CALEA APPLICATION TO VoIP HOTLY DEBATED

The petition filed with the FCC earlier this year (CD March 15 p3) asked the FCC to rule that VoIP services were covered by CALEA. The petition further asked that the Commission establish a new regulatory compliance and enforcement scheme that imposes deadlines by which VoIP providers must implement CALEA intercept capabilities for their existing service, and requires all future VoIP services to have CALEA capabilities that have been reviewed and approved by law enforcement before deployment.

The petition was strongly criticized by some in the telecom industry, including AT&T, MCI, Sprint and Covad. AT&T said law enforcement’s needs were already met through “existing statutory authority to obtain wiretaps and relevant information through court orders and subpoenas, even where CALEA is not implicated.” It said before the Commission “attempts to expand CALEA coverage and responsibilities… industry should… be allowed the opportunity to develop and implement access methods that effectively meet the needs of law enforcement.” If industry fails to do so, it said “the Commission or Congress can take action at that time as warranted.”

Some said the FCC doesn’t have statutory authority to establish rules enforcing broadband compliance with CALEA. “The plain language of the statute… appears to foreclose the expansion of CALEA’s coverage,” AT&T said. MCI said while the petition stated the Commission could use its plenary Sec. 299 authority to enforce compliance with CALEA’s capability requirements, “Congress explicitly delegated enforcement authority to courts of law.”

Verizon said it supported the petition, but said it had “some concerns” with some proposals on “particular procedural issues, deadline for compliance and cost recovery.” It said the FCC should “carefully explore these proposals in its rulemaking proceeding to ensure that its decisions on these issues are consistent with the statute, while at the same time meeting critical law enforcement needs.”

“The Commission should make clear that CALEA applies equally to [VoIP] and broadband access services of all providers regardless of the classification of those services under Title I or Title II for regulatory purposes,” Verizon said. It said the Commission should also launch a rulemaking to “determine the scope of those obligations and how they apply to different service providers.”

SBC urged the Commission to “proceed expeditiously with its rulemaking.” It said it shared many concerns expressed in the petition, but said the FCC should “exercise extreme caution with respect to adopting blanket presumptions or premature conclusions about CALEA before the necessary record has been duly considered.”

“The Commission cannot adopt the petitioners’ proposals as written,” BellSouth said: “These proposals would have to be modified to fit within the scope of CALEA.” It said the changes sought in the petition could “only be accomplished by amending the CALEA statute.” BellSouth urged the Commission not to issue the declaratory ruling, but rather “reserve the decision of what entities and services are subject to CALEA for the forthcoming rulemaking.”

CTIA urged the FCC to reject the petition. It said the industry had developed standardized solutions for packet-mode communications and “the federal government itself has packet surveillance tools such as Carnivore.” NTCA warned the FCC not to impose new regulations or deadlines without considering the operating realities of small, rural carriers. It said the Commission should work with the carriers and manufacturers to “set a realistic and flexible timetable for implementation.” NTCA also said it didn’t agree that “an end-user charge is appropriate for rural carriers” to recover “significant” costs of CALEA implementation.

The Satellite Industry Assn. (SIA) said it did “not believe that the requirements of CALEA extend as far as required in the petition.” It said “appropriate capabilities for lawful interception of communications over satellite facilities are already being provided through close cooperation between law enforcement and individual satellite communications companies.” SIA expressed concern that granting the petition would result in imposing the CALEA requirements on satellite-delivered broadband access and broadband telephony services.

TIA said it did “not oppose Commission review of some of the topics raised by the petition,” but said “many more issues than are raised in the petition must be considered. TIA said that while the petition claimed that all current packet-mode standards were “deficient,” it didn’t “specify any alleged deficiencies or any additional capabilities that should be in the standards.” TIA said the petition’s proposed enforcement regime also raised “difficult technology and economic issues associated with the complex multi-vendor, multi-operator environment in which CALEA is implemented.”

TIA also argued that the part of the petition suggesting govt. pre-approval of new technologies and services “should be rejected out of hand… The proposed rules are vague, ambiguous and directly inconsistent with CALEA -- and virtually certain to be rejected if challenged in court… If adopted, these proposals would have a devastating impact on industry, particularly on equipment suppliers who would face the cost of building wiretap capabilities for new technologies even before it is clear whether they will succeed.”

Law Enforcement Urge Immediate Adoption of Petition

Meanwhile, law enforcement agencies urged the FCC to expeditiously resolve various critically important issues arising from the implementation of the CALEA. In identically worded comments, the Police Executive Research Forum (PERF), Tex. Dept. of Public Safety and the Tenn. Bureau of Investigation (TBI), the National Sheriffs’ Assn. (NSA) said it was “vitally important, and consistent with Congress’s intent in enacting CALEA, that the FCC initiate a rulemaking proceeding and adopt the rules proposed” in the petition. They said Congress enacted CALEA to “ensure that law enforcement would have the ability to conduct authorized wiretaps that would keep pace with new technologies.” But, they said, many new technologies “pose a great challenge to state and local law enforcement.”

The Office of N.Y. Attorney Gen. Eliot Spitzer said while CALEA had “succeeded in assisting law enforcement with access to some services provided by wireline and wireless carriers, substantial confusion remains regarding the statute’s applicability.” It said such lack of clarity and certainty had “created large gaps in interception capability and contravenes Congress’s intent in enacting CALEA and outs the public at great risk.”

“Voluntary industry compliance with CALEA is not a feasible option,” PERF said, because many service providers had “failed to voluntarily adopt currently available CALEA intercept solutions.” Said TBI: “It has been TBI’s experience that the telecommunications providers will respond to market pressures and the need to keep costs down before they will respond to the needs of law enforcement.” L.A. High Intensity Drug Trafficking Area said 2 broadband service providers and 2 push-to-talk features providers in the L.A. market had publicly admitted their infrastructure wasn’t CALEA-compliant.

State and local law enforcement don’t have the financial or personnel resources to develop costly ad hoc surveillance solutions for each new communications service, nor should they have to under current law, the agencies said. They said for all equipment, services and facilities deployed after Jan. 1, 1995, Congress, though CALEA, expressly passed the burden of designing and paying for such surveillance solutions to the telecom carriers.

VeriSign said it supported “the CALEA regulatory model that relies on industry initiative, combined with the Commission arbitrating and overseeing the implementation of necessary mandates for law enforcement.” It said the Commission should consider the “immediate regulatory statement” sought in the petition concerning the applicability of CALEA to packet-mode broadband access and telephony services: “Such a statement seems fully consistent with Congress’s enactment of CALEA [and] with previous related Commission findings.” VeriSign said it already provided CALEA services for “precisely this kind of broadband telephony” described in the petition.

Internet Groups Oppose Extending CALEA to Web

Extending federal wiretapping rules to the Internet “would cripple innovation on the Internet, quite probably ensuring that new services would always be implemented outside the United States and well beyond the reach of this new regulatory regime,” according to a filing at the FCC by the ISP CALEA Coalition. Internet groups generally opposed a proposal by the Justice Dept., FBI and Drug Enforcement Administration that CALEA rules be expanded to include all broadband services.

The ISP CALEA Coalition said there was “no policy basis for extending CALEA to cover” ISP services, given “the relatively small number of traditional intercept orders served on ISPs and online service providers.” It said most of the law enforcement requests ISPs received were “almost exclusively for online account and e-mail communications, not wiretaps. Indeed, for a typical ISP, such requests outnumber traditional Title III and pen register orders by several orders of magnitude.” It also said Congress clearly intended that CALEA not apply to the Internet, and that if the FCC decided to act, it should do so through a full-fledged rulemaking process, rather than the declaratory ruling sought by the govt. agencies.

The VON Coalition urged the FCC to dismiss the wiretap petition, saying extending wiretap laws beyond Congressional intent could “stifle innovation and delay consumer benefits without a commensurate increase in security.” It said extending wiretap laws to Internet technologies like VoIP was “unnecessary, given law enforcement’s existing capabilities to access VoIP traffic and the degree of voluntary cooperation that VoIP providers offer law enforcement to address access problems.”

The FCC can’t extend CALEA to broadband Internet unless it reverses its earlier decision that broadband Internet is an information service, said EarthLink. It said the Communications Act and CALEA itself use functionally identical definitions of information services, making that the key legal issue in the govt. agencies’ proposal.

Congress’ intent to exclude Internet messaging and other information services from CALEA was clear in the legislation itself, said a coalition of higher education and library associations. They said imposing CALEA rules on the Internet would compromise privacy and be costly at a time when education and library budgets already are strained. Luxembourg-based Skype Technologies said the focus of CALEA should be on the underlying transmission network, rather than applications running on the network. It said its peer-to- peer service, for example, is “not a network. It is very much like e-mail.” To treat software applications like networks would “threaten the development and use of technologies that the Commission recognizes have the power to transform and add value to communications for the foreseeable future.”