Linking to the Law

The Federal Communications Commission recently released a Notice of Proposed Rulemaking and Declaratory Ruling laying out the agency’s proposed approach to implementing a legal framework for the Communications Assistance for Law Enforcement Act (CALEA), particularly as it applies to packet-mode technologies such as VoIP. The Aug. 9, 2004, proposal, if adopted, is expected to impact a range of VoIP-based providers that have operated outside of CALEA’s requirements.

The FCC’s notice stems from a Joint Petition for Expedited Rulemaking filed by the Department of Justice, Federal Bureau of Investigation and the Drug Enforcement Administration requesting that the FCC resolve on an expedited basis certain issues pertaining to CALEA. Among other things, these law enforcement groups requested that the FCC formally identify those services that are subject to CALEA and rule that broadband telephony services such as VoIP are subject to CALEA.

CALEA, enacted in October 1994, was intended to preserve the ability of law enforcement agencies to conduct electronic surveillance by requiring that “telecommunications carriers” and manufacturers of such equipment modify and design their equipment, facilities and services to ensure that they have the required surveillance capabilities. Section 103 of CALEA imposes specific obligations on “telecommunications carriers” (as defined under CALEA) for assisting law enforcement, including with respect to call intercept, accessing call-identifying information, delivering intercepted communications and call-identifying information to the government, and doing so with a minimum of interference to subscriber service and privacy.

VoIP/Broadband Internet Obligations.

In its notice, the FCC tentatively concludes that providers of “managed” or “mediated” VoIP services that are offered to the general public as a means of communicating with any telephone subscriber, including parties reachable only through the PSTN, are subject to CALEA. Such VoIP services offer voice calling capability whereby the VoIP provider acts as a mediator to manage the communication between its endpoints and to provide call setup, connection, termination, and party identification features, often generating or modifying dialing, signaling, switching, addressing or routing functions for the user.

Managed VoIP communications are distinguished from “peer-to-peer” communications that involve disintermediated communications that are set up and managed by the end user via its or personal computer. The FCC tentatively concludes that non-managed VoIP services should not be subject to CALEA and seeks comment on this tentative conclusion.

The notice also tentatively concludes that facilities-based providers of any type of broadband Internet access, including, but not limited to, wireline, cable modem, satellite, wireless and broadband access via the power line, whether provided on a wholesale or a retail basis, are generally subject to CALEA because they provide replacement for a substantial portion of local telephone service used for dialup Internet access service and such treatment is in the public interest.

The tentative conclusions reached above in the notice turn on CALEA’s definition of “telecommunications carrier.” Under CALEA, “telecommunications carriers” must ensure that their equipment, facilities and services are capable of providing surveillance capabilities to law enforcement. CALEA’s definition of a “telecommunications carrier” is unique and more inclusive than that contained under the Communications Act of 1934. According to the notice, for purposes of CALEA, a “telecommunications carrier” is a person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire but also includes entities that provide “a replacement for a substantial portion of the local telephone exchange service.” This interpretation, therefore, gives rise to the possibility that a VoIP provider may not be subject to regulation under the Communications Act but could be subject to regulation and compliance under CALEA. The FCC seeks comment on this tentative assessment.

Compliance Solutions.

As packet-mode services could potentially face challenges in complying with CALEA Section 103 obligations, the FCC seeks comment on how these obligations can be met. The existing “JStandard” (J-STD-025), which serves as the safe harbor for wireline, cellular and personal communications services providers, carriers and manufacturers, was initially addressed in the context of circuit-switched networks, not packet-switched networks. Consequently, ISPs and broadband access service providers may not be able to easily isolate call-identifying information for VoIP without examining the packet in detail or, in other words, examining the packet content. The notice seeks comment on whether it is necessary for the FCC to clarify the statutory term “call-identifying information” for broadband access and VoIP services.

The FCC seeks further comment on a compliance solution intended to ease the burden on carriers and manufacturers in providing packet content and call-identifying information which it refers to as the “trusted third-party approach.” Under this approach, a trusted third party or service bureau that has access to the carrier’s network and remotely manages the intercept process for the carrier could supply this information on behalf of the carrier.

Among other things, the FCC seeks comment on the feasibility of using a trusted third-party approach to extract the content and call-identifying information from packets. The FCC also seeks comment on a variety of industry standards for packet-mode technologies that could be considered as “safe harbors” in complying with Section 103.

Cost-Recovery Issues.

According to the FCC, the modifications and upgrades required with respect to CALEA compliance will potentially require significant capital expenditures on the part of carriers. Further, carriers will face a future of recurring CALEA-related costs given that, as technology develops, telecommunications networks will be upgraded and modified as part of normal business operations. These upgrades will require, in turn, the implementation of new CALEA-compliant technology. Many CALEA-related costs associated with upgrading equipment and facilities deployed prior to January 1995 were paid through a $500 million appropriations fund established by Congress to implement CALEA. It has been reported that DOJ/FBI has nearly exhausted that fund to bring pre-1995 equipment and facilities into compliance with CALEA.

Although CALEA places financial responsibility on the federal government for CALEA implementation costs related to equipment deployed on or before Jan. 1, 1995, the FCC tentatively concludes that carriers bear responsibility for CALEA development and implementation costs for post- Jan. 1, 1995, equipment and facilities. The notice seeks comment on this.

The FCC also seeks comment on cost-recovery options vis-`-vis enduser customers. Should CALEA costs be recovered directly from telecommunications and other consumers by means of an FCC-mandated flat monthly charge similar to the current subscriber line charge? How would such a charge be developed? Does the FCC have authority to impose such a charge?

The FCC is seeking industry comment on the above proposals and tentative conclusions before issuing its final ruling. Public comments were due by Nov. 8, 2004, and replies are due on or before Dec. 7, 2004.

Gregory E. Kunkle, Esq., is a Washington, D.C.-based attorney specializing in communications legal/regulatory matters. He can be reached at +1 202 263 3640, via e-mail at [email protected].