 1997, comments on the CTIA petition were filed
jointly by the Center for Democracy and Technology (CDT) and the Electronic
Frontier Foundation (EFF).(37) CDT/EFF generally
supported CTIA's request to adopt the proposed industry standard; however,
they recommended the deletion of provisions relating to subject location
and packet-mode information. In March 1998, following adoption of the industry
interim standard, DoJ/FBI jointly filed a motion to dismiss CTIA's Petition
for Rulemaking on the grounds that the December 1997 adoption of the interim
standard rendered CTIA's petition
moot.(38) As discussed below, we agree, and
dismiss CTIA's July 1997 Petition for
Rulemaking.(39)
18. On March 26, 1998, CDT filed a petition for rulemaking,
requesting that the Commission intervene in the implementation of CALEA.
CDT reiterated the position it and EFF had enunciated in August 1997, arguing
that J-STD-025 goes too far in permitting location information capabilities
and fails to protect the privacy of packet-mode communications. CDT further
argued that the additional surveillance enhancements sought by the FBI in
the punch list are not required under CALEA. CDT stated that the
telecommunications industry and the FBI had failed to agree on a plan for
preserving a narrowly-focused surveillance capability that would protect
privacy and, further, were now mired in an argument over designing additional
surveillance features into the nation's telecommunications system. Finally,
CDT stated that compliance with J-STD-025 was not reasonably achievable and
requested that the Commission indefinitely delay implementation of CALEA
while a more narrowly-focused standard consistent with the intent of CALEA
is developed.(40)
19. On March 27, 1998, DoJ and the FBI jointly filed a petition
for expedited rulemaking, asking the Commission to correct deficiencies in
the industry standard by establishing additional technical standards that
meet the requirements of CALEA. DoJ/FBI claim that the interim standard adopted
by industry is deficient because: 1) it does not ensure that law enforcement
will be able to receive all of the communications content and call-identifying
information that carriers are obligated to deliver under CALEA; and, 2) it
fails to ensure that information will be delivered in a timely
manner.(41) DoJ/FBI set forth, as a proposed
rule, the features (i.e., the punch list items) they believe should
be added to the interim standard to correct its
deficiencies.(42) DoJ/FBI request that the
Commission leave the industry interim standard in effect pending the issuance
of a final decision.(43)
20. On April 2, 1998, TIA filed a petition for rulemaking, asking the Commission to resolve the dispute as to whether the interim standard is overinclusive or underinclusive. TIA requested that we: 1) immediately announce suspension of enforcement of CALEA until we make our determination of a permanent standard; 2) establish a reasonable compliance schedule of at least 24 months to implement the permanent standard; 3) undertake an expedited schedule for establishing a permanent standard; and 4) remand any further technical standardization work to TIA Subcommittee TR45.2.(44)
21. On April 20, 1998, the Commission's Wireless
Telecommunications Bureau and Office of Engineering and Technology released
a Public Notice in this proceeding soliciting comment on the above
petitions, as well as soliciting comment on whether the October 25, 1998
deadline for compliance with CALEA's capability requirements should be
extended.(45) The Public Notice
also requested specific comment on the scope of the assistance capability
requirements necessary to satisfy the obligations imposed by CALEA. In
particular, the Public Notice requested analyses of whether the
technical requirements discussed in the petitions from CDT and from DoJ/FBI
are necessary for carriers to meet CALEA's Section 103 requirements. Finally,
the Public Notice requested comment on remanding any additional
standards development to TIA Subcommittee
TR45.2.(46)
22. A number of parties petitioned the Commission to extend
the October 25, 1998 deadline for complying with the core features of CALEA,
and on September 11, 1998, the Commission released a Memorandum Opinion
and Order granting such an extension until June 30,
2000.(47) Pursuant to our authority under
section 107(c) of CALEA, we determined that compliance with the assistance
capability requirements of Section 103 was not reasonably achievable by any
telecommunications carrier through the application of available technology
by CALEA's compliance deadline of October 25,
1998.(48) Therefore, we granted a blanket
extension of CALEA's compliance deadline until June 30, 2000, for all
telecommunications carriers similarly situated to the petitioners,
i.e., those carriers proposing to install or deploy, or having installed
or deployed, any equipment, facility or service prior to the effective date
of Section 103, for that part of the carrier's business on which the new
equipment, facility or service is
used.(49)
23. Upon petition, section 107(b) of CALEA empowers the
Commission to establish, by rule, technical requirements or standards to
meet the assistance capability requirements of Section
103.(50) Additionally, section 301(a) of
CALEA states that "[t]he Commission shall prescribe such rules as are necessary
to implement the requirements of
[CALEA]."(51)
24. In fulfilling our obligations under CALEA, our evaluation
in this proceeding will closely follow the plain language of the Act. Pursuant
to our statutory authority, we will separately examine the two contested
features of the J-STD-025 standard (i.e., the location information
and packet-mode features opposed by CDT) and the punch list items sought
by the FBI, to determine whether each meets the mandates of Section 103.
25. As an initial matter, we will first determine whether
the specific item we are evaluating meets the assistance capability requirements
set forth in Section 103(a)(1)-(4).(52) In
doing so, we propose to interpret these provisions
narrowly.(53) As noted above, we look to
the plain language, its context, and, if necessary, any legislative history
that assists in ascertaining Congressional intent. Specifically, we explore
below the intent of Congress' use of the terms "equipment, facilities or
services" in Section 103(a)(1) as it relates to the content of subject-initiated
conference calls. We also seek to interpret Section 103(a)(2)'s provision
that call-identifying information must be provided to a LEA only if that
information is "reasonably available" to a telecommunications carrier. In
this regard, we tentatively conclude that before we can make a determination
whether a specific technical requirement meets the mandates of Section 103's
assistance capability requirements, the Commission must determine whether
the information to be provided to a LEA under Section 103(a)(2) is reasonably
available to the carrier. The Act does not specify how the term "reasonably
available" should be defined or interpreted, and the Act's legislative history
offers little additional guidance. We therefore request comment on what factors
the Commission should use in determining whether the information to be provided
to a LEA under Section 103(a)(2) is reasonably available.
26. Specifically, we request comment on how cost should
be considered in our determination of reasonable availability. Further, we
note that carriers use a variety of system architectures and different types
of equipment, leading us to believe that reasonable availability is also
likely to vary from carrier to carrier. Commenters should discuss how the
Commission can evaluate whether a particular technical requirement is reasonably
available in these circumstances and discuss how the application or
interpretation of these terms in Section 103(a)(2) is similar to or different
from the application or interpretation of "reasonably achievable" in section
109(b), and the factors listed there.
27. We also ask commenters to evaluate the type of information
that has been traditionally available under pen register and trap-and-trace
authorizations, and whether the provision of such information to LEAs, in
light of the statutory definitions of "pen register" and "trap and trace
device",(54) and judicial interpretations
of them, provide guidance or represent possible factors for determining
"reasonable availability."
28. Finally, we also invite comment on whether and, if so, under what circumstances and to what extent, information that does not qualify as call-identifying information under section 102(2) or otherwise is not "reasonably available" under Section 103(a)(2), may nevertheless qualify as call content information under Section 103(a)(1) and the definitions of "wire and electronic communications" in 18 U.S.C. 2510(1), (12). Commenters should take into account that the provisions of Section 103(a)(1) do not include a criterion of "reasonable availability."
29. If we conclude that the item in question constitutes a technical requirement that meets the Section 103 assistance capability requirements, we will then proceed to analyze each of the factors identified by section 107(b) and seek comment on whether a particular technical requirement: (1) meets the assistance capability requirements of Section 103 by cost-effective methods; (2) protects the privacy and security of communications not authorized to be intercepted; (3) minimizes the cost of such compliance on residential ratepayers; and, (4) serves the policy of the United States to encourage the provision of new technologies and services to the public.(55) Additionally, section 107(b)(5) requires the Commission to provide a reasonable time and conditions for compliance with and the transition to any new standard, including defining the obligations of telecommunications carriers under Section 103 during any transition period.(56) Thus, we will also seek comment on issues bearing on our section 107(b)(5) determinations. If, on the other hand, we tentatively conclude that a specific technical requirement falls outside of the parameters of the assistance capability requirements established by Section 103, we will seek comment on our tentative conclusion, and request that commenters responding to this conclusion provide support for their agreement or disagreement by thoroughly analyzing the section 107(b) factors mentioned above.
30. We emphasize that, because CALEA specifically requires
us to consider the section 107(b) factors, commenters are strongly encouraged
to provide us with information as detailed and specific as possible. For
sections 107(b)(1) and (3), for example, we seek detailed comment regarding
the costs of adding a feature to a telecommunications carrier's network and
on what, if any, impact of such costs will have on residential ratepayers.
Commenters should consider the costs to manufacturers in developing the equipment
or software needed to implement the technical requirement, as well as the
cost to carriers to install and deploy such equipment. Commenters should
be specific as to which entities would incur the cost of adding particular
features; e.g., manufacturers, local exchange carriers (LECs),
interexchange carriers (IXCs), or commercial mobile radio service (CMRS)
providers, etc. Commenters should also be specific as to what costs
would be incurred for hardware, as opposed to software upgrades to carriers'
networks, and whether some of these upgrades would have other uses in the
networks. If costs are likely to be passed on to residential ratepayers,
those costs should be identified, as well as specific mechanisms that could
be used to minimize such costs.
31. Under section 107(b)(2), if a party believes that a
proposed technical requirement would not protect the privacy and security
of communications not authorized to be intercepted, we request comment on
modifications or alternative technical requirements that would enable Section
103's capability requirements to be met. In addition, we seek detailed
information on whether our determination that a particular feature must be
provided under CALEA will encourage or discourage the provision of new
technologies and services to the public. Will the implementation of a particular
technical requirement constrain a carrier's ability to develop new services
or technologies? Commenters should provide a projected timeline for each
technical requirement, identifying the time needed to develop, test, and
deploy it. Additionally, commenters should address the extent to which the
capacity requirements of section 104 should affect our determinations under
section 107(b). In this regard, we observe that several commenting parties
have contended that the nearly two and one-half years of delay in publication
of the final notice of capacity has, in turn, impaired the ability of
standards-setting associations, telecommunications equipment manufacturers,
and telecommunications carriers to establish capability standards pursuant
to Section 103, because capability standards cannot be completed without
first knowing the capacity that those capability standards must
support.(57) Finally, we ask for comment
on any conditions necessary for compliance and any specific obligations that
should be imposed on telecommunications carriers during the transition to
a new standard.
32. We note that the tentative conclusions we reach in this
Further NPRM focus on the technical requirements that the petitioners have
asked us to address in their petitions pending before us, i.e.,
the two contested features of J-STD-025 and the nine punch list items. In
making our tentative decision, we recognize that CALEA requires carriers
to ensure that their networks can provide the capabilities defined in Section
103, but does not mandate use of, or adherence to, any particular standard.
In other words, compliance with the industry standard is voluntary, not
compulsory. As a result, carriers are free to develop CALEA solutions in
any manner they choose. Thus, a carrier may choose to utilize an industry
standard as a safe harbor, or they may choose to implement other solutions
that meet the capability requirements of Section 103. However, in order for
an adopted industry standard to satisfy the safe harbor provision of section
107(a),(58) it must incorporate all of the
technical requirements that we ultimately determine meet the assistance
capability requirements of Section 103.
33. We note further that this proceeding does not involve
any attempt to interpret statutes other than CALEA or define the scope of
authorizations needed by LEAs to intercept or obtain call content or
call-identifying information. Rather, this proceeding is limited to determining,
as a safe harbor, what capabilities each carrier must provide if and when
presented with a proper authorization or court order to expeditiously provide
LEAs access to call content and call-identifying information.
34. We believe that industry is in the best position to
determine how to implement these technical requirements most effectively
and efficiently. Standards-setting organizations, manufacturers, and/or
individual telecommunications carriers should develop the technical requirements
consistent with our ultimate determinations reached in this proceeding. We
tentatively conclude that it would then be appropriate for industry, in
consultation with the law enforcement community, to develop a final "safe
harbor" standard for CALEA
compliance.(59) We seek comment on this
conclusion.
35. Finally, we also note that manufacturers and carriers
are free to develop and deploy additional features and capabilities, beyond
those required by CALEA, in efforts to assist law enforcement agencies in
conducting lawfully-authorized electronic surveillance. Such capabilities,
however, will not be subject to any of CALEA's obligations, including cost
recovery, and will not affect any party's obligations under CALEA in any
way. Thus, nothing in the instant Further NPRM should be construed as limiting
or proposing to limit telecommunications manufacturers, carriers or support
service providers' ability to negotiate with law enforcement agencies to
add additional capabilities to the carrier's systems, nor to define a maximum
level of capabilities available to law enforcement under the applicable
provisions of law.(60) We now turn to a
discussion of whether we should reexamine the uncontested portions of J-STD-025
as part of our section 107(b) inquiry.
36. The industry interim standard, J-STD-025, which applies only to wireline, cellular, and broadband PCS carriers, specifies that telecommunications carriers are to provide LEAs with two telecommunications channels to perform electronic surveillance -- call content channels (CCCs) and call data channels (CDCs).(61) J-STD-025 defines the five functions of the intercept architecture to be used.(62) Those functions are:
Access -- Provides the LEA with the ability to isolate the subject's call content or call-identifying information accurately and unobtrusively. The access function helps to prevent the unauthorized access, manipulation, and disclosure of intercept controls, call content, and call-identifying information.Delivery -- Accepts call content and call-identifying information from the access function and delivers it to one or more LEA collection functions. Ensures that the call content and call-identifying information that are delivered are authorized for a particular LEA, and thus also prevents the unauthorized access, manipulation, and disclosure of intercept controls, call content, and call-identifying information.
Collection -- Receives and processes call content and call-identifying information for the subject. (This function is the responsibility of the LEA.)
Service Provider Administration -- Controls the carrier's electronic surveillance functions. (This function is beyond the scope of the interim standard.)
Law Enforcement Administration -- Controls the LEA electronic surveillance functions. (This function is the responsibility of the LEA, and is also beyond the scope of the interim standard.)
37. Telecommunications carriers and manufacturers in their
comments support adoption of J-STD-025 as the final CALEA standard. The Ameritech
Operating Companies and Ameritech Mobile Communications, Inc. (Ameritech)
state that J-STD-025 is industry's attempt to realistically and reasonably
interpret the requirements of CALEA consistent with Title III of the Omnibus
Crime Control and Safe Streets Act of 1968, modified by the Electronic
Communications Privacy Act of 1986 (collectively, "Title
III").(63) Ameritech contends that the FBI's
challenge of only a limited number of items not included in J-STD-025 is
a testament to the industry's efforts in developing a workable
solution.(64)
38. BellSouth Corporation, Inc., BellSouth Telecommunications,
Inc., BellSouth Cellular Corp., BellSouth Personal Communications, Inc.,
and BellSouth Wireless Data, L,P. (BellSouth) request that we adopt J-STD-025
in its present form pursuant to section
107.(65) BellSouth maintains that the FBI
is attempting to use CALEA as a vehicle to require carriers to build technology
into their systems to give law enforcement new expanded surveillance
capabilities, and that such expanded capabilities are in contrast to Congress's
intent that CALEA should merely ensure that lawful surveillance capabilities
not be diminished. BellSouth concludes that the legislative history of CALEA
makes clear that its purpose is to preserve (not enhance) government electronic
surveillance capabilities; to protect the privacy of customers' communications;
and to not impede the industry's development and deployment of new technology,
features, or services.(66)
39. AT&T Corporation (AT&T) states that the Commission
should categorize standards issues into four distinct components for examination
(call content, call-identifying information, privacy protection, and wiretap
administration), and ask whether the industry standard meets CALEA's
requirements, if any, for each
category.(67) AT&T concludes that we
should affirm J-STD-025 and reject the additional, enhanced surveillance
features sought by DoJ/FBI in their
Petition.(68)
40. TIA states that the vast majority of comments support
the conclusion that J-STD-025 is consistent with CALEA. TIA contends that
CALEA imposes a standard of "reasonable availability" rather than "historical
availability," and that section 107(b) of that statute permits the Commission
to modify a telecommunications industry "safe harbor" compliance standard
only where the standard is deficient for failure to satisfy the assistance
capability requirements of Section 103(a). TIA maintains, however, that J-STD-025
is not deficient and therefore no Commission action is
required.(69)
41. DoJ/FBI state that J-STD-025 includes a number of important
capabilities that are required by law enforcement, but argue that the interim
standard is deficient by virtue of its failure to include the requested punch
list capabilities. DoJ/FBI claim that every one of the capabilities in their
punch list was originally included by industry itself in the initial working
draft document (PN3580) for the industry standard.(70)
To remedy this alleged deficiency, DoJ/FBI recommend that we use the proposed
rule set forth in their March 1998 Petition as the basis for our standards
rulemaking. Alternatively, DoJ/FBI state that we could base our standards
rulemaking on an alternative rule that we preliminarily conclude is warranted
under section 107(b) of CALEA.(71)
42. CDT disagrees with all of the above parties, arguing
that J-STD-025 is deficient by virtue of being overinclusive. CDT states
that the initial wiretap law, Title III, had as its dual purpose protecting
the privacy of wire and oral communications and delineating on a uniform
basis circumstances and conditions under which the interception of wire and
oral communications may be authorized. CDT further states that the Electronic
Communications Privacy Act(72) extended Title
III to wireless and non-voice communications and established rules for law
enforcement's use of pen registers and trap and trace
devices.(73) CDT contends that Congress sought
to preserve an appropriate balance in CALEA, but that the FBI's approach
would require the opposite of what Congress intended. Specifically, CDT objects
to J-STD-025 providing location information and packet-mode call content
information to law enforcement, and maintains that the additional capabilities
requested by DoJ/FBI would provide a flood of constitutionally-protected
information to law enforcement that would go well beyond anything that has
historically been available under a pen register or trap and trace authority.
Additionally, CDT asserts, provision of capabilities that go beyond CALEA's
requirements would drive up costs for telecommunications carriers. CDT concludes
that the DoJ/FBI approach to CALEA, unless rejected by the Commission, would
impermissibly expand the amount of information that law enforcement would
receive under pen register and trap and trace
authority.(74)
43. The Electronic Privacy Information Center
(EPIC)/EFF/American Civil Liberties Union (ACLU) argue that J-STD-025 exceeds
the scope of CALEA and thus should be
rejected.(75) EPIC/EFF/ACLU state that the
Commission must adhere to the privacy protections afforded by the Fourth
Amendment (against unreasonable searches and seizures) and Congressional
mandates, provide privacy protections that withstand the evolution of new
technologies, and construe law enforcement's surveillance authority narrowly
with respect to new technologies. EPIC/EFF/ACLU contend that neither provision
of location information nor packet data was mandated by CALEA. They further
contend that CALEA expands the privacy protections of the 1986 Electronic
Communications Privacy Act in the area of cordless telephones and certain
radio-based telecommunications, and that the Act was narrowly drawn to remedy
enumerated FBI complaints, not to extend law enforcement's general surveillance
authority.(76) Additionally, EPIC/EFF/ACLU
assert that the proceedings leading up to adoption of the interim standard
were effectively closed to non-law enforcement and non-telecommunications
industry participants. EPIC/EFF/ACLU conclude that the Commission should
reject the industry standard and commence a proceeding to establish the standards
that will be used to implement CALEA.(77)
44. Discussion. In seeking to fulfill our obligations
under the Act, the Commission acknowledges the immense time and effort both
industry and government representatives have put into the development of
CALEA standards. We also appreciate the input and involvement of privacy
organizations in this proceeding. We further note that the Act expresses
a preference for industry to set CALEA standards, in consultation with the
Attorney General,(78) and that the Act's
legislative history also reveals that Congress envisioned that industry would
have primary responsibility in defining
standards.(79) Consequently, we believe that
the most efficient and effective method for ensuring that CALEA can be
implemented as soon as possible is to build on the work that has been done
to date.
45. We therefore do not intend to reexamine any of the
uncontested technical requirements of the J-STD-025 standard. Instead, we
will make determinations only regarding whether each of the location information
and packet-mode provisions currently included within J-STD-025, and the nine
punch list items that are currently not included, meet the assistance capability
requirements of Section 103. We base this approach on the fact that the issues
raised in the petitions and comments filed in this proceeding focus solely
on the location information and packet-mode provisions of J-STD-025 and the
nine punch list items sought by the FBI. Accordingly, these features will
be evaluated separately.(80) We further note
that no party has raised any specific challenges to J-STD-025 other than
with respect to these issues, and we have not been presented with any compelling
reason to reexamine the entire
standard.(81) We tentatively conclude that
by limiting our inquiry to only these specific technical issues, we will
better enable manufacturers and carriers to build on the extensive work already
completed or in process, and permit them to deploy CALEA solutions on a more
expedited basis. Accordingly, the uncontested technical requirements are
beyond the scope of this proceeding.
46. In establishing technical requirements or standards,
section 107(b)(5) requires the Commission to provide a "reasonable time"
for carriers to comply with and/or transition to any new standards and to
define the obligations of telecommunications carriers under Section 103 during
any transition period.(82) We previously
concluded in our decision under section 107(c) that telecommunications carriers
must have installed CALEA-compliant equipment and facilities based on the
"core" features of J-STD-025 by June 30,
2000.(83) A footnote in that decision indicated
that the "core" of J-STD-025 excludes both the location information feature
and the packet-mode feature.(84) We now clarify
those findings as follows. J-STD-025 represents an attempt by industry to
develop a standard that carriers may choose to adopt voluntarily as a means
to comply with CALEA's "safe harbor" provision set forth in section
107(a).(85) We further recognize that the
statute leaves carriers with the discretion to choose to comply with CALEA
by other means. We emphasize that in requiring carriers to comply with the
core features of J-STD-025 by June 30, 2000, we did not intend for the
Extension Order to alter the substantive requirements of CALEA.
Rather, we meant only to extend the deadline for compliance. Thus, we now
clarify our Extension Order by requiring that by June 30,
2000, carriers must either have installed the core features of J-STD-025
to take advantage of the "safe harbor" provision of section 107(a) of CALEA
or have otherwise developed an individual solution and installed capabilities
that meet the assistance capability requirements of Section 103. We believe
that this approach is more consistent with the language of the
statute(86) and the legislative history on
this point.(87) In
addition,(88) we now propose to modify footnote
139 of the Extension Order to include the location information feature
as part of the core of J-STD-025 which, if chosen by carriers as a means
to qualify for the "safe harbor," must be implemented by the June 30, 2000
deadline.
47. As detailed in the Extension Order, an extension
until June 30, 2000 provides sufficient time for manufacturers to produce
CALEA compliant equipment based on the core features of J-STD-025 or to develop
individual network solutions and provides telecommunications carriers sufficient
time to purchase, test and install such equipment throughout their
networks.(89) We further recognize that the
additional "non-core" technical requirements we propose to be adopted in
this rulemaking may require additional time for manufacturers to design and
develop these capabilities and for telecommunications carriers to incorporate
them into their networks. Thus, we will consider establishing another deadline
or an implementation schedule for telecommunications carriers to comply with
any new technical requirements we ultimately adopt in the instant proceeding.
We seek comment on this proposal. Specifically, we ask carriers and manufacturers
to supply us with timelines that detail how they plan to develop and deploy
the additional technical requirements noted herein.
48. Background. J-STD-025 includes a "location"
parameter that would identify the location of a subject's "mobile terminal"
whenever this information is reasonably available at the intercept access
point and its delivery to law enforcement is legally authorized. Location
information would be available to the LEA irrespective of whether a call
content channel or a call data channel was
employed.(90)
49. CDT objects to the inclusion of a location parameter
in J-STD-025, stating that its inclusion violates the balance established
by the Act between law enforcement and privacy by mandating a location tracking
capability that Congress did not intend to be included within
CALEA.(91) CDT asserts that location information
does not fit within the definition of call-identifying
information,(92) and that it must be deleted
from the final standard because it goes beyond the assistance capability
requirements set forth in Section
103(a)(1)-(4).(93) EPIC/EFF/ACLU state that
CALEA excludes wireless services from any requirement to provide
location-tracking information to law
enforcement.(94)
50. Most other parties, however, either disagree with this position, or justify the inclusion of location information in the industry interim standard as a compromise reached between industry and law enforcement. For example, SBC Communications, Inc. (SBC) claims that CDT has overstated the capabilities of the J-STD-025 location feature. SBC asserts that this feature does not convert all wireless phones into location-tracking devices, but merely provides the ability to identify the landline central office through which a cellular call is routed.(95) TIA states that while it is unclear as to whether CALEA requires location information capabilities, such capabilities are reasonably available to telecommunications carriers, and industry and law enforcement have reached a reasonable compromise on incorporating this feature into J-STD-025.(96) AT&T voices a similar view, stating that a feature to provide location information at the origination and at the termination of wireless calls was included in J-STD-025 as a compromise to law enforcement's original, much broader claim that CALEA required carriers to provide location information whenever a wireless phone registered autonomously or as it moved from cell site to cell site.(97)
51. By contrast, DoJ/FBI contend that information identifying
the location of the cell site or other network element handling a wireless
communications falls squarely within the statutory definition of
"call-identifying information" contained in section 102(2) of CALEA, because
it identifies the origin or destination of the call. Further, DoJ/FBI state,
Section 103(a)(2) does include location information under the category of
"call-identifying information," but also requires law enforcement to have
authority beyond that "solely" applicable to the use of pen registers and
trap and trace devices. Finally, DoJ/FBI state that the J-STD-025 location
feature would require wireless carriers to provide only cell site information,
not the specific location of a subject's wireless phone, and then only at
the beginning and termination of the
call.(98)
52. Discussion. We tentatively conclude that location information is call-identifying information under CALEA. The Act states that call-identifying information is "dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a telecommunications carrier."(99) We believe, contrary to the position of CDT and EPIC/EFF/ACLU, that location information identifies the "origin" or "destination" of a communication and thus is covered by CALEA.
53. We also observe that in the wireline environment,
irrespective of the precise nature of law enforcement's surveillance
authorization, LEAs have been able to obtain location information routinely
from the telephone number because the telephone number corresponds with location.
With the telephone number, location information is available from a LEA's
own 911/Enhanced 911 (E911) database or from the telephone company's electronic
records, such as the Loop Maintenance Operating System
(LMOS).(100)
54. We note, however, that the location feature as it currently
appears in J-STD-025 is unclear. In particular, we note that this feature
refers to the identification of the location of a subject's "mobile terminal,"
but does not specifically state whether it is the precise location of the
mobile terminal or handset that is intended, or simply the location of the
cell site to which the terminal or handset is connected. Also unstated in
J-STD-025 is whether continuous location tracking is intended to be provided,
or only the location at the beginning and termination of the call. Nonetheless,
we note that DoJ/FBI and industry appear now to agree that the standard covers
only the location of the cell site, and only at the beginning and termination
of the call.(101)
55. In view of the above analysis, we tentatively affirm
that location information should be construed to mean cell site location
at the beginning and termination of a
call.(102) We seek comment on these proposals
and, as required by section 107(b), on the other factors that we must consider
in establishing a technical requirement or standard. We note that location
information is already included in J-STD-025, the interim standard adopted
by industry, and was opposed solely by the privacy groups. Therefore, we
request comment in particular on whether our proposal raises issues regarding
the protection of privacy and security of communications which are not authorized
to be intercepted. As discussed above, we propose that the June 30, 2000
CALEA compliance deadline also is sufficient for development and implementation
of compliant equipment that includes this
feature.(103)
56. Finally, we tentatively conclude that location information is reasonably available to telecommunications carriers, because this technical requirement was developed by industry and is included in the interim standard. However, we request comment on how the Commission should decide or interpret the term "reasonably available" in the context of the proposed location information requirement. For example, it appears that location information is already available through the wireless carriers' billing, hand-off and system use features. Additionally, wireless carriers will be required to have a location information capability as part of their E911 obligations.(104) We seek comment as to whether the location information feature in these other contexts can be used to address the needs of law enforcement under CALEA. We request comment on any other issues that may impact our determination as to whether the location information that would be required to be provided to a LEA is reasonably available to carriers.
57. Commenters should also note CALEA's express statement
that "with regard to information acquired solely pursuant to the authority
for pen registers and trap and trace devices (as defined in section 3127
of title 18, United States Code), . . . call-identifying information shall
not include any information that may disclose the physical location of the
subscriber (except to the extent that the location may be determined from
the telephone number)."(105) We agree with
DoJ/FBI that this provision does not exclude location information from the
category of "call-identifying information," but simply imposes upon law
enforcement an authorization requirement different from that minimally necessary
for use of pen registers and trap and trace
devices.(106) We seek comment on this issue.
58. Background. J-STD-025 provides for LEA access
to call-identifying information and the interception of wire and electronic
telecommunications, regardless of whether the telecommunications are carried
in circuit-mode or in packet-mode.(107)
It further states that the "call-identifying information associated with
the circuit-mode content surveillance is provided on the [call data channel],"
but does not specifically address whether call-identifying information, if
any, associated with packet-mode surveillance must be provided over a call
data channel.(108)
59. CDT challenges J-STD-025's treatment of intercepted
packets as violative of the legal balance between the rights of law enforcement
and the rights of individuals to privacy, asserting that the interim standard
fails to require adequate privacy protections in packet-mode
networks.(109) Specifically, CDT asserts
that J-STD-025 does not require telecommunications carriers to excise
call content information from packets before providing the packets to law
enforcement over call data channels -- the interim standard merely
permits the carriers to separate the information prior to delivery,
at their option. CDT concludes that the interim standard would allow a LEA,
possessing only a pen register order, to receive all of the contents
of a person's communications without any effort by the carrier to excise
the call content from the call-identifying information authorized for delivery
to the LEA. Accordingly, CDT maintains that the treatment of packet transmissions
in J-STD-025 threatens to obliterate entirely the distinction between call
content and dialed numbers or similar signaling
information.(110) CDT contends that Title
III's "minimization" requirement is inadequate to protect the privacy of
call content in packet communications subject to a pen register order because
there is no such requirement under the pen register
standard.(111)
60. EPIC/EFF/ACLU concur with CDT, stating that
the FBI seeks to obtain the full content of a subject's packet-mode
communications even when the government is authorized only to intercept
addressing or signaling information. EPIC/EFF/ACLU contend that the provision
of call content to law enforcement in this situation would violate the
minimization requirements of both the Fourth Amendment and Title III, and
would also violate Section 103(a)(4) of CALEA, which requires the carriers
to protect communications not authorized to be
intercepted.(112)
61. TIA disagrees with CDT and EPIC/EFF/ACLU,
contending that their argument that J-STD-025 is deficient because it permits
delivery of an entire packet stream in response to a pen register order fails
to recognize the differences between circuit-mode and packet-mode technology.
TIA states that existing technology does not permit telecommunications carriers
to provide separated packet headers as call-identifying information. TIA
concedes, however, that it is unclear whether the LEA has authority to access
packet-mode communications under a pen register
order.(113)
62. DoJ/FBI argue that when a carrier delivers an entire
packet stream to the LEA pursuant to a pen register authorization, the LEA
is legally precluded from recording or decoding information other than dialing
and signaling information. DoJ/FBI state that the packet-mode provisions
of J-STD-025 rely on the existence of this legal safeguard to ensure that
call content is not improperly accessed in pen register cases. DoJ/FBI also
state that LEAs performing pen register surveillance in an analog environment
traditionally have received access to all information transmitted over the
subscriber's line on the local loop, including call content. Accordingly,
DoJ/FBI contend, the packet-mode provisions do not represent a diminution
of traditional privacy protection.(114)
SBC concurs, stating that law enforcement is not allowed to intercept call
content unless authorized to do so, and that sending the LEA an entire packet
stream would not represent a change from the status
quo.(115)
63. Discussion. Packet data and packet-switching
technology are potentially usable for both information services and
telecommunications services. We first observe that Section 103(b)(2)(A) of
CALEA expressly excludes "information services" from its assistance capability
requirements.(116) Thus, packet data and
packet-switching technology is subject to these requirements only to the
extent it is used to provide telecommunications services, and not for information
services.(117) Packet-mode telecommunications
services are expected to grow rapidly in the near
future.(118) J-STD-025 appears to be
appropriately limited to apply only to "telecommunications services" as defined
by the Commission.(119) Second, we observe
that CALEA requires telecommunications carriers to provide information to
the LEA "in a manner that protects . . . the privacy and security of
communications . . . not authorized to be
intercepted."(120) This mandate would seem
to be violated if the carrier were to give the LEA both call-identifying
and call content information when only the former were authorized. Under
those circumstances, the LEA would be receiving call content information
without having the requisite authorization.
64. The record before us, however, is not sufficiently developed
to support a proposal of any particular CALEA technical requirements for
packet-mode telecommunications. Additional analysis is needed. We are aware
that packet-mode technology is rapidly changing, and that different technologies
may require differing CALEA
solutions.(121) We do not believe that the
record sufficiently addresses packet technologies and the problems that they
may present for CALEA purposes. While it is premature to impose any particular
technical requirements for packet-mode telecommunications at this time, it
is appropriate to ask for a full range of comment on this issue.
65. In seeking to develop a full record, we first set forth
an analytical framework we believe will prove useful for evaluating the issue
of setting CALEA technical requirements for packet-mode telecommunications.
First, we advise commenters to consider the difference between
connection-oriented and connectionless packet-mode services, and also between
permanent virtual circuits, which have no per-call information, and switched
virtual circuits. With these distinctions in mind, we request that commenters
provide detailed comments regarding whether and, if so, how the statutory
requirements of Section 103(a) of CALEA apply to packet-mode telecommunications.
We request comment on what constitutes the equivalent of "call-identifying
information" for packet-mode telecommunications services within the context
of CALEA. Will packet-mode call-identifying information (or its equivalent)
be reasonably available to carriers and, thus, subject to the provisions
of Section 103(a)(2) of CALEA?(122) How
could packet-mode call content and call-identifying information (or its
equivalent) be separated for delivery to law enforcement in compliance with
CALEA?
66. In addition, we seek comment on the other section 107(b)
factors that we must consider in establishing technical requirements.
Specifically, we seek comment on any cost-effective methods for incorporating
CALEA packet-mode requirements into a telecommunications carrier's system,
and whether or not this can be accomplished in a manner that minimizes costs
to residential ratepayers.(123) Further,
we request additional comment on whether the inclusion of packet-mode technical
requirements to meet the assistance capability requirements envisioned by
Section 103 raises issues regarding the protection of privacy and security
of communications which are not authorized to be
intercepted.(124) Additionally, we solicit
comment on whether the inclusion of such technical requirements would have
a positive or negative effect on the provision of new technologies and services
to the public.(125) Commenters are also
asked to provide detailed information regarding the amount of time and conditions
that they believe will be necessary to successfully develop and deploy
packet-mode technical requirements in telecommunications
systems.(126) Finally,
we recognize that packet-mode issues are complex, and that relative to the
other issues under consideration herein, additional time may be required
to resolve them.
67. DoJ/FBI maintain that the nine FBI punch list items
must be implemented if essential law enforcement requirements are to be met.
DoJ/FBI assert that the basic goal of CALEA's assistance capability requirements
is to ensure that the technical ability of law enforcement to carry out
electronic surveillance meets, rather than falls short of, law enforcement's
legal authority. DoJ/FBI state that each of the nine capabilities missing
from J-STD-025 and requested in the DoJ/FBI Petition is firmly rooted in
the language, legislative history, and policies of CALEA, and that failure
to provide these capabilities will result in serious injury to the government's
ability to enforce state and federal laws through electronic
surveillance.(127)
68. Telecommunications carriers and their representatives generally oppose inclusion of any portion of the punch list in the final CALEA standard. The United States Telephone Association (USTA) states that J-STD-025 already represents a compromise on the part of industry.(128) AT&T argues that industry and other public commenters have made a compelling case that the FBI punch list of capabilities is not required by CALEA, whereas DoJ/FBI has made only a showing of how beneficial the capabilities would be to future law enforcement surveillance.(129) AT&T contends that the industry interim standard uses the precise definition of call-identifying information set forth in CALEA, but that DoJ/FBI ask the Commission to go well beyond this definition by including as "call-identifying" information: subject-initiated dialing and signaling; party hold, drop, and join messages; and notification messages of network-generated in-band and out-of-band signaling.(130) AT&T further argues that DoJ/FBI has not addressed section 107 of CALEA, which requires cost-effective implementation of the statute.(131) AT&T contends that the DoJ/FBI punch list is really an attempt to force telecommunications carriers to provide additional capabilities without reimbursement from law enforcement.(132)
69. BellSouth and CDT concur with AT&T's assessment
regarding call-identifying information. BellSouth states that CALEA defines
call-identifying information narrowly as the numbers identifying the calling
and called parties, and not other carrier network messages, tones, signals,
or information.(133) CDT contends that DoJ/FBI
is attempting to use CALEA to include more data in the category of
call-identifying information to ensure that such data can be available under
the less stringent legal standards applicable for the LEA to obtain pen register
and trap and trace authority than is required under Title III for the LEA
to obtain call content information.(134)
70. Other parties concur with AT&T regarding cost-effective
implementation of the punch list. AirTouch Communications, Inc. (AirTouch),
for example, states that a vendor has advised AirTouch that developing the
punch list would require an effort exceeding by 160% the substantial effort
required to develop the industry standard. AirTouch therefore maintains that
implementation of the punch list would be costly and would divert resources
from developing new technologies and
services.(135) Sprint Spectrum
L.P. d/b/a Sprint PCS (Sprint PCS) contends that implementation of the punch
list will almost certainly exceed the $500 million authorized by Congress
for implementation of CALEA.(136) US West,
Inc. (US West) states that rate increases will likely be necessary if
telecommunications carriers are required to implement any of the additional
capabilities proposed by DoJ/FBI.(137)
71. Bell Emergis - Intelligent Signalling Technologies (Bell
Emergis), on the other hand, states that the entire punch list can be adopted
as an Addendum to J-STD-025. Bell Emergis contends that while there may be
cost and technical difficulties in incorporating the punch list within a
switch-based approach, network-based solutions -- such as one it has developed
-- meet the test of both cost effectiveness and technical
achievability.(138)
72. DoJ/FBI disagree with commenters who reject the punch
list, stating that these commenters have a fundamental misunderstanding of
the policies and goals of CALEA. DoJ/FBI contend that Section 103 imposes
mandatory assistance capability obligations that must be met by all
telecommunications carriers, and assert that commenters who suggest that
law enforcement concerns are of no more than secondary importance in the
CALEA legislation are incorrect. DoJ/FBI conclude that if the Commission
does not implement the punch list in its entirety, industry-promulgated standards
will effectively replace the underlying statutory requirements of Section
103.(139) Below we discuss each punch list
item in detail.
2. Content of subject-initiated conference calls
73. Background. This capability would permit the
LEA to monitor the content of conversations connected via a conference call
set up by the facilities under surveillance. Surveillance of all portions
of a conference call would continue, even if any party to the call utilized
services such as hold, call waiting, or three-way calling. For example, if
anyone involved in a conference call were placed on hold, all remaining
conversations would continue to be available to the LEA for monitoring. The
ability to monitor would continue even after the subject drops off the conference
call.
74. AirTouch states that there is no basis to impose an
enhanced conference call requirement on
carriers.(140) AirTouch also states that
it would appear to be easy for criminals to bypass this feature if carriers
were to deploy it because it would enable law enforcement to intercept only
those conference calls that use the facilities under surveillance and are
supported by a conference service provided by the subject's local carrier.
AirTouch maintains that law enforcement would not be able to intercept conference
calls when the subject no longer participates if the call is set-up by another
person using another telephone or if the subject initiates the call, but
uses a conference bridge service offered by another carrier or service
provider.(141)
75. TIA argues that CALEA does not require delivery of
conference call conversations that cannot be heard over a subscriber's
facilities, but only communications that are to or from a subscriber. TIA
states that implementation of this punch list item would result in an effectively
unlimited, and unwarranted, expansion of the "facilities" doctrine of Title
III. TIA states that, despite the fact that the DoJ/FBI Petition acknowledges
that "facilities" have historically been considered for Title III purposes
as the subscriber's "terminal equipment," DoJ/FBI now interpret Title III
as including not just the subscriber's facilities, but services as well.
Furthermore, in TIA's view, implementation of this feature would violate
the limits on wiretaps and other searches imposed by the Fourth Amendment.
TIA argues that eliminating the required link to the subscriber's facilities
would take an interception far afield from the particular persons and places
with regard to which law enforcement has established "probable cause" warranting
the electronic surveillance.(142)
76. DoJ/FBI disagree with the above commenters, arguing
that Title III does not require the target of the investigation to be on
the line in order for law enforcement lawfully to intercept communications
taking place over the facilities under surveillance or supported by the
subscriber's service.(143) DoJ/FBI state
that it is the subscriber who pays for call conferencing capability and any
charges associated with the duration of the call itself, demonstrating that
the subscriber's services are involved even if the subscriber drops off the
call.(144) DoJ/FBI maintain that Title III
does not confine the LEA to communications in which the individual under
investigation -- who may or may not be the subscriber -- is taking part.
DoJ/FBI acknowledge that the LEA is obligated to minimize the interception
of communications not otherwise subject to interception under Title III,
but contend that this minimization obligation does not foreclose the LEA
from intercepting communications that involve other criminal activity merely
because they do not involve the target of a particular investigation. DoJ/FBI
conclude by stating that where a conference call continues to be carried
by the subscriber's facilities and supported by the subscriber's services
even when the subscriber is not on the line, the communications of all parties
to such a call are covered by Section 103(a)(1) of
CALEA.(145)
77. Discussion. We tentatively conclude that the
provision of the content of subject-initiated conference calls is a technical
requirement that meets the assistance capability requirements of Section
103.(146) With appropriate lawful authorization,
the LEA is entitled to "intercept, to the exclusion of any other communications,
all wire and electronic communications carried by the carrier within a service
area to or from equipment, facilities, or services of a
subscriber."(147) TIA asserts that we must
first determine whether a conference call capability would unduly expand
Title III's concept of "facilities" before deciding whether such a capability
is required under CALEA.(148) We note, however,
that the plain language of CALEA's Section 103 includes the terms "equipment"
and "services", in addition to "facilities." Also, according to the legislative
history, "conference calling" is one of the "features and services" that
is covered by CALEA.(149) We seek comment
on our tentative conclusion. We also seek comment as to how the Commission
should define or interpret Section 103's use of the phrase "equipment,
facilities, or services" in the context of subscriber-initiated conference
calls.
78. We recognize that different carriers provide conference
calling features in various ways and that not all carriers' system architecture
is the same. Some carriers, for example, may have systems that support
continuation of conference calls after the subscriber drops off the call,
while others may not. For those network configurations in which, when a
subscriber drops off a conference call, the call nevertheless remains routed
through the subscriber's "equipment, facilities, or services," we tentatively
interpret CALEA as requiring the carrier to continue to provide to the LEA
the call content of the remaining parties, pursuant to court order or other
lawful authorization. For those configurations, however, in which, when the
subscriber drops off the call, the call is either disconnected or rerouted,
and the "equipment, facilities, or services of a subscriber" are no longer
used to maintain the conference call, we tentatively conclude that CALEA
does not require the carrier to provide the LEA access to the call content
of the remaining parties. Moreover, in some cases where the call is re-routed,
the content of the call may no longer be classifiable as "communications
carried by the carrier within a service area" pursuant to Sections 103(a)(1)
and (d).(150) Thus, under such circumstances,
CALEA would not require the carrier to modify its system architecture in
order to support this particular technical requirement. We seek comment on
this tentative conclusion. Commenters should address how Sections 103(a)(1)
and (d) should be interpreted in this context. Also, we tentatively conclude
that CALEA does not extend to conversations between a participant of the
conference call other than the subject and any person with whom the participant
speaks on an alternative line (e.g., when A, the subject, is on
a conference call with B and C, we tentatively conclude that C's conversation
with D on call waiting is beyond CALEA's requirements. We also seek comment
on this tentative conclusion.
79. Additionally, we seek comment on the section 107(b)
factors that we must consider in establishing a technical requirement or
standard. Are there cost-effective methods of incorporating access to conference
call content into a telecommunications carrier's system? Can it be accomplished
in a manner that minimizes costs to residential ratepayers? Further, we request
comment on whether this proposal raises issues regarding the protection of
privacy and security of communications which are not authorized to be
intercepted. Additionally, we solicit comment on whether the inclusion of
this technical requirement within the assistance capability requirements
envisioned by Section 103 would positively or negatively affect the provision
of new technologies and services to the public. Would, for example, networks
have to be redesigned in such a way as to preclude certain new technologies
or services? Finally, commenters are asked to provide detailed information
regarding the amount of time and conditions that they believe will be necessary
to successfully develop and deploy this technical requirement in
telecommunications systems.
3. Party hold, join, drop on conference calls
80. Background. This item also involves features
designed to aid a LEA in the interception of conference calls. This feature
would permit the LEA to receive from the telecommunications carrier messages
identifying the parties to a conversation at all times. The party hold message
would be provided whenever one or more parties are placed on hold. The party
join message would report the addition of a party to an active call or the
reactivation of a held call. The party drop message would report when any
party to a call is released or disconnects and the call continues with two
or more other parties.
81. AT&T states that DoJ/FBI admit that they have not
received party hold, drop, and join messages in the past, but DoJ/FBI claim
this information is now needed so that law enforcement can demonstrate that
a party hears material portions of a communications. AT&T contends, however,
that these messages will not indicate to law enforcement whether a party
hears or does not hear any communication because the party may or may not
be listening at relevant times. AT&T further contends that its review
of all wiretapping cases discloses no decision where such information was
an issue in any decided case. AT&T maintains that J-STD-025 already provides
law enforcement with all numbers dialed or received from any participant
to multi-party calls; change messages whenever call-identities are merged,
split, or changed; and a message identifying when the resources for all legs
of a call are released. AT&T concludes, therefore, that addition of the
instant punch list item is unnecessary to identify the
call.(151)
82. BellSouth states that the call-identifying information
intended by CALEA to be provided to law enforcement is simply the telephone
number indicating call origination or destination. BellSouth argues that
the additional information sought by law enforcement, such as which parties
are on a call, do not constitute origination or destination telephone numbers,
and therefore cannot be categorized as "call-identifying information." Moreover,
BellSouth argues, party hold, drop, and join message information would be
extremely difficult to provide because, in all but the simplest cases, conference
calls are established in a remote bridge, separate from the voice
switch.(152)
83. TIA states that the industry interim standard already
requires provision of information that substantially satisfies the party
join/drop capabilities requested by DoJ/FBI. Thus, TIA maintains, law
enforcement's primary dispute regarding this issue is that J-STD-025 does
not require a real-time message to be delivered to law enforcement whenever
a participant is placed on hold or released from hold by the subject. However,
TIA argues, party hold information is not call-identifying information nor
is it reasonably available to the carrier. TIA also states that a party who
is not on hold may stop listening or walk away from the phone -- thus, the
DoJ/FBI rationale for adding this feature, that "without these messages,
law enforcement would not know who joins or leaves a conference call, whether
the subject alternated between calls, or which parties heard or said parts
of the conversation," is unpersuasive. Rather, TIA states, the only persuasive
evidence that a party heard an intercepted statement is a demonstration that
the party responded to the
statement.(153)
84. DoJ/FBI disagree with the above parties, contending
that party hold/join/drop messages constitute call-identifying information.
DoJ/FBI contend that carriers are obligated under Section 103(a)(1) to provide
this information, regardless of whether the LEA could have acquired it through
traditional monitoring techniques in the past. DoJ/FBI state that party
hold/join/drop messages enable the LEA to identify who is connected in a
subject's conference call at any point in the conference. Without these messages,
according to DoJ/FBI, the LEA would not know who joins or leaves a conference
call, whether the subject alternated between calls, or which parties heard
or said particular parts of a conversation. Therefore, according to DoJ/FBI,
this information must be added to the industry standard to ensure that the
assistance capability requirements of Section 103(a) of CALEA are met as
intended by Congress.(154)
85. Discussion. We tentatively conclude that party
hold/join/drop information falls within CALEA's definition of "call-identifying
information" because it is "signaling information that identifies the origin,
direction, destination, or termination of each communication generated or
received" by the subject.(155) For example,
party join information appears to identify the origin of a communication;
party drop, the termination of a communication; and party hold, the temporary
origin, temporary termination, or re-direction of a communication. This
capability also appears to be necessary to enable the LEA to isolate
call-identifying and content information because, without it, the LEA would
be unable to determine who is talking to whom, and, more accurately, to focus
on the subject's role in the
conversation.(156) Further, by isolating
the call-identifying information in this manner, the LEA can ascertain and
isolate third parties who are not privy to the communications involving the
subject, thereby furthering the minimization concept.
86. Accordingly, we propose that provision of party
hold/join/drop information, if reasonably available to the carrier, is a
technical requirement that meets the assistance capability requirements of
Section 103. We base this conclusion on the statutory language found in Sections
103(a)(2) and 102(2). We note, however, that LEA access to this information
would be required only in those cases where the carrier's facilities, equipment
or services are involved in providing the service; in other words, when a
network signal is generated. To the extent that customer premises equipment
(CPE) is used to provide such features, we tentatively conclude that party
hold/join/drop information could not be reasonably made available to the
LEA since no network signal would be generated. For example, many telephone
sets have a "hold" button that does not signal the network -- thus, from
the carrier's point of view, the call's status is unchanged. We seek comment
on this tentative conclusion. We also seek comment on TIA's assertion that
party/hold/join drop information is already substantially available to the
LEA and, if so, whether it is or needs to be provided in real time.
87. We seek comment on our proposal and, as required by
section 107(b), on the other factors that we must consider in establishing
a technical requirement or standard. Are there cost-effective methods of
incorporating a party hold/join/drop capability into a telecommunications
carrier's system? Can it be accomplished in a manner that minimizes costs
to residential ratepayers? Further, we request comment on whether this proposal
raises issues regarding the protection of privacy and security of communications
which are not authorized to be intercepted. Additionally, we solicit comment
on whether the inclusion of this technical requirement within the assistance
capability requirements envisioned by Section 103 would positively or negatively
affect the provision of new technologies and services to the public. Further,
commenters are asked to provide detailed information regarding the amount
of time and conditions that they believe will be necessary to successfully
develop and deploy this technical requirement in telecommunications systems.
4. Subject-initiated dialing and signaling
information
88. Background. This capability would permit the
LEA to be informed when a subject using the facilities under surveillance
uses services such as call forwarding, call waiting, call hold, and three-way
calling. DoJ/FBI requests this information for each communication initiated
by the subject. This capability would require the telecommunications carrier
to deliver a message to the LEA, informing the LEA that the subject has invoked
a feature which would place a party on hold, transfer a call, forward a call,
or add/remove a party to a call.
89. USTA and US West state that such dialing and signaling
activity goes beyond the definition of call-identifying information set forth
in CALEA.(157) TIA concurs, contending that
DoJ/FBI offer no evidence that failure to provide information on
all such signaling activity will impair the ability
of law enforcement to determine the destination of communications. TIA also
contends that the DoJ/FBI petition does not identify any specific signaling
activity that is both required by CALEA and is not already required to be
provided under the industry interim standard, provided it is reasonably
available. TIA states that the only additional information that would be
available under the DoJ/FBI request is the identity of the actual keys pressed
by the subject, but argues that this information is not required by CALEA,
as it is not reasonably available and not built into the
network.(158)
90. DoJ/FBI disagree with the above parties, contending
that such dialing and signaling activity is call-identifying information.
Further, DoJ/FBI maintain that in the past the LEA was able to detect flash
hook signaling by changes to the electric signals on the analog local loop,
but that digital switching now prevents the LEA from having this capability.
DoJ/FBI state that without access to such dialing and signaling activity
the LEA may be unable to determine what has happened to a call when the
direction, or the destination, of the call dramatically changes. For example,
according to DoJ/FBI, a subject may use his/her flash hook capability to
move back and forth between two associates on concurrent calls, and without
the receipt of a message showing this signaling activity, the LEA may be
unable to follow the course of the conversation or determine to whom the
subject is speaking at any given
point.(159)
91. Discussion. We tentatively conclude that
subject-initiated dialing and signaling information fits within the definition
of call-identifying information contained in section 102(2) of CALEA. For
example, call-forwarding signaling information identifies the direction and
destination of a call, and call-waiting signaling information identifies
the origin and termination of each communication. We request comment on whether
remote operation of these features should affect our tentative conclusion.
For example, a subject may be able to change some aspects of his/her service
from a pay telephone, as well as from the subject's telephone.
92. We also tentatively conclude that access to
subject-initiated dialing and signaling information may be necessary in order
for the LEA to isolate and correlate call-identifying and call content
information. Knowing what features a subject is using will ensure that the
LEA receives information "in a manner that allows it to be associated with
the communication to which it
pertains."(160) For example, without knowing
that a subject has switched over to a call on call-waiting, the LEA may not
be able to associate the call-identifying information with the call content
to which it pertains and thus could be more likely to mistake one call for
another. Once again, to the extent CPE is used to perform any of the functions
described here, and no network signal is generated, that information will
not be reasonably available to a carrier, and thus, should not be required
to be provided.(161)
93. We observe that signaling data indicating that the
subject is accessing his/her voice mail is properly classified as
"call-identifying information." The contents of the voice mail, however,
fall outside the scope of CALEA. This is because voice mail "permits a customer
to retrieve stored information from . . . information storage
facilities,"(162) and CALEA does not apply
to information services.(163) The requirement
we propose below is consistent with this distinction because it provides
only the call identifying information and is not capable of providing voice
content.
94. Accordingly, we propose to include information on
subject-initiated dialing and signaling that is reasonably available to the
carrier as a technical requirement necessary to meet the assistance capability
requirements of Section 103. We base our conclusion regarding subject-initiated
dialing and signaling information that is reasonably available to the carrier
on the statutory language found in Sections 103(a)(2) and 102(2). We seek
comment on this proposal and, as required by section 107(b), on the other
factors that we must consider in establishing a technical requirement or
standard. Are there cost-effective methods of providing subject-initiated
dialing and signaling information? Can this requirement be accomplished in
a manner that minimizes costs to residential ratepayers? Further, we request
comment on whether this proposal or tentative conclusion raises issues regarding
the protection of privacy and security of communications which are not authorized
to be intercepted. Additionally, we solicit comment on whether the inclusion
of this technical requirement within the assistance capability requirements
envisioned by Section 103 would positively or negatively affect the provision
of new technologies and services to the public. Commenters are asked to provide
detailed information regarding the amount of time and conditions that they
believe will be necessary to successfully develop and deploy this technical
requirement in telecommunications systems. In addition, excluding those
CPE-controlled features noted above, we request comment on whether information
required to provide LEAs with subject-initiated dialing and signaling activity
is reasonably available to carriers. Finally, we recognize that some commenters
assert that at least portions of this technical requirement may be provided
through other features of J-STD-025. We request comment on the accuracy of
these contentions. Commenters should demonstrate clearly how the features
required are provided, or not provided, elsewhere in J-STD-025.
5. In-band and out-of-band signaling
95. Background. This technical requirement would
allow a telecommunications carrier to send a notification message to the
LEA when any network message (ringing, busy, call waiting signal, message
light, etc.) is sent to a subject using facilities under surveillance.
For example, if someone leaves a voice mail message on the subject's phone,
the notification to the LEA would indicate the type of message notification
sent to the subject (such as the phone's message light, audio signal, text
message, etc.). For calls the subject originates, a notification
message would also indicate whether the subject ended a call when the line
was ringing, busy (a busy line or busy trunk), or before the network could
complete the call.
96. BellSouth states that, for telecommunications carriers to be able to signal a LEA whenever a subject's service sends a network message to the subject or an associate, significant technical upgrades to the carriers' facilities would be needed, and even then the LEA would receive mostly redundant information.(164) PrimeCo Personal Communications, L.P. (PrimeCo) concurs and argues that this information is already readily available through the audio portion of a call content intercept and, therefore, to procure this information, the LEA should be required to obtain a Title III authorization. PrimeCo contends that Congress did not intend to "require the specific design of systems or features" that would be required to implement this capability as a "call-identifying" technical requirement.(165)
97. TIA states that DoJ/FBI define network-generated in-band
and out-of-band signaling information to include any alerting of incoming
calls or messages, audible indications of incoming calls or messages, visual
indications of incoming calls or messages, and alphanumeric display information.
TIA contends that, to the extent J-STD-025 does not already provide this
information, the information is not "call-identifying" and is not required
by CALEA to be provided on a call data
channel.(166)
98. DoJ/FBI contend that in-band and out-of-band signaling
identifies the "direction, destination, and/or termination" of a communication,
and therefore is call-identifying information that must be provided under
CALEA. DoJ/FBI believe that the interim standard is deficient with respect
to this capability because it does not allow the LEA to ascertain what a
subject hears and sees when a call is not completed. DoJ/FBI assert that
the capability they are requesting is appropriately limited in scope because
it relates only to signaling from the subscriber's
service.(167)
99. Discussion. We believe that certain types of
in-band and out-of-band signaling information, such as notification that
a voice mail message has been received by a subject, constitute call-identifying
information under CALEA. Nevertheless, there may also be other types of in-band
and out-of-band signaling information that would constitute call content
information and thus would raise questions as to under what authority they
should be provided to the LEA. However, for purposes of this proceeding,
we do not address such questions of whether or what type of authorization
LEAs would need to access such information. This is up to the judicial branch.
Unless necessary to establish technical standards under CALEA's safe harbor,
it is not our intention to specifically decide whether certain types of in-band
or out-of-band signaling is either call content or call-identifying information
since CALEA requires that carriers have the ability to provide access to
both. We request comment on what types of in-band and out-of-band signaling
should constitute a technical requirement necessary to meet the assistance
capability requirements envisioned by Section 103.(168)
100. Also, in the event that we ultimately determine that
in-band and out-of-band signaling is a technical requirement necessary to
meet the assistance capability requirements under Section 103, we request
comment on whether there are cost-effective methods of providing in-band
and out-of-band signaling to a LEA. Can this requirement be accomplished
in a manner that minimizes costs to residential ratepayers? Further, we request
comment on whether this requirement raises issues regarding the protection
of privacy and security of communications which are not authorized to be
intercepted. Additionally, we solicit comment on whether the inclusion of
this technical requirement within the assistance capability requirements
envisioned by Section 103 would positively or negatively affect the provision
of new technologies and services to the public. Commenters are asked to provide
detailed information regarding the amount of time and conditions that they
believe will be necessary to successfully develop and deploy this technical
requirement in telecommunications systems.
101. Background. In those cases where the LEA has obtained authorization to intercept both content and call-identifying information, this capability would require that a telecommunications carrier send call timing information to the LEA so that the LEA could associate the call-identifying information with the actual content of the call. There would be two elements to this capability:
1) Each call-identifying message (answer message, party join message, party drop message, etc.) would be time stamped within a specific amount of time from when the event triggering the message occurred in the intercept access point.(169) This time-stamp would allow the LEA to associate the message to the call content information (i.e., the conversation).2) A carrier would be required to send the message to the LEA within a defined amount of time from the event to permit the LEA to associate the number dialed to the conversation.
102. TIA states that these timing requirements are inconsistent
with the capabilities of existing telecommunications networks and lack any
basis in CALEA.(170) US West concurs, and
states that implementation of these capabilities would be quite
expensive.(171) PrimeCo states that carriers
vary considerably in size and technical resources, and therefore adoption
of a uniform timing standard is not
appropriate.(172) BellSouth contends that
establishing an arbitrary timing requirement, without a thorough knowledge
of how CALEA will be implemented, is
inappropriate.(173) SBC states that the
timing of delivery of call-identifying information is a function of network
and equipment design, and that DoJ/FBI cannot point to an actual case in
which the timing of a carrier's delivery of call-identifying information
has ever led to a crime that otherwise would have been
prevented.(174)
103. DoJ/FBI disagree with the above parties, arguing that
a timing capability is essential to law enforcement. DoJ/FBI cite a kidnapping
as an example of a situation where timely delivery of call-identifying
information is critical.(175) DoJ/FBI state
that in such a situation if call-identifying information is not provided
until the end of a call, it may be of little value to the LEA. DoJ/FBI state
that it has requested transmission to the LEA from the carrier within three
seconds from the time of the event because that timeframe is well within
the state-of-the-art, and use of a precise time stamp is important to accurately
record events.(176)
104. Discussion. We tentatively conclude that time
stamp information fits within the definition of call-identifying information
contained within section 102(2) of
CALEA(177) and will allow such information
"to be associated with the communication to which it
pertains."(178) We propose to include timing
information that is reasonably available to the carrier as a technical
requirement necessary to meet the assistance capability requirements of Section
103(a). We seek comment on this proposal. We base this conclusion on the
statutory language found in Section 103(a)(2), and on our tentative conclusion
that such information falls within the definition of call-identifying information
in section 102(2). A time stamp permits identification of a given call from
a series of calls made within a short timeframe, and is necessary to allow
a LEA to associate call-identifying information with the communication to
which it pertains. We note, however, that CALEA does not impose a specific
timing requirement on carriers. Rather, it states that carriers must
"expeditiously" isolate and enable the government to access call-identifying
information "before, during, or immediately after the transmission of a wire
or electronic communication (or at such later time as may be acceptable to
the government); and in a manner that allows it to be associated with the
communication to which it
pertains."(179) Therefore, we seek comment
on what is a reasonable amount of time to require the carriers to deliver
the time stamped message to the LEA. We note that DoJ/FBI have requested
delivery within 3 seconds of the beginning of the event and with an accuracy
of 100 milliseconds. Commenters should address whether this is a reasonable
time frame, and whether there are any technical barriers to implementing
such a requirement. Commenters proposing an alternative time frame should
also address technical feasibility and how such a time frame will satisfy
the requirements of the statute.
105. In addition, we seek comment, as required by section
107(b), on the factors that we must consider in establishing a technical
requirement. Are there cost-effective methods of providing timing information
to a LEA? Can this requirement be accomplished in a manner that minimizes
costs to residential ratepayers? Further, we request comment on whether this
proposal raises issues regarding the protection of privacy and security of
communications which are not authorized to be intercepted. Additionally,
we solicit comment on whether the inclusion of this technical requirement
within the assistance capability requirements envisioned by Section 103 would
positively or negatively affect the provision of new technologies and services
to the public. Commenters are asked to provide detailed information regarding
the amount of time and conditions that they believe will be necessary to
successfully develop and deploy this technical requirement in telecommunications
systems.
106. Background. This capability would require
the telecommunications carrier to send information to the LEA to verify that
a wiretap has been established and is still functioning correctly. This
information could include the date, time, and location of the wiretap;
identification of the subscriber whose facilities are under surveillance;
and identification of all voice channels that are connected to the subscriber.
This information would be transmitted to the LEA when the wiretap is activated,
updated or deactivated, as well as periodically (varying from once every
hour to once every 24 hours).
107. AT&T argues that CALEA permits telecommunications carriers to meet their obligations in this regard by whatever means they choose, including human intervention.(180) TIA states that the only statutory basis asserted by DoJ/FBI for this capability is that Section 103(a) of CALEA states that telecommunications carriers "shall ensure" that their equipment is capable of providing access to communications and call-identifying information.(181) SBC concurs that CALEA does not mandate that carriers provide the status of wiretaps to law enforcement in real time. SBC also argues that test procedures are available by which law enforcement can perform this function in concert with carrier personnel.(182) PrimeCo states a more reasonable means of verifying whether a wiretap is operational is to perform a periodic trap and trace test of the target's phone number.(183) Finally, AirTouch states that it has been informed by a vendor that the cost of developing a surveillance status message would be "exorbitant."(184)
108. DoJ/FBI state that, in the context of the analog network,
the LEA employs non-automated means to determine whether the interception
device is accessing the correct equipment, service, or facility, but that
digital switching precludes the LEA from performing this function because
it does not allow similar access to the intercept location. DoJ/FBI argue
that without a surveillance status message, the LEA would not know when the
intercept is turned on or off, or if it has failed; therefore, important
evidence could be lost.(185) Finally, DoJ/FBI
object to human intervention as a possible solution to this requirement because
they state that such intervention would be costly and
impractical.(186)
109. Discussion. CALEA requires carriers to ensure
that authorized wiretaps can be performed in an expeditious
manner,(187) and we believe that a surveillance
status message could assist carriers and LEAs in determining the status of
such wiretaps. We tentatively conclude, however, that a surveillance status
message does not fall within any of the provisions of Section 103. We do
not believe that it is call-identifying information as defined by CALEA,
since the information such a feature would provide is unrelated to any particular
call. Nor does a surveillance status message appear to be required under
Section 103(a)(1), since it is not necessary to intercept either wire or
electronic communications carried on a carrier's system. Nor are we persuaded
by the FBI's interpretation that a surveillance status message is required
by CALEA's direction that a carrier "shall ensure" that its system is capable
of meeting the Section 103(a) requirements. Rather, we note that the Act
expressly states: "a telecommunications carrier shall ensure that its equipment,
facilities, or services . . . are capable of" intercepting communications
and allowing LEA access to call-identifying
information.(188) We interpret the plain
language of the statute to mandate compliance with the capability requirements
of Section 103(a), but not to require that such capability be proven or verified
on a continual basis.
110. Thus, we tentatively conclude that the surveillance
status punch list item is not an assistance capability requirement under
Section 103.(189) However, we invite comment
as to how, generally, carriers intend to ensure that wiretaps remain operational.
How, specifically, would "human intervention" be exercised? For example,
do carriers plan to periodically check the circuit manually and notify the
LEA that the wiretap remains operational? Further, to the extent commenters
continue to believe that an automated surveillance status message is necessary
to implement the requirements of Section 103, we seek comment on the 107(b)
factors that the Commission must evaluate under CALEA. In what manner could
such a feature be provided? Are there cost effective methods of providing
surveillance status information to a LEA? Can this requirement be accomplished
in a manner that minimizes costs to residential ratepayers? Could such provision
of surveillance status messages compromise the privacy and security of
communications not authorized to be intercepted? Would the provision of such
information constrain a carrier's ability to develop and deploy new technologies
and services? What period of time would be required to develop and deploy
such a feature? And, to the extent that this information were to fall under
the definition of call-identifying information, is it reasonably available
to carriers?
111. Background. This technical requirement would
require that, in cases where a LEA has obtained authority to intercept wire
or electronic communications, a C-tone or dial tone be placed on the call
content channel (CCC) received by the LEA from the telecommunications carrier
until a user of the facilities under surveillance initiates or receives a
call.(190) At that point, the tone would
be turned off, indicating to the LEA that the target facilities were in use.
This capability would permit correlation between the time a call is initiated
and the time the connection is established. The C-tone would also verify
that the connection between the carrier's switch and the LEA is in working
order.
112. AirTouch states that there is no basis in CALEA for
this capability, and that it particularly objects to the FBI's demand that
CMRS providers be responsible for providing a continuity tone over the delivery
circuits law enforcement agencies will use. AirTouch asserts that in most
circumstances, the LEA will obtain its delivery circuits from a LEC, not
from a CMRS provider. In those circumstances, according to AirTouch, the
responsibility to ensure that the delivery circuit is operational should
fall on the LEC, not the CMRS provider, which has no control over either
the circuits in question or over the LEC that owns and provides the
circuits.(191) BellSouth contends that a
continuity tone check is technically feasible only when dedicated content
channels are provided and otherwise should not be
required.(192)
113. DoJ/FBI state that the LEA, in the context of the analog
network, can provide itself with a continuity tone when it conducts
interceptions, and that if a similar capability is not provided in digital
networks, the LEA will lose the ability to verify the efficacy, accuracy,
and integrity of a wiretap.(193) DoJ/FBI
argue that Section 103 places an affirmative obligation on the carrier to
verify that its equipment is operational and law enforcement has access to
all communications and call-identifying information within the scope of the
authorized surveillance. DoJ/FBI maintain that the interim standard does
not contain any provisions that give effect to this affirmative statutory
obligation, and state that its proposal would not require any carrier to
implement any particular design or
equipment.(194)
114. Discussion. As with the case of surveillance
status messages, we believe that continuity tone could assist the LEA in
determining the status of a wiretap, but that this technical requirement
is not necessary to meet the mandates of Section 103(a). Similar to our reasoning
regarding surveillance status messages, we do not believe that a continuity
tone falls within CALEA's definition of call-identifying information, nor
does it appear to be required under Section 103(a)(1), since it is not necessary
to intercept either wire or electronic communications carried on a carrier's
system. Furthermore, as explained above, the plain language of the statute
mandates compliance with the capability requirements of Section 103(a), but
does not require that such capability be proven or verified on a continual
basis. Thus, we tentatively conclude that the continuity tone punch list
item is not an assistance capability requirement under Section
103.(195)
115. However, to the extent commenters continue to believe
such a technical requirement is necessary to implement the requirements of
Section 103, we seek comment on the 107(b) factors that the Commission must
evaluate under CALEA. In what manner could such a feature be provided? Are
there cost effective methods of providing a continuity tone to a LEA? Can
this requirement be accomplished in a manner that minimizes costs to residential
ratepayers? Could provision of a continuity tone somehow compromise the privacy
and security of communications not authorized to be intercepted? For example,
could such a tone be detected by the subscriber whose facilities are under
surveillance? Would the provision of such information constrain a carrier's
ability to develop and deploy new technologies and services? And finally,
what period of time would be required to develop and deploy such a feature?
116. Background. This technical requirement would
require a carrier to notify the LEA when specific subscription-based calling
services are added to or deleted from the facilities under surveillance,
including when the subject modifies capabilities remotely through another
phone or through an operator. Examples of such services are call waiting,
call hold, three-way calling, conference calling, and call
return.(196) Also, the carrier would be
required to notify the LEA if the telephone number of the facilities under
surveillance was changed or service was
disconnected.(197)
117. US West states that feature status information does
not identify any telephone numbers or digits dialed by subscribers, and is
therefore beyond the scope of
CALEA.(198) SBC and BellSouth agree that
feature status messages are not call-identifying
information.(199)
118. AT&T states that notification to the LEA of a change
in feature status, indicating that a subscriber has added or has dropped
services, is provided currently by manual means, i.e., in response
to a subpoena to the carrier. AT&T argues that nothing in CALEA requires
the automation of such a process, and in fact the complexity and cost involved
in doing so likely would be
enormous.(200) PrimeCo states that the DoJ/FBI
claim that feature status information "represents the most appropriate way
to 'meet the assistance capability requirements of Section 103 by cost-effective
methods'" is unsupported by the
record.(201)
119. TIA states that it is unclear whether DoJ/FBI contemplate
the delivery of a feature status message at the time the subscriber requests
the change or at the time the change is actually executed. TIA asserts that
if carriers were required to provide feature status messages at the time
that the subscriber submits a request, they would have to reconfigure entire
customer service databases and other operating software to provide automatic
messaging to law enforcement -- a capability that is not supported by the
present design of these systems.(202)
120. DoJ/FBI disagree with the above parties, contending
that the provision of an automated feature status message is essential to
enable the LEA to procure the number of delivery channels or circuits required
to ensure that the interception is fully effectuated and the intercepted
material delivered as authorized. DoJ/FBI argue that whenever a subscriber
has the capability of making multi-party calls, the LEA must have access
to all call content channels to ensure that it will receive all communications
and call-identifying information that are subject to a court order or other
lawful authorization. DoJ/FBI contend that, in modern networks, the subscriber
may change calling services at any time and, thus, the LEA needs to know
what features are activated on a subscriber's service at any time in order
to determine how many interception delivery channels and circuits are necessary
to ensure that call content and call-identifying evidence are not
lost.(203) In response to TIA's comments,
DoJ/FBI state that they are proposing that the LEA be notified only when
a change in feature status becomes effective for the subscriber, not when
the subscriber requests a change.(204)
121. Discussion. Similar to surveillance status
messages and continuity tones, we believe that feature status messages could
be useful to a LEA, but that provision of these messages from a carrier to
a LEA is not required to meet the mandates of Section 103(a). First, we believe
it is clear that feature status messages do not constitute call-identifying
information because they do not pertain to the actual placement or receipt
of individual calls. Further, feature status messages do not appear to be
required under Section 103(a)(1) because they are not necessary to intercept
either wire or electronic communications carried on a carrier's system. Rather,
they would simply aid a LEA in determining how much capacity is required
to implement and maintain effective electronic surveillance of a target facility,
information that could be useful in assuring that an interception is fully
effectuated and the intercepted material delivered as authorized. However,
as noted by AT&T, the information that would be provided by feature status
messages can be provided by other means, such as a subpoena to the carrier.
In any event, we reiterate our view that the plain language of the Act mandates
compliance with the assistance capability requirements of Section 103(a),
but does not require carriers to implement any specific quality control
capabilities to assist law enforcement. Thus, we tentatively conclude that
the feature status punch list item does not meet the assistance capability
requirements of Section 103.(205)
122. We note, however, that at least some of the information
that would be provided by feature status messages -- for example, a change
to the phone number of the facilities under surveillance -- must be provided
to the LEA expeditiously if electronic surveillance is to be effective. We
request comment on whether this information can be provided in such an
expeditious manner by other means. We also request comment on any other aspects
or interpretations of a feature status capability that might cause at least
some portion of this feature to meet the assistance capability requirements
of Section 103. To the extent commenters believe that such a capability is
necessary to implement the requirements of Section 103, we seek a particularized
description of such a capability and comment on the 107(b) factors that the
Commission must evaluate under CALEA. In what manner could such a capability
be provided? Are there cost effective methods of providing feature status
messages to a LEA? Can this requirement be accomplished in a manner that
minimizes costs to residential ratepayers? Could provision of feature status
messages to a LEA compromise the privacy and security of communications not
authorized to be intercepted? Would the provision of such information constrain
a carrier's ability to develop and deploy new technologies and services?
And finally, what period of time would be required to develop and deploy
such a capability?
123. Background. This capability would require
the telecommunications carrier to provide to the LEA on the call data channel
any digits dialed by the subject after connecting to another carrier's service
(also known as "post-cut-through digits"). One example of such dialing and
signaling would occur when the subject dials an 800 number to access a long
distance carrier. After connecting to the long distance carrier through the
800 number, the subject then dials the telephone number that is the ultimate
destination of the call.
124. TIA maintains that post-cut-through digits are not
call-identifying information for the initial carrier and are not reasonably
available to that carrier. Further, according to TIA, the delivery of
post-cut-through dialing information pursuant to a pen register order would
not protect "the privacy and security of . . . call-identifying information
not authorized to be intercepted" because post-cut-through digits could include
credit card numbers and other substantive information such as responses to
an automatic queuing system, which the LEA is not entitled to without a Title
III authorization. TIA states that a carrier would have no means of segregating
protected information that is not subject to a pen register order from
call-routing digits that are provided. Finally, TIA argues that post-cut-through
dialing information is already available to law enforcement under the industry
interim standard pursuant to either a Title III content intercept order or
a pen register order or subpoena directed to the long-distance carrier that
completes the second stage of the
call.(206) Therefore, TIA concludes that
the real agenda of DoJ/FBI is to be able to obtain post cut-through digits
through a pen register order addressed solely to the carrier conducting the
initial intercept, in order simply to avoid the inconvenience and expense
associated with the two methods already available to
it.(207)
125. Ameritech, AT&T, CDT, EPIC/EFF/ACLU, Primeco,
SBC, and USTA voice concerns similar to
TIA's.(208) CDT states that the legislative
history of CALEA makes clear that call-identifying information does not include
dialed numbers after call
cut-through.(209) CDT contends, however,
that the fact that this capability is not mandated by CALEA in no way prevents
the LEA from obtaining post-cut-through digits because those digits are available
from the long-distance carrier that completes the
call.(210)
126. US West states that, from the perspective of a LEC,
once a subject establishes a connection with an IXC the call has terminated
at the IXC's platform, and the LEC has no special access to or reason to
know the second number dialed.(211) AirTouch
states that it is undisputed that CMRS carriers cannot provide post-cut-through
digits without additional developmental work by vendors and major system
modifications by carriers. Therefore, according to AirTouch, this capability
is not reasonably available to the CMRS industry. Further, AirTouch maintains
that law enforcement may receive these digits either with a Title III order
or a call-identifying order served on the long-distance carrier that completes
the second stage of the call.(212) Finally,
according to AirTouch, a vendor has advised that the cost of developing the
post-cut-through dialing capability would likely exceed the cost of developing
all of the other punch list items
combined.(213)
127. DoJ/FBI state that dialed digits used to complete a
call are "dialing or signaling information" that identifies the "destination"
of the call and falls within CALEA's definition of "call-identifying
information," but that this information is not included in the industry interim
standard.(214) DoJ/FBI contend that this
information must be provided because without it the LEA may find it substantially
more difficult, if not impossible, to establish the identity of the party
to whom the subject is speaking due to the fact that the subject may use
multiple long distance carriers. For example, according to DoJ/FBI, in an
illegal drug case the LEA might be unable to link a drug distributor with
the source of the drugs because the LEA would have information only about
which long distance company the distributor was using --not the subsequent
post-cut-through digits that would identify the source. DoJ/FBI conclude
by stating that CALEA does not draw any distinction between pre-cut-through
and post-cut-through dialing or signaling information to process, direct,
or complete a call; and that there is no privacy-based reason under CALEA,
the pen register statutes, or the Constitution to prevent a telecommunications
carrier from providing all such information to the
LEA.(215)
128. Proposal. We tentatively conclude that
post-cut-through digits representing all telephone numbers needed to route
a call, for example, from the subscriber's telephone through its LEC, then
through IXC and other networks, and ultimately to the intended party are
call-identifying information. We seek additional comment on whether such
call-identifying information is reasonably available to the carrier originating
the call. Currently, the second set of numbers a subject dials (the final
destination of the call) apparently is transmitted over the CCC (the content
portion of the connection) and not over the CDC (a separate signaling channel).
This method of transmission raises two primary questions: (1) Since the
post-cut-through digits are provided on the content portion of the connection,
should those numbers be considered content for purposes of CALEA?; and (2)
Technically, how can such post-cut-through digits be extracted from the content
channel and delivered to a LEA by a carrier? We seek comment on whether
originating, intermediate, or terminating carriers can deliver such
call-identifying information by cost-effective means. We are also aware of
the concerns expressed by industry and privacy advocates that this dialed
digit extraction feature could prove to be inordinately expensive to design,
build, and incorporate into telephone network infrastructures. The record
established thus far does not reflect any specific cost estimates but does
raise the possibility that there may be newly available, less expensive solutions
for this feature,(216) although it is not
clear if such solutions have the capability of separating post-cut-through
call-identifying digits from those dialed to perform other functions. We
seek comment on this proposal and, as required by section 107(b), on the
other factors that we must consider in establishing a technical requirement.
Can it be accomplished in a manner that minimizes costs to residential
ratepayers? Additionally, we solicit comment on whether our proposal would
positively or negatively affect the provision of new technologies and services
to the public. Commenters are asked to provide detailed information regarding
the amount of time and conditions that they believe will be necessary to
successfully develop and deploy this technical requirement in telecommunications
systems. Finally, we request detailed comment on how the privacy and security
of communications that are not authorized to be intercepted can be protected.
In particular, we request comment on whether and how such call-identifying
information can be distinguished from digits dialed to perform other functions
(e.g., to input a credit card number or to access information services
after the call reaches its final destination in the PSTN).
129. Parties supporting adoption of J-STD-025 as the final standard state that if deficiencies are found, the Commission should remand to TIA the task of remedying these deficiencies. TIA states that the telecommunications industry drafted the interim standard and is best qualified to modify it pursuant to any instructions from the Commission. TIA raises several reasons as justification for such an approach: the primary role of the industry in standards-setting under CALEA, the technical complexity of the matters at issue, the lack of specificity in the DoJ/FBI petition regarding the bases of the claimed deficiencies of the interim standard, and the fact that the industry is best positioned to adopt standards which provide for CALEA compliance while minimizing costs and impact on ratepayers. TIA also believes that the Commission lacks the experience and resources to modify the standard on its own.(217)
130. AT&T, Nextel Communications, Inc. (Nextel), the
Personal Communications Industry Association (PCIA), SBC, and US West generally
concur with TIA.(218) US West states that
if we decide to modify J-STD-025 in any respect, we should remand the revised
standard for implementation to TR45.2 because that TIA subcommittee has been
developing technical requirements for CALEA for three
years.(219)
131. DoJ/FBI disagree, stating that a remand to TR45.2
would result in substantial delay in the implementation of CALEA's assistance
capability requirements. DoJ/FBI assert that the Commission has the expertise
required to identify and prescribe appropriate technical requirements and
standards under section 107(b).(220)
132. Proposal. We believe that the technical
requirements proposed herein can be most efficiently implemented by permitting
Subcommittee TR45.2 of the TIA to develop the necessary specifications in
accord with our determinations. We note that CALEA contemplates that standards
will be developed either "by an industry association or standard-setting
organization, or by the
Commission."(221) We note that both LEAs,
carriers and manufacturers are voting members of the Subcommittee. While
we could undertake this task, we believe that the Subcommittee already has
the experience and resources in place to resolve these issues more quickly.
Both law enforcement agencies and telecommunications manufacturers and carriers
participate on the Subcommittee. The Subcommittee worked diligently over
a period of several years to craft J-STD-025 and both LEAs and privacy groups
agree with -- or, at least do not raise any specific objections to -- the
vast majority of the features of that standard. A Commission-based
standard-setting activity would necessarily have to rely heavily on the
Subcommittee to modify J-STD-025 in any event, and thus would very likely
take longer than industry-based processes to develop a final safe harbor
standard. Our decision to rely on industry to develop the final technical
specifications reflects our commitment to achieve a CALEA solution as
expeditiously as possible.
133. Accordingly, we expect TIA to undertake the task of
modifying J-STD-025 to be consistent with the technical requirements we
ultimately adopt in this proceeding. Further, we expect the TIA to complete
any such modifications to J-STD-025 within 180 days of release of the Report
and Order in this proceeding. While this is an ambitious schedule, we believe
it is achievable because the TIA has been examining CALEA technical standards
issues for several years, and the modifications to J-STD-025 are likely to
be relatively limited. In fact, all of the technical requirements that we
have identified for modification were previously considered in detail by
TIA Subcommittee TR45.2. We note that any telecommunications carrier conforming
with the revised standard will be considered to have complied with CALEA's
safe harbor provisions under section 107(a)(2). We consider 180 days a sufficient
time period for industry to adopt revised technical standards compliant with
CALEA and we believe that industry will be able to comply with the core
requirements of J-STD-025 (excluding the packet-mode feature) by June 30,
2000. Therefore, we do not plan to extend the CALEA compliance deadline for
the core J-STD-025 requirements beyond that date, except in the case of
individual extenuating circumstances, to which the criteria of section 107(c)
of CALEA would apply.(222) Based on comments
received in response to this Further NPRM, we will set a separate deadline
for compliance with the additional technical requirements that we determine
CALEA mandates. We seek comment on these tentative findings and conclusions.
134. We note that TIA's J-STD-025 applies only to "wireline,
cellular, and broadband PCS
carriers."(223) CALEA assistance capability
requirements for other telecommunications carriers, including paging, specialized
mobile radio (SMR), and satellite services, are not covered by J-STD-025.
Industry associations or standard-setting organizations that represent such
carriers may establish voluntary standards to achieve compliance with Section
103 by the June 30, 2000 deadline, and take advantage of the safe harbor
provision of section 107(a). The absence of an industry standard, however,
does not relieve such carriers from the obligations imposed by Section
103.(224) In the absence of a publicly available
standard, a carrier will have to work with its vendors to develop an individual
CALEA solution. And, as noted above, because compliance with an industry
standard is voluntary, not compulsory, under the Act, a carrier is free to
choose a CALEA solution that is specifically tailored to its particular system
and technology.
135. We note that, with regard to these other carriers,
the Commission has received no petitions asking us to either set a standard
in the absence of one or find that a given standard is deficient. Nevertheless,
we believe that the certainty we provide in establishing the technical
requirements for wireline, cellular, and broadband PCS carrier CALEA compliance
will enable manufacturers and providers of other telecommunication services
to work with the law enforcement community to develop technical requirements
that will meet CALEA's mandates, and that could be specified in voluntary
industry standards that would allow carriers to take advantage of the safe
harbor under section 107(a).
136. The comments from industry associations, manufacturers,
and telecommunications carriers not covered by the industry interim standard
urge the Commission to resolve the dispute regarding TIA's J-STD-025 standard
and the requirements for compliance with
CALEA.(225) Generally, these commenters
support the policy of allowing industry associations to develop their own
standards for CALEA compliance rather than the Commission doing so through
regulatory mandates.(226) PCIA warns that
the Commission should not "substitute its judgment for the reasoned consensus
of an overwhelming majority of industry participants." Both PCIA and Nextel
suggest that the Commission should instead remand "any final determination
on capabilities to TIA's TR45 expert
committee."(227) Moreover, Nextel's reply
comments stress that the "Commission must not preclude other industry
associations or standard-setting organizations from promulgating standards
or requirements that are aimed more at specific services or technologies
such as paging, digital dispatch or wireless data to the extent any of these
services are covered by CALEA."(228) Nextel's
comments generally stress the importance of creating specific standards that
focus on network design and the information generated by certain communications
methods, and explain that the Commission's rules should not foreclose the
development of such alternative
standards.(229)
137. These commenters also emphasize that they will work
closely with law enforcement to develop standards, which would function as
safe harbors, for those carriers not covered by the industry interim standard.
For instance, PCIA explains that on May 4, 1998, the CALEA Subcommittee of
its Technical Committee, with input from law enforcement, published Version
1.0 of its CALEA Specification for Traditional
Paging.(230) Pursuant to this standard,
PCIA contends that paging providers offering one-way paging service can comply
with Section 103 and be afforded safe harbor under section 107(a) by providing
law enforcement officials, upon presentation of a valid warrant, with a cloned
pager.(231) PCIA's subcommittee also plans
to develop and publish standards for advanced paging services and ancillary
service providers that would establish a CALEA safe harbor for carriers providing
such services.(232)
138. Similarly, the American Mobile Telecommunications
Association (AMTA) notes that "its members have in the past and will in the
future cooperate with law enforcement personnel in court-ordered electronic
surveillance to the maximum extent possible, whether or not that assistance
is provided pursuant to CALEA
requirements."(233) AMTA also explains that
although the FBI has been silent in response to questions regarding whether
the technical parameters of AMTA members' systems fall under the auspices
of CALEA, AMTA has nonetheless undertaken a standards-setting process for
SMR systems.(234) AMTA states that it fears
that unless it develops a SMR standard for compliance, its members might
face enforcement actions and economic penalties under the provisions of the
Act.(235)
139. Comments by carriers and associations using technologies
and systems not covered by J-STD-025 generally express concern about the
lack of clarification regarding whether their equipment, facilities and services
are subject to the requirements of
CALEA.(236) Although it did not comment
directly on the standards issue, Iridium explains in its petition for extension
of CALEA's compliance deadline that, as a satellite provider, it went to
great lengths during the last four years to analyze the technical implications
that CALEA would have for its system, to discuss the systems' intercept
capabilities with the government, and to explore electronic surveillance
architecture solutions particular to its
system.(237) To date, however, law enforcement
officials have been unwilling to "state in writing that Iridium's approach
is compliant with CALEA."(238) Iridium further
notes that there is no safe harbor for satellite
providers.(239) Globalstar, another satellite
provider, also in the context of advocating an extension of CALEA's compliance
date, comments on the unique difficulties faced by satellite service
providers.(240) Although Globalstar has
received non-common carrier status, and is therefore not subject to the Act,
it explains that the ability of other satellite carriers to meet CALEA's
capability requirements is complicated by the facts that the Attorney General
has not adopted capacity standards for satellite services and that global
satellite systems must receive multiple authorizations from the countries
they serve.(241)
140. AirTouch maintains that the problems faced by the paging
industry illustrate the difficulties faced by these other carriers in dealing
with law enforcement. As AirTouch explains, "[t]he paging industry has long
accommodated law enforcement's interception needs by furnishing 'clone' pagers"
and until recently the FBI has given the paging industry the impression that
doing so satisfies CALEA's
requirements.(242) AirTouch contends the
FBI has only recently declared that "'clone' pager-based interceptions have
only limited effectiveness and utility, and fail to fully meet CALEA's Section
103 requirements."(243)
141. We seek comment on what role, if any, the Commission
can or should play in assisting those telecommunications carriers not covered
by J-STD-025 to set standards for, or to achieve compliance with, CALEA's
requirements. Insofar as such carriers argue that CALEA contemplates multiple
or different standards for services such as paging, digital dispatch and
wireless data,(244) we seek comment regarding
how our determinations regarding J-STD-025, the FBI's punch list items, and
location and packet-mode information will affect the requirements and standards
already adopted or currently being established by these other industry segments.
For example, can the Commission's determinations in this rulemaking proceeding
be adapted to these other technologies? Further, we request comment on if
and how we should consider the impact of the technical requirements we ultimately
adopt in this proceeding on these other technologies and services.
142. Section 109(b) of CALEA lays out a detailed regime
under which telecommunications carriers or any other interested person may
petition the Commission to determine whether, for equipment, facilities,
or services installed or deployed after January 1, 1995, compliance with
the Section 103 assistance capability requirements is "reasonably achievable."
The Attorney General must be notified of the petition, and the Commission
must make a determination under the "reasonably achievable" standard within
one year after the date such a petition is filed. When considering any such
petition under the "reasonably achievable" standard, "the Commission shall
determine whether compliance would impose significant difficulty or expense
on the carrier or on the users of the carrier's systems." Eleven factors
are to be considered by the Commission in determining whether compliance
with the assistance capability requirements of Section 103 is reasonably
achievable.(245)
143. If the Commission determines that compliance with the
assistance capability requirements of Section 103 is not reasonably achievable,
the affected carrier may petition the Attorney General to pay for the additional,
reasonable costs necessary to make compliance reasonably achievable. The
Attorney General may agree to compensate the affected carrier for the "additional
reasonable costs" of complying with the assistance capability requirements
of Section 103. If the Attorney General does not agree to pay such additional
reasonable costs, the affected carrier would be deemed to be in compliance
with CALEA's capability
requirements.(246)
144. As discussed in paragraph 18, supra, in March
1998 CDT submitted a petition for rulemaking to the Commission. In its petition,
CDT requests relief from the Commission under section 109 (as well as section
107) of CALEA. CDT argues that "compliance with CALEA is not reasonably
achievable with respect to equipment, facilities, and services deployed after
January 1, 1995, for the simple reason that carriers have had to make changes
to their systems not knowing what was required to comply with
CALEA."(247) Lack of a CALEA standard, or
a dispute about the CALEA standard, however, is not grounds for a rulemaking
under section 109. Rather, a section 109 determination by the Commission
presupposes that the final requirements that must be met by telecommunications
carriers under Section 103 are in place. Those requirements, however, are
still in dispute. Accordingly, we are herein dismissing without prejudice
that portion of CDT's petition that relies on section 109.
145. Finally, as discussed in paragraphs 16-17, supra, in July 1997 CTIA filed a petition for rulemaking requesting that the Commission establish a standard to implement the mandates of Section 103, and in March 1998 DoJ/FBI submitted a motion to dismiss that petition on the grounds that the December 1997 adoption of J-STD-025 rendered CTIA's petition moot. CTIA agrees with DoJ/FBI that its petition is moot, both because the adoption of the industry interim standard supersedes its request for the Commission to establish a CALEA standard by rule and because its request in its petition to extend the CALEA compliance deadline has been addressed in this proceeding.(248) We agree. Accordingly, we herein dismiss as moot CTIA's July 16, 1997 Petition for Rulemaking.(249)
146. With this Further Notice of Proposed Rulemaking,
we propose rules to implement CALEA pursuant to section 229 of the Communications
Act of 1934, as amended, 47 U.S.C. section 229. The proposed action is also
authorized by sections 1, 4, 301, 303, and 332 of the Communications Act
of 1934, as amended, and section 107(b) of CALEA, 47 U.S.C. sections 151,
154, 301, 303, 332, and 1006(b). We encourage interested parties to comment
not only on the specific proposals that are contained in this Further NPRM
but also to provide alternatives to our recommendations and proposed rules
that they believe will enable us to implement CALEA efficiently and effectively.
We further request that commenters include their recommendations and the
text of specific proposed rules in their initial comments, so that other
parties will have the opportunity to comment on those proposals in their
reply comments.
147. This is a permit-but-disclose notice and comment rulemaking
proceeding. Ex parte presentations are permitted, except during
the Sunshine Agenda period, provided they are disclosed as provided in the
Commission's rules. See generally 47 C.F.R. sections 1.1202, 1.1203,
1.1206(a)(1), and 1.1206(b).
148. As required by the Regulatory Flexibility Act (RFA),(250) the Commission has prepared an Initial Regulatory Flexibility Analysis (IRFA) of the expected significant economic impact on small entities by the policies and rules suggested in this Communications Assistance for Law Enforcement Act, Further Notice of Proposed Rulemaking (CALEA Further NPRM). Written public comments are requested on the IRFA. Comments must be identified as responses to the IRFA and must be filed by the deadlines for comments on the CALEA Further NPRM provided above on the first page, in the heading. The Secretary shall send a copy of the CALEA Further NPRM, including the IRFA, to the Chief Counsel for Advocacy of the Small Business Administration (SBA) in accordance with paragraph 603(a).(251)
I. Need for and Objectives of the Proposed
Rules: This Further Notice of Proposed Rulemaking responds
to the legislative mandate contained in the Communications Assistance for
Law Enforcement Act, Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified
as amended in sections of 18 U.S.C. and 47 U.S.C.).
II. Legal Basis: The proposed action is
authorized under the Communications Assistance for Law Enforcement Act, Pub.
L. No. 103-414, 108 Stat. 4279 (1994) (codified as amended in scattered sections
of 18 U.S.C. and 47 U.S.C.). The proposed action is also authorized by sections
1, 4, 201, 202, 204, 205, 218, 229, 332, 403 and 503 of the Communications
Act of 1934, as amended, 47 U.S.C. sections 151, 154, 201-205, 218, 229,
301, 303, 312, 332, 403, 501 and 503.
III. Description and Estimate of the Number of
Small Entities To Which the Proposed Rules Will Apply: The proposals
set forth in this proceeding may have a significant economic impact on a
substantial number of small telephone companies identified by the SBA. We
seek comment on the obligations of a telecommunications carrier for the purpose
of complying with CALEA.
149. The RFA generally defines "small entity" as having
the same meaning as the term "small business," "small organization," and
"small governmental jurisdiction" and the same meaning as the term "small
business concern" under the Small Business Act, unless the Commission has
developed one or more definitions that are appropriate to its
activities.(252) Under the Small Business
Act, a "small business concern" is one that: (1) is independently owned and
operated; (2) is not dominant in its field of operation; and (3) meets any
additional criteria established by the Small Business Administration
(SBA).(253) The SBA has defined a small
business for Standard Industrial Classification (SIC) categories 4812
(Radiotelephone Communications) and 4813 (Telephone Communications, Except
Radiotelephone) to be small entities when they have fewer than 1,500
employees.(254) We first discuss generally
the total number of small telephone companies falling within both of those
SIC categories. Then, we discuss the number of small businesses within the
two subcategories, and attempt to refine further those estimates to correspond
with the categories of telephone companies that are commonly used under our
rules.
150. Telephone Companies (SIC 483). Consistent
with our prior practice, we shall continue to exclude small incumbent LECs
from the definition of a small entity for the purpose of this
IRFA.(255) Nevertheless, as mentioned above,
we include small incumbent LECs in our IRFA. Accordingly, our use of the
terms "small entities" and "small businesses" does not encompass "small incumbent
LECs." We use the term "small incumbent LECs" to refer to any incumbent LECs
that arguably might be defined by SBA as "small business
concerns."(256)
151. Total Number of Telephone Companies Affected.
Many of the decisions and rules adopted herein may have a significant effect
on a substantial number of the small telephone companies identified by SBA.
The United States Bureau of the Census (the Census Bureau) reports that,
at the end of 1992, there were 3,497 firms engaged in providing telephone
services, as defined therein, for at least one
year.(257) This number contains a variety
of different categories of carriers, including local exchange carriers,
interexchange carriers, competitive access providers, cellular carriers,
mobile service carriers, operator service providers, pay telephone operators,
PCS providers, covered SMR providers, and resellers. Some of these providers
-- for example, all SMR providers -- are not covered by this Further NRPM,
and it seems certain that some of the 3,497 telephone service firms may not
qualify as small entities or small incumbent LECs because they are not
"independently owned and operated."(258)
For example, a PCS provider that is affiliated with an interexchange carrier
having more than 1,500 employees would not meet the definition of a small
business. It seems reasonable to conclude, therefore, that fewer than 3,497
telephone service firms are small entity telephone service firms or small
incumbent LECs that may be affected by this Further NPRM.
152. Wireline Carriers and Service Providers.
SBA has developed a definition of small entities for telephone communications
companies other than radiotelephone (wireless) companies. The Census Bureau
reports that, there were 2,321 such telephone companies in operation for
at least one year at the end of
1992.(259) According to SBA's definition,
a small business telephone company other than a radiotelephone company is
one employing fewer than 1,500
persons.(260) All but 26 of the 2,321
non-radiotelephone companies listed by the Census Bureau were reported to
have fewer than 1,000 employees. Thus, even if all 26 of those companies
had more than 1,500 employees, there would still be 2,295 non-radiotelephone
companies that might qualify as small entities or small incumbent LECs. Although
it seems certain that some of these carriers are not independently owned
and operated, we are unable at this time to estimate with greater precision
the number of wireline carriers and service providers that would qualify
as small business concerns under SBA's definition. Consequently, we estimate
that there are fewer than 2,295 small entity telephone communications companies
other than radiotelephone companies that may be affected by the decisions
and rules recommended for adoption in this NPRM.
153. Local Exchange Carriers. Neither the Commission
nor SBA has developed a definition of small providers of local exchange services
(LECs). The closest applicable definition under SBA rules is for telephone
communications companies other than radiotelephone (wireless) companies.
The most reliable source of information regarding the number of LECs nationwide
of which we are aware appears to be the data that we collect annually in
connection with the Telecommunications Relay Service (TARS). According to
our most recent data, 1,347 companies reported that they were engaged in
the provision of local exchange
services.(261) Although it seems certain
that some of these carriers are not independently owned and operated, or
have more than 1,500 employees, we are unable at this time to estimate with
greater precision the number of LECs that would qualify as small business
concerns under SBA's definition. Consequently, we estimate that there are
fewer than 1,347 small incumbent LECs that may be affected by the decisions
and rules recommended for adoption in this NPRM.
154. Interexchange Carriers. Neither the Commission
nor SBA has developed a definition of small entities specifically applicable
to providers of interexchange services (IXCs). The closest applicable definition
under SBA rules is for telephone communications companies other than
radiotelephone (wireless) companies. The most reliable source of information
regarding the number of IXCs nationwide of which we are aware appears to
be the data that we collect annually in connection with TARS. According to
our most recent data, 130 companies reported that they were engaged in the
provision of interexchange
services.(262) Although it seems certain
that some of these carriers are not independently owned and operated, or
have more than 1,500 employees, we are unable at this time to estimate with
greater precision the number of IXCs that would qualify as small business
concerns under SBA's definition. Consequently, we estimate that there are
fewer than 130 small entity IXCs that may be affected by the decisions and
rules recommended for adoption in this NPRM.
155. Competitive Access Providers. Neither the
Commission nor SBA has developed a definition of small entities specifically
applicable to providers of competitive access services (CAPs). The closest
applicable definition under SBA rules is for telephone communications companies
other than radiotelephone (wireless) companies. The most reliable source
of information regarding the number of CAPs nationwide of which we are aware
appears to be the data that we collect annually in connection with the TARS.
According to our most recent data, 57 companies reported that they were engaged
in the provision of competitive access
services.(263) Although it seems certain
that some of these carriers are not independently owned and operated, or
have more than 1,500 employees, we are unable at this time to estimate with
greater precision the number of CAPs that would qualify as small business
concerns under SBA's definition. Consequently, we estimate that there are
fewer than 57 small entity CAPs that may be affected by the decisions and
rules recommended for adoption in this NPRM.
156. Operator Service Providers. Neither the Commission
nor SBA has developed a definition of small entities specifically applicable
to providers of operator services. The closest applicable definition under
SBA rules is for telephone communications companies other than radiotelephone
(wireless) companies. The most reliable source of information regarding the
number of operator service providers nationwide of which we are aware appears
to be the data that we collect annually in connection with the TARS. According
to our most recent data, 25 companies reported that they were engaged in
the provision of operator services.(264)
Although it seems certain that some of these companies are not independently
owned and operated, or have more than 1,500 employees, we are unable at this
time to estimate with greater precision the number of operator service providers
that would qualify as small business concerns under SBA's definition.
Consequently, we estimate that there are fewer than 25 small entity operator
service providers that may be affected by the decisions and rules recommended
for adoption in this NPRM.
157. Wireless (Radiotelephone) Carriers. SBA has
developed a definition of small entities for radiotelephone (wireless) companies.
The Census Bureau reports that there were 1,176 such companies in operation
for at least one year at the end of
1992.(265) According to SBA's definition,
a small business radiotelephone company is one employing fewer than 1,500
persons.(266) The Census Bureau also reported
that 1,164 of those radiotelephone companies had fewer than 1,000 employees.
Thus, even if all of the remaining 12 companies had more than 1,500 employees,
there would still be 1,164 radiotelephone companies that might qualify as
small entities if they are independently owned are operated. Although it
seems certain that some of these carriers are not independently owned and
operated, we are unable at this time to estimate with greater precision the
number of radiotelephone carriers and service providers that would qualify
as small business concerns under SBA's definition. Consequently, we estimate
that there are fewer than 1,164 small entity radiotelephone companies that
may be affected by the decisions and rules recommended for adoption in this
NPRM.
158. Cellular and Mobile Service Carriers: In an
effort to further refine our calculation of the number of radiotelephone
companies affected by the rules adopted herein, we consider the categories
of radiotelephone carriers, Cellular Service Carriers and Mobile Service
Carriers. Neither the Commission nor the SBA has developed a definition of
small entities specifically applicable to Cellular Service Carriers and to
Mobile Service Carriers. The closest applicable definition under SBA rules
for both services is for telephone companies other than radiotelephone (wireless)
companies. The most reliable source of information regarding the number of
Cellular Service Carriers and Mobile Service Carriers nationwide of which
we are aware appears to be the data that we collect annually in connection
with the TARS. According to our most recent data, 792 companies reported
that they are engaged in the provision of cellular services and 117 companies
reported that they are engaged in the provision of mobile
services.(267) Although it seems certain
that some of these carriers are not independently owned and operated, or
have more than 1,500 employees, we are unable at this time to estimate with
greater precision the number of Cellular Service Carriers and Mobile Service
Carriers that would qualify as small business concerns under SBA's definition.
Consequently, we estimate that there are fewer than 792 small entity Cellular
Service Carriers and fewer than 138 small entity Mobile Service Carriers
that might be affected by the actions and rules adopted in this NPRM.
159. Broadband PCS Licensees. The broadband PCS
spectrum is divided into six frequency blocks designated A through F, and
the Commission has held auctions for each block. The Commission defined "small
entity" for Blocks C and F as an entity that has average gross revenues of
less than $40 million in the three previous calendar
years.(268) For Block F, an additional
classification for "very small business" was added, and is defined as an
entity that, together with its affiliates, has average gross revenues of
not more than $15 million for the preceding three calendar
years.(269) These regulations defining "small
entity" in the context of broadband PCS auctions have been approved by
SBA.(270) No small businesses within the
SBA-approved definition bid successfully for licenses in Blocks A and B.
There were 90 winning bidders that qualified as small entities in the Block
C auctions. A total of 93 small and very small business bidders won approximately
40% of the 1,479 licenses for Blocks D, E, and F. However, licenses for Blocks
C through F have not been awarded fully, therefore there are few, if any,
small businesses currently providing PCS services. Based on this information,
we conclude that the number of small broadband PCS licenses will include
the 90 winning C Block bidders and the 93 qualifying bidders in the D, E,
and F blocks, for a total of 183 small PCS providers as defined by the SBA
and the Commissioner's auction rules.
160. Resellers. Neither the Commission nor SBA
has developed a definition of small entities specifically applicable to
resellers. The closest applicable definition under SBA rules is for all telephone
communications companies. The most reliable source of information regarding
the number of resellers nationwide of which we are aware appears to be the
data that we collect annually in connection with the TARS. According to our
most recent data, 260 companies reported that they were engaged in the resale
of telephone services.(271) Although it
seems certain that some of these carriers are not independently owned and
operated, or have more than 1,500 employees, we are unable at this time to
estimate with greater precision the number of resellers that would qualify
as small business concerns under SBA's definition. Consequently, we estimate
that there are fewer than 260 small entity resellers that may be affected
by the decisions and rules recommended for adoption in this NPRM.
IV. Description of Projected Reporting, Recordkeeping and Other
Compliance Requirements:
161. The rules proposed in the NPRM require telecommunications
carriers to establish policies and procedures governing the conduct of officers
and employees who are engaged in surveillance activity. Those proposed rules
require telecommunications carriers to maintain records of all interceptions
of communications and call identification information. Further, those proposed
rules require telecommunications carriers classified as Class A companies
pursuant to 47 U.S.C. 32.11 to file individually with the Commission a statement
of its processes and procedures used to comply with the systems security
rules promulgated by the Commission. Telecommunications carriers classified
as Class B companies pursuant to 47 U.S.C. 32.11 may elect to either file
a statement describing their security processes and procedures or to certify
that they observe procedures consistent with the security rules promulgated
by the Commission.
162. We tentatively conclude that a substantial number of
telecommunications carriers, who have been subjected to demands from law
enforcement personnel to provide lawful interceptions and call-identifying
information for a period time preceding CALEA, already have in place practices
for proper employee conduct and recordkeeping. We seek comment on this tentative
conclusion. As a practical matter, telecommunications carriers need these
practices to protect themselves from suit by persons who claim they were
the victims of illegal
surveillance.(272) By providing general
guidance regarding the conduct of carrier personnel and the content of records
in this Further NPRM, the Commission permits telecommunications carriers
to use their existing practices to the maximum extent possible. Thus, we
tentatively conclude that the additional cost to most telecommunications
carriers for conforming to the Commission regulations contained in this Further
NPRM, should be minimal. We seek comment on this tentative conclusion.
V. Significant Alternatives to Proposed Rules Which Minimize Significant
Economic Impact on Small Entities and Accomplish Stated Objectives:
163. As we noted in Part I of this IRFA, supra,
the need for the proposed regulations is mandated by Federal legislation.
The legislation is specific on the content of employee conduct and recordkeeping
regulations for telecommunications carriers, which removes from Commission
discretion the consideration of alternative employee conduct and recordkeeping
regulations for smaller telecommunications carriers. The legislation, however,
provides for Commission discretion to formulate compliance reporting requirements
for telecommunications carriers that favor smaller telecommunications carriers,
and in the NPRM the Commission exercised that discretion by proposing rules
that allow smaller carriers the option to file a certification of compliance
with the Commission instead of a statement of the policies, processes and
procedures they use to comply with the CALEA
regulations.(273)
VI. Federal Rules that May Overlap, Duplicate, or Conflict with
the Proposed Rules:
164. As we noted in Part I of this IRFA, supra, the need for the proposed regulations is mandated by Federal legislation. The purpose of CALEA was to empower and require the Federal Communications Commission and the Department of Justice to craft regulations pursuant to specific statutory instructions. Because there were no other Federal Rules in existence before CALEA was enacted, there are no duplicate Federal Rules. In addition, there are no overlapping, duplicating, or conflicting Federal Rules to the Federal Rules proposed in this proceeding.
165. Pursuant to Sections 1.415 and 1.419 of the Commission's
rules, 47 C.F.R. 1.415, 1.419, interested parties may file comments on before
December 14, 1998, and reply comments on or before
January 13, 1999. Comments may be filed using the Commission's
Electronic Comment Filing System (ECFS) or by filing paper copies. See
Electronic Filing of Documents in Rulemaking Proceedings, 63 Fed. Reg.
24,121 (1998).
166. Comments filed through the ECFS can be sent as an
electronic file via the Internet to
<http://www.fcc.gov/e-file/ecfs.html>.
Generally, only one copy of an electronic submission must be filed. If multiple
docket or rulemaking numbers appear in the caption of this proceeding, however,
commenters must transmit one electronic copy of the comments to each docket
or rulemaking number referenced in the caption. In completing the transmittal
screen, commenters should include their full name, Postal Service mailing
address, and the applicable docket or rulemaking number. Parties may also
submit an electronic comment by Internet e-mail. To get filing instructions
for e-mail comments, commenters should send an e-mail to
ecfs@fcc.gov, and should include the following
words in the body of the message, "get form <your e-mail address." A sample
form and directions will be sent in reply.
167. Parties who choose to file by paper must file an original and four copies of all comments, reply comments and supporting comments. If participants want each Commissioner to receive a personal copy of their comments, an original plus nine comments must be filed. If more than one docket or rulemaking number appear in the caption of this proceeding, commenters must submit two additional copies for each additional docket or rulemaking number. All filings must be sent to the Commission's Secretary, Magalie Roman Salas, Office of the Secretary, Federal Communications Commission, The Portals, 445 Twelfth Street, S.W., Room TW-A325, Washington, D.C. 20554. Comments and reply comments will be available for public inspection during regular business hours in the Office of the Secretary.
168. Accordingly, pursuant to sections 1, 4, 229, 301, 303,
and 332 of the Communications Act of 1934, as amended, and 107(b) of the
Communications Assistance for Law Enforcement Act, 47 U.S.C. sections 151,
154, 229, 301, 303, 332, and 1006(b), IT IS ORDERED that this Further Notice
of Proposed Rulemaking is hereby adopted. IT IS FURTHER ORDERED that the
Petition for Rulemaking filed by the Cellular Telecommunications Industry
Association on July 16, 1997 IS DISMISSED as moot. IT IS FURTHER ORDERED
that the Petition for Rulemaking filed by the Center for Democracy and Technology
IS DISMISSED without prejudice to the extent the petition seeks relief under
section 109 of CALEA, 47 U.S.C. section 1008. IT IS FURTHER ORDERED that
the Commission SHALL SEND a copy of this Further Notice of Proposed Rulemaking,
including the Initial Regulatory Flexibility Analysis, to the Chief Counsel
for Advocacy of the Small Business Administration.
FEDERAL COMMUNICATIONS COMMISSION
Magalie Roman Salas
Secretary
Parties That Submitted Comments Regarding Standards Issues in Response
to April 20, 1998 Public Notice:
AirTouch Communications, Inc.
AT&T Corporation
American for Tax Reform, Center for Technology Policy of the Free Congress Foundation, and Citizens for a Sound Economy
Ameritech Operating Companies and Ameritech Mobile Communications, Inc.
BellSouth Corporation, Inc., BellSouth Telecommunications, Inc., BellSouth Cellular Corp., BellSouth Personal Communications, Inc., and BellSouth Wireless Data, L,P.
Cellular Telecommunications Industry Association
Center for Democracy and Technology
Department of Justice and Federal Bureau of Investigation
Electronic Privacy Information Center, Electronic Frontier Foundation, and American Civil Liberties Union
GTE
New York City Police Department
Nextel Communications, Inc.
Personal Communications Industry Association
PrimeCo Personal Communications, L.P.
SBC Communications, Inc. on behalf of its affiliates Southwestern Bell Telephone Company, Pacific Bell, Nevada Bell, Southwestern Bell Wireless Inc., Southwestern Bell Mobile Systems, Inc., and Pacific Bell Mobile Services, Inc.
Sprint Spectrum L.P. d/b/a Sprint PCS
Telecommunications Industry Association
United States Telephone Association
US West, Inc.
Parties That Submitted Reply Comments to Comments Regarding Standards
Issues:
AirTouch Communications, Inc.
American Mobile Telecommunications Association
AT&T Corporation
Bell Emergis - Intelligent Signalling Technologies
Cellular Telecommunications Industry Association
Center for Democracy and Technology
Denver (CO) Police Department
Department of Justice and Federal Bureau of Investigation
Drug Enforcement Administration
Electronic Privacy Information Center, Electronic Frontier Foundation, and American Civil Liberties Union
National Telephone Cooperative Association
New Jersey State Police
New York State Police Department
Nextel Communications, Inc.
Ocean County (NJ) Prosecutor's Office
PrimeCo Personal Communications, L.P.
Rural Cellular Association
SBC Communications, Inc.
Telecommunications Industry Association
US West, Inc.
Wisconsin Division of Narcotics Enforcement
Separate Statement of Commissioner Harold W. Furchtgott-Roth
In re: Further Notice of Proposed Rulemaking
Communications Assistance for Law Enforcement Act
By this Further Notice of Proposed Rulemaking, the Commission initiates a
proceeding to resolve a dispute among industry, law enforcement, and privacy
interests over what technical requirements are necessary for various carriers
to meet the assistance capability requirements of the Communications Assistance
for Law Enforcement Act, Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified
as amended in Sections of 18 U.S.C. and 47 U.S.C.) ("CALEA"). I support the
Further NPRM as a good first step to resolving this dispute. Herein, however,
I express two concerns about our proposed approach and make a strong request
for quantified cost, benefit, and timing information.
My first concern is general. While trying to ensure (at considerable expense
to taxpayers, consumers, and industry) that law enforcement agencies are
able to obtain access to communications among people using common wireline,
cellular, and PCS telecommunications services, we may be disregarding inexpensive
and fairly obvious ways for malefactors to thwart our efforts by using other
communications technologies or techniques. Although I believe that, because
CALEA requires us to do so, we must ensure appropriate access to the common
telecommunications services, I also believe that the practical limits on
law enforcement's reach should temper our willingness to burden consumers
and industry with significant discretionary expenses.
My more specific concern goes to our tentative conclusion that location
information about mobile wireless units is call-identifying information under
CALEA. Section 102(2) of CALEA defines call-identifying information as "dialing
or signaling information that identifies the origin, direction, destination,
or termination" of each communication. 47 U.S.C. 1001(2). Because the words
"origin," "destination," and "termination" usually denote, at least partly,
location, I believe that call-identifying information, by the plain meaning
of Section 102, includes location information about mobile wireless units.
Some parties, however, say there is good reason to believe Congress intended
a more limited meaning. See Center for Democracy and Technology,
Petition for Rulemaking Under Sections 107 and 109 of the Communications
Assistance for Law Enforcement Act (March 26, 1998). Accordingly, although
I support the Commission's tentative conclusion based on what I believe to
be the plain meaning of the law, I would welcome additional comment on whether,
and on what basis, the language of Section 102(2) should be read narrowly.
Finally, let me make a strong request for parties to submit quantified cost
and timing information.
In several places, CALEA makes explicit or implicit reference to cost issues.
In Section 107(b), for example, the Commission is directed to establish technical
requirements or standards that meet assistance capability requirements by
"cost-effective methods," and to "minimize the cost" of compliance on residential
ratepayers. Id. at 107(b)(1) and (3). CALEA also directs us to determine
whether compliance with the capability requirements is "reasonably achievable,"
id. at 109(b)(1), and, with respect to call-identifying information,
to determine what is "reasonably available," id. at 103(a)(2).
In order to properly meet our responsibilities under these provisions of
CALEA, I believe the Commission must understand the balance of costs and
benefits -- including implementation timing issues -- of the choices before
us. I have been disappointed by the level of specificity in the record to
date. It does us little good to be told that the implementation of some technical
feature would or would not be "difficult" or "expensive" or "take a long
time." Reliance on such qualitative assessments make it nearly impossible
for us to make reasoned decisions under CALEA. Thus, I request that all parties,
when addressing issues of cost or what is "reasonably achievable" or "reasonably
available," provide estimates, with as much specificity and quantitative
information as possible, the costs, benefits, and the time necessary for
industry to implement the technical requirements or standards in dispute.
* * * * * * *
1. Communications Assistance for Law Enforcement Act, Pub. L. No. 103-414, 108 Stat. 4279 (1994)(codified as amended in sections of 18 U.S.C. and 47 U.S.C.).
2. Section 107(a)(2) of CALEA, 47 U.S.C. 1006(a)(2).
3. Section 107(b) of CALEA, 47 U.S.C. 1006(b).
4. See Center for Democracy and Technology (CDT), Petition for Rulemaking Under Sections 107 and 109 of the Communications Assistance for Law Enforcement Act, filed March 26, 1998 (CDT Petition); Department of Justice (DoJ) and Federal Bureau of Investigations (FBI), Joint Petition for Expedited Rulemaking, filed March 27, 1998 (DoJ/FBI Petition); Telecommunications Industry Association (TIA), Petition for Rulemaking, filed April 2, 1998 (TIA Petition); Cellular Telecommunications Industry Association (CTIA), Petition for Rulemaking, filed July 16, 1997 (CTIA Petition). We note that DOJ/FBI filed a petition to dismiss the CTIA petition, see infra 17; and in its reply comments of June 5, 1998, CTIA stated that it "does not oppose dismissal of its petition."
5. "In the Matter of Communications Assistance for Law Enforcement Act," CC Docket No. 97-213, Public Notice, DA 98-762 (rel. Apr. 20, 1998) (April 20 Public Notice).
6. Telecommunications Industry Association (in association with Standards Committee T1 Telecommunications), INTERIM STANDARD (Trial Use Standard): Lawfully Authorized Electronic Surveillance, J-STD-025 (December 1997) (hereinafter "J-STD-025").
7. These carriers include paging, specialized mobile radio, and satellite services. See 134-141, infra.
8. In 1970, Congress enacted a statute requiring carriers to "furnish the applicant [requesting electronic surveillance] forthwith all information, facilities, and technical assistance necessary to accomplish the interception." See 18 U.S.C. 2518(4).
9. 140 Cong. Rec. H-10779 (daily ed. October 7, 1994) (statement of Rep. Hyde).
10. H.R. Rep. No. 103-827, 103d Cong., 2d Sess., pt. 1, at 13 (1994).
11. Id. at 22.
12. As explained below, law enforcement and industry efforts have been focused on wireline, cellular, and PCS carriers as the areas of greatest concern under CALEA. See infra 11 & note 26.
13. We note that we have already initiated a separate line of inquiry in the Notice of Proposed Rulemaking (NPRM) in this proceeding, 13 FCC Rcd 3149 (1997) that will fulfill our obligations under section 105, and that we have acted under our authority pursuant to section 107(c) to extend the compliance date for Section 103, see Petition for the Extension of the Compliance Date under Section 107 of the Communications Assistance for Law Enforcement Act by AT&T Wireless Services, Inc., Lucent Technologies Inc., and Ericsson Inc., Memorandum Opinion and Order, FCC 98-223, released September 11, 1998 ("Extension Order"). We will not revisit any of those issues in the instant Further NPRM.
14. The term "telecommunications carrier" is defined in section 102(8) of CALEA, 47 U.S.C. 1001(8). In the NPRM, we tentatively concluded that all providers of wireless or wireline telecommunications services for hire to the public are subject to CALEA. This tentative conclusion will be addressed in a future Report and Order. Examples of such providers (to the extent that they offer telecommunications services for hire to the public) are local exchange carriers, interexchange carriers, competitive access providers, satellite-based service providers, providers of commercial mobile radio service as set forth in Section 20.9 of our Rules, cable operators, and electric and other utilities. NPRM, 13 FCC Rcd at 3161-62 16-17.
15. Pen registers capture call-identifying information for numbers dialed from the facility that is the subject of lawful interception (i.e., outgoing calls), while trap and trace devices capture call-identifying information for numbers received by the facility that is the subject of lawful interception (i.e., incoming calls). H.R. Rep. No. 103-827, 103d Cong., 2d Sess., pt. 1, at 26 (1994).
16. Section 103(a)(1)-(4) of CALEA, 47 U.S.C. 1002(a)(1)-(4).
17. Section 106(a) of CALEA, 47 U.S.C. 1005(a).
18. Section 106(b) of CALEA, 47 U.S.C. 1005(b).
19. Section 107(a)(1) of CALEA, 47 U.S.C. 1006(a)(1). This authority was delegated by the Attorney General to the FBI, which has been playing a leading role in representing the interests of the law enforcement community on CALEA matters.
20. Section 107(a)(2) of CALEA, 47 U.S.C. 1006(a)(2).
21. Section 107(a)(3)(B) of CALEA, 47 U.S.C. 1006(a)(3)(B).
22. Section 107(b) of CALEA, 47 U.S.C. 1006(b).
23. Id.
24. See Extension Order, supra note 13. See also infra 22.
25. See Section 107(c)(1)-(4) of CALEA, 47 U.S.C. 1006(c)(1)-(4). We note that a carrier is deemed to be in compliance with Section 103 as to its "old" equipment, facilities and services -- i.e., those installed or deployed before January 1, 1995 -- until such time as it is reimbursed by the Attorney General for all reasonable costs directly associated with modifications necessary to bring that equipment into compliance. Section 109(a), (d) of CALEA, 47 U.S.C. 1008(a), (d).
26. See TIA Comments at 15 n.43. We note that the DoJ/FBI Final Notice of Capacity states that wireline, cellular, and PCS services "are of most immediate concern to law enforcement." See 63 Fed. Reg. 12218, at para. I.E.
27. These five categories are described in 36, infra.
28. Balloting was open to industry, law enforcement, and any other interested party, with a deadline of
May 12, 1997.
29. FBI Comments to TIA Subcommittee TR45.2 Ballot SP-3580 (May 12, 1997).
30. The two additional capabilities originally requested by the FBI were "standardized delivery interface" and "separated delivery." See DoJ/FBI Comments of May 8, 1998, last attachment. The former capability would limit the number of potential delivery interfaces law enforcement would need to accommodate from telecommunications carriers, while the latter would require the separate delivery to law enforcement of wiretap information for each party to a conference call. However, in a letter of February 3, 1998 from Stephen R. Colgate, Assistant Attorney General for Administration, to Mr. Tom Barba, Attorney at Law, Steptoe & Johnson LLP, counsel for TIA, DoJ states that while it believes that a single delivery interface would be cost effective and of great benefit to both law enforcement and telecommunications carriers, it finds that such an interface is not mandated by CALEA; and further states that while separated delivery would be useful for effective electronic surveillance, it finds that such delivery is also not mandated by CALEA. See letter, at 3.
31. See DoJ/FBI ex parte filing of July 1, 1998. Each of the nine punch list items is described in greater detail below. See infra 67-128.
32. We note that confusion may arise over the terms "subscriber" and "subject." At pp. 27-28 of their March 27, 1998 Joint Petition for Expedited Rulemaking, DoJ/FBI define these terms as follows:
When we refer to "subscriber," we are referring to the person or entity whose "equipment, facilities, or services" (47 U.S.C. 1002(a)(1)) are the subject of an authorized law enforcement surveillance activity. The subscriber often will be a person or entity suspected of criminal activity, but in some instances, the subscriber will simply be someone whose relationship to a suspected criminal (e.g., spouse or employer) makes it likely that criminal activity will be transacted or discussed over the subscriber's facilities. When we refer to "intercept subject" or "subject," we are referring to any person who is using the subscriber's equipment, facilities, or services, and whose conversations (or dialing activity) therefore would be capable of being acquired during an interception. In a particular investigation, the "intercept subjects" could include the subscriber, who may or may not be involved in criminal activity; a non-subscriber who is not involved in criminal activity; or a non-subscriber who is involved in criminal activity.
33. Delivery within three seconds of the event producing the call-identifying information is requested, together with a time stamp indicating the timing of the event within an accuracy of 100 milliseconds. See DoJ/FBI Joint Petition for Expedited Rulemaking, filed March 27, 1998, at 51-52.
34. This capability has also been referred to as "post-cut-through dialing and signaling."
35. ANSI voting is generally open to all interested parties, whereas TIA / Committee T1 voting is limited to TIA members. Committee T1 is the wireline standards setting body -- see infra 15.
36. In the Matter of Implementation of the Communications for Law Enforcement Act, CTIA Petition, filed July 16, 1997.
37. In the Matter of Implementation of the Communications Assistance for Law Enforcement Act, Comments on Petition for Rulemaking of the Center for Democracy and Technology and the Electronic Frontier Foundation (response to July 16, 1997 Petition of the Cellular Telecommunications Industry Association) (August 11, 1997).
38. Joint Motion to Dismiss CTIA's July 16, 1997 Petition for Rulemaking, filed March 27, 1998.
39. See discussion infra, section III.G.
40. CDT Petition, supra note 4, at i-iii.
41. DoJ/FBI Petition, supra note 4, at 1-2.
42. Id. at Appendix 1.
43. DoJ/FBI proposed that we issue that decision no later than September 1998. Id. at 67.
44. TIA Petition for Rulemaking, filed April 2, 1998.
45. See supra note 5.
46. See Public Notice at 4. Unless otherwise noted herein, "comments" and "reply comments" are those that were filed on May 20, 1998, and June 12, 1998, respectively, regarding standards issues.
47. Extension Order, supra note 13.
48. 47 U.S.C. 1006(c)(2).
49. Extension Order, supra note 13.
50. 47 U.S.C. 1006(b).
51. 47 U.S.C. 229(a).
52. 52 47 U.S.C. 1002(a)(1)-(4).
53. 53 See Senate Report at 23, House Report at 23.
54. 54 18 U.S.C. 3127(3), (4).
55. 55 47 U.S.C. 1006(b)(1)-(4).
56. 56 47 U.S.C. 1006(b)(5).
57. See, e.g., Northern Telecom Inc. Comments, CC Docket No. 97-213, May 8, 1998, at 4. We note that, pursuant to Section 104 of CALEA, DoJ has published in the Federal Register a final notice of capacity. Implementation of Section 104 of the Communications Assistance for Law Enforcement Act, Final Notice of Capacity, 63 Fed. Reg. 12218 (DoJ/FBI, March 12, 1998). See also Initial Notice of Capacity, 60 Fed. Reg. 53643 (DoJ/FBI, October 16, 1995); Second Notice of Capacity, 62 Fed. Reg. 1902 (DoJ/FBI, January 14, 1997).
58. 47 U.S.C 1006(a)(2).
59. See discussion infra, 132-133.
60. See 18 U.S.C. 2510-2522; see also infra note 63.
61. When a phone number is dialed, that number is delivered through the CDC from the device wiretapping the phone line to the LEA. Once a connection is established, the conversation is delivered to the LEA via the CCC.
62. J-STD-025 at 28-30.
63. Omnibus Crime Control and Safe Streets Act of 1968, Pub. L. No. 90-351, 82 Stat. 212 (1968), and Electronic Communications Privacy Act of 1986, Pub. L. No. 99-508, 100 Stat. 1848 (1986) (together codified as amended in 18 U.S.C. 2510-2522 and in other sections of 18 U.S.C.). These statutory provisions delineate the scope and limitations of federal wiretap surveillance authority. In addition, we note that the various states have their own statutory provisions governing surveillance authority. See, e.g., C.R.S.A. 16-15-102 (Colorado); Ann.Code.Md., Courts and Judicial Proceedings, 10-402 (Maryland); and McKinney's CPLR 4506 (New York).
64. Ameritech Comments, at 2-3.
65. BellSouth Comments, at 2.
66. Id. at 4.
67. AT&T Comments, at 3.
68. Id. at 22.
69. TIA Comments, at 24.
70. DoJ/FBI Reply Comments, at 15-16.
71. DoJ/FBI Comments, at 28.
72. See supra note 63.
73. CDT Comments, at 10-12.
74. CDT Reply Comments, at 2-5.
75. EPIC/EFF/ACLU Comments, at 1.
76. Id. at 5-12.
77. Id. at 28-29.
78. 47 U.S.C. 1006(a)(2) (allowing "safe harbor" based on industry standard).
79. See H.R. Rep. No. 103-827, reprinted in 1994 U.S.C.C.A.N. 3489, 3499 (1994) ("The legislation provides that the telecommunications industry itself shall decide how to implement law enforcement's requirements."); id. at 3506 ("section [107] establishes a mechanism for implementation of the capability requirements that defers, in the first instance, to industry standards organizations").
80. See infra 48-128.
81. While EPIC/EFF/ACLU recommend that we reject J-STD-025, they do not identify any particular deficiencies in it other than its inclusion of location and packet-mode information, which constitute only a small portion of the standard's capabilities. Also, while they assert that they were precluded from participating in the proceeding leading up to adoption of J-STD-025, see supra 43, they have not claimed that they were precluded from participating in the open ANSI balloting process. See supra 11-12 & note 28. Once the draft standard was voted down in the ANSI process, J-STD-025 was adopted by TIA as an interim standard that involved only industry (and not law enforcement or privacy) entities. See supra 14-15.
82. 47 U.S.C. 1006(b)(5).
83. See Extension Order, supra note 13, at 46.
84. Id. at n.139.
85. 47 U.S.C. 1006(a).
86. See, e.g., Section 103(b)(1) of CALEA, 47 U.S.C. 1002(b)(1) (CALEA does not authorize any law enforcement agency to require any specific design of equipment, facilities, services, features, or system configurations).
87. See, e.g., H. Rep. No. 103-837, 103d Cong., at 23 (1994), reprinted in 1994 U.S.C.C.A.N. 3489, 3503 ("law enforcement agencies are not permitted to require the specific design of systems or features . . . . The legislation leaves it to each carrier to decide how to comply. A carrier need not insure that each individual component of its network or system complies with requirements so long as each communication can be intercepted at some point that meets the legislated requirements."); id. at 27, reprinted in 1994 U.S.C.C.A.N. at 3507 ("Compliance with the industry standards is voluntary not compulsory. Carriers can adopt other solutions for complying with the capability requirements.")
88. See infra at 52-57.
89. See Extension Order, supra note 13, at 48.
90. J-STD-025 at 6.4.6, and at 5.4.1-5.4.8, Tables 1, 5, 6, and 8.
91. CDT Comments, at i.
92. Id. at 29.
93. Id. at 33-34.
94. EPIC/EFF/ACLU Comments, at 19-21.
95. SBC Comments, at 15.
96. TIA Comments, at 76-78.
97. AT&T Comments, at 13.
98. DoJ/FBI Comments, at 16-21.
99. 47 U.S.C. 1001(2).
100. See Transmission Systems for Communications, AT&T Bell Laboratories (5th ed. 1982). We also note that the equivalent location information in the wireless (cellular or broadband PCS) environment appears to be the location of the cell sites to which the mobile terminal or handset is connected at the beginning and at the termination of the call. Provision of this particular location information does not appear to expand or diminish law enforcement's surveillance authority under prior law applicable to the wireline environment.
101. DoJ/FBI Comments, at 16, 19-20, & n.5; TIA Comments, at 77.
102. 47 U.S.C. 1006(b).
103. See supra at 46-47.
104. Revision of the Commission's Rules To Ensure Compatibility with Enhanced 911 Emergency Calling Systems, CC Docket No. 94-102, Report and Order and Further Notice of Proposed Rulemaking, 11 FCC Rcd 18676 (1996), recon. Memorandum Opinion and Order, 12 FCC Rcd 22665 (1997).
105. 47 U.S.C. 1002(a)(2)(B).
106. We believe that interpreting this provision to exclude location information from the technical requirements for CALEA would render the provision "mere surplusage" and would thus conflict with the usual rules of statutory construction. See Dunn v. CFTC, 519 U.S. 465 (1997), 117 S.Ct. 913, 917 (1997) ("legislative enactments should not be construed to render their provisions mere surplusage"); Illinois Public Telecommunications Ass'n v. FCC, 117 F.3d 555, 562 (D.C.Cir. 1997) (construing section 226(e)(2) of Communications Act in manner to avoid "mere surplusage"); Deployment of Wireline Services Offering Advanced Telecommunications Capability, CC Docket No. 98-147, Memorandum Opinion and Order and Notice of Proposed Rulemaking, FCC 98-188, released August 7, 1998, at 71 ("when . . . 'charged with understanding the relationship between two different provisions within the same statute, we must analyze the language of each to make sense of the whole'").
107. See J-STD-025, at 3 and 4.5. Section 3 defines circuit-mode as "a communication using bi-directional paths switched or connected when the communication is established. The entire communication uses the same path." Section 3 defines packet-mode as "a communication where individual packets or virtual circuits of a communication within a physical circuit are switched or routed by the accessing telecommunication system. Each packet may take a different route through the intervening network(s)."
108. Id.
109. CDT Comments, at i-ii.
110. Id. at 34-35.
111. CDT Reply Comments, at i-ii.
112. EPIC/EFF/ACLU Comments, at 24.
113. TIA Comments, at 78-80.
114. DoJ/FBI Comments, at 21-22.
115. SBC Reply Comments, at 7-8.
116. 47 U.S.C. 1002(b)(2)(A).
117. Section 102(6) of CALEA (47 U.S.C. 1001(6)) states that the term "information services" --
(A) means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications; and(B) includes --
(i) a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities;(ii) electronic publishing; and
(iii) electronic messaging services; but
(C) does not include any capability for a telecommunications carrier's internal management, control, or operation of its telecommunications network.
118. See generally Federal-State Joint Board on Universal Service, Report to Congress, CC Docket No. 96-45, FCC 98-67 (1998) ("Report to Congress on Universal Service") at 21-106, for a discussion of distinctions between telecommunications and information service providers.
119. See J-STD-025 at 1.1 ("This Interim Standard defines the interfaces between a telecommunication service provider (TSP) and [a LEA]....") (emphasis added).
120. 47 U.S.C. 1002(a)(4)(A).
121. For example, J-STD-025 itself lists the following as eight distinct packet-mode services: Integrated Services Digital Network (ISDN) user-to-user signaling; ISDN D-channel X.25 packet services; Short Message Services (SMS) for cellular and broadband PCS (e.g., NAMPS, TIA/EIA-41, PCS1900, or GSM-based technologies); wireless packet-mode data services (e.g., Cellular Digital Packet Data (CDPD), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), PCS1900, or GSM-based packet-mode services); X.25 services; TCP/IP services; paging (one-way or two-way); and packet-mode services using traffic channels. J-STD-025 at 4.5.2. In addition, we note that there may be other packet technologies warranting discussion. This appears especially so, given that some carriers provide frame relay services, and various carriers have announced an intention to provide Asynchronous Transfer Mode (ATM) service. For example, Sprint has announced development of its "ION" system which will deploy ATM, SONET rings, and IP telephony to route data packets representing voice telephony.
122. Section 103(a)(2) of CALEA, 47 U.S.C. 1002(a)(2).
123. Section 107(b)(1), (3) of CALEA, 47 U.S.C. 1006(b)(1), (3).
124. Section 107(b)(2) of CALEA, 47 U.S.C. 1006(b)(2).
125. Section 107(b)(4) of CALEA, 47 U.S.C. 1006(b)(4).
126. Section 107(b)(5) of CALEA, 47 U.S.C. 1006(b)(5).
127. DoJ/FBI Reply Comments, at 4.
128. USTA Comments, at 3.
129. AT&T Comments, at 2.
130. Id. at 7.
131. AT&T Reply Comments, at 3.
132. AT&T Comments, at 5.
133. BellSouth Comments, at 7.
134. CDT Reply Comments, at 11-12.
135. AirTouch Comments, at 9.
136. Sprint PCS Comments, at 6.
137. US West Comments, at 9.
138. Bell Emergis Reply Comments, at 2-3.
139. DoJ/FBI Reply Comments, at 12.
140. AirTouch Reply Comments, at 6.
141. AirTouch Comments, at 14.
142. TIA Comments, at 30-38.
143. DoJ/FBI Comments, at 7.
144. DoJ/FBI Reply Comments, at 18.
145. DoJ/FBI Comments, at 7-8.
146. 47 U.S.C. 1006(b).
147. 47 U.S.C. 1002(a)(1).
148. According to TIA, the term "facilities" under Title III is "limited by the requirement that the intercept involve the actual telephone or other physical facilities of the intercept subject - as opposed to the entire system or network to which the telephones are attached." TIA Comments, at 34-35; but see DoJ/FBI Joint Petition, at 27-33 ("Title III does not require the subscriber to be "on the line" in order for law enforcement lawfully to intercept communications taking place over the subscriber's facilities or supported by the subscriber's service.")
149. See H.R. Rep. No. 103-827, reprinted in 1994 U.S.C.C.A.N. 3489 (1994)(one of the purposes of the Act "is to preserve the government's ability, pursuant to court order or other lawful authorization, to intercept communications involving ... services and features such as ... conference calling.").
150. Section 103(a)(1) and (d) of CALEA, 47 U.S.C. 1002(a)(1) and (d). Section 103(a)(1) requires a carrier to "ensure that its equipment, facilities, or services . . . are capable of . . . expeditiously isolating and enabling [lawful interception of] all wire and electronic communications carried by the carrier within a service area to or from [subscribers]. . ." (italics added). Section 103(d) requires that when a commercial mobile service carrier conducting a lawful interception of wire and electronic communications loses "access to the content of such communications or call-identifying information within the service area . . ., information is made available to the government . . . identifying the provider of a wire or electronic communication service that has acquired access to the communications" (italics added).
151. AT&T Comments, at 10-11.
152. BellSouth Comments, at 9.
153. TIA Comments, at 51-55.
154. DoJ/FBI Reply Comments, at 50-54.
155. Section 102(2) of CALEA, 47 U.S.C. 1001(2).
156. We note that Section 103 specifically requires a telecommunications carrier to:
(a) ensure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable of --(2) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to access call-identifying information that is reasonably available to the carrier --(B) in a manner that allows it to be associated with the communication to which it pertains.
157. USTA Comments, at 5; US West Comments, at 15.
158. TIA Comments, at 47-51.
159. DoJ/FBI Reply Comments, at 46-50.
160. Section 103(a)(2)(B) of CALEA, 47 U.S.C. 1002(a)(2)(B).
161. See supra 86; see also Sections 103(a)(2) and 103 (b)(1)(A) of CALEA, 47 U.S.C. 1002(a)(2) and 1002(b)(1)(A).
162. Section 102(6)(B)(i) of CALEA, 47 U.S.C. 1001(6)(B)(i).
163. See H.R. Rep. No. 103-827, reprinted in 1994 U.S.C.C.A.N. 3489, 3503 (1994) (noting that CALEA's capability requirements do not apply to information services and stating that "storage of a message in a voice mail or E-mail 'box' is not covered by the bill. The redirection of the voice mail message to the 'box' and the transmission of an E-mail message to an enhanced service provider that maintains the E-mail service are covered.") Section 103(b)(2)(A) of CALEA, 47 U.S.C. 1002(b)(2)(A). We have recently, in the context of the Telecommunications Act of 1996, drawn such a distinction between voice mail and other call features. See, e.g., In the Matter of Implementation of the Telecommunications Act of 1996: Telecommunications Carriers' Use of Customer Proprietary Network Information and Other Customer Information, 73-74, 13 FCC Rcd 8061 (1998) (observing that services formerly referred to as "adjunct-to-basic" -- "speed dialing, call forwarding, computer-provided directory assistance, call monitoring, caller ID, call tracing, call blocking, call return, repeat dialing, call tracking, and certain centrex features" and "call waiting" -- were not information services, while "call answering, voice mail or messaging, voice storage and retrieval services, fax store and forward, and Internet access services" were information services); see also NPRM, In the Matter of Implementation of 255 of the Telecommunications Act of 1996, 39, 1998 W 185139 (released April 20, 1998) (drawing the same distinction). In our recent Report to Congress on Universal Service, we found that Congress intended the categories of "telecommunications service" and "information service" to be mutually exclusive. See FCC 98-67, supra note 118, at 13.
We find these precedents applicable here because CALEA and the Communications Act of 1934 (as amended by the Telecommunications Act of 1996) define the term "information services" virtually identically. Compare section 102(6)(A),(C) of CALEA, 47 U.S.C. 1001(6)(A),(C) with section 3(20) of Communication Act, 47 U.S.C. 153(20). Furthermore, CALEA explicitly includes as an example of information services "a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities." Section 102(6)(B) of CALEA, 47 U.S.C. 1001(6)(B) (also including "electronic publishing" and "electronic messaging services" as information services).
164. BellSouth Comments, at 11-12.
1v5. PrimeCo Comments, at 16-17.
166. TIA Comments, at 55-57.
167. DoJ/FBI Reply Comments, at 55-59.
168. 47 U.S.C. 1006(b).
169. The intercept access point is the point in the system where the subscriber's phone line is tapped, usually at the switch.
170. TIA Comments, at 63.
171. US West, at 22.
172. PrimeCo Comments, at 18.
173. BellSouth Comments, at 13.
174. SBC Comments, at 12.
175. DoJ/FBI Reply Comments, at 59-66.
176. Id. at 62.
177. Section 102(2) of CALEA,47 U.S.C. 1001(2).
178. See supra note 160.
179. Section 103(a)(2) of CALEA, 47 U.S.C. 1002(a)(2).
180. AT&T Comments, at 13.
181. TIA Comments, at 68.
182. SBC Comments, at 13.
183. PrimeCo Comments, at 20.
184. AirTouch Comments, at 24.
185. DoJ/FBI Joint Petition for Expedited Rulemaking, March 27, 1998, at 54-55.
186. DoJ/FBI Reply Comments, at 73.
187. Section 103(a) of CALEA, 47 U.S.C. 1002(a).
188. Id.
189. Section 107(b)(1) of CALEA, 47 U.S.C. 1006(b)(1).
190. This feature differs from a surveillance status message because it permits the LEA to know whether the facilities under surveillance have an active call. A surveillance status message permits the LEA to know that the wiretap is operational, whether or not there is an active call.
191. AirTouch Comments, at 24-25.
192. BellSouth Comments, at 15.
193. DoJ/FBI Joint Petition for Expedited Rulemaking, March 27, 1998, at 54.
194. DoJ/FBI Reply Comments, at 67-70.
195. Section 107(b)(1) of CALEA, 47 U.S.C. 1006(b)(1).
196. We note that some services, such as call return, are available on either a subscription or per-call basis. DoJ/FBI assert, however, that the availability of per-call features is irrelevant to their petition and that they do not seek to require carriers to notify a LEA of a subscriber's use of these features. They explain that carriers should simply alert a LEA to the assignment or removal of features that can affect call content or call-identifying information from a line under surveillance. They conclude that, "[a]s a practical matter, law enforcement will know in advance what per-call features a particular carrier makes available to its subscribers, and will have collected enough information to predict the . . . likely use of such features, before initiating an intercept, and will be able to order the appropriate number of call content and call data channels based on this information." See DoJ/FBI Reply Comments, at 74.
197. DoJ/FBI Joint Petition for Expedited Rulemaking, March 27, 1998, at Appendix 1, 14-15.
198. US West Reply Comments, at 3-4.
199. SBC Comments, at 13; BellSouth Comments, at 14.
200. AT&T Comments, at 13.
201. PrimeCo Reply Comments, at 5.
202. TIA Comments, at 70-72.
203. DoJ/FBI Joint Petition for Expedited Rulemaking, March 27, 1998, at 56.
204. DoJ/FBI Reply Comments, at 73.
205. Section 107(b) of CALEA, 47 U.S.C. 1006(b).
206. See also AirTouch Reply Comments, at 10.
207. TIA Comments, at 41-46.
208. Ameritech Comments, at 8; AT&T Comments, at 10; CDT Comments, at 41-44; EPIC/EFF/ACLU Comments, at 27; Primeco Comments, at 13; SBC Comments, at 14; and USTA Comments, at 7.
209. CDT Comments, at 42.
210. CDT Reply Comments, at 13-16.
211. US West Comments, at 18.
212. AirTouch Reply Comments, at 10.
213. AirTouch Comments, at 18.
214. DoJ/FBI Reply Comments, at 38-39.
215. DoJ/FBI Joint Petition for Expedited Rulemaking, March 27, 1998, at 39-41.
216. See, e.g., Bell Emergis Reply Comments, at 2-3.
217. TIA Comments, at 29.
218. AT&T Comments, at 15-17; Nextel Comments, at 13; PCIA Comments, at 6-7; SBC Comments, at 16-17; US West Comments, at 31-33.
219. US West Comments, at 31-33.
220. DoJ/FBI Comments, at 26.
221. 47 U.S.C. 1006(a)(2).
222. See 47 U.S.C. 1006(c).
223. TIA Comments, at 15 n.43.
224. 47 U.S.C. 1006(a)(3)(B).
225. PCIA Comments, at 4; AMTA Comments, at 5; Nextel Comments, at 13.
226. PCIA Comments, at 4; AMTA Comments, at 1.
227. Nextel Comments, at 13; PCIA Comments, at 6.
228. Nextel Reply Comments, at 4.
229. Id. at 15-16.
230. PCIA Comments, at 7.
231. Id.
232. Id. at 7-8.
233. AMTA Comments, at 2.
234. Id. at 4.
235. Id. at 5.
236. See e.g., Nextel Reply Comments, at 15 n. 38; AMTA Comments, at 2.
237. Joint Petition For an Extension of the CALEA Assistance Capability Compliance Date by Iridium United States, L.P., and Motorola, Inc., CC Docket No. 97-213, filed on June 30, 1998, at 6 (Iridium Petition for Extension).
238. Id. at 11.
239. Id. at i.
240. Globalstar, L.P. Reply Comments for Petitions for Extension of Compliance Deadline, at 2-3.
241. Id. at 4. See also supra 31 & n.57.
242. AirTouch Comments on Petitions for Extension of Compliance Deadline, at 5.
243. Id.
244. Nextel Reply Comments, at 4.
245. Those factors are:
The effect [of compliance] on public safety and national security;The effect [of compliance] on rates for basic residential telephone service;
The need to protect the privacy and security of communications not authorized to be intercepted;
The need to achieve the capability assistance requirements of Section 103 by cost-effective methods;
The effect [of compliance] on the nature and cost of the equipment, facility, or service at issue;
The effect [of compliance] on the operation of the equipment, facility, or service at issue;
The policy of the United States to encourage the provision of new technologies and services to the public;
The financial resources of the telecommunications carrier;
The effect [of compliance] on competition in the provision of telecommunications services;
The extent to which the design and development of the equipment, facility, or service was initiated before January 1, 1995;
Such other factors as the Commission determines are appropriate.
47 U.S.C. 1008(b)(1).
246. 47 U.S.C. 1008(b)(2). We also note that section 109 provides that "[t]he Attorney General may, subject to the availability of appropriations, agree to pay telecommunications carriers for all reasonable costs directly associated with the modifications performed by carriers in connection with equipment, facilities, and services installed or deployed on or before January 1, 1995, to establish the capabilities necessary to comply with Section 103." 47 U.S.C. 1008(a). If the Attorney General does not agree to pay all reasonable costs directly related to such modifications, the "equipment, facility, or service [deployed on or before January 1, 1995] shall be considered to be in compliance with the assistance capability requirements of Section 103 until the equipment, facility, or service is replaced or significantly upgraded or otherwise undergoes major modification." 47 U.S.C. 1008(d).
247. CDT Petition, at 16.
248. CTIA filed separate comments in response to the April 20, 1998 Public Notice which sought comment on whether CTIA's Petition for Rulemaking should be dismissed as moot. See CTIA Comments, at 6.
249. 47 C.F.R. 1.401(e).
250. 5 U.S.C. 603.
251. The Regulatory Flexibility Act, 5 U.S.C. 601 et seq. has been amended by the Contract with America Advancement Act of 1996, Pub. L. No. 104-121, 110 Stat. 847 (1996) (CWAAA). Title II of the CWAAA is the "Small Business Regulatory Enforcement Act of 1996" (SBREFA).
252. 5 U.S.C. 601(3) (incorporating by reference the definition of "small business concern" in 5 U.S.C. 632). Pursuant to 5 U.S.C. 601(3), the statutory definition of a small business applies "unless an agency after consultation with the Office of Advocacy of the Small Business Administration and after opportunity for public comment, establishes one or more definitions of such term which are appropriate to the activities of the agency and publishes such definition in the Federal Register."
253. 15 U.S.C. 632. See, e.g., Brown Transport Truckload, Inc. v. Southern Wipers, Inc., 176 B.R. 82 (N.D. Ga. 1994).
254. 13 C.F.R. 121.201.
255. See Implementation of the Local Competition Provisions in the Telecommunications Act of 1996, First Report and Order, 11 FCC Rcd 15499 (1996) at 1328-30, 1342 (Local Competition First Report and Order). We note that the U.S. Court of Appeals for the Eighth Circuit has stayed the pricing rules developed in the Local Competition First Report and Order, pending review on the merits. Iowa Utilities Board v. FCC, No. 96-3321 (8th Cir., Oct. 15, 1996).
256. See 13 C.F.R. 121.210 (SIC 4813).
257. United States Department of Commerce, Bureau of the Census, 1992 Census of Transportation, Communications, and Utilities: Establishment and Firm Size, at Firm Size 1-123 (1995) ("1992 Census").
258. 15 U.S.C. 632(a)(1).
259. 1992 Census, supra, at Firm Size 1-123.
260. 13 C.F.R. 121.201, Standard Industrial Classification (SIC) Code 4812.
261. Federal Communications Commission, CAB, Industry Analysis Division, Telecommunications Industry Revenue: TARS Fund Worksheet Data, Tbl. 21 (Average Total Telecommunications Revenue Reported by Class of Carrier) (December, 1996) ("TARS Worksheet").
262. TARS Worksheet.
263. 13 C.F.R. 121.201, SIC 4813.
264. Id.
265. 1992 Census, supra, at Firm Size 1-123.
266. 13 C.F.R. 121.201, Standard Industrial Classification (SIC) Code 4812.
267. TARS Worksheet, at Tbl. 1 (Number of Carriers Reporting by Type of Carrier and Type of Revenue).
268. See Amendment of Parts 20 and 24 of the Commission's Rules -- Broadband PCS Competitive Bidding and the Commercial Mobile Radio Service Spectrum Cap, Report and Order, FCC 96-278, WT Docket No. 96-59, paras. 57-60 (June 24, 1996), 61 FR 33859 (July 1, 1996); see also 47 CFR 24.720(b).
269. Id., at para. 60.
270. Implementation of Section 309(j) of the Communications Act -- Competitive Bidding, PP Docket No. 93-253, Fifth Report and Order, 9 FCC Rcd 5532, 5581-84 (1994).
271. Id.
272. 18 U.S.C. 2520 provides for the recovery of civil damages by persons who endured illegal electronic surveillance.
273. Id.
[End]
Conversion to HTML by JYA/Urban Deadline.